B.C. confident that cybersecurity attacks on government were state-directed

By Jason Contant | May 13, 2024 | Last updated on October 30, 2024
3 min read
Hacker's hands working with keyboard computer on dark blue tone background.
iStock.com/Techa Tungateja

A state or state-sponsored actor was likely responsible for a series of cybersecurity attacks targeting British Columbia government networks, Mike Farnworth, B.C.’s public safety minister and solicitor general, said Friday. 

He said he personally did not know the identity of the state or state-sponsored actor, and was currently not prepared to identify them if he did, as the investigation continues involving police, the federal and provincial governments and the Canadian Centre for Cyber Security. 

“What I can tell you is that it became evident to the technical experts within government and through the Canadian Centre for Cyber Security as well as the private sector Microsoft detection and response team that what they were seeing while investigating what was taking place was that this was a very sophisticated operation,” Farnworth said at a news conference. 

He said there has been no ransom demand made in connection with the cybersecurity attacks and the investigation has found no evidence that information has been compromised. 

“We have reason to believe that the attack was a state or state-sponsored actor who was involved in these cyberattacks,” Farnworth said. “Government staff with support from other agencies have worked to protect government systems and respond to the incident. 

“Through their hard work they have been able to ensure that there has not been an interruption to government operations or services for British Columbians,” he said. “As we’ve also said, there’s no evidence at this time that sensitive government information has been compromised.” 

Earlier Friday, Shannon Salter, head of B.C.’s public service and Premier David Eby’s deputy minister, told a background briefing the incidents were first noticed by government on April 10 and confirmed the next day. 

 

Second incident 

She said there was a second incident on April 29, where the attacker attempted to broaden their actions, at which point the government directed all public employees to change their computer passwords. 

Salter said investigators also determined on May 6 that the attacker was taking measures to cover their actions. 

She said there was high confidence that the cybersecurity attacks were conducted by a state or state-sponsored actor, but she added she could not comment on names. 

Eby was briefed about the attacks on April 17 and has remained close to the issue since, she said. 

The premier publicly revealed the incidents Wednesday, saying they were “sophisticated.” 

Farnworth said police were involved in the investigation, as well as the Canadian Centre for Cyber Security and the federal government. 

The Canadian Centre for Cyber Security is part of Canada’s national cryptologic agency, the Communications Security Establishment, providing guidance, services and support to government on cybersecurity. 

An April 2022 Public Safety Canada parliamentary hearing on “Countering Hostile Activities by State Actors,” discussed threats posed to democracy by state actors looking to erode trust in democratic institutions and stoke tensions over government policies. 

“In recent years, Canada has seen an increase in the frequency and sophistication of hostile activities by state actors, like Russia, seeking to advance their political, economic and security interests to the detriment of Canada’s,” said official hearing notes. 

“The government of Canada remains steadfastly committed to combating foreign interference by any foreign state seeking to harm Canada, to protecting our democratic institutions and to promoting economic security,” the notes said. 

Farnworth said on Thursday that there had been a delay releasing information about the attacks because cybersecurity experts advised that the priority was protecting the system and its information before going public, something that could potentially increase vulnerability. 

The government cyberattack came amid other incidents in the province in recent weeks, including hackers targeting B.C. libraries and demanding a ransom not to reveal user data, and an attack that forced retailer London Drugs to shut down stores across Western Canada for more than a week. 

London Drugs president Clint Mahlman said in a statement Friday that the government attack and the retailers’ own incident were “not related.” 

“London Drugs empathizes with what the B.C. Government is experiencing with their current cybersecurity threat, and thanks the premier, Ministry of Health and PharmaNet for being incredibly supportive of London Drugs while experiencing its own cybersecurity incident,” he said. 

Farnworth said the province upgraded its security systems in 2022, and it was those measures that detected the recent cybersecurity attacks. 

“The reality is this is the world we live in and it’s constantly evolving,” he said. 

 

Feature image by iStock.com/Techa Tungateja

Jason Contant