Authorities in Canada have announced the arrest of the man they believe to be behind an attack on the country's tax system using the Heartbleed vulnerability.
Royal Canadian Mounted Police (RCMP) said that 19 year-old Stephen
Arthuro Solis-Reyes of London, Ontario has been arrested on charges of
unauthorized use of a computer and criminal mischief in relation to data
for stealing taxpayer information from the Canada Revenue Agency (CRA).
"The RCMP treated this breach of security as a high priority case
and mobilized the necessary resources to resolve the matter as quickly
as possible," assistant commissioner Gilles Michaud said in a statement.
from National Division, along with our counterparts in [Ontario]
Division have been working tirelessly over the last four days analyzing
data, following leads, conducting interviews, obtaining and executing
legal authorizations and liaising with our partners."
is said to have used data gathered by exploiting the Heartbleed
vulnerability on the CRA's servers in the attack, which reportedly
resulted in the loss of 900 social insurance numbers. The CRA believes
that the hacker gathered the information over a six-hour window of time
which occurred on April 9 between the first public reports of the flaw
and the implementation of security measures.
The attack marked one
of the first known instances of hackers actively exploiting the
Heartbleed condition in the wild to steal user data. Though if reports
are to be believed, the NSA and (likely) other government organizations have been exploiting the flaw for years in order to gather intelligence info.
RCMP reported that it arrested Solis-Reyes without incident on April
15. The Mounties also seized computer equipment from the home. He is
scheduled to appear before a court in Ottawa on July 17 to begin trial.
The investigation is still ongoing, although the Mounties did not report of any other persons involved in the attack.