CSIS website under repeated cyberattacks
Published Tuesday, June 30, 2015 6:30AM EDT
Last Updated Tuesday, June 30, 2015 10:03PM EDT
The Canadian Security Intelligence Service website is down for the third time in the last 24 hours, following two earlier cyberattacks on Tuesday morning and Monday night.
A rogue hacker using the name "Aerith" has claimed responsibility for the outages.
The main CSIS website and the CSIS Careers websites went offline shortly after 9 a.m. ET Tuesday. The Conservative Party of Canada's website also went down briefly Tuesday morning but was restored.
The website appeared to be back online and operational for several hours on Tuesday afternoon, before the latest attack.
The first cyberattack happened Monday evening when the site was taken down in a so-called denial-of-service attack.
CTV's Mercedes Stephenson spoke to the hacker, who said that he is not done toying with CSIS or the federal government. He claimed that, along with hacking group Anonymous, he will take part in an anti-Canada Day operation that will unleash "cyber chaos" on Wednesday.
The hacker told Stephenson that he plans to release a classified document and will break into Crimestoppers' database and conduct a so-called data dump.
Sources told Stephenson earlier on Tuesday that the hacker had previously launched attacks on municipal and police websites.
The hacker also boasted that denial-of-service attacks on CSIS were “child's play” by his standards, and that he has previously gained control of the government's secure servers.
The denial-of-service attack launched on the CSIS site is not technically a hack, but it prevents Internet users from accessing the site. Such attacks can be hard to stop because they can come from dozens or even hundreds of unique IP addresses.
Sources have also told Stephenson that the hacker isn't attempting to steal information in these attacks.
"This is all about trying to embarrass the government, intelligence agencies and the police," she said.
A spokesperson for the Ministry of Public Safety and Emergency Preparedness, Jean-Christophe de Le Rue, said no personal information has been compromised in Tuesday's attack.
“This is another reminder of the serious security challenges and threats that we are facing. This is why we need strong laws like the Anti-Terrorism Act, 2015 to address security threats facing Canada," he said in a statement to CTV News.
Stephenson says the hacker is trying to draw attention to the controversial Bill C-51, as well as the case of an Ottawa teen who was charged in an alleged "swatting" incident. The hacker believes the teen was framed.
The hacker appeared to be operating alone, sources said.
The person believed to be responsible tweeted out several messages about the CSIS website on Tuesday, including: "I seriously need to teach CSIS network security."
Daniel Bader, editor-in-chief of mobilesyrup.com, told CTV News Channel that the attacks likely did not threaten Canadians' personal information or the organization's data.
"This is much like a house being egged – it is very superficial," said Bader.
"A website is not the keeper of important information within CSIS," he added.
Tech analyst Carmi Levy agreed with Bader's assessment, saying the risk to Canadians is "relatively low."
Despite the minimal threat, Levy was unimpressed with the government's response to the latest attacks on CSIS, and outages that occurred earlier this month.
Less than two weeks ago, several government websites -- including ServiceCanada.gc.ca and Parl.gc.ca -- were hit by a denial of service attack. Anonymous claimed responsibility.
"The problem is this is now becoming normal. This is routine, if it isn’t CSIS today -- it is (the department of justice) another day or foreign affairs," Levy told CTV News Channel.