Canadian authorities have arrested a suspect, 19-year-old London, Ontario, teenager Stephen Arthuro Solis-Reyes, after he was accused of using the Heartbleed bug to hack into the Canada Revenue Agency website.
Apparently, Solis-Reyes stole almost 1,000 Social Insurance Numbers from the website. Believing that the 19-year old used the Heartbleed bug to remove information from the website, authorities raided his home and seized computers for evidence.
It is believed that Solis-Reyes hacked into the website during a six-hour window on April 9, moments after the Heartbleed bug was reported to the public and before the agency's computers were patched to prevent anyone from stealing personal data.
"The RCMP treated this breach of security as a high-priority case and mobilized the necessary resources to resolve the matter as quickly as possible," said Assistant Commissioner Gilles Michaud of the Royal Canadian Mounted Police.
"Investigators from National Division, along with our counterparts in 'O' Division, have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners."
It is not yet clear if Solis-Reyes had truly hacked into the Canada Revenue Agency website, but if that is the case, he'll be in a world of trouble for his actions. At the moment, his lawyers are doing their best to set him free, and they even went as far to state that Solis-Reyes is a bright young man who is too emotional at this time to speak about the incident.
The Canadian identification numbers are similar to Social Security numbers in the United States, with some exceptions. They are used by employers, banks and federal agencies, but can't be required when applying for a credit card or used as a general identification number.
What is Heartbleed?
It is basically a loophole in the code that keeps our personal and financial information safe from attackers. This particular code is part of the Open Source Secure Socket Layer Encryption (OpenSSL) platform. The bug has been around for more than two years, and even the National Security Agency in the U.S. knew about the issue and chose to exploit it rather than making it known to the security community.
Sadly enough, it took the security community a long while to discover the Heartbleed bug, which makes us wonder what hackers and the NSA have been doing with it for the past two years or more. However, as the saying goes, "better late than never."