Reposted from The Art Newspaper

A hack that has limited the British Library’s access to its digital systems is the latest in a series of online raids on cultural institutions. A cyber-attack on the digital systems of the British Library in London continues to affect its website, online systems and some onsite services with limited access to some publications and manuscripts. The so-called ransomware attack, which was launched on 31 October, is part of a recent pattern marking an increase in the severity of cyber-attacks on critical infrastructure. The online attacks have affected cultural institutions such as the Metropolitan Opera in New York and the Natural History Museum in Berlin, and the data they hold, and has left others considering how best to defend themselves against future attacks.

The British Library attack was carried out by the Rhysida ransomware group, according to the BBC. Meanwhile The Financial Times reports that the hackers, who claim to have stolen user data and employee details, have released low-res images of British Library employees’ passports and opened an auction for an undisclosed set of documents at 20 bitcoin, equivalent to about £600,000. The attackers are also demanding a ransom for the return of that data. A British Library spokesperson says the institution has confirmed this was a ransomware attack by a group known for such criminal activity. The Rhysida ransomware is offered as a service to criminal groups, which share profits with the owners. “We now have evidence that indicates the attackers might have copied some user data as part of the cyber-attack, and some additional data appears to have been published on the dark web [part of the internet accessible through a special browser]," says a British Library statement.

Personal data theft

Asked if the library planned to pay the ransom, the spokesperson says: “I am afraid we’re unable to share further information at this stage as it is an ongoing investigation.” The British Library is continuing to work with the Metropolitan Police and professional cybersecurity advisers to examine the stolen material. Exhibitions at the library, including Malorie Blackman: The Power of Stories (until 25 February), remain open. Users’ data has been compromised. “Our subsequent investigation showed that some personal data of library users was disclosed, which we immediately announced publicly,” the spokesperson says. “Since then, we have been in direct contact with our users to alert them and encouraged them to take sensible precautions to protect themselves from any consequences based on the advice from the National Cyber Security Centre.” In a blog post (15 December), Roly Keating, the library's chief executive, wrote: "The Library itself remains a crime scene, with a forensic investigation of our disrupted network still ongoing. In parallel, our teams are examining and analyzing the almost 600 gigabytes of leaked material that the attackers dumped online difficult and complex work that is likely to take months." He says that from early in the new year a phased return of certain key services will begin, starting with the most crucial component—the main catalogue—a reference-only version of which will be back online from 15 January, further facilitating the manual ordering which is available in the Reading Rooms. Other interim services will include increased on-site access to manuscripts and special collections. The library has also published a list of printed and online resources providing information about its ancient, medieval and early modern manuscripts.

The Art Newspaper asked UK museums whether they were prepared for a cyber-attack. A British Museum spokesperson says the institution takes a broad range of measures to protect employees, visitors and the collection from such attacks, and would not comment on individual security arrangements. A Tate spokesperson says: “We never comment on our security systems. Charles Finlay, the founding executive director of the Rogers Cyber­secure Catalyst center at Toronto Metropolitan University, says that ransomware attacks are increasing in severity and sophistication, and that many ransomware gangs are based in Russia and Iran. He adds: “It is difficult to tell the nature of this attack [at the British Library] but it is a symptomatic of a significant challenge globally to protect critical infrastructure from cybersecurity attacks. “A ransomware attack is launched primarily for financial gain and can involve two ransom demands. The first may be demanded for the return of control of the digital systems. Another ransom may be demanded to keep secure the information [relating to the employees]. Organizations often pay the ransom. “The British Library may have activated a breach response plan, retaining third-party experts to assess the scope of the attack and attempt to mitigate it, which could be the start of a long process to retain trust with stakeholders.” Jiali Zhou, assistant professor in the Kogod School of Business at the American University, Washington DC, stresses that the attack highlights the vulnerability of public sector IT infrastructure. Public sector organizations often hold valuable data, making them very attractive targets for cybercriminals, he says.

Resource-challenged

Zhou adds: “In the case of public libraries, it can be particularly challenging to hold someone accountable for security breaches. Public libraries may also face budget constraints and limited resources, which can make it difficult for them to invest proactively in robust security measures unless they have already experienced prior security incidents.” He says the reported British Library ransom demand falls within the average range for such attacks.

The real mystery is perhaps why the British Library was targeted. Some commentators believe the attack to be largely symbolic. Writing for the technology news website The Register, the UK journalist Rupert Goodwins points out that as one of the world’s largest libraries, with 170 million items, the library is “emblematic” of public knowledge. He says: “Its books may contain many secrets, but they’re open to researchers to find, interpret and publish—or they would be if the IT was working. It’s those researchers who are uniquely suffering now, with PhD students unable to finish their work before deadlines, and their professors unable to publish. Bad news, but hardly fatal and with minimal economic impact. Like many state, education and healthcare attacks, the intention seems to be as much disruption and bad publicity as enrichment.” Keating added meanwhile: "Libraries, research and education institutions are being targeted, whether for monetary gain or out of sheer malice. Society more widely, and all of us as individuals need to be alert to this fast-evolving threat... The people responsible for this cyber-attack stand against everything that libraries represent openness, empowerment, and access to knowledge."

See Original Post