Send Link mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.anu.edu.au/mailman/listinfo/link
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Link digest..."
Today's Topics:
1. New AI training and guidance for APS now available
(Tom Worthington)
2. 'Catastrophic' Internet Archive Attack (Stephen Loosley)
3. Re: 'Catastrophic' Internet Archive Attack (Roger Clarke)
----------------------------------------------------------------------
Message: 1
Date: Fri, 11 Oct 2024 16:50:49 +1100
From: Tom Worthington <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [LINK] New AI training and guidance for APS now available
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
-------- Forwarded Message --------
Subject: New AI training and guidance for APS now available
Date: Fri, 11 Oct 2024 00:59:51 +0000
From: Digital Transformation Agency <[email protected]>
New AI training and guidance for APS now available As adoption of AI
grows across the APS, it?s crucial to ensure staff are equipped with the
necessary skills to safely engage.
View this email in your browser
<https://mailchi.mp/7835fd619c0f/new-ai-training-and-guidance-for-aps-now-available?e=579ef4b253>
AI policy guidance and training: Rounding out a responsible approach
for AI adoption
The DTA has released two new resources
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=48a2bafe72&e=579ef4b253>,
emphasising the importance of AI training for the APS to ensure safe and
confident use of AI tools.
Our AI policy guidance on staff training
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=a8579b5710&e=579ef4b253>
recommends completing fundamentals training within 6 months of an AI
policy being implemented. Agencies should also develop role-specific
specialist training, covering AI procurement, development, training, and
deployment.
To assist with this implementation, we have also released a fundamentals
training module
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=bc7abea57c&e=579ef4b253>
to deliver staff a basic understanding of:
* the applications and risks of AI
* applying relevant advice
* when it's suitable to use generative AI
* developing sound judgement with AI.
Read the full blog: *AI policy guidance and training: Rounding out a
responsible approach for AI adoption*
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=55a2367f46&e=579ef4b253>.
AI policy guidance and training
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=fa6440f789&e=579ef4b253>
Recent AI news
We released the Policy for the responsible use of AI in government, an
important step to achieve this goal while building public trust.
Read more here
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=996e129a63&e=579ef4b253>.
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=c7307d1c16&e=579ef4b253>
To help agencies comply with the Policy, we published a standard for
accountable officials and another for AI transparency statements.
Read more here
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=31e2af21be&e=579ef4b253>.
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=512cd184fe&e=579ef4b253>
See our latest news and blogs
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=0cd8d24d46&e=579ef4b253>.
LinkedIn
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=c915ec51ab&e=579ef4b253>
Website
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=2c43696de2&e=579ef4b253>
If you have ideas or suggestions for News from DTA, please email
[email protected] <mailto:[email protected]>
/Copyright ? Digital Transformation Agency 2024, All rights reserved./
You have received this email because you subscribed to /News from DTA/.
You can update your preferences
<https://dta.us12.list-manage.com/profile?u=81bbb1d15242b2224ee11e3fe&id=427c57f270&e=579ef4b253&c=8a1d03ec5e>
or unsubscribe from this list
<https://dta.us12.list-manage.com/unsubscribe?u=81bbb1d15242b2224ee11e3fe&id=427c57f270&t=b&e=579ef4b253&c=8a1d03ec5e>.
LinkedIn
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=5bc2763071&e=579ef4b253>
Twitter
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=dfd24b1df5&e=579ef4b253>
Website
<https://dta.us12.list-manage.com/track/click?u=81bbb1d15242b2224ee11e3fe&id=4550f61bd3&e=579ef4b253>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL:
<https://mailman.anu.edu.au/pipermail/link/attachments/20241011/58e619e2/attachment-0001.sig>
------------------------------
Message: 2
Date: Fri, 11 Oct 2024 17:30:41 +1030
From: Stephen Loosley <[email protected]>
To: "link" <[email protected]>
Subject: [LINK] 'Catastrophic' Internet Archive Attack
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Hackers Claim 'Catastrophic' Internet Archive Attack
By Marie Boran Technology Reporter Oct 10, 2024
https://www.newsweek.com/catastrophic-internet-archive-hack-hits-31-million-people-1966866
A group linked to a pro-Palestinian hacktivist movement has launched a
catastrophic cyberattack revealing the details of 31 million people,
compromising their email addresses and screen names.
An account on X under the name SN_BlackMeta claimed responsibility for the
attack on The Internet Archive, a nonprofit organization, and implied that
further attacks were planned.
The Internet Archive is known for its digital library and the Wayback Machine.
