First known arrest for exploiting HeartBleed security flaw

The first known arrest for exploiting the infamous HeartBleed exploit was made on a nineteen-year-old Canadian Computer Science student for his alleged breach of the Canada Revenue Agency’s website. Stephen Arthuro Solis-Reyes of London, Ontario is facing one count of Unauthorized Use of Computer, and one count of Mischief in Relation to Data.

CRA Commissioner Andrew Treusch stated that over a period of six hours, the Social Insurance Numbers of around 900 people were removed from CRA computer systems. Assistant Commissioner, Gilles Michaud stated that “The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible”. This hack followed a separate attack that happened a day prior, which led to the shutdown CRA servers, and was also exploiting the HeartBleed security flaw.

After searching the suspect's house, officials have seized the computer equipment of Mr. Solis-Reyes, whom is scheduled to appear in court on July 17.

The 900 affected by the attack can expect to receive a letter to inform them of the breach, though as an extra precaution, the agency isn’t making any calls or sending emails. The agency will provide free credit protection services, and will apply extra protections to their CRA accounts to prevent future disasters.

With the HeartBleed flaw running rampant, it is strongly suggested to everyone using websites that were affected to change their passwords immediately.

Source: Toronto Sun via PC Mag | Image via SlashGear

Report a problem with article
Previous Story

HTC smartphone cameras may have true optical zoom in the future

Next Story

Thecus N2310 two drive home NAS review

8 Comments

"With the HeartBleed flaw running rampant, it is strongly suggested to everyone using websites that were affected to change their passwords immediately."

But only if they actually patched it right? Otherwise it could be exploited again.

_dandy_ said,
WTF, this was on the news a whole week ago.

I know what u mean lol, Neowin is going down hill these days they hardly have any up to date news anymore

Matt Hakkers said,
I know what u mean lol, Neowin is going down hill these days they hardly have any up to date news anymore

Also (and this has nothing to do with Neowin) I'm still waiting to head about how the CRA knows those 900 SINs were leaked out. As far as I understand it, based on what I've been reading everywhere, in order to know what's leaking, you pretty much have to be logging all outbound traffic--the big fuss that was being raised was that you can't retroactively find out what has already been leaked otherwise.

Granted, a lot of sites have started doing that after the problem was known. But then, if that's when this "hacker" got caught, then he's just a dumbass.

Reading through the original article on the Toronto Sun, they make this kid out to be some kind of a victim of circumstance. This kid knowingly exploited a security flaw to gain access to confidential financial information and should be treated as a criminal. I honestly hope Western kicks this kid out of their school.

Conjor said,
Reading through the original article on the Toronto Sun, they make this kid out to be some kind of a victim of circumstance. This kid knowingly exploited a security flaw to gain access to confidential financial information and should be treated as a criminal. I honestly hope Western kicks this kid out of their school.

Yeah, because what this country needs is yet another kid whose education has been cut short, and with a criminal record. Not that I condone what he's done--I'm no bleeding-heart liberal; send him to jail for all I care...but depriving a kid from education isn't going to accomplish much to benefit society as a whole.

What about the NSA?
Absolute power corrupts absolutely and all these state/military sponsored agencies (all over the world) do anything and everything (mostly criminal stuff if you and I were to do them) under the false pretense of security no questions asked : |

Commenting is disabled on this article.