Security – DigitalKoans

“Mitigating Aggressive Crawler Traffic in the Age of Generative AI: A Collaborative Approach from the University of North Carolina at Chapel Hill Libraries”

The rise of aggressive, adaptive, and evasive web crawlers is a significant challenge for libraries and archives, causing service disruptions and overwhelming institutional resources. This article details the experiences of the University of North Carolina at Chapel Hill University Libraries in combating an unprecedented flood of crawler traffic. It describes the escalating mitigation efforts, from traditional client blocking to the implementation of more advanced techniques such as request throttling, regional traffic prioritization, novel facet-based bot detection, commercial Web Application Firewalls (WAFs), and ultimately, in-browser client verification with Cloudflare Turnstile. The article highlights the adaptive nature of these crawlers, the limitations of isolated institutional responses, and the critical lessons learned from mitigation efforts, including the issues introduced by residential proxy networks and the extreme scale of the traffic. Our experiences demonstrate the effectiveness of a multi-layered defense strategy that includes both commercial and library-specific solutions, such as facet-based bot detection. The article emphasizes the importance of community-wide collaboration, proposing future directions such as formalized knowledge sharing and the ongoing development of best practices to collectively address this evolving threat to open access and the stability of digital library services.

https://shorturl.at/7AP3I

STM: Trusted Identity in Academic Publishing: The Central Role of Digital Identity in Research Integrity

As the digital landscape evolves, the foundational trust that has long supported academic publishing faces new vulnerabilities. Rising cases of identity fraud and integrity breaches are challenging the scholarly community to protect research integrity without imposing unnecessary burdens on genuine contributors. In response, STM Solutions released Trusted Identity in Academic Publishing: The Central Role of Digital Identity in Research Integrity, a new report analyzing the role of digital identity in scholarly publishing and presenting a foundation for the development of guidelines and recommendations to enhance trust through technology.

https://tinyurl.com/5n9y8v75

Report

2024 EDUCAUSE Horizon Report: Cybersecurity and Privacy Edition

These are, in many ways, tumultuous times. Global political movements and ideologies continue to erode social ties and disrupt state and national legislative processes. Wars in Eastern Europe and the Middle East threaten to destabilize the global order. And new AI-powered technologies are evolving at breakneck speed, offering the world both the promise of new utopian capabilities and the threat of dystopian collapse. Against this backdrop of seismic change, higher education cybersecurity and privacy professionals must navigate new questions around what needs to be done to keep our institutions and our students safe and secure. This report summarizes expert panelist discussions on these and other emerging trends and offers reflections on where the future of higher education may be headed.

https://tinyurl.com/3ynda58w

"The British Library Hack Is a Warning for All Academic Libraries"

The British Library’s computer systems were recently attacked by the notorious ransomware group Rhysida. The attack led to many of the Library’s core systems remaining unavailable for months and the auction of 573GB of employees’ personal data on Rhysida’s .onion site. Though the Library is slowly recovering and has admirably published their cyber-incident review paper openly, the incident highlights failures of senior management and devaluing of library technical skills that are widely applicable to libraries across UK higher education.

https://tinyurl.com/bdex73fv

Paywall: "GPT-4 Developer Tool Can Hack Websites without Human Help"

OpenAI’s artificial intelligence model GPT-4 has the capability to hack websites and steal information from online databases without human help, researchers have found. That suggests individuals or organisations without hacking expertise could unleash AI agents to carry out cyber attacks.

http://tinyurl.com/24u7bnud

"Deepfake Scammer Walks off with $25 Million in First-of-Its-Kind AI Heist"

The scam featured a digitally recreated version of the company’s chief financial officer, along with other employees, who appeared in a video conference call instructing an employee to transfer funds.

http://tinyurl.com/9aspy8u7

Pew Research Center: What Americans Know About AI, Cybersecurity and Big Tech

Overall, Americans answer a median of five out of nine questions correctly on a digital knowledge survey that Pew Research Center conducted among 5,101 U.S. adults from May 15 to May 21, 2023. The questions span a range of topics, including cybersecurity practices, facts about major technology companies, artificial intelligence and federal online privacy laws.

Some 26% of U.S. adults can answer at least seven of the nine questions accurately, but just 4% can correctly answer all nine.

https://tinyurl.com/582bwmf3

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Digital Information Security Management Policy in Academic Libraries: A Systematic Review (2010–2022)"

Digital information security management (DISM) is considered an important tool to ensure the privacy and protection of data and resources in an electronic environment. The purpose of this research is to look into the applications of DISM policies in terms of practices and implementation in academic libraries. It also identifies the challenges faced by academic libraries in applying these DISM practices regarding policy. A systematic literature review was conducted to achieve the objectives of the study. . . . A few libraries have developed a mechanism to protect and secure users’ sensitive data from hackers, viruses, malware and social engineering. Findings indicated that both organisations and users trust libraries due to their strict privacy and data security policies. However, some academic libraries did not adopt and implement DISM policies in their organisations, even though they had written DISM policies.

https://doi.org/10.1177/01655515231160026

Paywall — NYT Wirecutter: "Why Every Twitter User Should Archive and Lock Down Their Data"

Now is a good time to take steps to lock down your Twitter account, grab what data you can, review where you’re using Twitter to sign in to other online services, and delete anything you’d rather not live on a site that may be on its last legs. Taking these steps could protect you from identity theft or private messages being made public

https://cutt.ly/oMZDWod

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Is Mastodon Private and Secure? Let’s Take a Look"

For basic security, instances will employ transport-layer encryption, keeping your connection to the server you’ve chosen private. This will keep your communications safe from local eavesdroppers using your same WiFi connection, but it does not protect your communications, including your direct messages, from the server or instance you’ve chosen—or, if you’re messaging someone from a different instance, the server they’ve chosen. This includes the moderators and administrators of those instances, as well. Just like Twitter or Instagram, your posts and direct messages are accessible by those running the services. But unlike Twitter or Instagram, you have the choice in what server or instance you trust with your communications. . . . Two-factor authentication with an app or security key is available on Mastodon instances, giving users an extra security check to log on. The software also offers robust privacy controls: allowing users to set up automatic deletion of old posts, set personalized keyword filters, approve followers, and hide your social graph (the list of your followers and those you follow). Unfortunately, there is no analogue to making your account "private. . . . Mastodon users can mute, block, or report other users. Muting and blocking works just as you’d expect: it’s a list associated with your account that just stops the content of that user from appearing in your feed and prevents them from reaching out to you, respectively."

https://cutt.ly/mMZIEtS

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |

"Data Cartels:The Companies That Control and Monopolize Our Information"

Just a few companies dominate most of our critical informational resources. Often self-identifying as "data analytics" or "business solutions" operations, they supply the digital lifeblood that flows through the circulatory system of the internet. With their control over data, they can prevent the free flow of information, masterfully exploiting outdated information and privacy laws and curating online information in a way that amplifies digital racism and targets marginalized communities. They can also distribute private information to predatory entities.

https://www.sup.org/books/title/?id=33205

| Research Data Publication and Citation Bibliography | Research Data Sharing and Reuse Bibliography | Research Data Curation and Management Bibliography | Digital Scholarship |