SN_BlackMeta has previously been linked to an attack against a Middle Eastern
financial institution earlier this year, and a security firm has linked it to a
pro-Palestinian hacktivist movement.
Encrypted passwords were also exposed and although these are relatively safe,
users have been advised to change their passwords. And one expert has told
Newsweek people should avoid browsing or using any files obtained from the site
until it has declared an "all clear."
This breach was accompanied by a series of Distributed Denial-of-Service (DDoS)
attacks that temporarily took down the organization website, archive.org, on
Wednesday and is continuing to affect the website currently. Wayback Machine is
also inaccessible right now.
A popup warning of a computer hack.
[Photo caption: A pop-up warns of a system hack. The Internet Archive, the
nonprofit that runs the Wayback Machine, suffered from a catastrophic hack
exposing the details of 31 million users. solarseven/Getty Images]
Brewster Kahle, founder and digital librarian of the Internet Archive,
confirmed the breach and acknowledged the ongoing DDoS attacks.
In a post on X (formerly Twitter), Kahle stated: "What we know: DDOS
attack?fended off for now; defacement of our website via JS library; breach of
usernames/email/salted-encrypted passwords. What we've done: Disabled the JS
library, scrubbing systems, upgrading security. Will share more as we know it."
Newsweek reached out to Brewster Kahle via DM on X for further comment.
The Internet Archive digital library was founded in 1996 with the mission of
providing "universal access to all knowledge." It preserves billions of
webpages, texts, audio recordings, videos, and software applications.
Its most used service is the Wayback Machine, a tool that allows users to
browse archived versions of websites as they appeared at different points in
history, with snapshots of webpages dating back to the early days of the
internet.
Read more Hack
Mike Pence Backs TikTok Lawsuit?'Digital Fentanyl'
Google Hits Back Over Proposal to Break It Up
Bitcoin's Mystery Creator? Peter Todd Reacts to HBO Reveal
Will Trump or Kamala Harris Win Key Swing States: We Asked ChatGPT, Grok
On October 9, visitors to the Internet Archive's website were met with a pop-up
message indicating that the site had been hacked. The message read: "Have you
ever felt like the Internet Archive runs on sticks and is constantly on the
verge of suffering a catastrophic security breach? It just happened. See 31
million of you on HIBP!"
The reference to HIBP points to Have I Been Pwned?, a widely-used service that
allows individuals to check if their personal data has been compromised in
known data breaches.
Troy Hunt, founder of HIBP, confirmed to Bleeping Computer that he had received
a database containing email addresses, screen names, bcrypt-hashed passwords,
and other internal data for 31 million unique email addresses associated with
the Internet Archive.
Hunt took to X to address the situation, confirming his communication with the
Internet Archive regarding the breach. He wrote: "I've been in communication
with the Internet Archive over the last few days re the data breach, didn't
know the site was defaced until people started flagging it with me just now.
More soon."
Hunt also mentioned that 54 percent of the compromised email addresses were
already present in the HIBP database from previous breaches.
In the eight hours since Kahle's post, Archive.org appears to be unavailable
once again.
"Based on publicly available evidence, the site has been thoroughly
compromised. Their database has been exfiltrated, indicating that the back-end
infrastructure was accessible, and their pages have been defaced, suggesting
that the attackers have some degree of control over the web content served to
users," Jason Meller, VP of Product at 1Password, told Newsweek.
"The website has also been repeatedly knocked offline, indicating that the
attackers have gained dominance at the network layer. This is undoubtedly a
difficult and challenging time for the Archive, a resource many of us rely on,"
he added.
"Given the severity of this breach and until they have had time to fully
investigate, my strong recommendation is to avoid browsing or using any files
obtained from the site until they have declared an 'all clear'," said Meller.
Involvement of Hacker Group SN_BlackMeta
SN_BlackMeta, who claimed responsibility for the attack, has previously been
linked to other cyberattacks, including a record-breaking DDoS attack against a
Middle Eastern financial institution earlier this year.
The hacktivist group, who emerged in November 2023 and previously targeted the
Internet Archive with a DDoS attack in May 2024, battered the Middle Eastern
financial institute for six days with attacks using a new DDoS-for-hire service
called InfraShutdown.
Cybersecurity firm Radware connected SN_BlackMeta to a pro-Palestinian
hacktivist movement that utilizes DDoS-for-hire services like InfraShutdown.
In posts on X from October 9, SN_BlackMeta stated: "The Internet archive has
and is suffering from a devastating attack. We have been launching several
highly successful attacks for five long hours and, to this moment, all their
systems are completely down."
