According to Reuters, the Royal Canadian Mounted Police has arrested Stephen Solis-Reyes, a 19-year-old London, Ontario resident, for stealing Canadian taxpayer information. Solis-Reyes allegedly used the infamous Heartbleed OpenSSL bug to pull off the thefts, and is charged with unauthorized use of a computer, and mischief in relation to data. This comes after the Canada Revenue Agency stated that roughly 900 Social Insurance Numbers, or SINs, were stolen after attacks on its website were conducted using Heartbleed.
“It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug,” the RCMP stated.
Solis-Reyes was apprehended at his residence in Ontario today, and authorities also extracted his computer equipment as well.
The Heartbleed bug allows hackers to send fake heartbeat messages, which can trick a website’s server into relaying data that’s stored in its memory. This includes sensitive information such as usernames, passwords, credit card numbers, emails, and more.
Multiple Internet security experts have expressed serious concern regarding the impact that Heartbleed could have. For instance, Mike Lloyd, the CTO of RedSeal, a network security firm, advised that people should “stop all transactions for a few days” once news of Heartbleed broke. In its efforts to combat the threat, the Canada Revenue Agency shut down its website on April 8, and didn’t bring it back online until April 13.
Solis-Reyes is scheduled for a July 17 court date.
