Who Hacked The Internet Archive?

In a dramatic cyber event, the Internet Archive was temporarily taken offline on October 9, 2024, after a series of coordinated attacks by a hacker group calling themselves SN_BlackMeta (who also goes by the alias “SN_DarkMeta”). These attacks, including DDoS assaults and a breach of user information, exposed sensitive data from over 31 million accounts, forcing the popular digital archive to shift into a provisional, read-only mode. But who exactly is SN_BlackMeta, and what does this attack reveal about the growing sophistication of cybercriminals targeting major online platforms?

Who is SN_BlackMeta?

SN_BlackMeta is a relatively new player in the cybercrime world, reportedly emerging in 2023. The group runs a private Telegram group and has quickly gained notoriety for targeting major institutions, particularly those involved in the public dissemination of knowledge and information. Their focus on high-profile sites, like the Internet Archive, signals a troubling trend toward ideological cyberattacks aimed at disrupting access to free information.

Their attacks have drawn parallels to similar hacktivist groups that target institutions for perceived violations of internet neutrality or data privacy. However, unlike previous groups that advocated for causes, SN_BlackMeta’s motives appear more nebulous. The group’s communications during previous breaches have been sparse, offering no clear manifesto or goals. This has led experts to speculate whether the group’s attacks are driven by personal motivations, financial incentives, or an attempt to build a reputation in the cybercriminal underworld.

The Attack: What Happened?

The attack on the Internet Archive began with a Distributed Denial of Service (DDoS) campaign, which flooded the site with an overwhelming amount of traffic, rendering it inaccessible to users. Simultaneously, SN_BlackMeta exploited a vulnerability in the Archive’s JavaScript library, allowing them to deface parts of the website. But the damage didn’t stop there. It was soon discovered that they had accessed a database containing millions of usernames, email addresses, and encrypted passwords.

This breach was confirmed by cybersecurity expert Troy Hunt, founder of Have I Been Pwned, who reported that over 31 million unique email addresses had been compromised in the attack. The group allegedly left a message on the website reading: “See 31 million of you on HIBP!”

Though the passwords were encrypted, the breach raises serious concerns about the potential for further attacks if this information is sold or used to target other platforms.

Internet Archive’s Response

In response to the breach, Brewster Kahle, founder of the Internet Archive, quickly took the site offline, allowing his team to scrub the systems, remove the vulnerable JavaScript library, and reinforce the Archive's defenses. After several days of intensive work, the site returned on October 14 in a limited, read-only mode.

During this period, users can still access archived content, such as the Wayback Machine, but features like "Save Page Now" remain disabled to prevent further exploitation. Kahle acknowledged that the site may need to go offline again for additional security enhancements as the team continues its investigation.

Kahle has been transparent throughout the process, providing regular updates on Twitter, asking users to "be gentle" with the site during this critical period. Despite the Archive being operational again, the full recovery is ongoing, and users are being urged to take precautions, including changing passwords and monitoring their accounts for any suspicious activity.

A Wake-Up Call for Cybersecurity

The attack on the Internet Archive is the latest in a series of high-profile cyberattacks in 2024, underscoring the evolving nature of cybersecurity threats. While SN_BlackMeta is a new player, their ability to disrupt a widely used and trusted resource like the Internet Archive demonstrates the power that even emerging hacker groups can wield.

For organizations that handle large amounts of public data, the incident serves as a cautionary tale. Even well-established institutions must continually reassess their cybersecurity strategies to protect against both traditional attacks like DDoS and more sophisticated breaches that target system vulnerabilities.

The Road Ahead for the Internet Archive

As the Archive team works to restore full functionality, the question remains: How will the Internet Archive and other similar institutions adapt to the increasing threats posed by groups like SN_BlackMeta? The attack has already prompted discussions about additional measures, such as multi-layered authentication and further hardening of backend infrastructure.

The wider internet community, too, must consider how to safeguard the digital history and resources that the Internet Archive preserves. If services like these can be crippled, the ability to access open information, historical web content, and digital records—key to the integrity of the modern web—could face existential threats.