Library back on line after hacking
London – While cyberattacks on banks, utilities and media platforms may grab the most attention, the hacking of the British Library has led to warnings that academia has become an easy target.
The British Library’s collection is one of the world’s largest, comprising around 170 million items including books, magazines, manuscripts, newspapers, maps, music scores, stamps, digital materials and sound recordings.
Among its most treasured items are the earliest surviving copy of the Old English epic poem Beowulf and the first collected edition of William Shakespeare’s plays.
The organisation said electronic services, including its crucial catalogue, were out of action in October because of a cyberattack, making it almost impossible to find items.
Its 600 000 doctoral theses, vital for students and researchers, also went offline.
“We’re talking about a huge digital library. We’re talking about journals that are key to writing papers,” Louise Marie Hurel, researcher at the London School of Economics and the Royal United Services Institute thinktank’s cybersecurity programme, told AFP.
“It’s not just about lending or borrowing books... It is a national jewel in terms of the knowledge it bears,” said Hurel, who frequently studied at the library for her masters degree.
The catalogue went back online on Monday, but Azeem Aleem, managing director for Northern Europe at cyber technology firm Sygnia, said the situation remained “critical”, with the library saying it could take months to fully restore services.
Aleem warned that academia and the public sector were becoming a “gold mine” for hackers, given their relatively lax security protocols.
Hacking group Rhysida claimed responsibility for the ransomware attack, in which files on the host’s system are encrypted and can only be unlocked by paying a fee.
Paul Tumelty, UK head of Google Cloud’s cybersecurity group Mandiant Consulting, said the hackers would probably have gained an “initial foothold” via “phishing or vulnerability exploitation”, which could have involved a member of staff opening an e-mail attachment.
While the data accessed may not be as sensitive as in other industries, the reputational stature of the British Library made it a prime target, said Aleem.
The library refused to pay the 20-bitcoin ransom (R16 million) and the group retaliated by releasing 500 000 files containing personal data of staff, readers and visitors onto the dark web.
It is possible the institution was warned against paying the ransom, so as not to empower cybercriminals, said Aleem. –