Canadian police arrests 19 year-old over 'Heartbleed' security breach

By

BBC reported that a 19 year-old Canadian has been arrested for hacking into the website of the Canadian Revenue Agency (CRA) last Friday. The Royal Canadian Mounted Police said that Stephen Arthuro Solis-Reyes from London, Ontario had stolen 900 social insurance numbers using the "Heartbleed bug." The security bug, as discovered separately by both Google Inc and small Finnish security firm Codenomicon last week, allows hackers to exploit a flaw in OpenSSL, which is described as a cryptographic software library for services to keep data transmissions private. As a result of the security breach, BBC said that Canada's tax agency was forced to cut its services, albeit the fact that it was too late then.

The RMCP said in a statement, "It is believed that [Mr] Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug."

Assistant RMCP Commissioner Gilles Michaud said in a statement, "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in "O" Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."

Solis-Reyes was reportedly arrested at his home on April 15 without incident. The RMCP has formally charged Solis-Reyes with one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data. BBC said that the perpetrator is expected to appear in court for his case on July 17 this year.

According to security experts, breaches like the one with the CRA could be revealed soon as governments and firms around the world scramble to determine whether their systems are vulnerable due to the security bug.

Tags
Heartbleed bug, Royal Canadian Mounted Police, Canadian Revenue Agency, Canadian Revenue Agency website breach, OpenSSL
Join the Discussion
Related Articles
More Business News
US Judge Orders 12-Year Sentence for Cameroonian in Multi-Million Dollar Business Email Compromised Fraud Scheme

US Judge Orders 12-Year Sentence for Cameroonian in Multi-Million Dollar Business Email Compromised Fraud Scheme

IRS Announces $1 Billion Unclaimed 2020 Tax Refunds, Urges Taxpayers to Submit Tax Returns As Deadline Looms

IRS Announces $1 Billion Unclaimed 2020 Tax Refunds, Urges Taxpayers to Submit Tax Returns As Deadline Looms

Ohio Woman Sentenced for Massive Social Security Scam Involving Dead Child's Identity

Ohio Woman Sentenced for Massive Social Security Scam Involving Dead Child's Identity

NY Attorney General Letitia James Plans to Collect $454M by Freezing Trump's Bank Accounts, Properties

NY Attorney General Letitia James Plans to Collect $454M by Freezing Trump's Bank Accounts, Properties

Real Time Analytics