Since the revelations of the security breach named Heartbleed two weeks ago, only a few cases have been identified, including one in Canada. The hacker who managed to steal 900 social security numbers was been arrested Tuesday by the Royal Canadian Mounted Police.
On april 6 was discovered the breach Heartbleed. Integrated into OpenSSL software since 2012, it hijacks the Heartbeat function for the encryption system by asking the server to send more information that the browser sends. The breach allows to hackers to recover many encrypted information that passes on the servers at the time of connection since two years. Among these data, it is possible to find non-relevant information, but also email addresses, passwords, or social security numbers. These are precisely the data that have been stolen by Stephen Arturo Solis-Reyes, a 19 years old Canadian hacker on servers of the Canada Revenue Agency.
In a statement released Tuesday, the RCMP welcomes the arrest after four days of investigation: “The Royal Canadian Mounted Police has addressed this vulnerability as a case of high priority and mobilized the resources needed to solve this investigation as soon as possible” said Assistant Commissioner Gilles Michaud. Stephen Arturo Solis-Reyes should be held on July 17 for unauthorized use of a computer and mischief against data use. Computer equipment was also seized by the Canadian authorities.