Stephen Arthuro Solis-Reyes is accused by the Canadian police of hacking into the Canadian Revenue Agency’s (CRA) website last week and stealing about 900 social insurance numbers (SINs).
Yesterday, reports indicated that the police had set eyes on one or more suspects, but they refused to give out more details about the identity of the individual.
“It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug,” the Royal Canadian Mounted Police (RCMP) said.
The police said that they treated the security breach as a high priority case, especially considering the type of content that was stolen. The matter was indeed resolved in just a few days.
“Investigators from National Division, along with our counterparts in ‘O’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” said Gilles Michaud, RCMP assistant commissioner.
Solis-Reyes has been charged with unauthorized use of a computer and mischief in relation to data and will appear in court on July 17.
The young hacker is actually a student at Western University. In his free time, he delves in programming. He has even built a BlackBerry phone app for solving Sudoku puzzles.
Heartbleed is a serious security bug affecting OpenSSL that was revealed to the world last week. The affected OpenSSL versions have been around for two years and are the preferred choices for a lot of the world’s websites.
Unfortunately, all attacks exploiting Heartbleed leave no traces, so it’s rather impossible to tell if there were any attacks whatsoever or how much data has been stolen in the time that has passed.
Government sites were also affected by the vulnerability and it looks like the Canadians took their time to fix the bug even though OpenSSL stressed how important it was to patch up the systems immediately.
Even so, it was on Friday that the attack took place, resulting in the loss of 900 social insurance numbers, which means that the servers had not been protected from the vulnerability, even though Heartbleed was exposed on Monday.
Members of one of the country’s political party want to know exactly why this happened and why it took so long for the issue to be fixed, especially given the severity of the bug.