Email or username:

Password:

Forgot your password?
Christine Lemmer-Webber

Something looks suspicious about the IA attack, and I suspect the goal is to change sentiment about *something*, probably the Internet Archive, but it's not clear what, and it may be more than one thing. It seems like someone probably paid a hacking agency to do this, very possibly a publishing house upset about copyright claims, and I say that especially because:

- "See you on Have I Been Pwned", but really, this is one of the least dramatic things to end up on HIBP of all time: it's names and email addresses sure, but all the passwords are properly hashed and there isn't much else. So why gloat about it?
- There seems to be an attempt to lower public impression of IA in terms of talking about its tech "held up with sticks". It is old tech, so maybe, but why the focus on that?
- If you analyze the HN thread about it for comments in terms of when posted, there were a bunch of sockpuppet accounts created almost immediately after the post was made, seemingly to add comments: news.ycombinator.com/user?id=N news.ycombinator.com/user?id=h news.ycombinator.com/user?id=1 news.ycombinator.com/user?id=M
- An allegedly pro-palestinean militant hacking group is claiming responsibility, but their rationale doesn't make sense: they say it's because the IA is an American company, and the US is helping Israel. But why the IA *specifically*? This seems like a false flag operation either to draw attention away from the real perpetrators, or possibly to try to turn technically inclined people against pro-palestinean activists x.com/sn_darkmeta/status/18441

The IA *is* engaged with several fights with publishers and people who have beef on copyright grounds. It's entirely possible one of them hired a nation-state affiliated hacking group (of which there are quite a few) that had a side beef, or that group is trying to throw the public off its tracks, but regardless, sock puppets like this typically appear after a hacking attack when there's a paid organization.

Regardless, nobody else is keeping the internet's history alive, and yes, the IA has made some mistakes sometimes, but I stand behind them and wish their staff strength in dealing with this time.

40 comments
ResearchBuzz

@cwebber My personal guess: they're trying to destroy the credibility of the Wayback Machine.

AJ Sadauskas

@researchbuzz @cwebber Or they want something removed from/made inaccessible in the Wayback Machine.

Or just for the Wayback Machine to go away altogether.

That's my suspicion anyway...

ave 🐀

@ajsadauskas @Researchbuzz @cwebber Anyone can request a page to be removed from IA, especially ones' own domains, those can even be permanently excluded on request.

If one wants to discredit IA in court, one can argue that many "trusted" entities can upload WARCs and have them show up on IA. I don't think this is it either.

AJ Sadauskas

@ao @researchbuzz @cwebber You're assuming the content to be removed from IA is on one's own domains.

But what if it's content that was widely published on many domains?

Perhaps on websites like Reuters, the NY Times, CNN, The BBC, The Guardian, The Washington Post, etc?

This probably wouldn't cut it, without external pressure: "Hi IA, can you purge your archives of the websites of every major global news outlet? I believe they have reported factually correct information that I now find inconvenient..."

And that's just one example of how or why someone would want to make IA go away...

@ao @researchbuzz @cwebber You're assuming the content to be removed from IA is on one's own domains.

But what if it's content that was widely published on many domains?

Perhaps on websites like Reuters, the NY Times, CNN, The BBC, The Guardian, The Washington Post, etc?

This probably wouldn't cut it, without external pressure: "Hi IA, can you purge your archives of the websites of every major global news outlet? I believe they have reported factually correct information that I now find inconvenient..."

steev hise

@cwebber

1. I think it's another step in the general disinfo strategy of a lot of authoritarian/fascist actors worldwide these days, to just make the truth less easy to know, to cast doubt on everything, to make the world just generally confusing and crazymaking so it's easier to get away with doing evil shit.
2. "properly hashed" - the idea with publishing hashed passwords is that there are also tables of hashed passwords out there, of common words and phrases and variations etc etc, and so by looking up a hash on those tables you can often find someone's password, especially if the password is a dumb one. which a lot are.
3. On the subject of someone wanting to get rid of something in the archive - I think the hack is mostly a psyop kinda strategy - if the IA developers and ops people are at all competent, the exploit that allowed the hackers to get data from the database isn't going to also allow them to for example go in and edit or delete archived content. The systems are probably separated enough to make that unlikely. But, just by doing the hack, the idea would be to cast doubt that this *didn't happen*. To make IA less trustable in general. Which is a shame.

