London

2 experts explain why libraries can become cybercrime targets

Two days after London's Public Library suffered a "major systems outage" shutting down everything from the library's website to its book catalogue, the culprit remains unclear.

3 of the library's 16 branches will be closed until Jan. 2

Blue sofas on grey carpet.
The London Public Library was dealing with a 'major systems outage' on Wednesday. (Arfa Rana/CBC)

Two days after London's Public Library suffered a "major systems outage" shutting down everything from the website to its book catalogue, the culprit remains unclear. 

In a Facebook post on Friday the Library said the shutdown "appears to be the result of a cyber incident."

"We expect that it will take some time before our systems can be restored," read the post." We are working with experts and will continue to share updates as more information becomes available and as services are restored."

The Carson, Glanworth and Lambeth branches will be closed until Jan. 2. More details about how the outage has affected service are listed here.

The network outage comes at a time when many public institutions, including libraries around the world, are being targeted by ransomware attacks.

In such attacks, criminals infect an organization's computer network with malware that cripples the system. The criminals then ask for money to restore the system. It's often paired with a threat to post personal or sensitive information on the dark web. In other cases, target organizations are asked to pay up to prevent information from being released.

Toronto library still recovering

Toronto's public library was hit in an Oct. 28 ransomware attack that staff are still working to recover from.

In a public statement, the Toronto library said criminals stole "a large number of files" from an internal server. Toronto's library said it did not pay a ransom but did confirm that employee information was likely taken, including their name, social insurance number, date of birth and home address, and in some cases, copies of government-issued ID. 

The British Library was hit with a ransomware attack on Oct. 31 with the Guardian reporting that a shadowy ransomware gang called Rhysida had claimed responsibility.  

Why target a library?

So why would cybercriminals target a library instead of a bank for example? 

Aleksander Essex, a professor and cyber security expert at Western University, said libraries are often seen as a more gettable target.

"Smaller municipal organizations are making increasingly attractive targets just because the IT infrastructure is not as well-resourced at those levels," he said.

In London's case, the library network is separate from the city's. Earlier this year, the city approved spending an extra $1 million to defend against cyber attacks, which city staff said are becoming increasingly common.

Charles Finlay heads the Rogers CyberSecure Catalyst at Toronto Metropolitan University. While he said personal data has a potential resale and ransom value, the motivations of cyber criminals vary widely. 

"Some of these attackers are just trying to disrupt important institutions that serve our society," he said.

Still, he said it's a costly problem that organizations have to train staff to guard against.

"Ransomware attacks are happening at a crisis level across Canada and ransomware is a multi-national, billion-dollar industry."

Sometimes, cybercrime pays

The city of Stratford, Ont., paid a $75,000 ransom to have computer system restored following a ransomware attack.
The city of Stratford, Ont., paid a $75,000 ransom to have computer system restored following a ransomware attack. (Google StreetView)

In 2019, the city of Stratford, Ont., was hit with a ransomware attack. In that case, the attackers encrypted the town's servers, effectively leaving them crippled. The town paid attackers a total of 10 Bitcoins, valued at $7,509.13 each at the time, for a total payment of $75,091.30. However, the town also had an insurance policy which limited the town's liability to a $15,000 deductible.

Both Essex and Finlay agree that most public organizations aren't putting enough resources into protecting their systems.

Finlay said fixing the damage of a single successful cyber attack can cost far more than defending against one. 

"Once the attack happens, you're in a different mode," he said. " The best time to invest is before it happens." 

Finlay also said the attacks are becoming so common it's almost inevitable that every public institution, large or small, will eventually be targeted. 

"It's not a matter of if, it's a matter of when," he said. "These organizations and municipalities will be attacked. If it hasn't happened yet, it will happen, so these investments need to be made now." 

ABOUT THE AUTHOR

Andrew Lupton is a reporter with CBC News in London, Ont., where he covers everything from courts to City Hall. He previously was with CBC Toronto. You can read his work online or listen to his stories on London Morning.