Menu
Teen arrested in Heartbleed attack against Canadian tax site

Teen arrested in Heartbleed attack against Canadian tax site

The Canada Revenue Agency reported data on 900 taxpayers was stolen through the Web vulnerability

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Stephen Arthuro Solis-Reyes, of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, according to the National Division of the Royal Canadian Mounted Police. They arrested him on Tuesday without incident. Solis-Reyes faces one count of unauthorized use of a computer and one count of "mischief in relation to data."

The CRA, one of the first victims to report a Heartbleed attack, said on Monday that the vulnerability had been used to steal the Social Insurance Numbers of about 900 people. After discovering the attack, the agency temporarily halted online filing of tax returns. Social Insurance Numbers are required to work or get government benefits in Canada.

Heartbleed lets attackers capture data from server memory 64KB at a time, putting passwords, encryption keys and other data at risk. It lived in the popular Web encryption tool OpenSSL (Secure Sockets Layer) for about two years before it was exposed last week. Though the bug affected a broad swath of websites and was found in many models of server and network equipment, reports of Heartbleed attacks only started to emerge after the flaw had been disclosed.

The RCMP arrested Solis-Reyes after four days of investigation. It searched his residence and seized computer equipment, and the investigation continues, the agency said in a press release. Solis-Reyes is scheduled to appear in court in Ottawa on July 17.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityprivacydata breachAccess control and authenticationRoyal Canadian Mounted Police

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments