Royal Canadian Mounted Police have arrested a 19-year-old man in relation to exploiting the Heartbleed software vulnerability and stealing taxpayer data from the Canada Revenue Agency, the first arrest over the exploit.
According to the police, Stephen Arthuro Solis-Reyes managed to exploit the Heartbleed bug in OpenSSL to access private data stored by the Revenue Agency, and they arrested him at his home in London, Ontario, on 15 April.
Solis-Reyes’ hack was brought to the attention of the National Division Integrated Technological Crime Unit (ITCU) after the Heartbleed bug was publicly disclosed on 7 April, and they found that 900 Social Insurance Numbers had been exposed. ITCU also believe that some business-related data may have been stolen during the breach.
Assistant Commissioner Gilles Michaud said:
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners”