Skip to main content

Canada arrests world’s first Heartbleed hacker

Canada has arrested the first person in the world in relation to the Heartbleed bug after the glitch had a wide ranging effect on the country’s revenue and tax office website.

Related: OpenSSL “Heartbleed” bug exposes user data to cyber criminals

The Royal Canadian Mounted Police [RCMP] announced via its website that 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario was detained on 15 April as he was attempting to extract information held by the Canadian Revenue Agency website by using the bug.

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” said Assistant Commissioner Gilles Michaud.

Reyes stands accused of one count of unauthorised use of a computer and another of mischief in relation to data and is due in court on 17 July with a search conducted at the suspect’s house seeing computer equipment seized.

Solis-Reyes stole some 900 social insurance numbers according to the RCMP and the CRA became the first major organisation to suspend online services in response to the bug and the theft clearly shows they were slightly late in response.

The attack on the CRA site was first revealed on Monday by Canada’s CBC news site and it’s thought by many in the security fraternity that many more organisations will reveal breaches in the coming weeks.

Related: A closer look at the NSA’s denial of knowledge regarding Heartbleed

Heartbleed was first outed earlier this month as a bug that allows cyber criminals to take advantage of a vulnerability in the OpenSSL security protocol library that lets hackers read stored memory on servers and ultimately eavesdrop on communications and steal information.