LIBLICENSE-L Archives

LibLicense-L Discussion Forum

LIBLICENSE-L@LISTSERV.CRL.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Frustrating story on Times Higher Education
From:
LIBLICENSE <[log in to unmask]>
Reply To:
LibLicense-L Discussion Forum <[log in to unmask]>
Date:
Tue, 9 Jul 2019 19:15:59 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (127 lines) 
From: "Hinchliffe, Lisa W" <[log in to unmask]>
Date: Tue, 9 Jul 2019 01:07:56 +0000

Thanks for this extra information.  FWIW, 2FA is, as far as I can tell
possible with both proxy and RA21 solutions. I've heard of at least
one case though where even 2FA didn't prevent pirating because the
pirates first changed the telephone number associated with the account
and then went on from there.

As someone whose life was turned upside down one year by identity
theft, it is great that you haven't had your campus community plagued
with that. Though, rarely isn't never so my sympathies to whoever was
effected.

Thanks again.

Lisa
--

Lisa Janicke Hinchliffe
Professor/ Coordinator for Information Literacy Services and Instruction
University Library, University of Illinois, 1408 West Gregory Drive,
Urbana, Illinois 61801
[log in to unmask], 217-333-1323 (v), 217-244-4358 (f)

________________________________
From: Ian Gibson <[log in to unmask]>
Date: Mon, 8 Jul 2019 12:08:44 +0000

I'll start with your last question - "is that of a level sufficient to
also counter the effect of RG downloads do you think?"

For last year I'm positive that downloads from compromised accounts at
MPOW was far in excess of what our folks were downloading from RG (and
probably SciHub too) - e.g. in May 2018 downloads of Wiley content
were 10x higher than the previous year and pretty much every other
major publisher was similar). I should add that as soon as our
security folks did some magic on their end in June our usage patterns
reverted back to historical norms. The other point I should make here
is that even though usage was off the charts crazy a few months we had
only a few instances where vendors disabled access.

To your first paragraph:

* IT described to us how the attacks worked but my notes aren't great.
The most interesting aspect of all this was that they said there's
rarely any attempt to use compromised credentials to do anything other
than download library content (and gather more email addresses for
phishing attacks).

* We asked them if they thought moving away from proxy access (e.g.
RA21/OpenAthens/etc) would help and their response was that only
systems utilizing 2+ factor authentication are going to solve this
problem. They are currently looking at 2FA solutions to implement
campus wide but the timeline on that is unknown.

Cheers,
Ian

Ian Gibson, MISt
Acting Head, Collections Services
Brock University | Brock University Library
Niagara Region  |  1812 Sir Isaac Brock Way  |  St. Catharines, Ontario  L2S 3A1
E [log in to unmask] | T  905 688 5550  x6223  | @IanGibson11

________________________________
From: "Hinchliffe, Lisa W" <[log in to unmask]>
Date: Sun, 7 Jul 2019 20:01:46 +0000

Could you say a bit more about what you are learning from your campus
IT folks? Are you saying that they are seeing multiple compromises of
accounts that result in downloading the same content multiple times to
different sites?

Even if that is the case though ... is that of a level sufficient to
also counter the effect of RG downloads do you think?

Lisa
--
Lisa Janicke Hinchliffe
Professor/ Coordinator for Information Literacy Services and Instruction
University Library, University of Illinois, 1408 West Gregory Drive,
Urbana, Illinois 61801
[log in to unmask], 217-333-1323 (v), 217-244-4358 (f)

________________________________

From: Ian Gibson <[log in to unmask]>
Date: Thu, 4 Jul 2019 18:38:50 +0000

Apologies for responding to something so far back on the thread but
the impact on usage stats cuts both ways. On the one hand people go to
SciHub (and other sites that use compromised credentials to get at the
literature) and download stuff that they could have got from the
library and that drives down our usage totals. On the other hand
compromised credentials (used by SciHub and elsewhere) also generate
usage stats as they harvest things which messes up your stats in the
other direction. In the past I would have been comfortable saying that
the impact of the former is much greater than the impact of the
latter. After talking to our campus IT security folks I'm not nearly
as confident.

Cheers,
Ian

Ian Gibson, MISt
Acting Head, Collections Services
Brock University | Brock University Library
Niagara Region  |  1812 Sir Isaac Brock Way  |  St. Catharines, Ontario  L2S 3A1
E [log in to unmask] | T  905 688 5550  x6223  | @IanGibson11

________________________________
From: "Hinchliffe, Lisa W" <[log in to unmask]>
Date: Thu, 27 Jun 2019 23:20:00 +0000

But surely usage is considered? And as usage goes elsewhere it
devalues the big deal because the cost per download goes up.
Librarians don't have to be endorsing or encouraging use of
ResearchGate (or SciHub), whether to access licit or illicit copies,
for the reality of that use to be impacting on ata that effects
library subscriptions to content?

Lisa Janicke Hinchliffe
[log in to unmask]

[SNIP]

ATOM RSS1 RSS2