As law enforcement continues its investigation into the Heartbleed security bug, which compromised computer systems the world over, a Western Computer Science student was arrested last week in connection with the breach, according to the Royal Canadian Mounted Police (RCMP).
Stephen Arthuro Solis-Reyes, 19, was arrested April 15, and faces charges relating to a malicious breach of taxpayer data from the Canada Revenue Agency (CRA) website. Police searched and seized co mputers from his home and charged Solis-Reyes with one count of unauthorized use of a computer and one count of mischief in relation to data, according to the RCMP.
The arrest came in the footsteps of an announcement from the CRA, who two days prior revealed social security numbers of 900 Canadians had been extracted from its database. Because of the breach, the CRA was forced to shut down its website for five days.
The security breach has been attributed to a vulnerability in OpenSSL software, one that has the potential to leak encrypted data to hackers. The vulnerability has come to be known as the Heartbleed bug. OpenSSL is used by major websites and a vulnerability in its code could have potentially exposed hundreds of millions passwords and other sensitive data.
According to the RCMP, Solis-Reyes exploited the vulnerability to hack into the CRA website and gain access to private taxpayer information.
“The RCMP treated this breach of security as a high-priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” RCMP assistant commissioner Gilles Michaud said in a statement last week.
The investigation is ongoing, so there are no further comments or updates at this time, added RCMP Media Relations Officer Lucy Shorey this week.
Solis-Reyes has been, by all given accounts, a good student who has kept a low profile. In his second year of a Computer Science degree at Western, he attended Canada’s national spelling bee in 2006. Two years ago, with a team from Mother Teresa Secondary School, he won a London-area Catholic school board computer programming competition.
Solis-Reyes, son of Western Computer Science professor Roberto Solis-Oba, is scheduled to appear in court in Ottawa on July 17.
The CRA informed the RCMP and the Privacy Commissioner of Canada of the security breach on April 11, but Canadians were not informed about the attack until three days later.
Government security agencies had previously informed the CRA that hackers had exploited a six-hour window to gain access to 900 social insurance numbers and other taxpayer information from government servers. The CRA then noted “other fragments of data” could have been compromised at the time.
In its analysis of the breach, the CRA said it has found no evidence of other attacks. It plans to use registered mail to contact taxpayers whose information was compromised and whose social security numbers were stolen. The CRA has also extended the deadline to file 2013 taxes until May 5.
