Hackers shaking down businesses after seizing control of computers, warns N.S. expert - Action News
Home WebMail Saturday, November 23, 2024, 10:00 AM | Calgary | -12.0°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Nova Scotia

Hackers shaking down businesses after seizing control of computers, warns N.S. expert

It's time to look beyond the controversy surrounding recent Nova Scotia government security breaches and start preventing issues before they happen, says the organizer of Atlantic Canada's largest information security conference.

One company paid equivalent of more than $160K in Bitcoin to regain control of its computer systems

Travis Barlow, founder of Atlantic Security Conference held this week in Halifax, says hackers are targeting small- and medium-sized businesses, as well as government departments. (CBC)

It's time to look beyond the controversy surrounding recent Nova Scotia government security breachesand start preventing issues before they happen, says the organizer ofAtlantic Canada's largest information security conference.

"I believe you can only kick a dead horse so many times. We are at a point right now where we need to look at the positive, learn from any mistakes that have been highlighted," said Travis Barlow, founderof the Atlantic Security Conference, which is taking place this week in Halifax.

The Nova Scotia government has been dealing with three embarrassing privacy breaches in recent weeks.

On Wednesday, an email went out identifying the 1,000 civil servants who were about to receive their long-service award payments. Last week, parents who were trying to register their children for a popular school program were able to see private information about other families. And earlier this month, the province discovered that private documents on its freedom-of-information portal were accessible to the public simply by altering a URL.

Watch out for bogus security plans

Barlow says these types of IT security issues plague all sectors of the province, from governmentto businesses tothe general public.

"I have a very large, extended familyand from a security perspective, [breaches] scare me to death," he said.

"It's not just security issues, it's the lack of knowledge. People don't understand when they're at risk," he said.

Barlow says he has family members whohave fallen victim to phone scams where they were sold bogus security plans for their home computers.

Participants at Atlantic Security Conference in Halifax heard that more emphasis needs to be on preventing information security breaches rather than dealing with controversy after the incident occurs. (CBC)

As the vice-president of advanced security services at GoSecure, he says he's seen an increase in hackers targeting small- and medium-sized businesses.

"I had four calls between Christmas Day and New Year's alone from companies we've never heard of saying, 'We need help.'" Barlow said.

Hackers hold companies hostage

Two of those companies were from Atlantic Canada.

"Criminals will infiltrate a company network, they may even look at their financial records, find out how much it's going to cost them if they are down for a week, and charge them that much, and say, 'You're getting a steal of a deal," he said.

Barlow says one of his Canadian clients from outside Atlantic Canada paid the equivalent of more than $160,000 in Bitcoin to regain control of the company's computer systems.

The issue of the 19-year-old Halifax man who was arrested for downloading 7,000 freedom-of-information releases from the government's website wasalso on the mind of conference participants.

Access to government site was not difficult

Halifax programmer Evan d'Entremont was selling T-shirts out of a suitcase to raise money for the teen's defence fund.

One of them features aline of computer script beneaththe words,"Governments hate him for this one 'weird'trick."

This T-shirt is being sold at the Atlantic Security Conference to raise money for a Halifax teen's defence fund, after he was charged in a Nova Scotia government data breach earlier this month. (CBC)

That computer script iswhat allowed access to documents from the governmentfreedom-of-information portal, d'Entremont said.

"That line of code would actually download every freedom of information document that the kid did. From foipop.novascotia.ca, starting at 1 and going to 7,000. This is how trivial this is. It's single line of code we were able to print on a T-shirt," he said.

AtlSecConhas donated $1,000 to the the young man's online defence fund.

Nearly two weeks after the problem was identified, the province's freedom-of-information portal remains offline.