Threat Management, Vulnerability Management

Arrested Canadian hacker ‘believed’ to have exploited Heartbleed bug

Has the first Heartbleed bug hacker been arrested? 

On Tuesday, Stephen Solis-Reyes, a 19-year-old man that authorities believe leveraged the now infamous bug to steal sensitive information from the Canada Revenue Agency, was arrested by the Royal Canadian Mounted Police (RCMP), without incident, at his home in London, Ontario, according to a Wednesday RCMP release.

Following a search of his residence and seizure of his computer equipment, Solis-Reyes was charged with one count of unauthorized use of a computer and one count of mischief in relation to data, according to the release.

Cpl. Lucy Shorey, a media relations officer with RCMP, told SCMagazine.com on Thursday that each charge carries a maximum penalty of 10 years in prison.

“We are treating this as a priority investigation,” Shorey said, adding that the entire unit was called out to review and analyze data related to the case, and that investigators are still in London as of Thursday at around 2 p.m., Eastern Time.

Andrew Treusch, commissioner of the Canada Revenue Agency, a federal group that handles taxing, announced on Monday that a hacker stole 900 taxpayer Social Insurance Numbers over the course of a six-hour period sometime before the agency took down its servers on April 8 to issue a Heartbleed patch.

Treusch said, based on an investigation so far, that the attacker removed the data by exploiting the Heartbleed bug. Some have questioned how an organization can confirm this because there is typically not much to indicate that a server was attacked using the vulnerability.

On Tuesday, Yan Zhu, a staff technologist with the Electronic Frontier Foundation, told SCMagazine.com that keeping packet logs is the only way to know if an attacker is exploiting the Heartbleed bug, which Zhu added is not done very often.

On Thursday, when asked how the RCMP arrived at the belief that the alleged attacker exploited the Heartbleed bug, Shorey said that she could not speak on the matter due to an ongoing investigation. Additionally, she was unable to reveal what led investigators to Solis-Reyes.

Solis-Reyes is scheduled to appear in an Ottawa court on July 17, according to the release.

The Heartbleed bug is a critical vulnerability in widely used versions of the OpenSSL library that ultimately puts SSL/TLS encrypted communications at risk. Over the weekend, UK parenting website Mumsnet also announced that it had experienced a Heartbleed-related breach that could have compromised credentials and other information for all 1.5 million of its users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.