British Library cyberattack

From HandWiki
Short description: Ransomware attack on major UK library
Entrance gate to the British Library on Euston Road, St Pancras, London, looking toward Newton statue

In October 2023 Rhysida, a Russia-affiliated hacker group, attacked the online information systems of the British Library. Rhysida demanded a ransom of 20 bitcoin, at the time around £596,000, to restore services and return the stolen data. When the British Library did not acquiesce to the attempt, Rhysida publicly released approximately 600GB of leaked material online.

The main catalogue returned online on 15 January 2024 in a read-only format, though some of the library's services are expected to remain unavailable for months. The British Library will use about 40 percent of its financial reserves, around £6–7 million, to recover from the attack.

Background

The British Library is a non-departmental public body which in 2023 held around 14 million books, as well as millions of other items.[1][2] It is the largest library in the United Kingdom.[3] Rhysida is a Russia -affiliated hacker group and "ransomware as a service" provider already known for its attacks on vital infrastructure such as schools, hospitals and government agencies, having become known to intelligence services in May 2023.[2][4] It had previously attacked the Chilean Army, a medical research lab in Australia, and health-care company Prospect Medical Holdings.[4]

The British Library attack was part of a larger pattern of cyberattacks at this time against cultural institutions. These attacks had previously affected the Metropolitan Opera in New York City and Natural History Museum in Berlin.[5]

Timeline of events

2023

  • 28 October: At 9:54 a.m. GMT, The British Library states on Twitter that it is experiencing "technical issues affecting our website". By midmorning, issues include a public Wi-Fi outage and non-functional online catalogue.[4][2][6]
  • 29 October: The Library announces on Twitter that it is experiencing a "technology outage".[4]
  • 30 October: The Library reopens after the weekend "in a pre-digital state", according to The New Yorker. Its website, phone lines, ticket sales, reader registrations, and card transactions are non-functional. Deliveries from the Library's Boston Spa site are put on hold.[4]
  • 31 October: The Library confirms publicly that the outage is the consequence of a cyberattack.[7] It launches an investigation alongside the National Cyber Security Centre (NCSC) and other cybersecurity specialists.[8]
  • 16 November: An attempt at digital extortion, also known as a ransomware attack, is confirmed by the Library.[7]
  • 20 November: Rhysida claims responsibility for the breach and launches a week-long auction for 490,191 files of data on the dark web, opening bidding at 20 bitcoin, at the time equivalent to about £596,000, for a single buyer.[9][4] It sets the auction deadline to 8 a.m. GMT on 27 November and advertises it with low-resolution images which appear to show HM Revenue and Customs employment contracts and passport information.[9][3] It claims the data is "exclusive, unique and impressive".[2] The Library states that the leaked data appears to be from its internal human resources files.[3]
  • 27 November: Rhysida makes 90 percent of the stolen data, approximately 600GB, freely available for anyone on the dark web to download after the British Library refuses to pay the ransom.[4][10]

2024

  • 5 January: The Library announces it will use around 40 percent of its financial reserves to recover from the attack, estimated at around £6–7 million.[11]
  • 10 January: The Library announces that some of its services will return online from 15 January, with access stated by Roly Keating, chief executive of the Library, to be "slower and more manual" than before the attack. Keating apologises that "for the past two months researchers who rely for their studies and in some cases for their livelihoods on access to the library's collection have been deprived of it".[12][13]
  • 15 January: The British Library's main online catalogue is restored in a read-only format. Users are able to search the main catalogue, but the process of checking availability and ordering items is different. Access to key special collections is restored but for in-person visits only.[12][13][14][15]

Impact

There were a number of impacts to the functioning of the library following the attack. These include:

  • Library items from its Boston Spa branch could not be transferred to the London site.[6]
  • Around 20,000 writers, illustrators and translators who usually received Public Lending Right payments from borrowed books had their payments delayed.[16][6]
  • The Library's 2024–25 visiting fellowship programme was suspended.[6]
  • The computerised index was offline for months, with partial restoration in January 2024.[6]
  • The EThOS collection of British doctoral theses remained offline as of 19 December 2023.[4]
  • An estimated £6–7 million in costs to recover from the attack.[11]

