Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacked! Libraries & the Cyber Security Landscape


Published on

In November 2018, the South Huntington Public Library responded to a breach of its computer network. How we can better defend our organizations against an intrusion, and what preparations can be made in case one occurs? This presentation explores the current threat landscape, before examining what happened, how our organization responded, and what we gained from the experience.

Published in: Technology
  • Be the first to comment

Hacked! Libraries & the Cyber Security Landscape

  1. 1. HACKED! Presented by Nick Tanzi Assistant Director, South Huntington Public Library
  2. 2. “We live in a society exquisitely dependent on science and technology, in which hardly anyone knows anything about science and technology.” -Carl Sagan
  3. 3. NAME OR LOGO What is the current cybersecurity landscape?
  4. 4. NAME OR LOGO ○ Phishing attacks are still the most common cybersecurity attack in 2019. • Extremely inexpensive and easy to launch. • Very successful! ○ Subcategories • Spearphishing • Whaling 4 Phishing The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
  5. 5. NAME OR LOGO What does phishing look like?
  6. 6. NAME OR LOGO ○ Endpoints are remote computing devices that connect to a network and communicate back and forth with the network. ○ Software as a service (Saas) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet 6 Expanding Battle Lines New ways of accessing data have increased potential exposure.
  7. 7. NAME OR LOGO ○ AI can learn & replicate natural language. ○ The creation of spam emails that are contextualized. ○ Think spam on steroids. 7 AI & Machine Learning Giving artificial intelligences access to information to let them learn for themselves.
  8. 8. NAME OR LOGO Old spam vs spam powered by machine learning
  9. 9. NAME OR LOGO ○ Ransomware cost organizations $11.5 billion worldwide in 2019. ○ That cost is overwhelmingly representative of damages & disruption, not ransoms. ○ Other versions • Scareware, Doxxware ○ Lucrative & anonymous ○ Libraries are particularly susceptible 9 Ransomware Malicious software that locks and encrypts a victim’s computer or device data, then demands a ransom to restore access. ransomware-5-dos-and-donts.html
  10. 10. NAME OR LOGO Libraries, schools, & municipalities are particularly susceptible to ransomware ○ City struck by Robinhood ransomware in May 2018 ○ Majority of city servers shut down as a precaution ○ Utility billing systems disrupted ○ Payment demand of 13 bitcoins ($102,000) ○ Total cost of $18.2 million • $12.2 million in disruptions & damage • $6 million in security improvements -Source: The Baltimore Sun ○ Subject to a ransomware attack on July 8, 2019 ○ District found itself largely locked out of its own computers (payroll, student management, website) ○ Insurance company hired a cybersecurity firm within 48 hours. ○ Unclear if district paid ransom or was able to obtain publicly available decryption keys. ○ Cost: $50,000 insurance deductible. -Source: 10 City of Baltimore Syracuse School District
  11. 11. NAME OR LOGO
  12. 12. NAME OR LOGO Who are we? ○ Approximately 47,000 square feet ○ 105 computers ○ Public Wi-Fi ○ Wireless Printing ○ Emerging technologies ○ Small internal IT department The South Huntington Public Library Home sweet home.
  13. 13. NAME OR LOGO ○ A snap Department Head Meeting was called to discuss a computer that appeared to have been tampered with. ○ Several staff members indicated strange behavior by other computers. ○ It soon became apparent that a number of computers were undergoing active encryption. Houston, we have a problem. Scenes from a staff meeting, November, 2018
  14. 14. NAME OR LOGO ○ With suspicious activity on both staff and patron network, the decision was made to take the library offline. • Pulled internet cable • Ethernet pulled from all computers, printers, etc. • All servers shut down. ○ Law enforcement contacted. ○ Library Board & administration notified. Shut it Down! Going off grid.
  15. 15. NAME OR LOGO The Morning After No computers, no internet, no website.
  16. 16. NAME OR LOGO Now What? Continue Operation What level of service can we provide? Gather Information Examine & export logs, consider a plan for restoration. Restore Critical Systems Bring key functions back online. Harden Our Facility Strengthen library against future incidents. Resume Full Service Get back to regular library operation.
  17. 17. NAME OR LOGO ○ Mobile Workarounds: • Mobile hotspots + unaffected laptops for public service desks. • Social media as a stand-in for the library’s website. ○ Pen & Paper • Old school checkout • Program registration • Time clock sign in sheets ○ Alternate network Continuing to Operate What we did to keep the lights on.
  18. 18. NAME OR LOGO 18 Key Takeaways Managing time & resources is tricky! Find ways for staff to de-stress
  19. 19. NAME OR LOGO ○ Booting servers offline & exporting logs. • Examined for suspicious activity. ○ Assess potential damage & determine what hardware needs to be replaced. ○ Outline a plan for the restoration of the network. ○ Map IT infrastructure for law enforcement. Gathering Information Season One of CSI South Huntington 19
  20. 20. NAME OR LOGO 20 Key Takeaways Keep open lines of communication! Treat a compromised network like a crime scene!
  21. 21. NAME OR LOGO ○ Business Office server ○ Domain controllers ○ MDT server to deploy workstations ○ Reimaging a prioritized list of computers • Business office • Circulation • Public Service Departments • Patron computers Restoring Critical Systems The business of getting back in business. 21
  22. 22. NAME OR LOGO 22 Key Takeaways Manage employee expectations. Test your backups annually. Prioritizing public services can be difficult
  23. 23. NAME OR LOGO ○ Adopted Windows Baseline Security Recommendations ○ All staff created new passwords with 14 character minimum. ○ Disabled windows recovery environment ○ Limiting Active Directory ○ Passive physical security ○ Instill skepticism! 23 Hardening Our Facility Implementing high-tech & low-tech solutions to improve our overall network security.
  24. 24. NAME OR LOGO 24 Key Takeaways Crisis = opportunity Be aware of what data you are keeping! Too much access is a risk! Consider physical security
  25. 25. NAME OR LOGO ○ 20 days after the initial shutdown, we resumed full service. ○ 5 computers replaced. ○ New passwords for all staff. ○ 105 computers & laptops re-imaged. ○ We received our computers back from law enforcement 11 months later. 25 Resuming Full Service A return to normalcy.
  26. 26. Contact Nick Tanzi @techie_lib Assistant Director, South Huntington Public Library