Academia warned to guard 'crown jewels' after British Library hack


By AGENCY

The British Library's collection is one of the world's largest, comprising around 170 million items, including books, magazines, manuscripts, newspapers, maps, music scores, stamps, digital materials and sound recordings. Photo: AFP

While cyber-attacks on banks, utilities and media platforms may grab the most attention, the hacking of the British Library has led to warnings that academia has become an easy target.

The British Library's collection is one of the world's largest, comprising around 170 million items, including books, magazines, manuscripts, newspapers, maps, music scores, stamps, digital materials and sound recordings.

Among its most treasured items are the earliest surviving copy of the Old English epic poem Beowulf and the first collected edition of William Shakespeare's plays.

The organisation said at the end of October that electronic services, including its crucial catalogue, were out of action because of a cyber attack, making it almost impossible to find items.

Its 600,000 doctoral theses, vital for students and researchers, also went offline.

"We're talking about a huge digital library. We're talking about journals that are key to writing papers," said Louise Marie Hurel, researcher at the London School of Economics and the Royal United Services Institute think-tank's cybersecurity programme.

"It's not just about lending or borrowing books ... It is a national jewel in terms of the knowledge it bears," added Hurel, who frequently studied at the library when studying for her masters degree.

The catalogue went back online on Monday but Azeem Aleem, managing director for Northern Europe at cyber technology firm Sygnia, said the situation remained "critical", with the library saying it could take months to fully restore services.

Aleem warned that academia and the public sector were becoming a "gold mine" for hackers, given their relatively lax security protocols.

Hacking group Rhysida claimed responsibility for the ransomware attack, in which files on the host's system are encrypted and can only be unlocked by paying a fee.

Paul Tumelty, British head of Google Cloud's cybersecurity group Mandiant Consulting, said the hackers would probably have gained an "initial foothold" via "phishing or vulnerability exploitation", which could have involved a member of staff opening an email attachment.

While the data accessed may not be as sensitive as in other industries, the reputational stature of the British Library made it a prime target, said Aleem.

The library refused to pay the 20-bitcoin ransom (US$850,000, approximately RM4mil) and the group retaliated by releasing around 500,000 files containing personal data of staff, readers and visitors onto the dark web.

Crown jewels

It is possible that the institution was warned against paying the ransom, so as not to empower cyber-criminals, added Aleem.

But it now faces recovery costs of at least £6mil (approximately RM36mil), around 40 percent of its financial reserves.

British Library chief executive Roly Keating wrote in a blog that academia's philosophy of openness was being used against it.

"Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack," he said.

Hurel said those "core values" need not be compromised, just better protected.

"This means being more careful about basic practices of back-up, making sure that you invest a little bit more on cybersecurity," she added.

She also urged the government to launch a campaign to raise awareness and to classify the education sector as part of Britain's critical infrastructure.

It is not just about preventing breaches but also about mitigating the effects once it has happened, said Aleem.

He added that Rhysida may have had unfettered access to the British Library network "for one to two weeks, if not more".

"The problem is they (British Library) didn't understand what the crown jewels were and how to protect them. You have to protect the crown jewels."

The recovery process will involve finding and deploying data back-ups, building resilience and the painstaking job of tracing the attackers' digital footprint to understand how it spread through the system.

He urged institutions to step up security by staging simulated hacks and establishing "war rooms" that can respond quickly to attacks. - AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Culture

Malaysian artist's light installation, inspired by North Star, illuminates Amsterdam
Who are the Creature Commandos, DC's superteam of monsters?
Author Jane Pek revitalises the mystery genre with new book 'The Rivals'
Ballerinas turn one of Kenya's slums into a stage for a Christmas show
Restoring Milan’s Duomo, one historic statue at a time
Syria’s Aleppo eyes revival amid the enduring scars of war on its heritage
Spending Christmas Eve on stage - and loving every moment of it
Celesta splendour: the revolutionary sound at the heart of a holiday classic
A board game born in Mexican prisons unites people from all walks of life
James Gunn says his Superman will be 'the ultimate good guy'

Others Also Read