19 year old Heartbleed bug hacker charged by RCMP


Ottawa: Government of Canada’s lead security agencies have notified CRA of a malicious breach of taxpayer data that occurred over a six-hour period. Based on analysis to date, Social Insurance Numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability.
The Agency is putting in place measures to support and protect the individuals affected by the breach. Each person will receive a registered letter to inform them of the breach. A dedicated 1-800 number has also been set up to provide them with further information, including what steps to take to protect the integrity of their SIN. The Agency will not be calling or emailing individuals to inform them that they have been impacted – we want to ensure that our communications are secure and cannot be exploited by fraudsters through phishing schemes.
Meanwhile the investigation by RCMP into the breach has led them to a 19 year old London, Ontario man. The RCMP’s National Division Integrated Technological Crime Unit (ITCU) has charged him in relation to the malicious breach of taxpayer data from the Canada Revenue Agency (CRA) website. Stephen Arthuro Solis-Reyes was arrested at his residence on April 15 without incident. He faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data contrary to Sections 342.1(1)(a) and 430(1.1) of the Criminal Code.
It is believed that Solis-Reyes was able to extract private information held by the CRA by exploiting the security vulnerability known as the Heartbleed bug.Stolis-Reyes is scheduled to appear in court in Ottawa on July 17, 2014.