Monday, April 21, 2014
19 year old uses Heartbleed Bug to attack Canadian taxpayers
The Canada Revenue Agency reported that 900 taxpayers data was stolen by a 19 year old, using the Heartbleed Bug.
Stephen Arthuro Solis-Reyes, of London, Ontario, used the Heartbleed Bug to steal information from the Canada Revenue Agency’s website. Solis-Reyes was arrested on Tuesday, facing one count of unauthorized use of a computer and one count of “mischief in relation to data.”
The CRA (Canadian Revenue Agency), is one of the first victims to report a Heartbleed attack.
The vulnerability had been used to steal the Social Insurance Numbers of nearly 900 people.
When the attack was discovered, the agency halted online filing of tax returns.
Social Insurance Numbers are required to work or get government benefits in Canada.
Heartbleed lets attacks capture data from server memory 64KB at a time. This puts passwords, encryption keys and other data at risk.
The Heartbleed Bug lived in the Web encryption tool OpenSSL (Secure Sockets Layer) for about two years before it was exposed last week.
The RCMP arrested Solis-Reyes after a few days of investigation. The residence of Solis-Reyes was searched and his computer equipment was seized.
The investigation continues and the agency said in a press release, Solis-Reyes is scheduled to appear in court in Ottawa on July 17.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.
Teen arrested in Heartbleed attack against Canadian tax site – Info World Security Central