Updated 10:35 AM EDT, Thu, Apr 18, 2019

Make CT Your Homepage

Canada Arrests Teener Who Stole Social Insurance Numbers Using Heartbleed

Canadian authorities said they have arrested a 19-year-old computer science student who exploited the online security vulnerability known as Heartbleed, resulting to the theft of 900 social insurance numbers stored in the Canada Revenue Agency's (CRA) website.

The malicious cyber-attack, which compromised 900 social insurance numbers, was only reported last week, but the police and authorities were quick to locate one of the alleged perpetrators of the online theft that utilized the Heartbleed security bug.

Like Us on Facebook

The police identified the suspect as Stephen Arthuro Solis-Reyes. He was charged with one count of an unauthorized computer and another count of mischief that resulted in the breach of data, the Royal Canadian Mounted Police said in a press conference.

Reyes became the first person to have been arrested in relation to the Heartbleed security bug that stirred major websites around the world. Experts said hackers get access to stores of information such as passwords and financial details through Heartbleed, which is actually a flaw in OpenSSL, encryption software used by most websites.

The quick arrest immediately triggered assumptions in the cyber world that those behind Heartbleed were actually not the feared elite hackers, but were amateur hackers who failed to erase their online fingerprints.

The arrest of Reyes came a day after access to government websites in Canada were reopened and the CRA, which is the tax authority of the country, said its online tax filing process could resume after five days of being suspended.

The CRA said the hacker managed to take 900 social insurance numbers from its online tax-filing systems in a matter of six hours. The CRA described the breach as "malicious" but did not provide further details on how the breach was carried out.

Some 20 million of the 26.1 million returns received by the CRA last year were filed electronically. CRA's social insurance numbers are similar to the US Social Security numbers.

Real Time Analytics