close
close

State or state-sponsored actor was behind British Columbia government cyberattack

B.C.’s public service chief would not say whether the hack was related to the security breach of Microsoft systems committed by state-backed Russian hackers that led to the leak of email correspondence between U.S. government agencies.

Get the latest from Katie DeRosa delivered straight to your inbox

Article content

The sophisticated cybersecurity attack against the British Columbia government was carried out by a state or state-sponsored actor, the head of British Columbia’s public service said Friday.

It also emerged that the government had known about the breach for almost a month before making it public.

Article content

Shannon Salter declined to say during a technical briefing with the media on Friday whether the hack was related to last month’s security breach of Microsoft systems carried out by state-backed Russian hackers that led to the leak of email correspondence between the US -Government led agencies.

Advertising 2

Article content

Public Safety Minister Mike Farnworth reiterated there was no evidence that sensitive personal information was compromised in the attack in British Columbia.

The British Columbia government first became aware of a possible cyberattack on April 10. Online security experts began investigating and confirmed on April 11 that a cyberattack had been carried out.

The hack was reported to the Canadian Center for Cyber ​​Security, a federal agency that enlisted the help of Microsoft.

Due to the complexity of the hack, the center concluded that it must have been carried out by state or state-sponsored actors.

Prime Minister David Eby was informed of the cyberattack on April 17.

On April 29, online security experts found evidence of another hack by the same “threat actor,” Salter said.

That day, provincial employees were advised to immediately change their passwords and limit them to 14 characters. B.C.’s Office of the Chief Information Officer at the time described this as part of governments’ efforts to “routinely” update security measures.

The cyberattack was not made public until 6pm on Wednesday, prompting accusations from BC United MLAs that the government was trying to cover up the attack.

Article content

Advertising 3

Article content

Salter said the cybersecurity center’s advice was not to make the hack public to avoid alerting other hackers to a vulnerability in government networks. Salter said there were three separate cybersecurity incidents, all of which the hackers tried to cover their tracks.

Salter said after the BC NDP Cabinet was informed on May 8, the cyber center agreed the public could be notified.

Eric Li, an associate professor at the University of British Columbia, Okanagan who specializes in cybersecurity, questioned why it took more than two weeks for the government to ask officials to change their passwords.

“I think the British Columbia government will learn from this to be able to better communicate this information to the public,” he said.

Li said the proliferation of public servants working from home since the pandemic means some may be connecting to home Wi-Fi systems with lower security. Government employees who work remotely are typically required to log into higher-security VPN servers, Li said, but it can be difficult to monitor whether that is actually happening.

Advertising 4

Article content

Farnworth said the government’s technical security systems were “designed to deal with people working remotely.”

Salter said the attack involved over 40 terabytes of data. However, she would not say whether the hackers targeted a specific area of ​​government records, such as health records, auto insurance or social services.

The province holds the personal information of millions of British Columbians, including social security numbers, addresses and phone numbers.

Government officials say it is still unclear what the motivation behind the cyberattack was. There was no ransom demand.

Last month, Microsoft notified several U.S. federal agencies that Russian-backed hackers may have stolen emails the company sent to those agencies and that the information included sensitive information such as usernames and passwords.

Neither Salter nor Farnworth would say whether Russian-backed hackers were linked to the British Columbia security breach.

Farnworth said the government employs 76 cybersecurity experts in the Office of the Chief Information Officer in British Columbia and spends $25 million annually on cybersecurity.

Advertising 5

Article content

[email protected]

Recommended by Editorial


Bookmark our website and support our journalism: Don’t miss the news you need to know – bookmark VancouverSun.com and TheProvince.com and sign up for our newsletter here.

You can also support our journalism by becoming a digital subscriber: Get unlimited access to The Vancouver Sun, The Province, National Post and 13 other Canadian news sites for just $14 per month. Support us by subscribing today: The Vancouver Sun | The province.

Article content