The first Heartbleed-related arrest seems to have occurred in Canada, where police arrested 19-year-old Stephen Solis-Reyes in London, Ontario. The teen was taken by police after he allegedly used the Heartbleed vulnerability to break into the Canadian Revenue Agency to steal nearly 1,000 social insurance numbers.
While it is a little bit insane that a government website was not immediately updated and fixed in order to deal with the Heartbleed vulnerability, it is still illegal for someone to exploit it (unless its the NSA of course.)
Heartbleed was unveiled last week and Solis-Reyes appears to be the first person arrested for exploiting it, though there are probably many others.
For those of you that have not been following the Heartbleed story, it is an issue with some versions of OpenSSL. If a service or website is using a vulnerable version of OpenSSL, anyone with sufficient knowledge is able to spy on communications and steal information. Since a large portion of the internet relies on OpenSSL and has been using the infected versions, some experts regard the security hole as one of the largest in the history of the internet.
After the breach was detected, federal authorities in Canada worked to figure out who the criminal was and eventually determined that it was a 19-year-old kid. Although they have arrested Solis-Reyes, the Canadian tax agency that was targeted is still trying to figure out what the extent of the damage really is.
CRA online services are safe and secure. The CRA responded aggressively to successfully protect our systems. We have augmented our monitoring and surveillance measures, so that the security of the CRA site continues to meet the highest standards.
I know that all employees of the Canada Revenue Agency join me in appreciation for the cooperation and patience of the public, businesses and representatives as we resolved this situation. – Canada Revenue Service
Question – Do you think that Heartbleed is the worst vulnerability in the history of the internet?
Summary: A Canadian teenager has been arrested for allegedly exploiting the Heartbleed vulnerability. He stole nearly 1,000 social insurance numbers from the Canada Revenue Agency.
image credit: cnet