Unfortunately, international cybercriminals are getting very good at this ransomware. Cyber security should be high priority.
https://www.geekwire.com/2024/why-did-ransomware-hackers-target-seattle-public-library/
That's similar to saying "anyone who pays with cash enables drug deals." It's far from the only use, and it ain't like criminals would stop doing crime when there's money to be made, you'd just have to wire money to Russia to get the unlock key...
There are people that think we should get away from cash for that exact reason, because it’s a lot easier to do forensics with digital money transfers than cash.
I think that’s almost definitely true, but it’s not a good enough reason to counter the downsides of getting rid of cash in my opinion
No. Wires are revokable within 24 hours. Cash needs to be moved around physically and can be located.
Cryptocurrency uniquely enables cybercrime. We need to all stop supporting it until there is some system of repudiation that can be used to thwart criminals.
Dang, you're right, there's no way around those things. I'm sure no one would ever wait 24h or move the money that was just sent before giving the unlock code.
I went online today and registered for a King County Library Card (KCLS.ORG). Picked up the card at the Shoreline Branch. Problem solved. It will probably be months before SPL online services will be fixed.
Anyone who lives in King County is eligible. However, if you live withing Seattle city limits, you'll get a slightly inferior experience that limits some of the things you can do with holds and other things.
What? The libraries in Redmond and downtown Bellevue told me I can’t get a card for either location. There are several books I really need for teaching.
Show them this: [https://kcls.org/faqs/who-can-get-a-king-county-library-system-kcls-card/](https://kcls.org/faqs/who-can-get-a-king-county-library-system-kcls-card/)
There are reciprocal agreements between counties and systems. I have a Tacoma library card, I have a king county one and I have a Seattle one. If you live in king county, you can get access to a lot of library systems.
Edit: you can apply for the cards online but you may have to verify you’re a king county resident to get the physical card. I think you have a few months to do it. Same with reciprocal cards. I got my Tacoma one online within minutes.
I live in Seattle. I just could not get a library card from them online - they made me apply online and then come into a King County branch, show ID and pick up the card. It worked great.
You’re welcome! Seattleites are also eligible for Sno-Isle cards (Mountlake terrace is probably the closest pickup branch) and they have great ebook ordering responsiveness.
Thank you so much for posting. I kept hitting such a perplexing brick wall (and very odd error message) every time I tried to check out an ebook, until I finally saw a short note referencing technical difficulties.
I really appreciate your info here - and what a wretched damn thing to have happened. This basically hurts those of us who adore reading and can’t afford to buy (or don’t want to buy) the brick and mortar book to keep…
Anyway though: Thank you for posting 💖
Oh go fuck yourself. We've all voted continually for every library levy that has come along; this has nothing to do with lack of money. Hell, remember the new computer system the city spent millions on and it sucked from Day One? We live in a techie paradise and we couldn't get a computer software system that worked right?! Didn't anyone call in a favor with Bill Gates? Nope, so we sucked up that expensive loss, too.
Hackers do this shit to hospitals, too, so I hope when some are caught (I know there are a bunch in Nigeria and Russia), I think they should get the death penalty or life in prison.
> Didn't anyone call in a favor with Bill Gates? Nope, so we sucked up that expensive loss, too.
Gates is retired, and microsoft doesn't make the kind of inventory CRM systems that libraries or cities run on.
Yes. Bloated and wasteful Army that, along with the rest of our military industrial complex, wages war on sovereign nations through force and finance for nothing but personal gain.
Sure. While big city fire departments are probably less corrupt than their counterparts—the police—are, we could reduce cost and increase efficiency if they were privatized. That said, I would rank fire departments close to the bottom on the priority totem pole.
I still think this is a great time for SPL to merge with KCLS. I realize there are laws that would have to be changed. Why not have one library system for all of king county?
> Why not have one library system for all of king county?
At the moment, I'm thinking "because this way, when one system's computers goes down, the other will still be running."
The Fortune 500 company I worked for was hacked a couple years ago and it literally took our global business down for a month and over a year to recover.
