by “We are open to all,” announced a brightly colored sign welcoming visitors to the British Library. But inside the airy building near London’s St Pancras Station, not everyone can find what they want. That’s since cybercriminals hit the library at the end of last month.
The ransomware attack, carried out by a group known for such activity, took out the website of the UK’s national library. It has also removed the wifi, which is used by the crowds who come here to work.
But perhaps most disturbing of all, it prevented users from ordering whatever they might need from the library’s collection of 150 million items.
After years of digitisation, our national library – one of the largest in the world – has been thrown back to the dark ages. Readers can still request some items through their printed catalogs, by filling out paper forms. But this does not include anything stored at the library’s West Yorkshire outpost in Boston Spa.
Elizabeth Prochaska, 42, is using the library to research her upcoming book on the history of childbirth. Or at least she wants to. “You can still get some books but everything has to be done by hand and only certain types of books can be ordered – the ones here,” she says as she leaves the library’s Terrace Restaurant.
About half of the books she needs for her research are located in Yorkshire, so they are out of reach.
“The reading rooms are like ghost rooms. The team looks very disappointed,” she says. “But people are understanding because everyone knows that these cyber attacks are a vicious act of vandalism. People asked for timelines [for when services might be up and running again]but I think they understand that it takes time to sort these things out.”
The problems have been going on for almost three weeks now, and the library can only give vague assurances. It expects many services to be restored “in the next few weeks”, warning that some disruptions may last longer.
Modern in an age where almost everything is digitized, and therefore potentially vulnerable, ransomware attacks tend to be indiscriminate. The perpetrators – usually cybercriminals based in Russia and neighboring countries – only target whatever systems they can access. It is now estimated that they are carrying out hundreds of attacks in Britain each year.
Cyber attackers are not particular about their targets. Government cyber security experts say there have been cases where the identity of the victim was not clear to the attacker until after the entire attack had taken place. “The British Library is beside the point from the point of view of cybercriminals,” agrees a source working in cyber security.
They are a financial incentive. As the name of the crime suggests, the aim is to hold organizations and businesses to ransom. Their method of attack is ransomware, a type of malware (software designed to disrupt, damage or gain unauthorized access to a computer system) that prevents the victim from accessing their device and the data stored on it, usually by encrypting their files.
And so, with no clear end in sight, students, academics, freelancers and simple readers are becoming frustrated. Zoe Tweed, 35, is due to submit a PhD thesis on playwright Samuel Beckett and performance artists Marina Abramović and Ana Mendieta in mid-December.
“This is just a really important time for me in terms of research,” says the University of Reading theater performance graduate. If she needs to check something in a book, it’s no longer a simple process.
“Before, I could see if that book was available and order it in the next hour. It was very frustrating that I couldn’t do that…it’s very upsetting.”
Despite the restrictions on what they can do here at the moment, almost every available seat in the library’s atrium is occupied, as usual – mostly young people staring at laptops. But with the Wi-Fi down, they can only get online by connecting to their mobile phones.
“It was really annoying because I live somewhere that doesn’t have Wi-Fi,” says Holden Jones, 24, a graduate doing some job research on the first floor. Meanwhile the reading rooms have fallen “really quiet”, says Peter Moffat, 61, the TV writer behind BBC legal drama Silk. “The drop in numbers is profound.”
Time, for those with deadlines to meet, is short. But the damage caused by the attack on the library, which contains everything from two of the four remaining copies of the Magna Carta to the Beatles’ original handwritten lyrics, cannot be quickly repaired. The cure requires a lot of time or a lot of money.
The ransom charged for a decryption key depends on how much the criminals think the victim can pay. And now it’s big business, with the ransom usually in the millions of pounds.
Some victims will simply pay out, in the hope of resolving matters as quickly and quietly as possible. Others “dismiss it on moral grounds and won’t consider it”, says the cyber security source. There is also a third group who, with their business on the line and despite being sickened by the prospect, feel they have no choice but to comply with the criminals’ demands.
The Government is against paying a ransom. Given the British Library’s status as a non-departmental public body sponsored by the Department for Culture, Media and Sport, it is unlikely that the money will be handed over to the attackers. Instead, it may face weeks to rebuild its systems.
“The chance of decrypting the encryption [yourself] zero,” says the source. “You can’t hack it back to normal again so you have to start from scratch and rebuild everything. That means you need to have offline backups and go back to where you stored everything. If you took the right precautions and made offline backups, you can get around it. But it is a very long and expensive process and often costs more than the cost of the ransom.”
Fighting crime itself is not a simple matter. The perpetrators, who operate out of office blocks abroad, run their activities like businesses. “They are quite professional,” says the source. In addition, the threat continues to evolve, from just encryption to also data theft, and the threat of releasing this data. In the long run, data extortion can be far more profitable than even the actual encryption.
At the end of last month, the 50 member states of the International Anti-Ransomware Initiative (including the UK) met in Washington DC and reaffirmed their joint commitment to building collective resilience and cooperation in the pursuit of cybercrime. But in its annual review this week, the National Cyber Security Center (NCSC) warned that Britain’s cyber resilience is still not where it needs to be.
Along with the Metropolitan Police, the NCSC is supporting the investigation into the attack on the British Library. No one is pretending there is a quick fix. “It is too early to offer an exact timetable, but we will provide regular updates as we progress with this vital work,” says library chief executive Sir Roly Keating.
Meanwhile, some regular library users have found a silver lining. An academic working on an article about 19th-century British theater is eating a sandwich on the second floor, looking down on the stream of visitors in the main lobby.
“The flip side of being able to access what you want is that you have to think for yourself,” he said. He can no longer postpone the completion of his work. “Now,” he said, “I am sitting and writing.”
