Teenager Arrested in Connection to Heartbleed Attack on Canadian Tax Agency
According to the latest reports from CNN, Canadian mounties have just arrested a 19-year-old teenager who exploited the notorious Heartbleed internet bug in order to hack the Canada Revenue Agency.
Last week, the CRA suffered a data breach — the Social Insurance Numbers of over 900 taxpayers were leaked, and other data was potentially compromised. The country’s tax-return deadline had to be pushed back for almost a week as a result of the breech, a move that could prove potentially costly.
Law enforcement officers had been “working tirelessly” for four days conducting interviews, obtaining legal authorizations, and analyzing data before the arrest was made, according to the Assistant Commissioner Gilles Michaud. “The RCMP (mounted police) treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” adds Michaud.
The suspect is Stephen Solis-Reyes, of London, Ontario. Solis-Reyes is currently a student at Western University, and has previously won awards in programming competitions. Policed seized his computer equipment, and his first court appearance is scheduled for July 17 of this year. So far, he has been charged with “mischief in relation to data,” and “unauthorized use of a computer.” If he was truly behind the attack, Solis-Reyes will likely have his place in hacking history.
“Because everyone uses SSL, it really brings to light the need for multiple layers of security, like banks have,” explains Chris Traxler, Managing Partner at TSI. “With multiple layers of security, such as two-factor authentication, you reduce the risk of having widespread exposure, like we saw with Heartbleed.”
This is the first arrest to occur following Heartbleed, which was a flaw in openSSL, a technology used for online security. The flaw affected at least half a million web servers, threatening the security of nearly 33% of the internet. Security experts have been warning that even though many companies have since patched up the security holes, more attacks are likely to follow in the upcoming weeks.