@ajsadauskas @researchbuzz

@cwebber

1. I think it's another step in the general disinfo strategy of a lot of authoritarian/fascist actors worldwide these days, to just make the truth less easy to know, to cast doubt on everything, to make the world just generally confusing and crazymaking so it's easier to get away with doing evil shit.
2. "properly hashed" - the idea with publishing hashed passwords is that there are also tables of hashed passwords out there, of common words and phrases and variations etc etc, and so by looking...

CassandraVert

@researchbuzz @cwebber
It's not hard to reason. All the info is free so there's nothing to steal. It's a nonprofit, so not worth ransoming. Why would anyone mess with them? Because they don't want an accurate record of history that everyone can see.

cuan_knaggs

@cwebber yeah. the narrative does seem to be fishier than the incident

Softwarewolf

@cwebber Who benefits the most from harming IA?

Publishers.

Bee O'Problem

@faoluin @cwebber and Public Relations. Can't memory-hole bad press if it's accessible on the Wayback Machine

Kevin Boyd

@faoluin @cwebber also: liars and politicians (but I repeat myself). People who fall apart under fact checking don't like it when someone has an accurate history of information.

jn

@cwebber even if we take the claims about infrastructure at face value, the solution would be funding the Internet Archive, not cancelling it

domi
@jn @cwebber they're one of the few places where the extra money *is* actually going into the right place, IMHO.

if i wasn't tight on money myself i'd consider increasing my monthly donation
Severák

@cwebber For me that pro-palestinian group sounded somewhat fishy because IA is not involved in this conflict.
But I think I have explanation for that - they simply wanted to get attention for whatever they are trying to do and IA is good for that because it's really big site which almost everyone involved in cybersecurity and stuff uses.

Charles U. Farley

@severak @cwebber If it were a pro-Palestinian group, the pop-up would have said something about Palestine. But it didn't.

Severák

@freakazoid @cwebber They posted some explanation on their Twitter account, but I cannot find it anymore and it was not clear as everything they have written.
It's weird group/account with suspicious ideological background - x.com/Sn_darkmeta

Charles U. Farley

@severak This reads like someone suffering from mental health problems to me, especially their nonsense about The Internet Archive. It is the kind of inappropriate pattern matching I've observed with schizophrenia and the damage caused by using meth. In particular, I think this person has pattern-matched The Internet Archive with Total Information Awareness, possibly without realizing it consciously.

x.com/Sn_darkmeta/status/18455

@cwebber

Charles U. Farley

@severak Oh, apparently there actually IS a very close connection between IA and Amazon Alexa, in that IA essentially split off from Alexa Internet after Amazon acquired the latter and took it in a completely different direction. Doesn't seem like a reason to think IA is somehow involved in surveillance, though.

@cwebber

Schrödinger's Catgirl (Joyce)

@cwebber

This is just pure speculation on my part, but I suspect is that the true purpose of the attacks is to cripple online libraries, using Israel an excuse to stir hate and cause division in the left.

But why? What happens when you can post something online and then revise what you say some time later without any record that it was changed, or digital records, books, information etc gets taken down esp. in places where physical libraries become criminalized or dangerous to run?

Francis 🏴‍☠️ Gulotta

@cwebber this seems entirely plausible and that feels crazy

nota 🦈✨

@cwebber the most likely culprit is one of the many cybercrime-for-hire sites. Most likely for advertising, as these types of businesses often attack highly visible sites for free publicity, generally with very dubious justifications just like this. But it's equally plausible that someone bored just had a few hundred dollars burning a hole in their pocket. This sort of thing really isn't that expensive or hard to run and well within the capabilities of a run of the mill cybercrime shop.

ave 🐀

@nota but they didn't state who they are, how would it be advertising?

Rage Rumbles 🏴‍☠️ 🏳️‍🌈 🔞

@cwebber The IA is no one worth attacking. The pro-Palestinian ID is obvious nonsense and suggests someone who has no sympathy for such a cause. Far many more corps and orgs signify America than the IA. It all smacks of someone with a beef who is probably not very nice in general.

