Police arrest first accused Heartbleed hacker in Canada

A 19-year-old Ontario man is accused of using the Web encryption bug called Heartbleed to hack into the Canadian government’s tax agency and steal people’s information.

Stephen Solis-Reyes of London, Ontario, was arrested at his house Tuesday for taking “private information” from the Canada Revenue Agency, the Royal Canadian Mounted Police said on Wednesday. Computer equipment was also seized in the incident.

ADVERTISEMENT
Police Assistant Commissioner Gilles Michaud said in a statement that agents treated the issue “as a high-priority case and mobilized the necessary resources to resolve the matter as quickly as possible.”

Earlier this week, the Canadian government said that a hacker exploiting the Heartbleed flaw, which has affected websites across the Internet, had stolen about 900 people’s social insurance numbers. Along with the reported theft of passwords and messages from a United Kingdom parenting site, the hack into the Canadian tax office was one of the first reported cases in which someone had stolen information through the security flaw.

Solis-Reyes is scheduled to appear in court on July 17.

The Heartbleed bug existed in the widely popular OpenSSL encryption technology for two years but was not publicly known until researchers announced its discovery last week. A flaw in the encryption code can allow hackers to mimic a trusted website and steal users’ sensitive information, but there had not been any reported attacks involving the glitch until this week.

The flaw nonetheless put the Internet on edge and caused hundreds of thousands of websites to scramble to patch their systems and warn people to change their passwords. 

Concern mounted after Bloomberg news reported that the National Security Agency had used the bug to grab information for years, though the Obama administration quickly denied the charge.