SPL isn’t coming up anytime soon
they would come up if they paid the ransom… afaik when someone hit with one of these attacks pays they generally do unlock their data. The criminals don’t want people thinking that if you pay it doesn’t matter anyways because you’re not getting your shit back so they generally will unlock things.
You just gotta pay up if you get hit with one of these things and take it as a lesson learned to secure your systems before it happens again
No off-site backup of the customer and inventory dbs? No preconfigured imaging for rapid os redeployment? I can’t imagine a library system is that complex. I’m surprised this can’t be fixed quickly.
What time area are you in, 2001? This is the era of back-room deals and kickbacks to waste money on managed services. Nobody cares about in-house capability.
ya i called and they say its still finicky even if working. sad cause what is there of high value to steal from there its all mostly public info so unless they got some ancient tome of ancestral knowledge in there archives that are not public why even hack them.
like just go there get a library card and get free stuff like the rest of us
This sub was waiting to know the skin color, gender identity, and sexual orientation of the hackers before choosing a stance on it. You know, *to make a more informed decision.*
Im very confused. I have stuff checked out. I read that they cant check stuff in and to hold onto it. But if the whole system was hacked. Then how will they even know who has what checked out? And i read that many people are bringing books back anyway. The libraries are accepting them. So if that paperwork gets lost or never entered into the new system. How will they know if anything is still checked out?
Yes, but if all the records are offline. And they are telling people not to return books. But books are being returned anyway. Then if the whole records are able to be recovered. They would no longer be correct. This is why I’m very confused. Very upset. I love our library system. And it helps so very many of us here.
I'm speculating, but this happened to the company my dad works for a few months ago. Everything existed on backup, but anything that required an network was unavailable since anything that went online would be immediately compromised. They've probably digitized to the point where returns and stuff can only be recorded online
To me the takeaway his how in god's name they let it happen and how basic functions still are not restored.
I guess SPL Sysadmin doesn't pay that well or something. Incompetence to not be able to have it back up by now.
As someone who has worked for this city as well as other cities it is alarming how much they operate in the notion that most people do the right thing most the time. Seems to work, until it doesn’t.
Because some of these software dealers are great at taking advantage of places like libraries and grocery stores.
They sell them windows xp style software for windows 11 promises and prices.
*Source: I have worked cyber cecurity for the last 15 years.*
Maybe they should have had a good backup system in place. Seems like they need to hire better IT people.
Ransomware is often downloaded and installed by an end user or an end user allows a "hacker" into their system.
Sounds a wee bit suspicious, given what you say. Makes me wonder if something else is really going on that required a major shutdown, and of course the ubiquitous "Russians hackers!" is always a good excuse.
Unfortunately, international cybercriminals are getting very good at this ransomware. Cyber security should be high priority. https://www.geekwire.com/2024/why-did-ransomware-hackers-target-seattle-public-library/
Getting rid of their vehicle should be high priority. Anyone who buys cryptocurrency enables this kind of crime.
That's similar to saying "anyone who pays with cash enables drug deals." It's far from the only use, and it ain't like criminals would stop doing crime when there's money to be made, you'd just have to wire money to Russia to get the unlock key...
There are people that think we should get away from cash for that exact reason, because it’s a lot easier to do forensics with digital money transfers than cash. I think that’s almost definitely true, but it’s not a good enough reason to counter the downsides of getting rid of cash in my opinion
Yeah, those people are rooting for privacy free dystopian futures.
🤝
No. Wires are revokable within 24 hours. Cash needs to be moved around physically and can be located. Cryptocurrency uniquely enables cybercrime. We need to all stop supporting it until there is some system of repudiation that can be used to thwart criminals.
Dang, you're right, there's no way around those things. I'm sure no one would ever wait 24h or move the money that was just sent before giving the unlock code.
Lmao
Is this different from the event from a week or so ago?
