Menu
Teen arrested in Heartbleed attack against Canadian tax site

Teen arrested in Heartbleed attack against Canadian tax site

The Canada Revenue Agency reported data on 900 taxpayers was stolen through the Web vulnerability

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Stephen Arthuro Solis-Reyes, of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, according to the National Division of the Royal Canadian Mounted Police. They arrested him on Tuesday without incident. Solis-Reyes faces one count of unauthorized use of a computer and one count of "mischief in relation to data."

The CRA, one of the first victims to report a Heartbleed attack, said on Monday that the vulnerability had been used to steal the Social Insurance Numbers of about 900 people. After discovering the attack, the agency temporarily halted online filing of tax returns. Social Insurance Numbers are required to work or get government benefits in Canada.

Heartbleed lets attackers capture data from server memory 64KB at a time, putting passwords, encryption keys and other data at risk. It lived in the popular Web encryption tool OpenSSL (Secure Sockets Layer) for about two years before it was exposed last week. Though the bug affected a broad swath of websites and was found in many models of server and network equipment, reports of Heartbleed attacks only started to emerge after the flaw had been disclosed.

The RCMP arrested Solis-Reyes after four days of investigation. It searched his residence and seized computer equipment, and the investigation continues, the agency said in a press release. Solis-Reyes is scheduled to appear in court in Ottawa on July 17.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


Follow Us

Join the newsletter!

Or
Error: Please check your email address.

Tags securityprivacydata breachAccess control and authenticationRoyal Canadian Mounted Police

Featured

Slideshows

Bumper channel crowd kicks off first After Hours of 2018

Bumper channel crowd kicks off first After Hours of 2018

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Jefferson in Auckland to kick-start 2018. Photos by Gino Demeer.

Bumper channel crowd kicks off first After Hours of 2018
Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Show Comments