A cyber attack on London’s British Library’s digital systems continues to affect its website, online systems and some face-to-face services with limited access to some publications and manuscripts. The so-called ransomware attack, which was launched on October 31, is part of a recent pattern that marks an increase in the severity of cyberattacks on critical infrastructure. Online attacks have affected cultural institutions such as New York’s Metropolitan Opera and Berlin’s Natural History Museum, and the data they hold, and left others scrambling about how best to defend themselves against future attacks.
The British Library attack was carried out by the Rhysida ransomware group, according to the BBC. In the meantime The Financial Times reports that hackers, who claim to have stolen user data and employee data, have released low-resolution images of British Library employees’ passports and opened an auction for a set of undisclosed documents at 20 bitcoins, the equivalent of about £600,000. The attackers also demand a ransom for the return of that data.
A spokesperson for the British Library says the institution has confirmed it was a ransomware attack by a group known for such criminal activity. Rhysida ransomware is offered as a service to criminal groups, who share profits with the owners. “We now have evidence that the attackers may have copied some user data as part of the cyberattack, and it appears that some additional data has been published on the dark web. [part of the internet accessible through a special browser],” says a statement from the British Library.
Theft of personal data
Asked if the library planned to pay the ransom, the spokesperson says, “I’m afraid we can’t share any more information at this time because it’s an ongoing investigation.” The British Library is continuing to work with the Metropolitan Police and professional cyber security advisers to examine the stolen material. Exhibitions in the library, including Malorie Blackman: The Power of Stories (until February 25), remain open.
User data has been compromised. “Our further investigation showed that some personal data of library users was disclosed, which we immediately announced publicly,” the spokesperson says. “We have since been in direct contact with our users to alert them and encourage them to take sensible precautions to protect themselves from any consequences as advised by the National Cyber Security Centre.”
In a blog post (December 15), Roly Keating, the library’s executive director, wrote: “The Library itself remains a crime scene, with a forensic investigation of our disrupted network still ongoing. In parallel, our teams are examining and analyzing the nearly 600 gigabytes of leaked material that the attackers put online, it’s difficult. and a complex job that will probably take months.”
It says that from the beginning of the year it will begin the gradual return of certain key services, starting with the most crucial component, the core catalog, the reference-only version of which will be back online from January 15, making manual ordering even easier . which is available in the Reading Rooms. Other interim services will include increased on-site access to manuscripts and special collections. The library has also published a list of print and online resources providing information on its ancient, medieval and modern manuscripts.
The Journal of Art asked UK museums if they were prepared for a cyber attack. A spokesman for the British Museum says the institution takes a wide range of measures to protect staff, visitors and the collection from such attacks, and declined to comment on individual security arrangements. A Tate spokesman says: “We never comment on our security systems.”
Ransomware attacks are increasing in severity and sophistication
Charles Finlay, the founding executive director of the Rogers Cybersecure Catalyst Center at Metropolitan University of Toronto, says that ransomware attacks are increasing in severity and sophistication, and that many ransomware gangs are based in Russia and Iran. He adds: “It is difficult to say the nature of this attack [at the British Library] but it is symptomatic of a major global challenge in protecting critical infrastructure from cyber security attacks.
“A ransomware attack is launched primarily for financial gain and may involve two ransom demands. The first may be demanded for the return of control of digital systems. Another ransom may be demanded to keep information safe [relating to the employees]. Organizations usually pay the ransom.
“The British Library may have activated a breach response plan, bringing in third-party experts to assess the extent of the attack and try to mitigate it, which could be the start of a long process to maintain trust with stakeholders.”
Jiali Zhou, assistant professor at American University’s Kogod School of Business, Washington DC, emphasizes that the attack highlights the vulnerability of the public sector’s IT infrastructure. Public sector organizations often hold valuable data, making them very attractive targets for cybercriminals, he says.
Resource challenge
Zhou adds: “In the case of public libraries, it can be particularly difficult to hold someone accountable for security breaches. Public libraries may also face budget constraints and limited resources, which can make it difficult for them to proactively invest in robust security measures, to unless they have experienced previous security incidents.He says the British Library’s ransom demand is within the average range for such attacks.
The real mystery is perhaps why the British Library was targeted. Some commentators believe the attack is largely symbolic. Writing for the new technology website The RegistryBritish journalist Rupert Goodwins points out that as one of the largest libraries in the world, with 170 million items, the library is “emblematic” of public knowledge.
He says: “His books may contain many secrets, but they are open to researchers to find, interpret and publish, or they would be if IT worked. It is those researchers who suffer uniquely now, with PhD students who they can’t finish their work before deadlines and their professors can’t publish. Bad news, but hardly fatal and with minimal economic impact. Like many government, education and health attacks, the intent seems to be as much disruption and bad publicity as enrichment”.
Meanwhile, Keating added: “Libraries, research and educational institutions are being targeted, whether for monetary gain or out of sheer malice. Society in general, and all of us as individuals, must be alert to this threat in rapid evolution… The people responsible for this cyberattack oppose everything that libraries stand for: openness, empowerment and access to knowledge.”
Culture under attack: coups d’état
A 2022 cyberattack left New York’s Metropolitan Opera unable to sell tickets
Bumble Dee
Metropolitan Opera, New York
End of 2022
A serious cyber attack on New York’s Metropolitan Opera, the first in its 140-year history, has left America’s largest performing arts organization unable to sell tickets. “This attack froze everything,” said Peter Gelb, director general of the Met The New York Times. “The teachable moment of this attack is that if someone wants to get into your system, it’s hard to stop them.” Following the attack, Anthony Viti, a former employee, filed a lawsuit against the Met Opera alleging that it had failed to adequately protect personal information. The Met says the case has “no merit”, although the outcome of the case remains unclear at this time.
Toronto Public Library
October 2023
Toronto Public Library officials announced on October 28 that hackers had stolen a large number of files from their servers. Officials said they were working with third-party cybersecurity experts to address the issue and reported the breach to the Information and Privacy Commissioner of Ontario. A report has also been filed with the Toronto Police Service. “We do not pay a ransom,” the officials stressed, adding that it is “unfortunate that data security incidents and ransomware are becoming more common, and that public sector organizations, including hospitals, schools and libraries, all dedicated to community improvement.—They are being targeted.” The systems are expected to remain offline until next month.
Berlin Museum of Natural History
October 2023
The Museum für Naturkunde Berlin (Museum of Natural History) was the victim of a cyberattack that targeted much of its digital infrastructure. The museum says it has filed a complaint and the Berlin State Criminal Police Office is investigating the hack. The emergency operating procedures put in place ensured that the museum’s most important services continued to function normally. “This emergency operation will be gradually expanded,” the officials say. The museum did not respond to a request for comment on whether normal services have resumed.
