A state or state-sponsored actor is being blamed for three cybersecurity attacks on the provincial government’s computer network since April 10.
Shannon Salter, deputy minister to the premier and head of the public service, said Friday that based on the sophistication and complexity of the cyberattacks, there’s a high degree of confidence that a state or state-sponsored actor is behind them.
The province is not saying what state is believed to be involved — only that no sensitive information has been compromised and the rest of the information in the investigation is classified.
ÎÚÑ»´«Ã½ Solicitor General Mike Farnworth said there has been no interruption to government operations or services for British Columbians and “there is no evidence at this time that sensitive information has been compromised.”
“I want to reassure British Columbians that we have been working very closely with the Canadian Centre for Cyber Security and other agencies to address the incidents and implement additional measures to safeguard data and information systems,” said Farnworth.
The first attack was flagged internally on April 10, and the next day, ÎÚÑ»´«Ã½ government teams confirmed there had been a cybersecurity incident and reported it to the Canadian Centre for Cyber Security, Salter said.
Salter said she was advised on April 16 and told the premier the next day.
On April 29, additional threats were found and all provincial employees were asked to change their email passwords, as just one of a number of measures that have been implemented, said Salter.
The Canadian Centre for Cyber Security advised the province not to make the cybersecurity incidents public so as not to tip off the perpetrator before the attacks could be sufficiently investigated and the public, systems, data and users could be protected, she said.
On May 6, another threat was detected. It was determined that the April 29 and May 6 attacks were intended to try to cover the perpetrator’s tracks, making the investigation more complex, Salter said.
Two days later, the premier had a classified briefing with the cyber centre and on that same day cabinet was briefed for the first time, Salter said.
The province is continuing to work with the Canadian Centre for Cyber Security and DART, a cybersecurity training provider, to learn everything it can about the attacks, Salter said.
The province’s online security network, updated in 2022, repels about 1.5 billion online security threats a day, she said.
Farnworth said the attack was deemed sophisticated by cybersecurity experts who investigated the intrusion, adding covering up one’s tracks is a hallmark of a state actor or a state-sponsored actor.
Farnworth could not explain why another state would be interested in hacking into the ÎÚÑ»´«Ã½ government network.
Asked about remote work as a possible point of vulnerability, he said government servers and systems are designed to be able to deal with remote log-ins — staff working from home or other locations.
“That’s why we make the investments that are required to ensure that our systems are constantly being upgraded,” said Farnworth, adding constant monitoring takes place, and there is a team of 76 technical security staff whose sole job is to focus on government systems.
Threat analyst Brett Callow, based in Shawnigan Lake, said employees working remotely can actually make it more difficult for hackers to access a large corporate or government system quickly and easily.
“The transition to working from home actually made life a bit harder for the bad guys,” said Callow. “They were used to people opening malicious emails and clicking bad links on their work computer, which gave them direct access to company networks, but that changed when people started working from home.”
Recently, libraries in ÎÚÑ»´«Ã½ were targeted by a hacker who demanded a ransom not to release information about users, while retailer London Drugs was forced to shut its stores for more than a week to deal with a cybersecurity breach.
Callow noted that most cyberattacks involve ransomware, where an intruder gains access to a network, blocks or encrypts the system, then holds the victim’s data or device hostage, threatening to keep it locked or release information publicly online if the victim doesn’t pay up.
“Most often it’s done for money, but there can be other motivations, from espionage to activism,” Callow said.
Ransomware software is most often created in Eastern Europe, particularly Russia, and used by hackers anywhere in the world, said Callow, who works for Emsisoft, an anti-malware and anti-virus software firm.
Farnworth said the ÎÚÑ»´«Ã½ government cyberattack was not a ransomware incident.
He said he does not know who the state actor is or the motivation for the cybersecurity attack.
When the investigation is finished, there will be a full review of what happened and what lessons have been learned, he said, adding at that point, the government will be able to release more information.
[email protected]