Skip to main content

'State or state-sponsored actor' believed to be behind B.C. government hacks


The head of British Columbia’s civil service has revealed that a “state or state-sponsored actor” is behind multiple cyber-security incidents against provincial government networks.

Shannon Salter spoke to reporters on Friday, disclosing the first breach detected by government teams was April 10. On April 11, Salter said, Microsoft’s cybersecurity response team, DART, was enlisted to assist as was the Canadian Cyber Centre.

Salter insisted that there is no evidence at this point that any sensitive information was compromised.

Further “incidents” took place on April 29 and May 5 by the same “threat actor” and it wasn’t until May 8 that the provincial cabinet was notified after a classified briefing with the cyber centre. Premier David Eby was briefed on April 17.

“The province is doing a significant amount of work in this area and we have a staff within citizens services, of 76, whose sole focus is security of government information systems,” said Public Safety Minister Mike Farnworth. “The reality is, this is the world we live in and it is constantly evolving and government places a high priority on evolving and keeping up with the changes we're seeing.”

‘The criminal has the advantage’

When CTV News asked whether the activity against B.C.'s systems is related to Russian state-backed hackers accessing Microsoft systems, leading to warnings for American government agencies, Salter would not comment. Microsoft Canada also declined commment. 

Several cybersecurity experts who’ve discussed the province’s cybersecurity breaches with CTV News support the NDP’s decision to wait to get a handle on the situation before going public.

“There's a lot of reasons to keep it secret, especially from a national security perspective, and I would not think that's unusual,” said Chester Wisniewski, director of global technology operations for Sophos. “The criminal has the advantage here in many ways, because you've been caught off guard, you're trying to figure out the extent of the damage.”

He doesn’t believe there’s a link to the London Drugs hack, and suspects espionage by a foreign government is mostly likely based on what provincial officials have disclosed. He also warned the public to expect the investigation to take many months, if not longer.

The public’s right to know

The British Columbia Freedom of Information and Privacy Association emphasized the government has full responsibility to secure the wealth of information in its possession – from tax filings to medical records – along with a moral and legal responsibility to provide further details of the breaches.

“Many institutions get hit with this on a regular basis, but something on this scale of this nature with this level of sophistication is deeply concerning,” said FIPA CEO Mike Larsen. “The public has a right to know who is attacking B.C.'s public information systems and how government is planning to respond.”

Farnworth promised that government would do just that.

“The investigation is ongoing and we will continue to be as transparent as possible as it unfolds,” he told reporters. “After the conclusion of the incident, there will of course be a complete review of the incident and government’s response to ensure we're capturing any lessons that we have learned.” Top Stories

Stay Connected