DW Weekly #183 – 25 October 2024
Over the past week, the Internet Archive has been caught in a series of cyberattacks that have disrupted its operations and raised alarming questions about the cybersecurity of its systems. What began two weeks ago as a temporary outage due to distributed denial-of-service (DDoS) attacks has evolved into a deeper breach, revealing the fragility of even the most widely respected online resources.
The first wave of attacks started with DDoS assaults, a tactic often used to flood a website with traffic, rendering it temporarily inaccessible. The pro-Palestinian hacktivist group BlackMeta claimed responsibility for these attacks, indicating a political motivation behind the disruptions. However, it quickly became evident that this was only the beginning of the Archive’s troubles. Soon after, the organisation suffered a JavaScript-based website defacement, followed by a more insidious data breach. The hackers’ persistence and varied attack methods suggest a sophisticated operation designed to probe multiple vulnerabilities within the Archive’s system.
As if these attacks were not damaging enough, 20 October brought another crisis. Internet Archive users and media outlets began receiving unauthorised emails, seemingly from the organisation. The emails included a stolen access token for the Archive’s Zendesk account, a platform for managing customer service requests. More concerningly, the message claimed that over 800,000 support tickets—dating back to 2018—had been compromised. The hackers alleged that the Internet Archive had failed to rotate API keys exposed in their GitLab secrets, leaving sensitive data vulnerable. Although the email was unauthorised, it had passed security checks, indicating it may have come from an authorised Zendesk server, adding a layer of complexity to the incident.
The source of the data breach appears to have been an exposed GitLab configuration file, which the hacker reportedly obtained from one of the Archive’s development servers. This file likely contained authentication tokens, granting access to the Archive’s source code and the Zendesk API. The theft of such information could allow bad actors to manipulate support tickets, create false narratives, or even gain unauthorised access to personal information.
In the wake of these attacks, security experts like Jake Moore of ESET have emphasised the importance of swift action. Moore advised that in the aftermath of such incidents, organisations must conduct thorough audits to identify and address vulnerabilities, as malicious actors often return to test newly implemented defences. The need for proactive security measures was further underlined by Ev Kontsevoy, CEO of Teleport, who pointed out the challenge of securing access relationships after an attack. Without immediate, comprehensive action, breaches like these can lead to further exploitation.
The silence from the Internet Archive and its founder, Brewster Kahle, has only fuelled speculation about the extent of the breach and the organisation’s next steps. Neither the Archive nor GitLab has publicly commented on the stolen access tokens or the implications of the compromised Zendesk account, leaving users and stakeholders in the dark about the potential risks. What is clear, however, is that the Internet Archive must bolster its defences and reconsider its approach to API key rotation and data protection.
News Corp sues AI firm Perplexity over copyright violations
Musk discusses XRP and crypto’s potential at Pittsburgh event
Speaking at a town hall in Pittsburgh, Elon Musk discussed the potential of cryptocurrency in protecting individual freedom, although he did not explicitly endorse XRP. He emphasised the importance of cryptocurrencies in resisting centralised control, a statement welcomed by XRP supporters amid Ripple’s ongoing legal issues with the SEC.
Marko and the Digital Watch team
Highlights from the week of 18-25 October 2024
Experts predict this growing institutional demand could push Bitcoin’s price beyond $100,000 by early 2025, despite anticipated short-term volatility.
The US Justice Department’s new rules could affect companies like TikTok, which may face penalties if they transfer sensitive data to foreign parent companies.
The tech war with China will intensify no matter the US election outcome.
Google argues allowing greater competition on its Play Store could harm the company and introduce security risks and is appealing the 9th US Circuit Court of Appeals decision.
Perplexity AI faces legal action over claims it bypasses traditional search engines, using copyrighted material to generate summaries and answers without permission from publishers.
While not directly endorsing XRP, he underscored the importance of digital currencies in resisting centralised control.
These agents, distinct from chatbots, can handle tasks such as client inquiries and sales lead identification with little human intervention.
The model’s exact version is still being determined, but it is part of xAI’s strategy to rival major AI players like OpenAI and Anthropic.
Other media entities, including Wired and Forbes, have similarly accused Perplexity of content scraping and plagiarism.
A judge has paused Google’s Play Store overhaul to allow more time for an appeal.
dig.watch
This summer, the UN finalised a draft of its first international convention against cybercrime, raising questions about how it will coexist with the long-standing Budapest Convention, and in this analysis,…
www.diplomacy.edu
The book “231 Shades of Diplomacy” catalogs an extensive array of diplomatic types, revealing a significant expansion in terminology, particularly in the digital age. While phrases like “cyber diplomacy” and “Facebook diplomacy” illustrate this evolution, the respect for diplomacy itself appears to be diminishing. Despite its growing prevalence in discourse, the concept of diplomacy often fails to receive the acknowledgment it deserves, overshadowed by military power and simplistic national narratives. The author advocates for a reevaluation of diplomacy’s role and the courage inherent in its practice, essential for fostering societal solutions and recognizing the importance of compromise.
www.diplomacy.edu
How can the UN ensure the impartiality of its AI platform? As the UN celebrates its 79th birthday on October 24, it faces many familiar and new challenges.
www.diplomacy.edu
What are the key steps in building chatbots for diplomacy and governance? Dr Anita Lamprecht writes about the essential tools to craft effective AI solutions tailored for diplomatic contexts.
