Who is the CRA Heartbleed hacking suspect?
Published Thursday, April 17, 2014 8:25AM EDT
The 19-year-old accused of exploiting the Heartbleed bug to hack into the Canada Revenue Agency website and steal hundreds of Canadians’ Social Insurance Numbers appears to be a skilled, but unsophisticated amateur computer hacker.
Stephen Arthuro Solis-Reyes was arrested Tuesday at his parents’ home, and charged with one count of unauthorized use of a computer and one count of mischief in relation to data.
The teen’s arrest came only one day after the CRA announced it had been the victim of “a malicious breach” last week, that saw around 900 SINs stolen from its systems over a six-hour period.
Solis-Reyes is a second-year student at Western University, majoring in computer science, who is said to have been an excellent student in high school, and a spelling bee champion in grade school.
His father is a computer science professor at Western who specializes in “data mining.” Former RCMP superintendent Garry Clement says it’s possible that Solis-Reyes learned many of his computer skills from his father.
“I'm absolutely sure the son would have probably not commensurate skills, but probably very close,” he told CTV News Wednesday.
While Solis-Reyes may be skilled, it’s likely he is still a rookie, as he appears to have led investigators right to his door by not changing his computer's IP address, which essentially acts as a computer’s phone number.
“The fact that we have an arrest within a very short amount of time suggests that the attacker wasn't taking any steps to conceal their identity,” Geoff Vaughan, an IT security consultant with Security Compass, told CTV News.
Tech analyst Carmi Levy says it’s not unusual for hackers to be younger as many have been immersed in computer coding their whole lives. Levy says many hackers don’t intend harm with the data they retrieve, but are simply testing their limits.
“It’s all about pride, it’s all about proving to those around you that you have the technological chops to break into the biggest prey, the biggest systems. And obviously, the more valuable the data and the more difficult the system is to break in, the more your currency rises in that peer group,” he told CTV’s Power Play Wednesday.
“We’ve seen it before in hacker culture in previous break-ins. It’s not a matter of money in many cases; it’s just a matter of proving your worth and ultimately becoming a bit of a demi-god in that community.”
Earlier this week, RCMP issued a search warrant at the London home where Solis-Reyes lives with his parents and seized all the computers in the home.
The RCMP is not saying what they think Solis-Reyes planned to do with the stolen Social Insurance Numbers or how the information might have been used.
Solis-Reyes has since been released from police custody and returned to his parents' home, where he is reportedly studying for this week’s spring exams.
He’s due to appear in an Ottawa court on July 17.