Canadian Heartbleed hacker arrested, charged in connection to malicious bug exploit
A 19-year-old student has been arrested for allegedly exploiting the Heartbleed vulnerability to steal taxpayer data from as many as 900 Canadians, authorities said Wednesday.
The arrest of Stephen Arthuro Solis-Reyes by the Royal Canadian Mounted Police marks the first time authorities anywhere have publicly levied charges in connection to the malicious exploitation of a defect in the widely used OpenSSL cryptography library.
Canada Revenue Agency officials said they had removed public access to online tax services a day after the defect was discovered earlier this month. But it was too late, and the Heartbleed flaw made it possible to pluck private encryption keys, passwords, and other sensitive data out of the private computer memory of the revenue agency's servers running vulnerable versions of the open source library.