18 Apr 2014

First Arrests in HeartBleed Attack on Canadian Site

A 19-year old man has been charged for allegedly exploiting the HeartBleed vulnerability to steal information about Canadian taxpayers, according to a press release of the Royal Canadian Mounted Police.

Stephen Arthuro Solis-Reyes is accused of infiltrating the Canada Revenue Agency’s website and stealing the social insurance numbers of some 900 people. After the attack was disclosed, the agency temporarily ceased its activity.

Solis-Reyes was arrested after four days of investigation. He now faces one count of unauthorized use of computer and one count of mischief.

“Investigators … have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” said Gilles Michaud, Assistant Commissioner.

CVE-2014-0160, known as HeartBleed, a recently discovered security vulnerability in the TLS/SSL data transmission protocol, exposed different types of private content including customer credentials, usernames, passwords, instant messages, emails and business communications.