Menu
Teen arrested in Heartbleed attack against Canadian tax site

Teen arrested in Heartbleed attack against Canadian tax site

The Canada Revenue Agency reported data on 900 taxpayers was stolen through the Web vulnerability

Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.

Stephen Arthuro Solis-Reyes, of London, Ontario, took advantage of the vulnerability to steal information from the Canada Revenue Agency's website, according to the National Division of the Royal Canadian Mounted Police. They arrested him on Tuesday without incident. Solis-Reyes faces one count of unauthorized use of a computer and one count of "mischief in relation to data."

The CRA, one of the first victims to report a Heartbleed attack, said on Monday that the vulnerability had been used to steal the Social Insurance Numbers of about 900 people. After discovering the attack, the agency temporarily halted online filing of tax returns. Social Insurance Numbers are required to work or get government benefits in Canada.

Heartbleed lets attackers capture data from server memory 64KB at a time, putting passwords, encryption keys and other data at risk. It lived in the popular Web encryption tool OpenSSL (Secure Sockets Layer) for about two years before it was exposed last week. Though the bug affected a broad swath of websites and was found in many models of server and network equipment, reports of Heartbleed attacks only started to emerge after the flaw had been disclosed.

The RCMP arrested Solis-Reyes after four days of investigation. It searched his residence and seized computer equipment, and the investigation continues, the agency said in a press release. Solis-Reyes is scheduled to appear in court in Ottawa on July 17.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securitydata breachAccess control and authenticationRoyal Canadian Mounted Policeprivacy

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments