​Canadian arrested for hacking revenue agency using Heartbleed security bug

The Canada Revenue Agency website is seen on a computer screen displaying information about an internet security vulnerability called the “Heartbleed Bug” in Toronto, April 9, 2014.(Reuters / Mark Blinch)

A 19-year-old Canadian man has become the first person arrested in relation to the Heartbleed security vulnerability, which he used to steal taxpayer information.

Royal Canadian Mounted Police (RCMP) is accusing Stephen Arthuro Solis-Reyes of hacking into the Canadian Revenue Agency’s (CRA) website late last week.

Solis-Reyes, of London, Ontario, is suspected of stealing around 900 Social Insurance Numbers.

“It is believed that [Mr] Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug,” the RCMP said in a statement.

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” RCMP assistant commissioner Gilles Michaud said. “Investigators from National Division, along with our counterparts in ‘O’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”

Solis-Reyes has been charged with “unauthorized use of a computer” and “mischief in relation to data.” …read more