Heartbleed: Teen arrested in Canada Revenue Agency information theft

USPA News - Canadian authorities arrested a 19-year-old Ontario man Tuesday in relation to Friday`s theft of private information from the Canada Revenue Agency website by exploiting the Heartbleed bug, authorities said on Wednesday. Stephen Arthuro Solis-Reyes is believed to have stolen 900 social insurance numbers from the CRA on Friday, before the website was shut down for security reasons. The Royal Canadian Mounted Police (RCMP) said Solis-Reyes extracted the information from the site by exploiting the security vulnerability known as the Heartbleed Bug. "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said Assistant Commissioner Gilles Michaud.

Solis-Reyes was arrested at his home in the city of London in southwestern Ontario on Tuesday without incident. Authorities searched Solis-Reyes` home and seized computer equipment. He is scheduled to appear in court on July 17, facing one count of unauthorized use of computer and one count of mischief in relation to data. "This is an ongoing investigation and we cannot comment further on details of the investigation," Corporal Lucy Shorey had to say when asked what led authorities to arrest and charge Solis-Reyes. Following Friday`s incident, the RCMP asked CRA to delay advising the public of the breach until Monday morning. "This deferral permitted us to advance our investigation over the weekend, identify possible offender(s) and has helped mitigate further risk," the RCMP had said in statement on Monday. CRA put in place measures to support and protect the individuals affected by the security breach such as a 1-800 number to provide individuals with further information and credit protection services at no cost. "The CRA worked around the clock to implement a `patch` for the bug, vigorously test all systems to ensure they were safe and secure, and re-launch our online services late yesterday," CRA Commissioner Andrew Treusch said in a statement released by the agency on Monday. The Heartbleed Bug is a security vulnerability in the OpenSSL cryptographic software library that allows attackers to pull confidential data. OpenSSL is a software code used by many internet serves that encrypts and protects the privacy of passwords, banking information, and other sensitive data entered online.