A 19-year-old computer science student has been arrested by the Royal
Canadian Mounted Police (RCMP) and accused of stealing personal data by
exploiting the "HeartBleed" vulnerability.
HeartBleed,
the bug that left the Internet vulnerable, is a recently uncovered
security flaw in the popular open-source encryption library(OpenSSL)
which allows attackers to read memory of the server running vulnerable
OpenSSL - means attacker can steal sensitive information.
Stephen Arthuro Solis-Reyes from London, Ontario, accused of exploiting
HeartBleed bug to steal sensitive information from servers of the
Canadian Revenue Agency(CRA), according to RCMP.
During the Police raid, his computer was seized by Canadian police. He is scheduled to appear in court in Ottawa on July 17.
The arrest came after CRA announced that someone exploited the
HeartBleed bug to steal 900 Social Insurance numbers of taxpayers. The
agency had shut down its site temporarily to prevent further attacks.
"The RCMP treated this breach of security as a high priority case and
mobilized the necessary resources to resolve the matter as quickly as
possible." Assistant Commissioner Gilles Michaud said in a statement.
"Investigators from National Division, along with our counterparts in
“O” Division have been working tirelessly over the last four days
analyzing data, following leads, conducting interviews, obtaining and
executing legal authorizations and liaising with our partners".
Post a Comment