Cyberattacks hit military, Parliament websites as India-based group targets Canada
House of Commons websites have been slow to load since Monday morning
The federal government is coping with cyberattacks this week and a hacker group in India claims it has caused chaos in Ottawa — but Canada's signals-intelligence agency says the "nuisance" attacks likely haven't put private information at risk.
The attacks seem to have hit institutions controlled by the government, but not the core infrastructure from which federal departments and agencies operate.
The Canadian Armed Forces says that its website became unavailable to mobile users midday Wednesday, but was fixed within a few hours.
The military says the site is separate from other government sites, such as the one used by the Department of Defence and internal military networks. The incident remains under investigation.
"We have no indication of broader impacts to our systems," said a statement from spokesperson Andree-Anne Poulin.
Defence Minister Bill Blair confirmed the incident was a distributed denial-of-service (DDoS) attack, which is when bots swarm a website with multiple visits and cause it to stop loading properly.
"That's a very common thing that happens, unfortunately, often. But our cyberofficials and security officials acted very, very quickly," he said Thursday.
"It was a minor inconvenience and there is further work going on that we will eventually make a determination on."
Meanwhile, various pages on the House of Commons website are continuing to load slowly or incompletely due to an ongoing DDoS attack that officials say started Monday morning.
"House of Commons systems responded as planned to protect our network and IT infrastructure. However, some websites may be unresponsive for a short period," spokesperson Amelie Crosson said in a written statement Thursday morning.
"The House of Commons IT support team, in collaboration with our partners, have implemented mitigating measures and restored services to appropriate service levels. The IT team is still continuously monitoring for such activities."
She added that Commons administration is helping its Senate colleagues "provide guidance and support them to restore services."
Elections Canada also affected
Elections Canada also experienced a denial-of-service attack that lasted about an hour and started around midnight early Wednesday, Ottawa time.
"This website does not host any sensitive data or information. It is separate from our main website, elections.ca, and is hosted by an external service provider. It is in no way connected to the network that supports elections.ca," the agency said in a media statement.
"Our systems are monitored in real time both internally, and by the Canadian Cyber Security Centre, enabling us to quickly detect any anomalies on our platforms and systems. They are aware of the incident."
The Canadian Cyber Security Centre is under the umbrella of the Communications Security Establishment (CSE), Canada's signals-intelligence agency. The CSE said it generally doesn't confirm specific incidents and focuses on the type of behaviour, rather than attributing attacks.
"In general, DDoS activity is a nuisance event that very rarely puts information at risk and has no permanent impact on systems," said spokesperson Ryan Foreman.
"Geopolitical events often result in an increase in disruptive cyber campaigns. We continue to monitor for any developing cyber threats and share threat information with our partners and stakeholders to help prevent incidents."
The centre warned on Sept. 15 of "several" DDoS campaigns "over the last few days" targeting Ottawa, the provinces and the financial and transportation sectors. It renewed that warning on Sept. 22 as Ukrainian President Volodymyr Zelenskyy visited Canada.
Meanwhile, the Ottawa Hospital said it experienced "a brief interruption on our external websites" Tuesday morning, but no systems were breached. "The sites were quickly up and running and we are investigating the nature of the outage," spokesperson Rebecca Abelson wrote.
Indian hacking group claims responsibility
A hacking group called Indian Cyber Force has claimed responsibility for the incident involving the military, and appears to have managed to infiltrate a handful of websites owned by small businesses in Canada.
The group made reference to Prime Minister Justin Trudeau telling Parliament on Sept. 18 that there were "credible allegations" of Indian involvement in the killing of Sikh independence activist Hardeep Singh Nijjar, who had been wanted by India for years and was gunned down in June outside the temple he led.
The hacking group has posted multiple versions of a message riddled with spelling and grammatical errors onto websites of restaurants and medical clinics.
The affected sites show a message on a black background with green digits, similar to the film "The Matrix," as warlike music plays.
The message described Canada as a haven for terrorists — a "heaven hub," it said in butchered English — and similarly insulted Sikh separatists.
It also criticized Trudeau for "throwing something without any prove," or proof.
The hacking group also claimed to have taken down the Global Affairs Canada website for travel advisories, but the department insists this hasn't happened. The group deleted that claim from its account on the social-media application Telegram.
News of the attacks came as questions abound over Indian officials' level of co-operation with Canadian officials regarding Trudeau's allegations — and to what extent allies such as the United States were advocating on Canada's behalf.
On Thursday, U.S. Secretary of State Antony Blinken met with India's foreign-affairs minister Subrahmanyam Jaishankar.
Neither of them made mention of the controversy in Canada when they emerged briefly to pose for photos before their meeting began.
During a State Department briefing prior to that meeting, spokesperson Matthew Miller refused to speculate on what the secretary would tell Jaishankar directly.
"What I will say, however, is we have consistently engaged with the Indian government on this question and have urged them to co-operate, and that engagement and urging them to co-operate will continue," Miller said.
"We urge them to co-operate with the Canadian investigation."
Miller flatly refused comment when asked about a television interview last week with U.S. Ambassador to Canada David Cohen, who confirmed that Canada received intelligence from one of its Five Eyes security partners.
"I am not going to speak to intelligence matters from the podium."