Advertisement

Hackers shaking down businesses after seizing control of computers, warns N.S. expert

It's time to look beyond the controversy surrounding recent Nova Scotia government security breaches and start preventing issues before they happen, says the organizer of Atlantic Canada's largest information security conference.

"I believe you can only kick a dead horse so many times. We are at a point right now where we need to look at the positive, learn from any mistakes that have been highlighted," said Travis Barlow, founder of the Atlantic Security Conference, which is taking place this week in Halifax.

The Nova Scotia government has been dealing with three embarrassing privacy breaches in recent weeks.

On Wednesday, an email went out identifying the 1,000 civil servants who were about to receive their long-service award payments. Last week, parents who were trying to register their children for a popular school program were able to see private information about other families. And earlier this month, the province discovered that private documents on its freedom-of-information portal were accessible to the public simply by altering a URL.

Watch out for bogus security plans

Barlow says these types of IT security issues plague all sectors of the province, from government to businesses to the general public.

"I have a very large, extended family and from a security perspective, [breaches] scare me to death," he said.

"It's not just security issues, it's the lack of knowledge. People don't understand when they're at risk," he said.

Barlow says he has family members who have fallen victim to phone scams where they were sold bogus security plans for their home computers.

As the vice-president of advanced security services at GoSecure, he says he's seen an increase in hackers targeting small- and medium-sized businesses.

"I had four calls between Christmas Day and New Year's alone from companies we've never heard of saying, 'We need help.'" Barlow said.

Hackers hold companies hostage

Two of those companies were from Atlantic Canada.

"Criminals will infiltrate a company network, they may even look at their financial records, find out how much it's going to cost them if they are down for a week, and charge them that much, and say, 'You're getting a steal of a deal," he said.

Barlow says one of his Canadian clients from outside Atlantic Canada paid the equivalent of more than $160,000 in Bitcoin to regain control of the company's computer systems.

The issue of the 19-year-old Halifax man who was arrested for downloading 7,000 freedom-of-information releases from the government's website was also on the mind of conference participants.

Access to government site was not difficult

Halifax programmer Evan d'Entremont was selling T-shirts out of a suitcase to raise money for the teen's defence fund.

One of them features a line of computer script beneath the words, "Governments hate him for this one 'weird' trick."

That computer script is what allowed access to documents from the government freedom-of-information portal, d'Entremont said.

"That line of code would actually download every freedom of information document that the kid did. From foipop.novascotia.ca, starting at 1 and going to 7,000. This is how trivial this is. It's single line of code we were able to print on a T-shirt," he said.

AtlSecCon has donated $1,000 to the the young man's online defence fund.

Nearly two weeks after the problem was identified, the province's freedom-of-information portal remains offline.