Canadian Police make first Heartbleed-related arrest

The Canada Revenue Agency said that more than 900 social insurance numbers, similar to U.S. Social Security numbers, had been stolen.
By Ananth Baliga  |  April 16, 2014 at 5:17 PM
share with facebook
share with twitter

LONDON, Ontario, April 16 (UPI) -- Canadian police said Wednesday a 19-year-old student was charged with stealing confidential taxpayer data using the Internet security flaw called Heartbleed Bug.

The Royal Canadian Mounted Police said they had arrested Stephen Arthuro Solis-Reyes Tuesday for stealing taxpayer data from the Canadian Revenue Agency's website last Friday. Solis-Reyes was arrested from his home in London, Ontario, and his computer equipment was seized as well.

"It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug," the RCMP said in a statement.

Solis-Reyes, who is a computer science major at Western University, is facing two charges under the Canadian Criminal Code and is scheduled to appear in court on July 17, according to the RCMP.

Canada's tax authority made public two days ago that someone had acted with malicious intent and accessed 900 social insurance numbers -- similar to U.S. Social Security numbers -- from its systems. While the tax agency knew about the breach Friday, the RCMP asked the agency to withhold disclosing the breach till Monday.

"Regrettably, the CRA has been notified by the government of Canada's lead security agencies of a malicious breach of taxpayer data that occurred over a six-hour period last week," the agency said on a message posted to its homepage on Monday.

The Heartbleed bug was first made public a week ago by Google and Finnish security firm Codenomicon, who identified the flaw independently. The flaw gave hackers access to 64 KB of unencrypted data as encrypted data travelled across the network.

Security experts warn that more attacks could be revealed soon, as governments and private firms determine whether they lost data to the vulnerability.

[MarketWatch] [BBC] [RCMP]

Topics: Google
Trending Stories