A 19-Year-Old Boy Is The First Hacker To Be Arrested For Exploiting The Heartbleed Bug

A 19-year-old Canadian became the first person to be arrested in relation to the Heartbleed security breach.

Cover image via

A 19-Year-Old Has Become The First Person Arrested For Theft Of Information Related To The Heartbleed Bug

Image via

A Canadian cyber crime unit has arrested and charged a 19-year-old Ontario man for allegedly hacking into Canada's tax agency using the Heartbleed Internet security bug.

The Suspect From London, Ontario Was Accused Of Hacking Into The Canadian Revenue Agency's Website Last Friday By The Royal Canadian Mounted Police

RCMP officers say they arrested Stephen Arthuro Solis-Reyes at his Ontario home on Tuesday, seizing computer equipment and charging him with one count of unauthorized use of a computer and one count of mischief in relation to data, the RCMP said in a statement.

The RCMP allege Solis-Reyes exploited the Heartbleed bug — a vulnerability in the commonly used OpenSSL Internet security technology — to hack into the CRA’s Website and extract private taxpayer information. Solis-Reyes is scheduled to appear in court in Ottawa on July 17.
Image via

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” RCMP assistant commissioner Gilles Michaud said in a statement on Wednesday.

Solis-Reyes Is A Computer Science Student At The Canada's Western University

Solis-Reyes’ lawyer, Faisal Joseph of Toronto’s Lerners LLP, told Global News that his client is a “straight-A” second year engineering student at Western University in London. Mr. Solis-Reyes’ father, Roberto Solis-Oba, is a professor of computer science at Western University.

“They know he is starting to write exams on Thursday. They know this is a national story. They threatened to go public with this to humiliate and embarrass him. They know this kid has an A average and they know he does well in school,” Mr. Joseph told the London Free Press.

“I just think it is totally inappropriate to try to destroy a kid’s life before he even has an opportunity to speak to a lawyer and get legal advice. And now they’re going to make a national spectacle out of him.” Mr. Joseph told Global News that his client’s father was an “emotional wreck” after hearing the news of the charges

The Speed With Which Canadian Authorities Tracked Down The Alleged Hacker Suggests The Attack, Though Successful, Was Relatively Inexpert

Image via

"They were not a very sophisticated attacker," Mark Nunnikhoven, vice-president of cloud and emerging technologies at the software security firm Trend Micro, told The Canadian Press. "Any attacker worth their salt would have been covering their track a lot better than that."

The CRA First Learned Of The Security Breach On 11 April, But Didn't Inform The Public Until Monday

Image via

Authorities discovered earlier this week that the Canada Revenue Agency (CRA) site was hacked into over a six-hour period and the Heartbleed vulnerability was exploited to nab roughly 900 social insurance numbers and possibly other information from Canadian taxpayers.

"The CRA worked around the clock to implement a 'patch' for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services," said CRA commissioner Andrew Treusch in a statement. "The CRA is one of many organizations that was vulnerable to Heartbleed, despite our robust controls."

Members of 'team Red' work on laptops during a mock cyberattack scenario with teams of amateur computer experts taking part and trying to fight this simulated attack in London, Friday, March, 14, 2014.

Image via

News Of The Heartbleed Bug Reverberated Across The Internet Last Week Showing How Easily People's Online Data Could Be Accessed. Read All About It Here.

ALSO READ: Has The US National Security Agency Been Secretly Exploiting The Heartbleed Bug For Years?

You may be interested in: