←back to thread

Internet Archive breached again through stolen access tokens

(www.bleepingcomputer.com)
493 points vladyslavfox | 5 comments | 20 Oct 24 15:00 UTC | HN request time: 0.896s | source
Show context
TheFreim ◴[20 Oct 24 15:24 UTC] No.41895901[source]
> "It's dispiriting to see that even after being made aware of the breach weeks ago, IA has still not done the due diligence of rotating many of the API keys that were exposed in their gitlab secrets," reads an email from the threat actor.

This is quite embarrassing. One of the first things you do when breached at this level is to rotate your keys. I seriously hope that they make some systemic changes, it seems that there were a variety of different bad security practices.

replies(5): >>41896145 #>>41896897 #>>41897646 #>>41897785 #>>41898493 #
ghostly_s ◴[20 Oct 24 17:15 UTC] No.41896897[source]
IA is in bad need of a leadership change. The content of the archive is immensely valuable (largely thanks to volunteers) but the decisions and priorities of the org have been far off base for years.
replies(5): >>41896940 #>>41897130 #>>41897333 #>>41898095 #>>41902975 #
fngjdflmdflg ◴[20 Oct 24 17:47 UTC] No.41897130[source]
Do you have any examples?
replies(2): >>41897247 #>>41897614 #
1. fngjdflmdflg ◴[20 Oct 24 18:16 UTC] No.41897339[source]
I don't believe IA itself takes down pages that kiwifarms archives/links to. Rather they get a request to take it down and comply with it (correct me if I'm wrong here). I think IA is actually in a tough spot on this issue because they might be able to be sued eg. for defamation if they don't take down pages with personal info after a request to do so is made. Lastly, I doubt any new leadership would be less harsh on kiwifarms.
replies(1): >>41897692 #
2. wkat4242 ◴[20 Oct 24 18:58 UTC] No.41897649[source]
That's something I completely support. There's a limit and that site crosses it.
3. dazhengca ◴[20 Oct 24 19:03 UTC] No.41897692[source]
There was no illegal content on kiwi farms. Even then, I’d say taking down a single page by request is understandable. However, they surrendered to the mob and chose to stop archiving the entire site. This was to censor any criticism of the people involved, but as a result, we lost all of the other information on the rest of the site as well. It’s clear this organization cannot handle pressure, and is relying on people treating it kindly.
replies(1): >>41898111 #
4. shkkmo ◴[20 Oct 24 20:05 UTC] No.41898111{3}[source]
They chose to stop serving archives of a site that had started explicitly using tham as a distribution mechanism to get around much a much broader attempt to censor them.

I'm curious what other information on that site you think was valuable to have available to the general public? Nothing has been lost in terms of historical data, it's only the immediate disemmination that has been slowed.

I'm really trying to understand why I should disagree with the IA's choice here. The IA is an archival service, not a distribution platform and it is not their job to help you distribute content that other people find objectionable. Their job is to make and keep an archive of internet content so that we don't lose the historical record. Blocking unrestricted public access to some of that content doesn't harm that mission and can even support it.

5. tylerchilds ◴[20 Oct 24 21:30 UTC] No.41898643[source]
the funny thing about the internet archive is that anyone else on this planet could do exactly what they are doing, but they consistently choose not to.

kiwifarms could spin up their own infrastructure, serve their own content for the world, but it turns out technology is a social problem more than a technical problem.

anyone that wants to stand up and be the digital backbone of “kiwi farms” can, but only the internet archive gets flack for not volunteering to be the literal kiwi farm.

for example, the pirate bay goes offline all the time, but it turns out the people that use it, care enough to keep it online themselves.