The account added, " "second round | New attack. 09/10/2024 Duration 6 hours,"
linking to a series of status reports on check-host.net, showing multiple
connection timeouts for the Internet Archive.
A community note attached to this post on X read: "Readers added context they
thought people might want to know. This group claims they took down the
Internet Archive because it "belongs to the USA ... who support Israel" which
is not true. The Archive is not U.S. government, it is a nonprofit that
includes many resources about Palestine, which we can't now access because of
this attack."
"Sophisticated DDoS attacks, like the one just suffered by The Internet
Archive, are often politically motivated," Meller said.
Although SN_BlackMeta has openly claimed responsibility for the latest Internet
Archive DDoS attack, Meller says: "While SN_BlackMeta has implied involvement
in the data breach that occurred more than a week earlier, it's currently
unclear if they were actually responsible for that attack or the website
defacement which occurred on the same date as the DDoS attack."
Newsweek reached out to SN_BlackMeta via X for comment.
Details of the Internet Archive Data Breach
Internet Archive users subscribed to Have I Been Pwned were made aware of the
data breach late on Wednesday evening when they received an email titled
'You're one of 31,081,179 people pwned in the Internet Archive data breach'.
In the email, they were told that "In September 2024, the digital library of
internet sites Internet Archive suffered a data breach that exposed 31M
records. The breach exposed user records including email addresses, screen
names and bcrypt password hashes."
The compromised data appears to have been obtained through the exploitation of
a JavaScript library used by the Internet Archive, which allowed the attacker
to deface the website and display the pop-up message.
The database, a 6.4GB SQL file named "ia_users.sql," contains records up to
September 28, 2024, suggesting the breach occurred around that time.
Cybersecurity researcher Scott Helme confirmed the validity of the data after
matching his own account information with the details in the leaked database.
Helme noted that the bcrypt-hashed password in the data matched the hashed
password stored in his password manager, and the time-stamps aligned with his
records.
Bcrypt-hashed passwords are passwords converted into a secure, scrambled format
using the bcrypt algorithm. This method makes it extremely difficult for anyone
who obtains the hashed passwords to determine what the original passwords were,
thereby keeping your actual password safer.
What This Means for Internet Archive Users
The breach is a significant concern for users who have registered accounts with
the Internet Archive. Exposed information includes email addresses, screen
names, and bcrypt-hashed passwords.
While bcrypt is a strong hashing algorithm, users are advised to change their
passwords as a precautionary measure, especially if they use the same password
on other sites.
As a result of the DDoS attacks, the Internet Archive's website is experiencing
significant downtime, with services being temporarily offline. The organization
directed users to its social media accounts for updates during the outage.
The Internet Archive has been the target of cyberattacks in the past. In May,
the same group claimed responsibility for DDoS attacks aimed at disrupting the
Archive's services. Jason Scott, an archivist and software curator at the
Internet Archive, commented on the attacks, noting that they appeared to be
conducted "just because they can."
pdate on 10/10/2024 at 11:01 a.m.: This story has been updated to include
expert comment from Jason Meller, VP of Product at 1Password.
--
------------------------------
Message: 3
Date: Fri, 11 Oct 2024 19:29:59 +1100
From: Roger Clarke <[email protected]>
To: [email protected]
Subject: Re: [LINK] 'Catastrophic' Internet Archive Attack
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
> Hackers Claim 'Catastrophic' Internet Archive Attack
> By Marie Boran Technology Reporter Oct 10, 2024
>
https://www.newsweek.com/catastrophic-internet-archive-hack-hits-31-million-people-1966866
...
> In a post on X (formerly Twitter), Kahle stated: "What we know: DDOS
attack?fended off for now; defacement of our website via JS library;
breach of usernames/email/salted-encrypted passwords. What we've done:
Disabled the JS library, scrubbing systems, upgrading security. Will
share more as we know it."
My first reaction was 'Catastrophic'?
A quote from social media maybe? Or Donald Trump? (Same thing).
Ah, a quote from the hacker.
This event is a fair test of whether one respects the mainstream norm of
'Use one password for lots of sites that demand one, but that want the
password to protect their interests rather than yours' (:-)}
____________________________
On 11/10/2024 18:00, Stephen Loosley wrote:
> Hackers Claim 'Catastrophic' Internet Archive Attack
>
> By Marie Boran Technology Reporter Oct 10, 2024
> https://www.newsweek.com/catastrophic-internet-archive-hack-hits-31-million-people-1966866
>
>
> A group linked to a pro-Palestinian hacktivist movement has launched a
> catastrophic cyberattack revealing the details of 31 million people,
> compromising their email addresses and screen names.
