Cyberattacks hit military, Parliament websites as India hacker group targets Canada

The federal government is coping with cyberattacks this week, as a hacker group in India claims it has sowed chaos in Ottawa -- but Canada's signals-intelligence agency says the "nuisance" attacks likely haven't put private information at risk.

The attacks seem to have hit institutions controlled by the government, but not the core infrastructure from which federal departments and agencies operate.

• The information you need to know, sent directly to you: Download the CTV News App
• Sign up for breaking news alerts from CTV News, right at your fingertips

The Canadian Armed Forces says its website became unavailable to mobile users midday Wednesday, but was fixed within a few hours.

The military said the site is separate from government servers used by the Department of Defence and internal military networks. The incident remains under investigation.

"We have no indication of broader impacts to our systems," said a statement from spokeswoman Andree-Anne Poulin.

Defence Minister Bill Blair confirmed the incident was a distributed denial-of-service (DDoS) attack, which is when bots swarm a website with multiple visits and cause it to stop loading properly.

"That's a very common thing that happens, unfortunately, often. But our cyberofficials and security officials acted very, very quickly," he said Thursday.

"It was a minor inconvenience, and there is further work going on that we will eventually make a determination on."

Meanwhile, various pages on the House of Commons website continued to load slowly or incompletely on Thursday due to an ongoing DDoS attack that officials say started Monday morning.

"House of Commons systems responded as planned to protect our network and IT infrastructure. However, some websites may be unresponsive for a short period," spokeswoman Amelie Crosson said in a written statement Thursday morning.

"The House of Commons IT support team, in collaboration with our partners, have implemented mitigating measures and restored services to appropriate service levels. The IT team is still continuously monitoring for such activities."

She added that the Commons administration is helping their Senate colleagues "to provide guidance and support them to restore services."

The Senate says it is still dealing with an apparent DDoS attack that started Monday.

"We have observed an unusually high number of network connection attempts on the Senate website," spokeswoman Alison Korn said.

"The Senate's systems and controls are functioning as intended to safeguard its network and IT infrastructure."

Elections Canada also experienced roughly an hour-long denial-of-service attack starting around midnight early Wednesday, Ottawa time.

"This website does not host any sensitive data or information. It is separate from our main website, elections.ca, and is hosted by an external service provider. It is in no way connected to the network that supports elections.ca," the agency wrote in a statement.

"Our systems are monitored in real time both internally, and by the Canadian Cyber Security Centre, enabling us to quickly detect any anomalies on our platforms and systems. They are aware of the incident."

That centre is under the umbrella of the Communications Security Establishment, Canada's signals-intelligence agency, which said it generally doesn't confirm specific incidents and focuses on the type of behaviour, rather than attributing attacks.

"In general, DDoS activity is a nuisance event that very rarely puts information at risk and has no permanent impact on systems," said spokesman Ryan Foreman.

"Geopolitical events often result in an increase in disruptive cyber campaigns. We continue to monitor for any developing cyber threats and share threat-information with our partners and stakeholders to help prevent incidents."

• Capital Dispatch: Sign up for the latest in federal politics and why it matters

The centre had warned Sept. 15 of "several" DDoS campaigns "over the last few days" targeting Ottawa, the provinces and the financial and transportation sectors. It renewed that warning on Sept. 22 as Ukrainian President Volodymyr Zelenskyy visited Canada.

Meanwhile, the Ottawa Hospital said it experienced "a brief interruption on our external websites" Tuesday morning, but no systems were breached. "The sites were quickly up and running and we are investigating the nature of the outage," spokeswoman Rebecca Abelson wrote.

A hacking group named Indian Cyber Force claimed responsibility for the incidents involving the military, the hospital and Elections Canada, and it appeared to have managed to infiltrate a handful of websites owned by small businesses in Canada.

The group made reference to Prime Minister Justin Trudeau telling Parliament on Sept. 18 that there were "credible allegations" of Indian involvement in the killing of Sikh independence activist Hardeep Singh Nijjar, who had been wanted by India for years and was gunned down in June outside the temple he led.

The hacking group has posted multiple versions of a message riddled with spelling and grammatical errors onto websites of restaurants and medical clinics.

The affected sites show a message on a black background with green digits, similar to the film "The Matrix," as warlike music plays.

The message described Canada as a haven for terrorists -- a "heaven hub," it said in butchered English -- and similarly insulted Sikh separatists.

It also criticized Trudeau for "throwing something without any prove," or proof.

The hacking group also claimed to have taken down the Global Affairs Canada website for travel advisories, but the department insists this hasn't happened, and the group deleted that claim from its account on the social media application Telegram.

News of the attacks came as questions abounded over Indian officials' level of co-operation with Canadian officials over Trudeau's allegations -- and to what extent allies such as the United States were advocating on Canada's behalf.

On Thursday, U.S. Secretary of State Antony Blinken met with Indian Foreign Affairs Minister Subrahmanyam Jaishankar. Neither made mention of the controversy prior to the meeting, nor did a readout of the meeting late Thursday.

It said the pair discussed a "full range of issues," and lingered on "the India-Middle East-Europe Economic Corridor and its potential to generate transparent, sustainable, and high-standard infrastructure investments."

During a State Department briefing prior to that meeting, spokesman Matthew Miller refused to speculate on what the secretary would tell Jaishankar directly.

"What I will say, however, is we have consistently engaged with the Indian government on this question and have urged them to co-operate, and that engagement and urging them to co-operate will continue," Miller said.

"We urge them to co-operate with the Canadian investigation."

This report by The Canadian Press was first published Sept. 28, 2023.

-- With files from James McCarten in Washington, D.C.