The Inquirer-Home

Canadian student arrested for Heartbleed attack on tax agency

Pinched and charged
Thu Apr 17 2014, 10:36

THE ROYAL CANADIAN MOUNTED POLICE (RCMP) has charged a teenager with links to the Heartbleed attack on the Canadian Revenue Agency (CRA).

The CRA announced the breach just this week, saying that social security information was plundered. It said then that it was working with the authorities and apparently that work has paid off.

Canadian student Stephen Solis-Reyes was arrested on Tuesday, according to the RCMP high-tech crime coppers.

Apparently he was picked up with no fuss and is facing two criminal counts, one for "Unauthorised Use of Computer" and another for "Mischief in Relation to Data contrary to Sections 342.1(1)(a) and 430(1.1) of the Criminal Code". The RCMP added that it believed the student obtained the data by exploiting the Heartbleed security vulnerability in OpenSSL.

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said RCMP assistant commissioner Gilles Michaud.

"Investigators from National Division, along with our counterparts in 'O' Division have been working tirelessly over the last four days analysing data, following leads, conducting interviews, obtaining and executing legal authorisations and liaising with our partners."

Solis-Reyes will go to court in Ottawa in mid-July. The RCMP said that it seized computer equipment from his residence.

Four computer scientists have been looking into the Heartbleed bug, for different reasons.

Zakir Durumeric, David Adrian, Michael Bailey and J Alex Halderman from the University of Michigan have studied the bug, its movement and its impact.

They reckon that the bug was not exploited until it went public, or at least, they said that they could find no evidence that it was.

"We didn't observe any such wide-scale attacks prior to the public announcement of the bug," they wrote in their study. "However we cannot rule out that the possibility that there were earlier targeted attacks against specific sites."

A recent update to the study said that people who want to exploit the bug are out there and trying to mount attacks on it. The bulk of these feelers, 59 percent, come from China, they added. "We have observed 41 unique hosts scanning for and attempting to exploit the Heartbeat vulnerability," they said.

"The first probe we detected was at 1539 GMT on April 8, 2014. Given that our honeypots are hosted on out-of-the-way hosts and not on a major website, it is most likely that these hosts were performing comprehensive scans or scans of a large sample of the internet."

While many websites are affected by the Heartbleed vulnerability, so far just two, the CRA and Mumsnet, have come forward and admitted to having seen breaches. µ 


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?