>
> An account on X under the name SN_BlackMeta claimed responsibility for the
> attack on The Internet Archive, a nonprofit organization, and implied that
> further attacks were planned.
>
> The Internet Archive is known for its digital library and the Wayback
> Machine. SN_BlackMeta has previously been linked to an attack against a
> Middle Eastern financial institution earlier this year, and a security firm
> has linked it to a pro-Palestinian hacktivist movement.
>
> Encrypted passwords were also exposed and although these are relatively safe,
> users have been advised to change their passwords. And one expert has told
> Newsweek people should avoid browsing or using any files obtained from the
> site until it has declared an "all clear."
>
> This breach was accompanied by a series of Distributed Denial-of-Service
> (DDoS) attacks that temporarily took down the organization website,
> archive.org, on Wednesday and is continuing to affect the website currently.
> Wayback Machine is also inaccessible right now.
>
> A popup warning of a computer hack.
>
> [Photo caption: A pop-up warns of a system hack. The Internet Archive, the
> nonprofit that runs the Wayback Machine, suffered from a catastrophic hack
> exposing the details of 31 million users. solarseven/Getty Images]
>
> Brewster Kahle, founder and digital librarian of the Internet Archive,
> confirmed the breach and acknowledged the ongoing DDoS attacks.
>
> In a post on X (formerly Twitter), Kahle stated: "What we know: DDOS
> attack?fended off for now; defacement of our website via JS library; breach
> of usernames/email/salted-encrypted passwords. What we've done: Disabled the
> JS library, scrubbing systems, upgrading security. Will share more as we know
> it."
>
>
> Newsweek reached out to Brewster Kahle via DM on X for further comment.
>
> The Internet Archive digital library was founded in 1996 with the mission of
> providing "universal access to all knowledge." It preserves billions of
> webpages, texts, audio recordings, videos, and software applications.
>
> Its most used service is the Wayback Machine, a tool that allows users to
> browse archived versions of websites as they appeared at different points in
> history, with snapshots of webpages dating back to the early days of the
> internet.
>
> Read more Hack
>
> Mike Pence Backs TikTok Lawsuit?'Digital Fentanyl'
> Google Hits Back Over Proposal to Break It Up
> Bitcoin's Mystery Creator? Peter Todd Reacts to HBO Reveal
> Will Trump or Kamala Harris Win Key Swing States: We Asked ChatGPT, Grok
>
>
> On October 9, visitors to the Internet Archive's website were met with a
> pop-up message indicating that the site had been hacked. The message read:
> "Have you ever felt like the Internet Archive runs on sticks and is
> constantly on the verge of suffering a catastrophic security breach? It just
> happened. See 31 million of you on HIBP!"
>
> The reference to HIBP points to Have I Been Pwned?, a widely-used service
> that allows individuals to check if their personal data has been compromised
> in known data breaches.
>
> Troy Hunt, founder of HIBP, confirmed to Bleeping Computer that he had
> received a database containing email addresses, screen names, bcrypt-hashed
> passwords, and other internal data for 31 million unique email addresses
> associated with the Internet Archive.
>
>
> Hunt took to X to address the situation, confirming his communication with
> the Internet Archive regarding the breach. He wrote: "I've been in
> communication with the Internet Archive over the last few days re the data
> breach, didn't know the site was defaced until people started flagging it
> with me just now. More soon."
>
> Hunt also mentioned that 54 percent of the compromised email addresses were
> already present in the HIBP database from previous breaches.
>
> In the eight hours since Kahle's post, Archive.org appears to be unavailable
> once again.
>
> "Based on publicly available evidence, the site has been thoroughly
> compromised. Their database has been exfiltrated, indicating that the
> back-end infrastructure was accessible, and their pages have been defaced,
> suggesting that the attackers have some degree of control over the web
> content served to users," Jason Meller, VP of Product at 1Password, told
> Newsweek.
>
> "The website has also been repeatedly knocked offline, indicating that the
> attackers have gained dominance at the network layer. This is undoubtedly a
> difficult and challenging time for the Archive, a resource many of us rely
> on," he added.
>
> "Given the severity of this breach and until they have had time to fully
> investigate, my strong recommendation is to avoid browsing or using any files
> obtained from the site until they have declared an 'all clear'," said Meller.
