State or state-sponsored actor was behind B.C. government cyber attack

The head of B.C.’s public service would not say if the hack is linked to the security breach of Microsoft’s systems which was carried out by Russian state-backed hackers

Get the latest from Katie DeRosa straight to your inbox

Article content

The sophisticated cybersecurity attack against the B.C. government was carried out by a state or state-sponsored actor, the head of B.C.’s public service said Friday.

It also came to light that the government had known about the breach for almost a month before making it public.

Article content

Shannon Salter, speaking to media during a technical briefing Friday, would not say if the hack is linked to last month’s security breach of Microsoft’s systems, which was blamed on Russian state-backed hackers and led to the leak of email correspondence between U.S. government agencies.

Advertisement 2

Article content

Public Safety Minister Mike Farnworth reiterated there’s no evidence sensitive personal information has been compromised in the B.C. attack. However, despite repeated questions, Farnworth did not specify what information the hackers were able to access or what indicators pointed to a state-sponsored attack.

The B.C. government first became aware of a potential cyber attack on April 10. Online security experts began to investigate and confirmed on April 11 that a cyber attack was carried out.

The hack was reported to the Canadian Centre for Cyber Security, a federal agency. The province also enlisted the help of Microsoft.

The centre determined that, because of the sophistication of the hack, it must have been carried out by state or state-sponsored actors.

Premier David Eby was briefed about the cyber attack on April 17.

On April 29, online security experts found evidence of another hacking attempt by the same “threat actor,” Salter said.

That’s the day provincial employees were advised to immediately change their passwords and make them 14 characters long. B.C.’s Office of the Chief Information Officer at the time described that as part of the governments’ efforts to “routinely” update security measures.

Article content

Advertisement 3

Article content

The cyber attack was not made public until Wednesday an hour before puck drop for the Canucks playoff game — which led to accusations from B.C. United MLAs that the government was trying to conceal the attack.

Salter said the cybersecurity centre’s advice was not to make the hack public to avoid tipping off other hackers to a vulnerability in government networks. Salter said there were three separate cybersecurity incidents, all of which included efforts by the hackers to cover their tracks.

Salter said after the B.C. NDP cabinet was briefed on May 8 it was determined the public could be notified.

Eric Li, an associate professor at the University of British Columbia, Okanagan, who specializes in cybersecurity, questioned why it took more than two weeks for the government to ask public servants to change their passwords.

“I think there will be some learning from the B.C. government that they can do a better job in communicating that information to the general public,” he said.

Li said the prevalence of public servants working from home since the pandemic means some might be connecting to lower-security home Wi-Fi systems. Government employees who work remotely are typically required to log onto higher-security VPN servers, Li said, but it can be hard to monitor whether that’s actually happening.

Advertisement 4

Article content

Farnworth said the government’s technical security systems are “designed to be able to deal with people who are working remotely.”

Salter said security experts had to analyze 40 terabytes of data to determine the extent of the attack. She would not say if any of that data was compromised, adding that’s part of the ongoing investigation.

It’s also unclear if the hackers targeted a certain area of government records such as health data, auto insurance or social services.

The province holds the personal data of millions of British Columbians including social insurance numbers, addresses and phone numbers.

Government officials say it’s still unclear what the motivation was behind the cyber attack. There was no ransom demand.

Last month, Microsoft notified several U.S. federal agencies that Russian-backed hackers may have stolen emails that the company sent to those agencies and that the information includes sensitive information such as usernames and passwords.

Neither Salter nor Farnworth would not say if Russian-backed hackers are linked to the B.C. security breach.

Advertisement 5

Article content

Farnworth said the government employs 76 cybersecurity experts in the B.C. Office of the Chief Information Officer and spends $25 million a year on cybersecurity.

[email protected]

Recommended from Editorial

Bookmark our website and support our journalism: Don’t miss the news you need to know — add and to your bookmarks and sign up for our newsletters here.

You can also support our journalism by becoming a digital subscriber: For just $14 a month, you can get unlimited access to The Vancouver Sun, The Province, National Post and 13 other Canadian news sites. Support us by subscribing today: The Vancouver Sun | The Province.

Article content