The Royal Canadian Mounted Police (RCMP) has arrested a 19-year old from Ontario for allegedly using the Heartbleed bug to steal the taxpayer data of over 900 people from the Canadian Revenue Agency (CRA), Canada's version of the US Internal Revenue Service.
Stephen Arturo Solis-Reyes has been charged with "unauthorized use of a computer" and "mischief in relation to data." He is alleged to have hacked the CRA's website during a six-hour period last week by exploiting the Heartbleed vulnerability, said the RCPM. This is believed to be the first arrest in connection with criminal activity related to the Heartbleed bug.
Solis-Reyes is to appear in an Ontario court on July 17 to face the charges. He is a second-year student at the University of Western Ontario or Western University located in his hometown of London, Ontario.
His father is a computer science professor at Western University, which is among the top 10 universities in Canada and among the top 200 in the world. His family lived in Lafayette, Indiana before moving to Ontario.
RCMP assistant commissioner Gilles Michaud said the RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,
"Investigators from National Division, along with our counterparts in 'O' Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners," said Michaud.
CRA earlier reported that the private information of some 900 people was stolen by someone apparently exploiting the Heartbleed bug. Canada's lead security agencies informed the CRA of the malicious breach of taxpayer data.
CRA is a federal agency that administers tax laws of Canada. It also administers these laws for most Canadian provinces and territories, international trade legislation and various social and economic benefit and incentive programs delivered through the tax system. It also oversees the registration of charities in Canada and tax credit programs.
Uncovered only three weeks ago in the USA, Heartbleed is a bug or vulnerability that allows a knowledgeable person to access the private keys to a server using vulnerable software, allowing him access to data traffic and to even impersonate the server.