Hackers claim 'catastrophic' Internet Archive attack (www.newsweek.com)
from MicroWave@lemmy.world to world@lemmy.world on 11 Oct 2024 12:35
https://lemmy.world/post/20739289

A group linked to a pro-Palestinian hacktivist movement has launched a catastrophic cyberattack revealing the details of 31 million people, compromising their email addresses and screen names.

An account on X under the name SN_BlackMeta claimed responsibility for the attack on The Internet Archive, a nonprofit organization, and implied that further attacks were planned. The Internet Archive is known for its digital library and the Wayback Machine. SN_BlackMeta has previously been linked to an attack against a Middle Eastern financial institution earlier this year, and a security firm has linked it to a pro-Palestinian hacktivist movement.

Encrypted passwords were also exposed and although these are relatively safe, users have been advised to change their passwords. And one expert has told Newsweek people should avoid browsing or using any files obtained from the site until it has declared an “all clear.”

#world

threaded - newest

MediaBiasFactChecker@lemmy.world on 11 Oct 2024 12:35 next collapse
Newsweek - News Source Context (Click to view Full Report)

Information for Newsweek:
> MBFC: Right-Center - Credibility: High - Factual Reporting: Mostly Factual - United States of America
> Wikipedia about this source

Search topics on Ground.News

https://www.newsweek.com/catastrophic-internet-archive-hack-hits-31-million-people-1966866

Media Bias Fact Check | bot support

kescusay@lemmy.world on 11 Oct 2024 13:00 next collapse

Why the hell is anyone still storing actual passwords, even encrypted ones, in 2024? They should only be storing hashes and a salt that’s only retrievable on the backend.

Edit: I stand corrected. Newsweek is just doing its usual shit job of reporting. They should know better than calling hashed passwords “encrypted” passwords.

barsoap@lemm.ee on 11 Oct 2024 13:11 collapse

They aren’t, newsweek is calling it encryption because they’re writing for normies. The leaked data includes bcrypt’ed passwords, so hash and per-password salt. Their choice of hashing function is not what you want to criticise the IA for.

AmidFuror@fedia.io on 11 Oct 2024 14:52 next collapse

Downvoted for "normies" because it appears to be any person whose specialized knowledge set does not include cryptography.

barsoap@lemm.ee on 11 Oct 2024 15:09 next collapse

Every sys/devops and programmer will know what a hash is, salt at least the sys/devops.

The general population though will be thinking of hash browns when hearing those terms and “encrypted” is absolutely close enough. So close that insisting on the difference in a non-technical context is definitely pedantic.

thejml@lemm.ee on 11 Oct 2024 15:58 collapse

Damn, hash browns sound great right about now.

And as a DevOps engineer, I’m going to be hungry every time I deal with passwords and api keys now.

Ensign_Crab@lemmy.world on 11 Oct 2024 16:50 collapse

Everyone’s a normie in some field. “Normie” is context-dependent in all cases.

AmidFuror@fedia.io on 11 Oct 2024 21:40 collapse

That's my point. All news articles on technical and scientific topics are written for "normies," including likely the commenter for many disciplines. Seemed to be used derogatorily to me, but I'll concede I could have misinterpreted.

user224@lemmy.sdf.org on 11 Oct 2024 16:29 collapse

bcrypt, to save you time.

Anyway, I’d be curious to see that data. It also got my email that I only used for donations to IA. I wonder what data is associated with that email.
Not sure where to start searching for that data.

saltesc@lemmy.world on 11 Oct 2024 13:39 next collapse

I wouldn’t be claiming a hack on Internet Archive. It’s like boasting about setting fire to a library, almost literally.

FlyingSquid@lemmy.world on 11 Oct 2024 13:43 collapse

Not just any library, the fucking Library of Alexandria.

FlyingSquid@lemmy.world on 11 Oct 2024 13:43 next collapse

Mother fuckers.

small44@lemmy.world on 11 Oct 2024 14:10 next collapse

As a pro Palestinian I condemn this action but I won’t discredit the whole Palestinian support mouvement

TimeSquirrel@kbin.melroy.org on 11 Oct 2024 15:03 next collapse

So many things they could target that's related to the cause but they go for the fucking IA? Might as well burn down an orphanage. This is fucked up.

Cuttlefish1111@lemmy.world on 11 Oct 2024 18:11 collapse

It’s hard to find a sufficient reason for a Palestinian to have done this. Seems likely others players had a hand.

Milk_Sheikh@lemm.ee on 11 Oct 2024 15:37 next collapse

<img alt="" src="https://lemm.ee/pictrs/image/6db8ed5a-f6ba-4527-9618-4131d5998bc2.jpeg">

Yeahhhh this one seems fishy. Unlike the “Handala Hacks” group (seemingly 100% an Iranian state affair) who basically doxxed Israeli citizens and security industry heads, where’s the play in this?

  • No ransomware attempt, just DDoS and data grab
  • Email and handles compromised, not major info like bank details or SSNs
  • VERY publicly pro-Palestine/Palestinian, makes zero mention of occupation, apartheid, civilian suffering, etc
  • Tortured ‘link’ between a non-profit .org and the US:Israel alliance as justification

Psyops gonna psyop

Saleh@feddit.org on 11 Oct 2024 18:50 collapse

Yeah, seems to be about driving wedges in the progressive movements. IA is often used to access information and store proof of it. Especially when governments, newspapers etc. sneaky edit out statements that are incriminating, be it morally or quite often legally.

It is a tool heavily used by pro Palestinian and other progressive activists, with no reason to jeopardize it.

58008@lemmy.world on 11 Oct 2024 19:28 next collapse

This act is so profoundly counter to increasing pro-Palestinian sentiment that I have to wonder if it was the fuckin’ Mossad that did it.

stoly@lemmy.world on 11 Oct 2024 22:30 next collapse

False flag, no way that Palestinian supporters would do this. There’s simply no reason to. Someone else did for shits and giggles.

gencha@lemm.ee on 12 Oct 2024 10:55 collapse

Tech-savy teenagers can pull of a “cyber attack” on a nonprofit. It doesn’t have to be a smart choice. Sometimes people just want to relieve their anger, break some shit, and claim it for whatever floats their boat right now.

The evidence is absolute bullshit though. So I don’t believe it either.

[deleted] on 12 Oct 2024 04:59 next collapse
.
gencha@lemm.ee on 12 Oct 2024 10:50 next collapse

Thanks to a bit of anonymous text on the disinformation machine of a fascist US billionaire, we finally know what’s up. Thank God for this achievement in journalism.

Lumisal@lemmy.world on 12 Oct 2024 11:27 collapse

Yeah, it’s totally not Israel, the country known for being great at hacking and is attacking multiple middle eastern countries at the moment.