We need libraries and we need computers

« previous post | next post »

Both for the flow of and access to information.

More than a week ago, the Seattle Public Library system, a large and wonderful institution that thousands rely on every day, went offline after ransomware hackers attacked it.

"Why did ransomware hackers target Seattle Public Library?", GeekWire, by Taylor Soper (May 29, 2024)

This is an excellent article that explains why the criminals went after a library, how they carried out their dirty work, and what the authorities are doing to restore services.

The ransomware attack on Seattle Public Library this past weekend isn’t the first to target public library systems.

Libraries in Toronto and London also recently suffered major cybersecurity breaches, knocking out technical infrastructure and causing serious disruption to services that lasted several months.

Ransomware attacks rose significantly last year. They typically involve hackers who leverage credentials or exploit software vulnerabilities, make data inaccessible or threaten to leak it, then demand exorbitant payments from victims. Recent high-profile attacks have hit auction house Christie’s; healthcare systems including Ascension and Change Healthcare; and Seattle’s Fred Hutchinson Cancer Center.

I well remember the shutdown of services at the British Library a month or two ago, because it directly affected my research on medieval Dunhuang documents (which I've written about on Language Log numerous times in the past) and the work of countless scholars and investigators in diverse fields who are spread all around the world.

Here's an onsite report from Denis Mair, who is an avid user and supporter of the Seattle Public Library:

The Seattle Public Library is now in it's ninth day without a computer system. The whole system was rendered inoperable by a ransomware attack. All branches were closed for almost a week (including Memorial Day). They reopened yesterday, but books are checked out by recording numbers in a notebook. There's no wifi in our local branch.

Is there nothing preemptive that can be done to stop the depredations of these scoundrels?

 

Selected readings

 



8 Comments

  1. Philip Taylor said,

    May 30, 2024 @ 11:32 am

    "Is there nothing preemptive that can be done to stop the depredations of these scoundrels?"

    Let the libraries revert to their original rôle, Victor — let them shelve real books rather than seeking to digitise everything possible. Not a serious comment, of course, but printed copy is a damn good defence against ransomware.

  2. Terry K. said,

    May 30, 2024 @ 12:00 pm

    A printed book is not any sort of defence against ransomware of the computer systems used to keep track of loans of those printed books.

  3. Aardvark Cheeselog said,

    May 30, 2024 @ 12:40 pm

    > Is there nothing preemptive that can be done to stop the depredations of these scoundrels?

    Well, it is no guarantee, but compliance with best practices is a start. https://www.cisa.gov/topics/cybersecurity-best-practices

    I expect an audit of the Seattle Library system's network security would reveal various best-practices violations.

  4. ===Dan said,

    May 30, 2024 @ 12:52 pm

    The Seattle Public Library opened its entire collection of e-books and audiobooks to teens and young adults, ages 13 to 26, anywhere in the US, as part of the "books unbanned" program. It is a valuable service to the country which cannot be accomplished solely with paper books. Access to books is not he only value provided by libraries, and ransomware is not the only threat to the free flow of information. https://www.spl.org/programs-and-services/teens/books-unbanned

  5. Peter B. Golden said,

    May 30, 2024 @ 1:06 pm

    "Criminals" is too charitable a word for these lowlifes.

  6. David Marjanović said,

    May 30, 2024 @ 3:31 pm

    I'm not sure the article has considered the entire picture. Agriculture institutions and natural-history museums the world over have been targeted, too – not all of them are even national/federal institutions; I know one that absolutely couldn't pay even if it wanted to.

    One idea I've heard is that this is Putin trying to sow fear, uncertainty and doubt. In that case, what to do is obvious: make him lose the war. He'd most likely lose the war, his power and probably his life all on the same day.

  7. AntC said,

    May 30, 2024 @ 6:25 pm

    @DM this is Putin trying to sow fear, uncertainty and doubt.

    These lowlifes are equally likely to be PRC-sponsored or N.Korean.

    Compliance with best practices is indeed a start. That's expensive and needs continual care and feeding by experts — the sort of experts who are in short supply world over.

  8. Anthony Bruck said,

    May 30, 2024 @ 9:22 pm

    You need off-site and offline backups. Where I worked, employees took backup tapes home every day.

RSS feed for comments on this post