>
> Involvement of Hacker Group SN_BlackMeta
>
> SN_BlackMeta, who claimed responsibility for the attack, has previously been
> linked to other cyberattacks, including a record-breaking DDoS attack against
> a Middle Eastern financial institution earlier this year.
>
> The hacktivist group, who emerged in November 2023 and previously targeted
> the Internet Archive with a DDoS attack in May 2024, battered the Middle
> Eastern financial institute for six days with attacks using a new
> DDoS-for-hire service called InfraShutdown.
>
> Cybersecurity firm Radware connected SN_BlackMeta to a pro-Palestinian
> hacktivist movement that utilizes DDoS-for-hire services like InfraShutdown.
>
> In posts on X from October 9, SN_BlackMeta stated: "The Internet archive has
> and is suffering from a devastating attack. We have been launching several
> highly successful attacks for five long hours and, to this moment, all their
> systems are completely down."
>
>
> The account added, " "second round | New attack. 09/10/2024 Duration 6
> hours," linking to a series of status reports on check-host.net, showing
> multiple connection timeouts for the Internet Archive.
>
> A community note attached to this post on X read: "Readers added context they
> thought people might want to know. This group claims they took down the
> Internet Archive because it "belongs to the USA ... who support Israel" which
> is not true. The Archive is not U.S. government, it is a nonprofit that
> includes many resources about Palestine, which we can't now access because of
> this attack."
>
> "Sophisticated DDoS attacks, like the one just suffered by The Internet
> Archive, are often politically motivated," Meller said.
>
> Although SN_BlackMeta has openly claimed responsibility for the latest
> Internet Archive DDoS attack, Meller says: "While SN_BlackMeta has implied
> involvement in the data breach that occurred more than a week earlier, it's
> currently unclear if they were actually responsible for that attack or the
> website defacement which occurred on the same date as the DDoS attack."
>
>
> Newsweek reached out to SN_BlackMeta via X for comment.
>
> Details of the Internet Archive Data Breach
>
> Internet Archive users subscribed to Have I Been Pwned were made aware of the
> data breach late on Wednesday evening when they received an email titled
> 'You're one of 31,081,179 people pwned in the Internet Archive data breach'.
>
> In the email, they were told that "In September 2024, the digital library of
> internet sites Internet Archive suffered a data breach that exposed 31M
> records. The breach exposed user records including email addresses, screen
> names and bcrypt password hashes."
>
>
> The compromised data appears to have been obtained through the exploitation
> of a JavaScript library used by the Internet Archive, which allowed the
> attacker to deface the website and display the pop-up message.
>
> The database, a 6.4GB SQL file named "ia_users.sql," contains records up to
> September 28, 2024, suggesting the breach occurred around that time.
>
> Cybersecurity researcher Scott Helme confirmed the validity of the data after
> matching his own account information with the details in the leaked database.
> Helme noted that the bcrypt-hashed password in the data matched the hashed
> password stored in his password manager, and the time-stamps aligned with his
> records.
>
> Bcrypt-hashed passwords are passwords converted into a secure, scrambled
> format using the bcrypt algorithm. This method makes it extremely difficult
> for anyone who obtains the hashed passwords to determine what the original
> passwords were, thereby keeping your actual password safer.
>
>
> What This Means for Internet Archive Users
>
> The breach is a significant concern for users who have registered accounts
> with the Internet Archive. Exposed information includes email addresses,
> screen names, and bcrypt-hashed passwords.
>
> While bcrypt is a strong hashing algorithm, users are advised to change their
> passwords as a precautionary measure, especially if they use the same
> password on other sites.
>
> As a result of the DDoS attacks, the Internet Archive's website is
> experiencing significant downtime, with services being temporarily offline.
> The organization directed users to its social media accounts for updates
> during the outage.
>
>
> The Internet Archive has been the target of cyberattacks in the past. In May,
> the same group claimed responsibility for DDoS attacks aimed at disrupting
> the Archive's services. Jason Scott, an archivist and software curator at the
> Internet Archive, commented on the attacks, noting that they appeared to be
> conducted "just because they can."
>
>
> pdate on 10/10/2024 at 11:01 a.m.: This story has been updated to include
> expert comment from Jason Meller, VP of Product at 1Password.
>
> --
>
> _______________________________________________
> Link mailing list
> [email protected]
> https://mailman.anu.edu.au/mailman/listinfo/link
--
Roger Clarke mailto:[email protected]
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professorial Fellow UNSW Law & Justice
Visiting Professor in Computer Science Australian National University
------------------------------
Subject: Digest Footer
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
------------------------------
End of Link Digest, Vol 383, Issue 15
*************************************
