Computers in Libraries circulates around the staff at work. I was pointed to Marshall Breeding’s piece on systems librarians. But of course I would not find the article most pertinent to my job to be the most interesting article. Instead, I was immediately paging to Felicia A. Smith‘s “Should Libraries Even Consider Hacking Back If Attacked?” (January/February 2017). (The answer to the titular question is: “probably not.”)
I found her discussion of hacking ebooks to be more interesting than hacking people back. Coming from a giant library (the 2nd largest academic library in North America), I’m used to hackers coming to steal. I experienced one excellently timed cyberattack the day after Thanksgiving where someone with a Chinese IP address broke into our ScienceDirect accounts and downloaded thousands of articles. MIT experienced perhaps the most famous hacking theft in 2013 when activist Aaron Schwarz cracked MIT’s JSTOR archive. Cyberattacks against libraries often have a financial aspect; the bigger it is, the bigger the story.
But cyberattacks against libraries aren’t always for those big ticket database and journal subscriptions. Sometimes they are mystifying. My coworkers and I still can’t explain why a Ukrainian IP address decided to scrape our OPAC for only the MaRC. What they got out of it, is anyone’s guess.
Felicia A. Smith also points out that cyberattacks against libraries can be assaults against intellectual discourses. This could be altering a database to change experimental data; or it could be cracking an ebook in order to change the arguments. What struck me most was the potential for cyberattacks against the historical record.
Libraries and archives keep primary documents. Paper or vellum have their own risks – but in many regards it requires physically accessing a document to alter or destroy it. For born-digital materials, it is plenty easier to manipulate them from a distance. A hacker intent on altering the historical record can potentially access the target documents from any computer. An undetected attack can irrevocably alter what information future scholars have access to.
As I mentioned, I am more likely to think of hacked libraries in terms of people stealing ebooks and journal articles. I never considered that our institutional repository and digital archives might come under attack by hackers trying to change historical or experimental information.
I’ll need to keep watching our systems for security threats.