Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Ellen Jennings-Trace

Internet Archive is still not fully recovered: Here's how the attack unfolded

An image of an archive with drawer open, showing files.

More details have emerged concerning the recent cyberattack against the Internet Archive, which appears to still not be fully recovered.

The archive is now back online, in a preliminary ‘read-only’ capacity whilst it continues to recover. Some services still remain offline, but the Wayback Machine operations have been resumed, although founder Brewster Kahle warned it may be suspended again in the case that it needs "further maintenance."

The incident came in the form of a Distributed Denial-of-service (DDoS) attack - which involves flooding a site with traffic to overwhelm a server, making it impossible to access. Research from Netscout revealed significant deviation of network traffic to archive.org, which supports the claims of a DDoS attack. Reports suggest there was at least 3 hours and 20 minutes of DDoS activity, and at least three distinct IP addresses used by archive.org received DDoS traffic.

Cautiously back online

In this specific case, the attack used two attack vectors: TCP reset floods and HTTPS application layer attacks. The TCP flood will flood a victim with huge numbers of Transmission Control Protocol (TCP) reset packets, which tricks a computer into terminating its connection with others in its network.

In contrast, the HTTPS application layer attack will typically aim to overwhelm servers by targeting the application layer in order to disrupt the normal flow of traffic, rendering normal services unavailable.

By crawling the web, the archive and its 150 staff work to preserve internet pages and provide free access to thousands of books, videos, and audio files. The motive for the attack isn’t clear, but the hack is said to have exposed the data of up to 31 million users.

The compromised data, which is said to include email addresses, screen names, and Bcrypt passwords, could leave users exposed and at risk of threat actors using their information for nefarious purposes.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.