CANADA

RCMP charge 19-year-old man in Heartbleed privacy breach

Christina Commisso CTVNews.ca
Published Wednesday, April 16, 2014 2:15PM EDT Last Updated Wednesday, April 16, 2014 7:36PM EDT

Text:

A 19-year-old man from London, Ont., has been charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency website.

The RCMP announced Wednesday that Stephen Arthuro Solis-Reyes was arrested at his home Tuesday without incident. He has since been released and is staying with his parents in London's north end.

Solis-Reyes faces charges related to one count of unauthorized use of a computer and one count of mischief in relation to data.

He’s the son of a computer science professor at Western University, CTV News has confirmed.

The CRA shut down public access to its online services on April 8 after learning its systems were vulnerable to the Heartbleed bug. Then on Monday, the agency announced that the Social Insurance Numbers of about 900 taxpayers were taken from the CRA systems over a six-hour period by someone who had exploited the Heartbleed bug

"The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible," Assistant RCMP Commissioner Gilles Michaud said in a statement.

Michaud said investigators have been working "tirelessly" over the last four days to analyze data, follow leads and conduct interviews.

The RCMP executed a search warrant earlier this week, where they confiscated every computer in the London home and analyzed their contents.

The Heartbleed bug was revealed early last week when it was discovered by a small team from Finnish security firm Codenomicon, while working independently from a Google Inc. researcher who also diagnosed the bug.

The flaw affects OpenSSL, one of the most widely used open-source software programs used to encrypt Internet communications. It’s used on approximately two-thirds of web servers.

The bug allows information in servers using OpenSSL to be viewed, meaning sensitive data can be exploited. The CRA website was one of many online domains that took precautions from the Heartbleed bug.

Solis-Reyes, a second-year Western University student, faces a maximum 10-year sentence if convicted.

He’s expected to appear in an Ottawa court on July 17, 2014 to face the charges.

RELATED IMAGES

view larger image

Stephen Arthuro Solis-Reyes, charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency, is seen in this image obtained by CTV News London.
RCMP investigators walk past the house of Stephen Arthuro Solis-Reyes, 19, in London, Ont., Wednesday, Apr. 16, 2014. (Dave Chidley / THE CANADIAN PRESS)
Acting on a search warrant, police removed several computers from a home in London, Ont. in connection with the Heartbleed breach.

Report an error Editorial standards and policies Why you can trust CTV News

MORE NEWS FROM CANADA

CTVNews.ca Top Stories

Don't Miss

false

Caught on cam: Tornadoes tear through Nebraska

false

Items recovered from the Titanic are now up for auction

false

Taylor Swift 101: Queen's University offering new course

LISTEN TO THE LATEST

A daily politics podcast

Listen and subscribe to get a daily fix on the latest political news and issues.
A weekly politics podcast

Listen and subscribe to get a weekly update with the newsmakers who matter.
A public opinion podcast

A check-in on the public mood of Canadians with hosts Michael Stittle and Nik Nanos.

RCMP charge 19-year-old man in Heartbleed privacy breach

Share:

Text: