State actor blamed for cyberattack on B.C. government systems

The head of B.C.'s public service has announced that there is a high degree of confidence a state or state-sponsored actor attempted to breach government systems in a cyberattack.

Shannon Salter, head of the public service, announced that three separate attempts were made to breach government systems over the last month, with attackers being directed to do so by a foreign state.

Salter said that investigations remain ongoing, anddid not share which state could have been involved in the cyberattack or which systems theyattempted to access.

Premier David Eby announced the cyberattack on Wednesday, saying the Canadian Centre for Cyber Security (CCCS) and other agencies are involved in the investigation.

Public Safety Minister and Solicitor General Mike Farnworthtold reporters Fridaythere is no evidence that sensitive information, such as health data, has been compromised in the attack.

Farnworthaddedthere was no evidence the cyberattack succeeded in accessing the information and there had been no ransom demand.

"Government staff, with support from other agencies, have worked to protect government systems and respond to the incident," he said at the news conference. "They have been able to ensure that there has not been an interruption to government operations or services."

He added that76 staff are employed year-round to protect government systems from cyberattacks, with officials saying a large number of attempts are made on government systems daily.

WATCH | Farnworth responds to CBC News question on 'sophisticated' cyberattackers:

Experts identify hallmarks of foreign actors behind B.C. cyberattacks: minister

4 months ago

Duration 1:33

In response to a question from CBC News, Public Safety Minister Mike Farnworth says recent cyberattackers used sophisticated ways to cover their tracks, tipping off investigators that they are likely connected to a foreign state.

Timeline of attack

Salter told reporters in a technical briefing Friday afternoon that the B.C. government first began investigating an attempted breach of its systemson April 10.

On April 11, the cybersecurity incident was confirmed and reported to the CCCS, and the government also notified Microsoft'sDetection and Response Team (DART) of the suspected breach attempt.

A few weeks later, on April 29, Salter said the same threat actor was involved in additional activityon government systems, and public service workers were told to change their passwords.

On May 6, another cyberattack was identified, with Salter saying the same threat actor was responsible for all three incidents.

Two days later, B.C.'s premier went public withnews of the attack, after the CCCStold officials that safeguards had been put in place that would allow the public to be notified.

The CCCS is part of Canada's national cryptological agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity.

Motivation behind cyberattack unknown

Salter said that the investigation into the cyberattacks will continue, and emphasized that over 40 terabytes of data is being analyzed more than what is held in the U.S. Library of Congress.

Farnworth said that the CCCS believes a state or state-sponsored actor is behind the attack based on the sophistication of the attempted breaches.

"Being able to do what [technical experts] were seeing, and covering up their tracks, is the hallmarks of astate actor or a state-sponsored actor," he said.

Salter said the motivation behind the cyberattackremainsunknown.

Sheadded that previous investments in B.C.'s cybersecurity infrastructure helped detect the attack last month, and the government spends more than$25 million a year to beef up its security controls, in addition to working closely with its federal partners.

Workers told to change passwords

The premier said last week that the province's chief information officer had directed public service employees to change their passwords to "ensure the security of government email systems."

The Opposition B.C. United party questioned why the government took a week to update the public about the cyberattack, given the password change notification last week.

Salter said on Friday that the CCCS was clear all along that the cyberattacks could not be made public until appropriate measures had been put in placein order to avoid further attacks.

Eby said, to his knowledge, the cyberattack isn't connected tothe recent attack on London Drugs.

The pharmacy and retail chain based in Richmond, B.C., had to close all of its storesin Western Canada for a week in response, with the chain's CEO remaining tight-lipped about the exact cause of the attack.

The B.C. Libraries Co-operativesaid last week thatit was also targetedby a hacker who threatened to release user data if a ransom was not paid.