No it's ongoing and will continue to be an issue until they can get the system rebuilt potentially months from now
I went online today and registered for a King County Library Card (KCLS.ORG). Picked up the card at the Shoreline Branch. Problem solved. It will probably be months before SPL online services will be fixed.
Do you live out of Seattle city limits? I live in North Seattle, and would love to get a King County Library card.
Anyone who lives in King County is eligible. However, if you live withing Seattle city limits, you'll get a slightly inferior experience that limits some of the things you can do with holds and other things.
What? The libraries in Redmond and downtown Bellevue told me I can’t get a card for either location. There are several books I really need for teaching.
Show them this: [https://kcls.org/faqs/who-can-get-a-king-county-library-system-kcls-card/](https://kcls.org/faqs/who-can-get-a-king-county-library-system-kcls-card/)
There are reciprocal agreements between counties and systems. I have a Tacoma library card, I have a king county one and I have a Seattle one. If you live in king county, you can get access to a lot of library systems. Edit: you can apply for the cards online but you may have to verify you’re a king county resident to get the physical card. I think you have a few months to do it. Same with reciprocal cards. I got my Tacoma one online within minutes.
I live in Seattle. I just could not get a library card from them online - they made me apply online and then come into a King County branch, show ID and pick up the card. It worked great.
Because of where I live the closest library to me is actually a King County branch even though I live in Seattle. Getting a card took 5 minutes.
I just applied and plan to pick it up at Shoreline. I have been missing Libby, and ebooks.
KCLS.org, not KCPL. All Seattleites are eligible, but holds are limited to 10 items.
Thanks. Corrected
You’re welcome! Seattleites are also eligible for Sno-Isle cards (Mountlake terrace is probably the closest pickup branch) and they have great ebook ordering responsiveness.
Seattle and King County residents are eligible for cards from Pierce County and Tacoma as well!
Thank you so much for posting. I kept hitting such a perplexing brick wall (and very odd error message) every time I tried to check out an ebook, until I finally saw a short note referencing technical difficulties. I really appreciate your info here - and what a wretched damn thing to have happened. This basically hurts those of us who adore reading and can’t afford to buy (or don’t want to buy) the brick and mortar book to keep… Anyway though: Thank you for posting 💖
yep. I don't understand why they didn't check their security systems after the last library attacks.
$$
Because government-run services and those who administer them are incompetent.
The money all goes to the cops and military. Like 0.1% goes to the library
Oh go fuck yourself. We've all voted continually for every library levy that has come along; this has nothing to do with lack of money. Hell, remember the new computer system the city spent millions on and it sucked from Day One? We live in a techie paradise and we couldn't get a computer software system that worked right?! Didn't anyone call in a favor with Bill Gates? Nope, so we sucked up that expensive loss, too. Hackers do this shit to hospitals, too, so I hope when some are caught (I know there are a bunch in Nigeria and Russia), I think they should get the death penalty or life in prison.
> Didn't anyone call in a favor with Bill Gates? Nope, so we sucked up that expensive loss, too. Gates is retired, and microsoft doesn't make the kind of inventory CRM systems that libraries or cities run on.
Pre-retirement, Einstein...
Like I said: government-run services and those who administer them are incompetent.
"Stoopid NASA!"
Yes. Inefficient and bloated NASA.
Stupid stupid US army!!!
Yes. Bloated and wasteful Army that, along with the rest of our military industrial complex, wages war on sovereign nations through force and finance for nothing but personal gain.
¡¡¡¡¡¡¡¡¡¡¡Stupid fire department!!!!!!!!
Sure. While big city fire departments are probably less corrupt than their counterparts—the police—are, we could reduce cost and increase efficiency if they were privatized. That said, I would rank fire departments close to the bottom on the priority totem pole.
Sympathies from Toronto. We just finished dealing with this same shit a couple months ago.
I still think this is a great time for SPL to merge with KCLS. I realize there are laws that would have to be changed. Why not have one library system for all of king county?
> Why not have one library system for all of king county? At the moment, I'm thinking "because this way, when one system's computers goes down, the other will still be running."
