Academia warned to guard 'crown jewels' after British Library hack

Academia warned to guard 'crown jewels' after British Library hack

The British Library says the recovery will cost at least £6.0 million
The British Library says the recovery will cost at least £6.0 million. Photo: LEON NEAL / AFP
Source: AFP

While cyber-attacks on banks, utilities and media platforms may grab the most attention, the hacking of the British Library has led to warnings that academia has become an easy target.

The British Library's collection is one of the world's largest, comprising around 170 million items including books, magazines, manuscripts, newspapers, maps, music scores, stamps, digital materials and sound recordings.

Among its most treasured items are the earliest surviving copy of the Old English epic poem "Beowulf" and the first collected edition of William Shakespeare's plays.

The organisation said at the end of October that electronic services, including its crucial catalogue, were out of action because of a cyber attack, making it almost impossible to find items.

Its 600,000 doctoral theses, vital for students and researchers, also went offline.

"We're talking about a huge digital library. We're talking about journals that are key to writing papers," Louise Marie Hurel, researcher at the London School of Economics and the Royal United Services Institute think-tank's cybersecurity programme, told AFP.

Read also

OpenAI to launch anti-disinformation tools for 2024 elections

PAY ATTENTION: Let yourself be inspired by real people who go beyond the ordinary! Subscribe and watch our new shows on Briefly TV Life now!

"It's not just about lending or borrowing books... It is a national jewel in terms of the knowledge it bears," added Hurel, who frequently studied at the library when studying for her masters degree.

The catalogue went back online on Monday but Azeem Aleem, managing director for Northern Europe at cyber technology firm Sygnia, said the situation remained "critical", with the library saying it could take months to fully restore services.

Aleem warned that academia and the public sector were becoming a "gold mine" for hackers, given their relatively lax security protocols.

Hacking group Rhysida claimed responsibility for the ransomware attack, in which files on the host's system are encrypted and can only be unlocked by paying a fee.

Paul Tumelty, UK head of Google Cloud's cybersecurity group Mandiant Consulting, told AFP the hackers would probably have gained an "initial foothold" via "phishing or vulnerability exploitation", which could have involved a member of staff opening an email attachment.

Read also

Doomed US lunar lander's space odyssey continues...for now

While the data accessed may not be as sensitive as in other industries, the reputational stature of the British Library made it a prime target, said Aleem.

The library refused to pay the 20-bitcoin ransom ($850,000) and the group retaliated by releasing around 500,000 files containing personal data of staff, readers and visitors onto the dark web.

Crown jewels

It is possible that the institution was warned against paying the ransom, so as not to empower cyber-criminals, added Aleem.

Hacking group Rhysida demanded a 20-bitcoin ($850,000) ransom
Hacking group Rhysida demanded a 20-bitcoin ($850,000) ransom. Photo: Ozan KOSE / AFP/File
Source: AFP

But it now faces recovery costs of at least £6.0 million ($7.6 million), around 40 percent of its financial reserves.

British Library chief executive Roly Keating wrote in a blog that academia's philosophy of openness was being used against it.

"Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack," he said.

Read also

At CES, gadgets to make everyday life easier

Hurel said those "core values" need not be compromised, just better protected.

"This means being more careful about basic practices of back-up, making sure that you invest a little bit more on cybersecurity," she added.

She also urged the government to launch a campaign to raise awareness and to classify the education sector as part of the UK's critical infrastructure.

It is not just about preventing breaches but also about mitigating the effects once it has happened, said Aleem.

He added that Rhysida may have had unfettered access to the British Library network "for one to two weeks, if not more".

"The problem is they (British Library) didn't understand what the crown jewels were and how to protect them. You have to protect the crown jewels."

The recovery process will involve finding and deploying data back-ups, building resilience and the painstaking job of tracing the attackers' digital footprint to understand how it spread through the system.

Read also

Women's health on show, a little, at CES

He urged institutions to step up security by staging simulated hacks and establishing "war rooms" that can respond quickly to attacks.

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.