http://www.pioneerlocal.com/cgi-bin/ppo-story/localnews/current/gl/07-14-05-632905.html BY JOHN P. KELLY STAFF WRITER July 14, 2005 Twenty-two suburban libraries were thrust into the predigital dark ages last week after a hacker hijacked their central computer server. Names, phone numbers and addresses for nearly 480,000 patrons in the suburban library consortium Cooperative Computer Services were vulnerable, though apparently left untouched in what culminated in a three-day tit-for-tat between technicians at the Arlington Heights-based company and the hacker. "We're confident we have defeated the intruder without any data loss or lasting damage," Administrator Richard Shurman said. June infiltration The hacker, who may have infiltrated the system sometime in June, used the server as a haven to set up an illegal online file sharing network, Shurman said. Technical consultants were called in last week to combat the hacker and, as a security measure, temporarily crippled the computer network that links the libraries' circulation and catalog information. They also disabled iBistro, an online catalog that lets patrons check book availability from home. The move caused libraries from Wilmette to Cary to resort to old-fashioned methods of checking out material and -- with card catalogs largely purged in the 1990s -- guesswork to locate books on the shelf. By Monday afternoon, the internal network was expected to be almost fully restored, though iBistro was off-line until Tuesday. Back to basics Several patrons who check book availability and reserve materials online called the Winnetka-Northfield Public Library District to find out why the system was down, Library Director Barbara Aron said. "It was totally out of our control," Aron said. Library staff members resorted to hand-writing check-out slips and couldn't check in books that had been returned late last week. Shurman said an investigation was ongoing but refused to say whether law enforcement officials were involved. "At this point, I need to be kind of close mouthed about it," Shurman said. Thom Morris, library computer services administrator at the Northbrook Public Library, said it took two to three times longer to track down books, if they could be found at all, during the three days the system was down. Morris said a "primitive" back-up system was used to record when patrons checked out books and said the break down was a "huge inconvenience for library staff and patrons." Shurman said Cooperative Computer Services will fast-track a software upgrade that was planned for later this year and said the incident would result in a financial setback of less than $10,000. Minor disruptions Peggy Hamil, executive director of the Glencoe Public Library, said librarians in the area were surprised to learn of the security breach but said it caused only minor disruptions at the library. Hamil decided not to notify patrons of the hacking because no valuable personal data was susceptible and an alert would be "more disturbing than informative." "This is simply a reminder that nothing is ever completely safe from the efforts of someone with malicious intent and technical knowledge," Hamil said. Daniel Walters, president of the Public Library Association, said libraries have been "sporadic targets" of malicious cyber attacks, but the aim is generally the destruction, not theft, of data. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 23:11:14 PDT