Hack Attack

Hack+Attack

Justin Guilak and Jacob LaGesse

On January 19, 2017, the computers throughout all branches of the St. Louis Public Library system were hacked.

This hacking prevented library patrons from checking out books, using the reservable computers, and printing documents. The situation was quickly addressed, and by the next day basic functions like the ability to check out materials were restored. In the days following, the library has worked hard to make the rest of the features usable once more.

Unknown hackers used a software called “ransomware” on the computer network of the library, shutting down the system and all computers completely. Ransomware cuts off computer functions until a ransom is paid, followed by the hackers disabling the virus. Librarians found a message demanding a ransom of $35,000 when they tried to open up the network for public use. They demanded the ransom in Bitcoin, a form of online currency that is very hard to trace.

Rather than pay the demanded $35,000, however, the library decided to reset the entire system. The reset delayed the time until the library returned to full operation, but avoided paying the ransom. On paying the ransom, Waller McGuire, Executive Director of the St. Louis Public Library assures that “SLPL never considered it”.

The recovery has taken a while, and more than a week later, the library was still not fully functional. In a notice sent out to library patrons McGuire said that he expects “it will be several weeks before we feel we are completely restored.”

In this notice, McGuire also assured all library patrons that no personal information had been compromised. While the hack did not access any personal information stored on the library’s server, such as names, addresses, and credit card information, meaning, it still had an effect on many patrons’ lives.

“Thousands of St. Louisans depend on our computers and networks every day to access a world of vital information and services” McGuire said.

In an interview with CNN, library spokeswoman Jen Hatton said that the hacking had a profound impact on many students and poorer residents of St. Louis. “For many… we’re their only access to internet.”

To restore the system and prevent against another attack, the library collaborated with the FBI and a local anti-malware company called Bandura. “Within moments of discovering it… we were on the phone with the FBI” McGuire said. The FBI helped the library identify the origin of the hack, the voicemail system, which is still currently shutdown. The voicemail system is four years old, and by accessing it the hacker was able to access the rest of the network.

To prevent another attack, Bandura provided the library with a free security upgrade for the network. This free layer of protection could prove critical in keeping the library functional for years to come. “It has been a gift to us” McGuire said.

He added a reminder of the significance of this attack. “I feel public libraries are a deeply American idea . . . everyone in our community is enriched when anyone can walk through our doors and help themselves to the rich resources we offer.” He even pointed out that Bandura provided their support because of their belief in this idea.

“This attack attempted to hold information ransom. That frightens and angers all librarians, and it should anger you.”