Colorado’s government homepage offline after cyberattack; Russian-speaking hackers possibly to blame

The state’s IT department says other sites and state services, like renewing a driver’s license, are not affected

Colorado’s state government homepage went offline Wednesday after a “suspected foreign actor” targeted Colorado.gov in a cyberattack, state officials confirmed in a news release.

Scant details about the outage were shared. State IT office and emergency operations center said late Wednesday they were working with federal partners to investigate what happened.

“We are actively investigating and don’t have any further details confirmed other than what’s in the press release,” said Brandi Simmons, a spokeswoman for the Governor’s Office of Information Technology.

CNN and other national media linked Colorado’s attack to a multistate effort by Russian-speaking hackers, who claimed responsibility for disrupting state government websites in Colorado, Kentucky, Mississippi and other states.

Simmons would not confirm a connection between Colorado’s state government website outage and Russian-speaking hackers.

Some local security experts said it was too early to speculate what was going on.

But with just one state website impacted and no others, it could be a BGP attack, or a Border Gateway Protocol, where the “bad guys” try to confuse the internet routers about where to find the website, said Robb Reck, longtime Denver-area cybersecurity expert who is also the chief trust officer for security firm Red Canary in Denver.

“While I don’t know the particulars of the attack against Colorado.gov, there are a number of different attack types that attackers use against websites,” he said. “From attacks against the infrastructure of the internet, like rerouting DNS or BGP, gaining unauthorized access to the website in order to deface or disable the site, or simply overwhelming the website by flooding it with too much traffic.”

State officials had no timeline as to when the main page will be back online.

Colorado’s IT office set up a temporary page on Colorado.gov to direct visitors to common services, including filing an unemployment claim and renewing a driver’s license.

Only the main portal was taken offline, she said. All other state websites were still online and available.

The regular state webpage was still offline Thursday.

The Colorado Sun is a reader-supported, nonpartisan news organization dedicated to covering Colorado issues. To learn more, go to coloradosun.com.