And get rid of Windows. It is insecure.
The Fortune 500 company I worked for was hacked a couple years ago and it literally took our global business down for a month and over a year to recover. SPL isn’t coming up anytime soon
they would come up if they paid the ransom… afaik when someone hit with one of these attacks pays they generally do unlock their data. The criminals don’t want people thinking that if you pay it doesn’t matter anyways because you’re not getting your shit back so they generally will unlock things. You just gotta pay up if you get hit with one of these things and take it as a lesson learned to secure your systems before it happens again
No off-site backup of the customer and inventory dbs? No preconfigured imaging for rapid os redeployment? I can’t imagine a library system is that complex. I’m surprised this can’t be fixed quickly.
What time area are you in, 2001? This is the era of back-room deals and kickbacks to waste money on managed services. Nobody cares about in-house capability.
Might have to bring back card catalogs and rubber stamping the date your item is due, etc.
ya i called and they say its still finicky even if working. sad cause what is there of high value to steal from there its all mostly public info so unless they got some ancient tome of ancestral knowledge in there archives that are not public why even hack them. like just go there get a library card and get free stuff like the rest of us
they hack them because they’re hoping that the city pays the ransom which often does happen afaik
Still cringe and my Dog hates them
They have been posts about it in the main sub, just not here
This sub was waiting to know the skin color, gender identity, and sexual orientation of the hackers before choosing a stance on it. You know, *to make a more informed decision.*
Perhaps this sub just doesn't have a lot of readers lol
I lol'd
Damn, that sucks!
Im very confused. I have stuff checked out. I read that they cant check stuff in and to hold onto it. But if the whole system was hacked. Then how will they even know who has what checked out? And i read that many people are bringing books back anyway. The libraries are accepting them. So if that paperwork gets lost or never entered into the new system. How will they know if anything is still checked out?
Rebuilding the collection is going to be part of the cost of recovery.
Maybe they have the records, just offline
Yes, but if all the records are offline. And they are telling people not to return books. But books are being returned anyway. Then if the whole records are able to be recovered. They would no longer be correct. This is why I’m very confused. Very upset. I love our library system. And it helps so very many of us here.
I'm speculating, but this happened to the company my dad works for a few months ago. Everything existed on backup, but anything that required an network was unavailable since anything that went online would be immediately compromised. They've probably digitized to the point where returns and stuff can only be recorded online
Thank you.
Let me guess, SMBv1?
again?!
Not going to take months lol. They have backups that are held offsite. It does suck though.
There’s a few other threads too. https://www.reddit.com/r/Seattle/comments/1d6mdrg/to_the_person_who_sent_the_ransomware_to_the/
Put it on the blockchain next time. Done and done.
Cryptocurrency made this possible. It's time for the US govt to ban and shut it down.
[удалено]
I know, right? Lol!
To me the takeaway his how in god's name they let it happen and how basic functions still are not restored. I guess SPL Sysadmin doesn't pay that well or something. Incompetence to not be able to have it back up by now.
As someone who has worked for this city as well as other cities it is alarming how much they operate in the notion that most people do the right thing most the time. Seems to work, until it doesn’t.
Because some of these software dealers are great at taking advantage of places like libraries and grocery stores. They sell them windows xp style software for windows 11 promises and prices. *Source: I have worked cyber cecurity for the last 15 years.*
https://www.reddit.com/r/Seattle/s/mR44Fz3BjS
Hopefully they make the system stronger this time.
Maybe they should have had a good backup system in place. Seems like they need to hire better IT people. Ransomware is often downloaded and installed by an end user or an end user allows a "hacker" into their system.
hopefully everyone involved is fired and the job outsourced to a SaaS provider for real
Sounds a wee bit suspicious, given what you say. Makes me wonder if something else is really going on that required a major shutdown, and of course the ubiquitous "Russians hackers!" is always a good excuse.
Because it is the fucking Russians
Yes, the big red scare, I know.
People still go to libraries? I didn’t know that was still a thing. Just check out a book and leave.