CSIS website falls victim to yet another cyberattack
'Aerith' claims responsibility to protest Bill C-51 and swatting trial in Ottawa
The website of Canada's spy agency, CSIS, was offline for several hours again Tuesday after a cyberattack shut it down for the third time in two days.
"Good night again CSIS," was posted by Twitter user @TWITRis4tards, an account linked to a person or group called Aerith claiming responsibility for previous attacks. "I seriously need to teach CSIS network security," the tweet said.
CSIS's website was back up as of 10 p.m. ET. It went offline in the late afternoon.
- 'Anonymous' says it cyberattacked federal government to protest Bill C-51
- Security clearance delays sideline federal IT contractors
- Cyberattack at NRC occurred weeks before alert sent out
Earlier Tuesday, a spokesman for Public Safety Minister Steven Blaney said no data had been compromised.
"No information was breached," said Jeremy Laurin in an email to CBC News. "We are taking cyber security very seriously."
It's not yet clear if the same holds true for this latest attack.
The Twitter user also posted further messages, including a threat for more possible action on Wednesday.
"I got a plan for Canada Day. I hope no one wants to send email tomorrow who works for govt."
These denial of service attacks come on the heels of similar attacks two weeks ago on websites for the Senate, the Justice Department, CSIS and Canada's electronic spy agency, CSEC.
The online hacker group Anonymous had claimed responsibility for those earlier incidents to protest the recent passing of the government's anti-terror legislation, Bill C-51.
'Aerith' claims responsibility
Aerith had claimed responsibility for Monday's attack and Tuesday's earlier attack on the CSIS website, as well as an attack on the Conservative Party's website. Conservative.ca is now online again.
"Yes I did the attacks. I have more planned," said Aerith in an email to CBC News.
As for a motive, Aerith said the government's anti-terror Bill C-51 was one reason, as was the trial of a 17-year-old Ottawa boy accused of making a series of fake 911 calls in Canada and the U.S., a practice known as swatting.
"He's been framed," Aerith said in an email. "I've shown evidence before and it's fallen on deaf ears. So I'll just get louder. Further attacks will be, we have something bigger planned."
Aerith has also claimed responsibility for taking down Toronto and Ottawa police websites in the past.
Denial of service attacks easy to do
Experts say denial of service attacks do not require expert technological skill or knowledge and they are fairly easy to defend against. The CSIS website, while symbolic, does not hold confidential information and is not a service website for the public, so its defence might be a low priority for the government.
"So it being down isn't really affecting Canadians at all," said Patrick Malcolm of Ottawa-based cyber-security company Netrunner in an interview with CBC News. "So as a result, I wouldn't put too many security dollars into that bin. I've got other systems I'd be more concerned about [if I were the government]."
But Malcolm said denial of service attacks can serve as smokescreens for more nefarious acts such as a real hack of the system in an attempt to steal information or disrupt service.