The first known arrest for exploiting the infamous HeartBleed exploit was made on a nineteen-year-old Canadian Computer Science student for his alleged breach of the Canada Revenue Agency’s website. Stephen Arthuro Solis-Reyes of London, Ontario is facing one count of Unauthorized Use of Computer, and one count of Mischief in Relation to Data.
CRA Commissioner Andrew Treusch stated that over a period of six hours, the Social Insurance Numbers of around 900 people were removed from CRA computer systems. Assistant Commissioner, Gilles Michaud stated that “The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible”. This hack followed a separate attack that happened a day prior, which led to the shutdown CRA servers, and was also exploiting the HeartBleed security flaw.
After searching the suspect's house, officials have seized the computer equipment of Mr. Solis-Reyes, whom is scheduled to appear in court on July 17.
The 900 affected by the attack can expect to receive a letter to inform them of the breach, though as an extra precaution, the agency isn’t making any calls or sending emails. The agency will provide free credit protection services, and will apply extra protections to their CRA accounts to prevent future disasters.
With the HeartBleed flaw running rampant, it is strongly suggested to everyone using websites that were affected to change their passwords immediately.