I WENT to the British Library (BL) this week to renew my reader’s card. I had used its reading rooms extensively when I was researching my tome on philanthropy (Books, 11 September 2020), but I’d allowed the card to lapse during the pandemic. A helpful member of staff told me, however, that I couldn’t renew the old card, but would have to have a new one — “because of the cyberattack”.
In October 2023, the computer systems of our national library were attacked by a group of Russian hackers, who shut down its core systems and demanded £600,000 to allow the Library access to its own computers. When it refused, the hackers auctioned personal payroll data of BL employees on the dark web.
Fortunately, though many of the Library’s services are still offline — including the database containing my old reader’s-card number — its 170 million books and digital items were securely backed up. Had they not been, their loss would have been the modern equivalent of the burning down of the Library of Alexandria in 48 BC. Still, to access the BL collection, you now have to fill in a slip of paper with a pencil as in the olden days.
Cyber-security has been in the news this week after the Deputy Prime Minister, Oliver Dowden, announced to the House of Commons that Chinese hackers had penetrated our Electoral Commission in August 2021, gaining access to details of 40 million British voters. Apparently, these “hostile actors” had no impact on elections, and, Mr Dowden insisted, the UK’s political institutions “have not been harmed by these attacks”.
It remains something of a mystery why, given all this, the Government has waited more than two years to announce this, and to sound in a bit of a lather about it now. None the less, forewarned is forearmed. There is certainly plenty of hacking around nowadays.
Once, hackers were solitary teenagers breaking into computer security systems for kicks, but, in recent times, cybercrime has evolved into a significant racket. Hackers in the United States recently demanded a $40,000 ransom after locking a company’s computers so that they couldn’t open a refrigerated container full of yogurt.
Research shows that the amounts demanded from ransomers are decreasing. But clearing up the mess that hackers make can be more expensive than the money that they demand. So far, the British Library is estimated to have spent more than £6 million on rebuilding its digital services — about 40 per cent of its financial reserves. The Health Service Executive in Ireland and the Scottish Environment Protection Agency are both still labouring under the burden of ransomware attacks, in part because they chose to upgrade their systems rather than restore their creaky out-dated versions.
The British Library has now made public a report on its ransom woes. It shows that the hackers got in so easily partly because, over the years, an over-complex sprawling technology estate had grown, like Topsy — and the Library had replaced its in-house computer experts and outsourced the job to cheaper external organisations.
But it also drew attention to a couple of other vulnerabilities. It had lumbered on with antiquated “legacy” computer systems — and failed to introduce multi-factor authentication to gain online access. There’s probably a lesson in that for us ordinary domestic computer-users.