Cyberattack was state-sponsored hack: official
Hack with unknown motive not made public for almost a month, official says
The sophisticated cybersecurity attack against the B.C. government was carried out by a state or state-sponsored actor, the head of B.C.'S public service said Friday.
It also came to light that the government had known about the breach for almost a month before making it public.
Shannon Salter, speaking to media during a technical briefing Friday, would not say if the hack is linked to last month's security breach of Microsoft's systems, which was blamed on Russian state-backed hackers and led to the leak of email correspondence between U.S. government agencies.
Public Safety Minister Mike Farnworth reiterated there's no evidence sensitive personal information has been compromised in the B.C. attack. However, despite repeated questions, Farnworth did not specify what information the hackers were able to access or what indicators pointed to a state-sponsored attack.
The B.C. government first became aware of a potential cyberattack on April 10. Online security experts began to investigate and confirmed on April 11 that a cyberattack was carried out.
The hack was reported to the Canadian Centre for Cyber Security, a federal agency, which enlisted the help of Microsoft.
The centre determined that, because of the sophistication of the hack, it must have been carried out by state or state-sponsored actors.
Premier David Eby was briefed about the cyberattack on April 17.
On April 29, online security experts found evidence of another hacking attempt by the same “threat actor,” Salter said.
That's the day provincial employees were advised to immediately change their passwords and make them 14 characters long. B.C.'S Office of the Chief Information Officer at the time described that as part of the government's efforts to “routinely” update security measures.
The cyberattack was not made public until Wednesday at 6 p.m. — an hour before the Canucks opened their NHL playoff series against Edmonton — which led to accusations from B.C. United MLAS that the government was trying to conceal the attack.
Salter said the cybersecurity centre's advice was not to make the hack public to avoid tipping off other hackers to a vulnerability in government networks. Salter said there were three separate cybersecurity incidents, all of which included efforts by the hackers to cover their tracks. She said after the B.C. NDP cabinet was briefed on May 8, the Canadian Centre for Cyber Security agreed that the public could be notified.
Eric Li, an associate professor at UBC Okanagan, who specializes in cybersecurity, questioned why it took more than two weeks for the government to ask public servants to change their passwords. “I think there will be some learning from the B.C. government that they can do a better job in communicating that information to the general public,” he said.
Li said the prevalence of public servants working from home since the pandemic means some might be connecting to lower-security home Wi-fi systems. Government employees who work remotely are typically required to log onto higher-security VPN servers, Li said, but it can be hard to monitor whether that's actually happening.
Farnworth said the government's technical security systems are “designed to be able to deal with people who are working remotely.”
Salter said security experts had to analyze 40 terabytes of data to determine the extent of the attack. She would not say if any of that data was compromised, adding that's part of the investigation.
The province holds the personal data of millions of British Columbians, including social insurance numbers, addresses and phone numbers. Government officials say it's still unclear what the motivation was behind the cyberattack. There was no ransom demand.