Mandrake 🐎

@cwebber It's all to undermine trust in the IA so that the proles stay good little consumers who pay monthly subscription fees for the privilege of accessing the latest product while forgetting all about the existence of vintage media and the old ways

ave 🐀

@cwebber I don't see it.

IA has insecure tech, not just old tech. I've reported a vuln about them revealing user emails in the past and they did nothing about it.

Many people create HN accounts to comment, this isn't necessarily suspicious.

The pro-palestinian group provided zero proof that they're behind this.

Christine Lemmer-Webber

@ao I've never seen nearly a dozen created-within-moments with weird username accounts show up on an HN piece immediately after it's posted before. @dthompson is the one who pointed out they looked like sock puppets, and I think he's right

ave 🐀

@cwebber @dthompson oh I missed the almost immediately after part. That is suspicious for sure, nevermind then. I do think the pro-palestine one for sure is unrelated people claiming credit tho.

Christine Lemmer-Webber

@ao @dthompson I think it's definitely possible that the "pro-palestinean" group is unrelated people, and even more so that they aren't pro-palestine at all

prom™️

@cwebber As I've repeated elsewhere, three categories make sense to me in this scenario:

a) Attention-seeking / sheer bloody-mindedness.
b) General disruptive effect.
c) Specific disruptive effect.

It might just be someone, trying to make the west feel insecure?

There are several actors who want that, so I'm not pointing.

James Gleick

@cwebber @ricmac Wait, seriously? You’re promulgating a theory that a BOOK PUBLISHER hired a hacking group to attack Internet Archive? That is genuinely nutty. I think you should both know better.

1. They wouldn’t know how.
2. The attack was certain to create a wave of sympathy and support for the victim (and rightly so).
3. Publishers did have a narrow grievance with one of the least important IA programs. But they solved that via the legal system.

Richard MacManus

@gleick @cwebber Well, I have no idea who this nutcase group on X is, I just thought Christine's theory was interesting and worth Re-tooting. I do agree that the Palestine stance this group is spouting seems off, and so the real reason they're hacking IA is probably not that.

Bill Hooker

@gleick @cwebber @ricmac

Less than four hours from a speculative post about a deeply weird thing to the Mansplainer Who Knows Better.

Hardly a record but still annoying.

Peter H. Fröhlich

@gleick Big name? Peddles the usual "you're all nutcases" line? Uses big words like "grievance" and "legal system"? There can only be one! James "Motherfucking" Gleick, international know-it-all of destiny. 🤮

James Endres Howell

@cwebber I'm old enough to remember 9/11: the first 20, 30 media-chaotic minutes after the second plane hit, before the narrative settled on Bin Laden, there was all kinda loose talk about the Popular Front for the Liberation of Palestine, which I would have really enjoyed that laugh if I wasn't watching burning people jumping outta buildings

James Endres Howell

@cwebber I'm also old enough to remember after a bunch of right-wing white men blew up the Federal Building in Oklahoma City, all the pundits for DAYS looked right into the cameras tawmbout OBVIOUSLY ALL THE HALLMARKS OF MIDDLE EASTERN MUSLIM TERROR ERMAGHERD

James Endres Howell

@cwebber So yeah a voice on a telephone call to an AP bureau ZIONIST SWINE! LISSEN MY AKSENT! WE DO GLORIOUS TELLALISM GLORIOUS ALLAH! DESS TO MELLIKAH! well it has a slight aroma of bullshitulousness

Fifi Lamoura

@cwebber I share your impressions about all this.

james is here

@cwebber It's definitely been targeted.

Just on Youtube, searching "internet archive" produced a bunch of videos by no-name accounts in the last few hours running the "sticks and stones" talking point.

But the second-order effect is speculation about who did the hack, not thinking worse of IA. If it were the industry it's just bad propaganda, if it were a nation-state acting on their own, the disruption is probably desirable.

Jackie (aka Queen Antifa) 🌹:debian_logo:​:linux:

@cwebber plot twist: a right wing Israeli extremist organization did it as a way to reduce the accessibility of information and turn opinion against pro Palestinian people.

Moto :rainbowinfinity:

@burnoutqueen @cwebber Mmmmm, foggiest fog that’s not named Karl: the Fog of Infowar

Go Up