See also

References

  1. Sherwood, Harriet (2023-11-22). "Personal data stolen in British Library cyber-attack appears for sale online" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/technology/2023/nov/22/personal-data-stolen-in-british-library-cyber-attack-appears-for-sale-online. 
  2. 2.0 2.1 2.2 2.3 Uddin, Rafe; Stacey, Stephanie (2023-11-21). "Cyber attack on British Library raises concerns over lack of UK resilience". https://www.ft.com/content/642ee014-4768-4c65-b1ee-0d4f39a8a63d. 
  3. 3.0 3.1 3.2 Rufo, Yasmin (2023-11-21). "British Library: Employee data leaked in cyber attack" (in en-GB). BBC News. https://www.bbc.com/news/entertainment-arts-67484639. 
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 Knight, Sam (2023-12-19). "The Disturbing Impact of the Cyberattack at the British Library" (in en-US). The New Yorker. ISSN 0028-792X. https://www.newyorker.com/news/letter-from-the-uk/the-disturbing-impact-of-the-cyberattack-at-the-british-library. 
  5. Harris, Gareth (2023-12-22). "As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats?". https://www.theartnewspaper.com/2023/12/22/as-british-library-faces-fallout-of-cyber-attackwhat-can-arts-bodies-do-to-fight-off-wave-of-ransomware-threats. 
  6. 6.0 6.1 6.2 6.3 6.4 Sherwood, Harriet (15 January 2024). "'A 22-carat disaster': what next for British Library staff and users after data theft?". The Guardian. https://www.theguardian.com/books/2024/jan/15/british-library-cyber-attack-staff-users-analysis. 
  7. 7.0 7.1 Scroxton, Alex (2024-01-15). "British Library cyber attack explained: What you need to know" (in en). https://www.computerweekly.com/feature/British-Library-cyber-attack-explained-What-you-need-to-know. 
  8. Banfield-Nwachi, Mabel (2023-10-31). "British Library suffering major technology outage after cyber-attack" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/books/2023/oct/31/british-library-suffering-major-technology-outage-after-cyber-attack. 
  9. 9.0 9.1 Sherwood, Harriet (2023-11-22). "Personal data stolen in British Library cyber-attack appears for sale online" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/technology/2023/nov/22/personal-data-stolen-in-british-library-cyber-attack-appears-for-sale-online. 
  10. Adams, Geraldine Kendall (2023-12-20). "Museums on alert following British Library cyber attack" (in en-US). https://www.museumsassociation.org/museums-journal/news/2023/12/museums-on-alert-following-british-library-cyber-attack/. 
  11. 11.0 11.1 Uddin, Rafe; Thomas, Daniel (2024-01-05). "British Library to burn through reserves to recover from cyber attack". https://www.ft.com/content/4be5d468-0cc3-4881-a5fb-b5d0163de93e. 
  12. 12.0 12.1 Gross, Jenny (2024-01-15). "Months After Cyberattack, British Library Crawls Back Online" (in en-US). The New York Times. ISSN 0362-4331. https://www.nytimes.com/2024/01/15/arts/british-library-cyberattack.html. 
  13. 13.0 13.1 Sherwood, Harriet (2024-01-15). "British Library begins restoring digital services after cyber-attack" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/books/2024/jan/15/british-library-begins-restoring-digital-services-after-cyber-attack. 
  14. Nanji, Noor (2024-01-15). "British Library starts restoring services online after hack" (in en-GB). BBC News. https://www.bbc.com/news/entertainment-arts-67976183. 
  15. Simpson, Craig (2024-01-15). "British Library restoring online services after cyber attack" (in en-GB). The Telegraph. ISSN 0307-1235. https://www.telegraph.co.uk/news/2024/01/15/british-library-rhysida-hack-restores-online-services/. 
  16. Barnett, David (2024-01-06). "Richard Osman among authors missing royalties amid ongoing cyber-attack on British Library" (in en-GB). The Observer. ISSN 0029-7712. https://www.theguardian.com/books/2024/jan/06/authors-missing-borrowing-royalties-british-library-cyber-attack.