The British Library begins to recover from the largest cyber attack in its history
Access to the institution’s vast collection of books and other items has been largely paralyzed for almost three months following its refusal to pay ransom to a group called Rhysida
The butterfly effect of the largest cyberattack ever suffered by a public library flutters in London, bounces in Melbourne and explodes in Rome. This is what Flavia Marcello, a professor of architectural history at the Swinburne University of Technology, has felt. Marcello is an Australian citizen of Italian descent who is married to a British national and who, like the bears, travels to the capital of the United Kingdom for one month every year to fill herself with knowledge and “hibernate” and digest it for the rest of the year.
This time it has been different, though. “My friends had already warned me about the tragedy at the British Library (BL), so I decided to put aside my subject of study and focus on other topics. Most of the time I have been working in the archives of the Royal Institute of British Architects,” Marcello explains to EL PAÍS.
On October 31, officials at the British public library admitted for the first time that the institution had suffered a devastating computer attack. Its online catalog, with nearly 36 million books and up to 170 million items, including documents and historical objects, had been completely destroyed. The access system for readers and researchers had been rendered unusable.
Extortion attempt
Rhysida, a ransomware group, claimed responsibility for the attack. This group has already carried out similar attacks against educational, health and government institutions. They even managed to hack the Chilean army. The British media has indicated that the amount claimed from the BL was around $760,000.
“A crude attempt at extortion” is how Roly Keating, executive director of the library, defined it in a blogpost. “Our experience of the past two months has highlighted a great paradox for knowledge institutions in the digital age,” wrote Keating. “Our deep commitment to openness, access and discovery means that we fully embrace the amazing possibilities that technology enables; while as custodians of our collections we also face an ever-increasing challenge in keeping our digital heritage safe from attack.”
The efforts at protection have had little success, the attack evidenced. For almost three months, BL users have not been able to access their digital services, nor have they even been able to use the catalog so that library staff could get them the books they needed. As a result, research and study projects have been placed on hold, due to users’ inability to properly prepare for talks and presentations.
“I am a regular reader, and I need to come often to prepare my talks and classes,” explains William White, a history professor at the University of Hertfordshire who specializes in 17th-century Britain. “With the usual system, you requested the material from the office or from home through the BL website, and they promised to have it ready within a maximum period of 70 minutes,” he says.
Many of these books and documents are precious. The library has reading rooms that can only be accessed with an accredited pass, once all personal belongings have been deposited in a transparent bag to avoid damage or theft.
Only since last Monday has some normality been restored. Users can consult the catalog of works again in the same building, and the BL staff will search for items, but these cannot be ordered for use from outside the premises. And the material archived at the Boston Spa headquarters in Yorkshire (in northern England) cannot yet be requested.
The London library building, in King’s Cross, was in its day the largest construction in terms of volume carried out in the city in the 20th century. It soon proved insufficient, however. The addition of Boston Spa, 200 miles away, alleviated the lack of space. More akin to an Amazon logistics warehouse than a symbolic building, its 746 kilometers of shelves and its robotic system for finding books, documents and objects relieved the pressure that researchers and scholars from all over the world exerted on the British Library.
Italian snipers
Marcello is a specialist in Italian architecture of the country’s fascist period. Her latest obsession is the statue dedicated to the bersaglieri in the Roman square of Porta Pia. Bersagliere means “sharpshooter.” They made up an infantry unit that deployed quickly, rode bicycles and wore wide-brimmed hats with grouse feathers. Worshiped as a symbol of the feat of Italian unification, the dictator Benito Mussolini sponsored this statue that is so beloved by the people of Rome. “Something similar must have happened in Spain with Franco’s monuments, right?” asks this specialist. “It is incredible the number of books and documents on the bersaglieri that the Department of History and Humanities of the BL has got. That’s why I was very interested in coming this year, but I’m almost ready to return to Australia. Do you know that they even keep one of the first copies of the Bersagliere March on hand?” she says, humming the military anthem. “The bad thing is that you have to travel to Boston Spa to see it.”
Patent documents, stamps, musical recordings, maps, musical scores, newspapers, magazines, diaries, film scripts, photographs, letters... The BL’s collections are not limited to books. Much of that material had been digitalized for easy access. Today, for the moment, it remains out of the reach of researchers.
The library also houses a Jane Austen desk, a Beethoven tuning fork, one of the first copies of Homer’s Iliad, and the manuscript with lyrics of the Beatles’ Yesterday.
Personal and economic damages
A month after its attack, the Rhysida ransomware group began releasing personal data of BL workers and its users on the dark web, which can only be accessed with specialized browsers, after realizing that the library was refusing to pay the ransom.
Library officials contacted their partners and researchers by email to warn them of the situation. But the damage to the system has been enormous, and it couldn’t even make it easier for users to change their password.
Meanwhile, nearly 20,000 authors, whose works are part of the library’s collection, had been receiving 13 pence each time a user borrowed one of their books, up to a maximum of about $8,400 per year. Payments have been suspended while system repairs continue.
The Financial Times has suggested that the return to normality will cost around £7m ($8.9 million), although the director of the BL has indicated that it is still too early to make that calculation. While online services are slowly returning, the London Metropolitan Police and the National Cyber Security Center are investigating an attack that has significantly damaged the prestige of the institution, and has become a serious warning for public libraries around the world.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition