Skip to content

B.C. says state or state-sponsored actor likely behind cyber-attacks

Public service head Shannon Salter did not identify where the attacks originated
web1_2021052812050-60b1140f154274ffbd98c05djpeg
A state or state-sponsored actor was likely behind a trio of cyber attacks on B.C. government networks. (THE CANADIAN PRESS/Jonathan Hayward)

Public Safety Minister Mike Farnworth said provincial authorities are working with federal officials and other experts as they investigate “a very sophisticated operation” against government networks that likely came from beyond Canada’s borders.

“So in terms of which state or state-sponsored actors (attacked B.C.), we are not in position to be able to say at this time,” he said Friday (May 10) during a briefing in Vanocuver. He added later that he himself does not know the identity of the attacker.

“What I can tell you is that it became evident to the technical experts within government and through the Canadian Centre of Cyber Security, as well as through (Microsoft)…that this was a very sophisticated operation and from what they know, and their expertise, they determined that it is most likely to have been either a foreign state or a foreign-state sponsored actor.”

Farnworth said he himself has reached out to the federal government with provincial agencies collaborating with relevant security agencies at the federal level. He declined to comment though when asked whether B.C. has reached out to Global Affairs Canada and whether federal officials have had any contact themselves with would-be culprits.

“I’m not able to make any comment on that,” he said. “There is a full investigation still underway.”

While government officials declined to comment on the nature of the attacks, Farnworth Thursday ruled out a ransom-ware attack, which typically pursue monetary rather than political goals.

Experts consider cyber-attacks to be part and parcel of what military theorists call hybrid warfare and recent days have seen a run of cyber-attacks aimed at several western countries, including the United States, Germany and the Czech Republic. All, along with Canada, count among the strongest military and financial supporters of Ukraine, currently fending off a full-scale invasion from Russia. China as well as India have also been identified as source countries or sponsors of cyber-attacks.

Farnworth obliquely referenced these aspects in his comments.

“This is the world we live in and it is constantly evolving and government places a high priority and making sure that we are also evolving and keeping up with the changes we are seeing and that are being advised are in fact taking place,” he said.

RELATED: No evidence of personal data compromised during cyber attack: B.C. minister

Shannon Salter, deputy minister to Premier David Eby and head of the B.C. Public Service and Cabinet Secretary, first revealed that possibility during a technical briefing with reporters.

She linked this actor to a trio of cyber attacks, with the first flagged on April 10.

Salter added that government does not have information about the motivation behind the attacks, but re-assured British Columbians that no sensitive information was compromised.

Salter said experts with the Canadian Centre for Cyber Security told government officials not to make these incidents public to avoid tipping off the threat actor before sufficiently investigating and protecting systems, data and ultimately the public.

Salter, who briefed the media Monday afternoon along with other government staff, said she could not comment on the specific nature of the attacks, but described them as complex and sophisticated — hence pointing to a state or state-sponsored actor.

Salter said provincial staff first flagged an incident on April 10 before confirming it on April 11 and reporting it to the federal experts. Government also engaged cyber-security experts from Microsoft, Salter said, adding provincial officials have been working with these partners since then. Salter said she received her first briefing on the attacks on April 16. She then briefed Eby on April 17. On April 29, authorities flagged a broader attack by the same actor — the same day, all government workers received instructions to change their passwords.

Salter said that instruction was the most visible of several unspecified measures, adding that government has been implementing these measures on a rolling basis.

On May 6, authorities identified the third attack, Salter said, that the attacker has also been working on covering on its tracks. She added that this fact has lengthened investigations, impacting government’s ability to speak about them.

The provincial cabinet (minus Premier Eby) received its first briefing on May 8 — the same day, government first informed the public through a statement from Eby. By that time, authorities had put in place sufficient protection and mitigation measures to publicly reveal the incidents.

Salter added that the investigation is on-going, but reiterated earlier government statement from the likes of Eby and Farnworth that authorities have found “no evidence” of sensitive information being compromised.