Government agencies respond swiftly to nuisance attacks; private information secure
The Canadian federal government is confronting a series of cyberattacks this week, allegedly orchestrated by a hacker group based in India. While the attacks have targeted various government institutions, Canada’s signals-intelligence agency, the Communications Security Establishment (CSE), has assured the public that private information remains secure.
The attacks primarily affected government-controlled institutions, sparing the core infrastructure that federal departments and agencies rely on to operate effectively. The incident unfolded with the Canadian Armed Forces reporting that their website experienced temporary unavailability for mobile users on Wednesday. Fortunately, the issue was promptly resolved within a few hours.
The Canadian military emphasized that its website is separate from the government servers utilized by the Department of Defence and internal military networks. An ongoing investigation seeks to uncover the origins and motives behind the attack.
Andree-Anne Poulin, a spokeswoman for the Canadian Armed Forces, stated, “We have no indication of broader impacts to our systems,” underlining the incident’s relatively minor nature.
Defence Minister Bill Blair confirmed the nature of the attack as a distributed denial-of-service (DDoS), a common tactic where bots flood a website with multiple visits, causing it to malfunction temporarily. Minister Blair praised the rapid response of cyberofficials and security personnel, assuring that the disruption was minimal and that further evaluation was underway.
Simultaneously, various pages on the House of Commons website experienced slow loading times or incomplete accessibility due to an ongoing DDoS attack that began earlier in the week. Amelie Crosson, a spokeswoman for the House of Commons, assured the public that the systems reacted according to plan to safeguard the network and IT infrastructure. She added that the IT team was actively monitoring the situation and collaborating with partners to mitigate the effects of the attack.
The Senate reported a similar DDoS attack that commenced on Monday, with spokeswoman Alison Korn stating that the Senate’s systems were functioning as intended to protect their network and IT infrastructure.
Even Elections Canada wasn’t spared, as it encountered a one-hour denial-of-service attack early Wednesday. However, the agency clarified that the affected website did not host sensitive data and was separate from their main website, elections.ca. The incident was promptly detected and monitored by the Canadian Cyber Security Centre, an arm of the CSE responsible for monitoring and responding to cyber threats.
The CSE, known for its discretion regarding specific incidents, emphasized the nuisance factor of DDoS attacks. Ryan Foreman, a spokesman for the CSE, stated, “In general, DDoS activity is a nuisance event that very rarely puts information at risk and has no permanent impact on systems.” The CSE warned about multiple DDoS campaigns targeting various sectors, including Ottawa, provinces, and financial and transportation sectors, dating back to September 15.
The attacks coincided with Ukrainian President Volodymyr Zelenskyy’s visit to Canada, suggesting possible geopolitical motives behind the cyber campaigns.
Outside of government entities, the Ottawa Hospital also experienced a brief website interruption on Tuesday morning. However, hospital officials confirmed that no systems were breached, and the issue was quickly resolved.
A hacking group known as the Indian Cyber Force claimed responsibility for the attacks on the military, the hospital, and Elections Canada. This group appeared to have infiltrated several small businesses’ websites in Canada. Their message on affected websites criticized Canada and Prime Minister Justin Trudeau for allegations of Indian involvement in the killing of Sikh independence activist Hardeep Singh Nijjar. The group’s message was riddled with spelling and grammatical errors and included derogatory remarks against Sikh separatists.
While questions lingered about the extent of Indian officials’ cooperation with Canadian authorities regarding Trudeau’s allegations, the U.S. Secretary of State, Antony Blinken, met with Indian Foreign Affairs Minister Subrahmanyam Jaishankar. The meeting did not mention the controversy surrounding the cyberattacks. However, both parties discussed various issues, including economic cooperation.
During a State Department briefing, spokesman Matthew Miller stressed the U.S. government’s consistent engagement with the Indian government and its urging of cooperation in the Canadian investigation.
As of September 28, 2023, the Canadian government remains vigilant in monitoring and responding to cyber threats, reaffirming its commitment to safeguarding its digital infrastructure.
Disclaimer: This report is based on information available as of September 28, 2023, and the situation may have evolved since that date.