From: Andrew Pitts <[log in to unmask]> Date: Wed, 10 Jul 2019 12:24:24 +0000 Thanks Ian (and Angie for your earlier response). This is very interesting additional information. I’m very interested to note your comment that “there’s rarely an attempt to … do anything other than download library content…”. Rarely is not never and I’ve been given many examples where intrusions have been very invasive and damaging, please see my Scholarly Kitchen article at https://scholarlykitchen.sspnet.org/2018/09/18/guest-post-think-sci-hub-is-just-downloading-pdfs-think-again/ . I'm not sure that Lisa's question is answered fully. How can campus IT have any idea how many articles are downloaded from Sci-Hub? Sci-Hub's usage is said, by them, to be 400,000 articles per day, far greater than the number of new articles published each day. The evidence shows that Sci-Hub are copying large numbers of articles from hundreds of publishers, but each article only once. Does Sci-Hub downloading ONE copy of each article, outweigh the number of times that articles are accessed by all library patrons? I’m also interested to hear the comments about 2 factor authentication. A word of caution, however, I’ve heard of instances where hackers have used stolen credentials, changed the number associated with the account and circumvented the system by having the 2nd stage authentication diverted to their own phones. Not only do they still achieve access, they also lock the true user out of their own accounts. Also, when some Publishers tried adding 2FA, Alexandra herself boasted on her blog that they were easily able to get around 2FA. So, I’m highly sceptical that this will “solve this problem”. Even without these flaws I have concerns. Knowing that dual factor can be at best irritating, at worst unusable, for example if the user forgets their phone or has no signal, I worry that the system will actually drive people to use the likes of RG and/or Sci-Hub in order to avoid the system. After all, ease of use is often cited as the main reason people go to Sci-Hub in the first place. We’ve been working closely with both libraries and publishers over the past 3 years to create a block list of IP addresses that have been identified as the source of spamming, phishing and other forms of cyber-crime. Many of these we know to be Sci-Hub source IPs. EZ-proxy has included a new security feature in their recent release involving a real-time call out to our block list that validates the IP address of the requester and logs or denies access (depending on the option selected by the organisation) if the IP address is a known pirate or hacker. We’ve received anecdotal evidence from both publishers and libraries to say that the number of intrusions has decreased since this new security feature was released. Unfortunately, as we do not collect or store any of the data, for data protection reasons, we are not able to monitor this ourselves. While the EZ-proxy security feature is working effectively, it only protects EZ-proxy access. We also urge all institutions to download the block list for themselves and to insert the identified IPs into their firewalls. The block list is available FREE to libraries via theIPregistry.org, simply sign-in to your organisation’s profile page and download the block list from there. We are confident that using the block list will help to protect library patrons and staff, intellectual property and publishers’ copyrighted content. As a side note it appears that usage metrics are getting messed up one way or another. TheIPregistry.org can also help both publishers and libraries to validate their usage data by ensuring that publishers are using the correct, verified IP addresses for their customers. It is important that libraries ensure that the correct IP address are whitelisted and used by publishers. If you haven’t already done so, please sign-in to theIPregistry.org to see the IPs that publishers are currently using for your organisation and to make sure that all of your IPs have been verified. Andrew Pitts Managing Director PSI Ltd Oxford, UK www.psiregistry.org Tel: +44-1865-849514 Cell:+44-7818451926 Please follow us on Twitter: https://twitter.com/ip_registry https://twitter.com/PubSolutionsInt -----Original Message----- From: "Hinchliffe, Lisa W" <[log in to unmask]> Date: Tue, 9 Jul 2019 01:07:56 +0000 Thanks for this extra information. FWIW, 2FA is, as far as I can tell possible with both proxy and RA21 solutions. I've heard of at least one case though where even 2FA didn't prevent pirating because the pirates first changed the telephone number associated with the account and then went on from there. As someone whose life was turned upside down one year by identity theft, it is great that you haven't had your campus community plagued with that. Though, rarely isn't never so my sympathies to whoever was effected. Thanks again. Lisa -- Lisa Janicke Hinchliffe Professor/ Coordinator for Information Literacy Services and Instruction University Library, University of Illinois, 1408 West Gregory Drive, Urbana, Illinois 61801 [log in to unmask], 217-333-1323 (v), 217-244-4358 (f) ________________________________ From: Ian Gibson <[log in to unmask]> Date: Mon, 8 Jul 2019 12:08:44 +0000 I'll start with your last question - "is that of a level sufficient to also counter the effect of RG downloads do you think?" For last year I'm positive that downloads from compromised accounts at MPOW was far in excess of what our folks were downloading from RG (and probably SciHub too) - e.g. in May 2018 downloads of Wiley content were 10x higher than the previous year and pretty much every other major publisher was similar). I should add that as soon as our security folks did some magic on their end in June our usage patterns reverted back to historical norms. The other point I should make here is that even though usage was off the charts crazy a few months we had only a few instances where vendors disabled access. To your first paragraph: * IT described to us how the attacks worked but my notes aren't great. The most interesting aspect of all this was that they said there's rarely any attempt to use compromised credentials to do anything other than download library content (and gather more email addresses for phishing attacks). * We asked them if they thought moving away from proxy access (e.g. RA21/OpenAthens/etc) would help and their response was that only systems utilizing 2+ factor authentication are going to solve this problem. They are currently looking at 2FA solutions to implement campus wide but the timeline on that is unknown. Cheers, Ian Ian Gibson, MISt Acting Head, Collections Services Brock University | Brock University Library Niagara Region | 1812 Sir Isaac Brock Way | St. Catharines, Ontario L2S 3A1 E [log in to unmask] | T 905 688 5550 x6223 | @IanGibson11 ________________________________ From: "Hinchliffe, Lisa W" <[log in to unmask]> Date: Sun, 7 Jul 2019 20:01:46 +0000 Could you say a bit more about what you are learning from your campus IT folks? Are you saying that they are seeing multiple compromises of accounts that result in downloading the same content multiple times to different sites? Even if that is the case though ... is that of a level sufficient to also counter the effect of RG downloads do you think? Lisa -- Lisa Janicke Hinchliffe Professor/ Coordinator for Information Literacy Services and Instruction University Library, University of Illinois, 1408 West Gregory Drive, Urbana, Illinois 61801 [log in to unmask], 217-333-1323 (v), 217-244-4358 (f) ________________________________ From: Ian Gibson <[log in to unmask]> Date: Thu, 4 Jul 2019 18:38:50 +0000 Apologies for responding to something so far back on the thread but the impact on usage stats cuts both ways. On the one hand people go to SciHub (and other sites that use compromised credentials to get at the literature) and download stuff that they could have got from the library and that drives down our usage totals. On the other hand compromised credentials (used by SciHub and elsewhere) also generate usage stats as they harvest things which messes up your stats in the other direction. In the past I would have been comfortable saying that the impact of the former is much greater than the impact of the latter. After talking to our campus IT security folks I'm not nearly as confident. Cheers, Ian Ian Gibson, MISt Acting Head, Collections Services Brock University | Brock University Library Niagara Region | 1812 Sir Isaac Brock Way | St. Catharines, Ontario L2S 3A1 E [log in to unmask] | T 905 688 5550 x6223 | @IanGibson11