Google says CSIS website may be compromised: Has the security agency been hacked?

I was just looking up some information on CSIS and was shocked to see that, according to Google, its website may be compromised. After all, CSIS is responsible for assessing cyber security threats to Canada. How could it be possible that (part of) their website (second of three shown below) could be hacked by a bunch of rogue Viagra vendors?

Screen shot 2013-04-23 at 1.03.45 PM

Since the domain name doesn’t match the main one — http://www.csis-scrs.gc.caI performed a who is search on the hacked site to verify whether or not it might belong to domain squatters.  But according to DomainTools, it is indeed owned by someone with a government of Canada e-mail address.

I called the listed phone number to confirm whether it was  CSIS and reached the person listed by DomainTools as the administrative contact. She declined to speak to me, which is standard practice,  or to even confirm whether or not I had reached CSIS, which is not standard practice at other government agencies. She  also took my name to pass it on to someone in the press office who would be able to speak to me.

I clicked through to the third site shown in the image above — a non-hacked subdomain — to try and see if it was official and it does indeed appear to be. Here’s a screenshot complete with CSIS logo.

Screen shot 2013-04-23 at 1.29.51 PM


Then in an act of daring that put my computer at risk, I clicked on the hacked site (proceed at your own risk) and it appeared perfectly normal despite Google’s warning which states:

We show this warning message for search results that we believe may have been hacked or otherwise compromised. If a site has been hacked, it typically means that a third party has taken control of the site without the owner’s permission. Hackers may change the content of a page, add new links on a page, or add new pages to the site.

At this point, without hearing from CSIS, it’s still not clear whether this was an actual CSIS site that was hacked or an imposter site, but it sure looks like the former, which is not good. Even if there’s no secure information on the site, it’s certainly bad optics.

Update: I have done some more research and come up with lots of weird results for in both English and French (see the screengrabs below), but in all cases when I clicked through, the web pages themselves appeared normal.

Screen shot 2013-04-23 at 4.40.19 PM

Screen shot 2013-04-23 at 4.46.04 PM

Update II: appears to have been hit by the “pharmacy hack” or “pharma malware,” which, according to the blog Red Leg, is “the most common spam hack.” In a detailed web post on the issue and how to fix it, the blogger writes:

The pharmacy hack remains one of the most common posts we see on the Google Webmaster Tools Forum.  The posts’ start out with one of the following questions …   “Why is Google reporting my most common keyword is viagra or cialis, I can not find those terms anywhere on my site?”

One thought on “Google says CSIS website may be compromised: Has the security agency been hacked?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s