Ottawa police say they’re no longer devoting cybercrime resources to tracking down the hacker group known as Aerith, which has been a thorn in its side for nearly a month.
Although it remains an “open investigation,” cyber crime officers are no longer tracing the source of distributed denial of service (DDoS) attacks that forced the Ottawa Police Service (OPS) website offline for more than a week. The hackers also claimed responsibility for crashing the Toronto Police Service, Canadian Parliament, and Supreme Court for shorter periods.
Videos by VICE
In various online posts the hackers known as Aerith mock police for their inability to unmask their real identities. Aerith used the anonymous Tor network and servers from Brazil, Germany, and Russia, to launch its attacks on Ottawa.
When asked why OPS would pull back its technology experts from the case—a police source said the force had better things to focus on.
“There are more important crimes to solve,” said the source. “Child pornographers, murders, people abusing kids—than to devote resources to this attention seeker.”
Aerith first appeared on the Ottawa police’s radar on November 21, the day the hacker group defaced the City of Ottawa website with a dancing banana and a threatening message directed at a local detective. The following day, Aerith upped the ante, launching a barrage of DDoS attacks on the Ottawa police website, flooding its servers with so much data it forced the site to display an error message for eight days while technicians worked on a solution.
The group’s aim was to get more than 60 charges dropped against a 16-year-old boy from a suburb of Ottawa. That suspect was accused of using his computer for “swatting”—essentially making prank 911 calls throughout Canada and the United States, resulting in heavily armed SWAT officers being sent out to schools and homes to stop non-existent active shooters and bomb threats.
The hacker group insists the Ottawa teen has been set up by an individual he upset online while playing Minecraft or Call of Duty. Although police cannot trace the IP address to a definitive location, three officers VICE spoke to believe Aerith is from Ottawa.
In early October, one month before the hackers burst onto the scene, this reporter received an anonymous email from a person who called himself “Reaper.” He claimed to have gone to school with the Barrhaven teen and witnessed the arrest. The email described a white van, full of tactical officers in body armour, wearing masks and carrying assault rifles.
Reaper described how the youth was on an afternoon walk with his parents and the family dog when two plainclothes police officers, one with a gun in hand, jumped out of an unmarked vehicle and pushed the teen to the ground, handcuffing him.
Over the course of eight hours, Reaper said he watched as a dozen officers searched his friend’s home, carrying out thousands of dollars of computer equipment and transmitters, and several long guns.This account is similar to what other neighbours told VICE about the arrest. Police have said they seized several firearms and ammunition from the home as a “precaution.”
In that first email, Reaper also mentions evidence police arrested the wrong person, and that his friend was being set up by someone using the now-suspended Twitter handle @CherrytheGod.
Reaper said he was making plans to go public with all the evidence and Cherry would have “hell to pay.” A day after the arrest of the 16-year-old, I engaged in a Twitter direct message exchange with @CherryTheGod. He bragged to me that he helped Canadian authorities take down the swatter.
Cherry said that he “doxxed” or culled from the internet reams of personal information about the Barrhaven teen including more than a dozen online pseudonyms he allegedly used to harass people on social media and gaming sites. Cherry claimed that he forwarded that information to both the FBI and the RCMP.
This bizarre and tangled case has triggered two parallel investigations by the Ottawa police. The first involves the alleged teen swatter, and the second is focused on uncloaking Aerith. Although police have so far been unable to catch the hacker, OPS has managed to get its website back up. It is also paying a cybersecurity firm to divert the DDoS attacks.
The cybersecurity firm is taking all the packets of data Aerith is launching at OPS and moving it to another network line hosted by the security firm. This solution costs in the hundreds of thousands of dollars, but it has effectively stripped the hacker group of what appears to be its one and only weapon.
Aerith has recently resorted to trolling investigators on Twitter and sending police email attempts to “negotiate.” Aerith sent an email last Friday riddled with grammatical errors. A copy of it was blind copied to VICE.
It opens with the line: “I understand it feel’s [sic] like catering to terrorists, however I would like to present you with an offer.”
The “offer” Aerith gave to police is information on the real swatter, who supposedly framed the 16-year-old Ottawa boy. Aerith brags in the email they can provide investigators with photos and transcripts of internet chats implicating an alleged teenager living in New Jersey who uses the Twitter account @CherrytheGod.
But even as Aerith extends an offer of “help” consisting of what they think is all the necessary evidence to arrest the alleged American teen, in the very next breath the hackers make a threat to the police.
“We have power over you…I’ll give you 4 hours to respond before something bad happens..maybe a dancing Ottawa Police Banana?”
But four hours came and went, and nothing happened to the OPS website.
VICE asked police if they would even look at the information Aerith is presenting. Staff Sgt. Rick Baldwin-Ooms—whose unit arrested and laid charges against the Ottawa teen—says he won’t comment on a case before the courts.
“We always consider viable evidence,” said Baldwin-Ooms.
That’s the caveat, though—investigators don’t trust Aerith. They say the chats can be faked.
On Monday, investigators sent an email to Aerith urging them to show investigators the convoluted chat logs and make a statement in person. Aerith scoffed at the request, once again changing tactics—this time taking to Twitter to inform police they were ready to confess.
Yesterday, the group posted a house address for officers to visit in Laval, Quebec—one of the cities allegedly swatted by the 16-year-old. In a follow-up email to VICE, Reaper explained it was the home of a witness, a high school student who allegedly also provided false information part of the case against the Ottawa teen in regards to a swatting incident in Laval.
Despite Aerith’s attempts to exonerate the 16-year-old youth, police say they’re not dropping the charges. A 10-day trial has been set for next June. The youth’s lawyer, Joshua Clarke, has disclosure from police of electronic evidence pointing to his client. To defend against the accusations, Reaper said he sent the same information to the defence posted by Aerith.
But in the end, he said, they said between cops and an alleged hacking collective won’t decide the innocence or guilt of the alleged swatter—that’ll be up to the courts to decide.
Follow Judy on Twitter.