A teenager in London, Ontario, Canada has become the first criminal to be arrested for exploiting the ‘Heartbleed’ bug to steal information – in this case, private information on 900 Canadian taxpayers.
The 19-year-old, Stephen Arthuro Solis-Reyes was arrested without resistance by the Royal Canadian Mounted Police after allegedly using Heartbleed to gain access to tax websites, according to a statement released by the RCMP.
The case marks one of the first instances of an arrest for misuse of the bug, although reports in Bloomberg and elsewhere suggest that government agencies have misused it for years. America’s National Security Agency, the NSA, was quick to deny these reports, issuing a statement saying, “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” according to Bloomberg.
Bloomberg has also issued a report saying that attacks using the bug, which appear to originate in China, have already been launched.
Solis-Reyes is believed to have used the bug to steal social security numbers from a government server. CBC reports that he accessed 900 records, and was arrested and charged. He voluntarily turned himself into police rather than be arrested in class. “He is an A student and a very, very bright young man,” said has lawyer Faisal Joseph.
In a statement, the Royal Canadian Mounted Police said, “The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from National Division, along with our counterparts in “O” Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” said Assistant Commissioner Gilles Michaud.
The suspect’s home was searched, after an investigation involving the Canadian government, and the London Police Service.
Solis-Reyes is scheduled to appear in court in Ottawa on July 17, 2014.
Author Rob Waugh, We Live Security