British Library Still Attempting to Recover from Massive Cyberattack
- by Michael Stillman
The British library is still struggling to find its way out of the massive disruptions created by a cyberattack that occurred on October 7. The attackers grabbed an enormous amount of data from the library, some of it very private, shut down their website, shut down access to much of their information through encryption or deletion, and demanded a high ransom to restore that access. The hackers demanded 20 bitcoins, worth over $800,000, and gave the library seven days to comply. When the library did not comply, all hell broke loose. On top of the effect on the library, the hackers put the data up on the dark web for sale or viewing. That includes personal information about some of the library patrons.
The British Library explained the situation in a post on their website December 15 under the heading “Knowledge under attack,” as follows:
“On the last weekend of October, the British Library became the victim of a major cyberattack, the impact of which continues to be felt by our staff, our partners and our millions of users.
“This was a ransomware attack, by a criminal group known for such activity, and its effects were deep and extensive. Our online systems and services were massively disrupted, our website went down, and we initially lost access to even basic communication tools such as email.
“We took immediate action to isolate and protect our network but significant damage was already done: having breached our systems, the attackers had destroyed their route of entry and much else besides, encrypting or deleting parts of our IT estate. They also copied a significant chunk of our data, which they attempted to auction online and, a month later, released most of it onto their site on the dark web.
“The Library itself remains a crime scene, with a forensic investigation of our disrupted network still ongoing. In parallel, our teams are examining and analysing the almost 600 gigabytes of leaked material that the attackers dumped online – difficult and complex work that is likely to take months.”
They went on to point out that collections could not be accessed in their reading rooms, putting on hold what they described as “one of our core responsibilities as a national library - the free access to our collection.” They added that despite the limitations, “we have been able to keep our physical sites open to the public throughout... Most fundamentally, we have continued to care for our precious physical collection, and can confirm that the vast datasets held in our Digital Library System, including the digital legal deposit content that it is our statutory duty to collect and preserve, are intact and safe from harm.”
In November, the files were put up on the dark web by an organization using the name “Rhysida.” For those unfamiliar with the word, Rhysida is a species of centipede. They use the creepy creature in their logo. As with other groups that use cyberattacks to extort their victims to pay ransom, not much is known about them, or who the participants are. They have initiated several other attacks in the past and their top target has been educational services. While their location is unknown, there are some inferences that might be drawn from their previous targets. Those targets have been in western Europe, North and South America, and Australia. Among those countries spared are Russia, former members of the Soviet Union, Eastern Europe, and the central Asian countries part of the Russian-oriented Commonwealth of Independent States. The nations spared are ones Russia would be unlikely to want to offend, and Russian hackers are a well-known phenomenon. It is hard to imagine that such an operation would be allowed to exist, or dare to exist, in a police state like Russia without at least having their tacit approval. However, there could be other reasons why those nations were spared, such as their not having as many institutions wealthy enough to pay the type of ransom Rhysida seeks. It has also been reported that their computer code contains some Russian.
These sorts of crimes can make us nostalgic for the “good old days” when libraries were filled with physical books, rather than accessing tiny chips filled with reams of data. No one's physical books were harmed by this attack, although the digital catalogue was disrupted. It's reminiscent of how when the power goes out, the Amish continue to manage just fine. Unfortunately, this easy solution is not practical for most of us. We need access to more information than any physical library can hold, and we need to be able to quickly sort through all the data and find what we need in an instant. That cannot be achieved by visiting thousands of libraries all over the world and thumbing through countless books. It's like we need to do something about climate change, but returning to literal horse-power for travel is not a practical solution. We need new answers, and in this case, better security tools to prevent hacking and locate the hackers, and perhaps apply a cyber response to those responsible and those nations that support or tolerate them. Still, it's times like these that show us that physical books are not totally obsolete either. They provide a reassuring back-up, an alternate source of written material when the high-technology stops working, and ground us to the physical world from which we arose, and in which we still live.