Canadian police arrest 19-year-old in alleged Heartbleed attack

Canadian police this week made what is believed to be the first arrest related to Heartbleed, a recently discovered bug that left countless websites vulnerable to cyber attacks.

The Royal Canadian Mounted Police on Tuesday arrested 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario. He is believed to have exploited the Heartbleed bug to steal the data of about 900 Canadians from the country’s tax revenue agency.

Solis-Reyes now faces two counts of computer-related crimes and is scheduled to appear in court this July.

VIDEO: Protecting against Heartbleed


The Heartbleed bug was an error in the code for OpenSSL, a technology used by two-thirds of the Web’s servers to keep sensitive data secure. Heartbleed could be used to easily circumvent OpenSSL and quickly gain access to user data, including their passwords.

Security researchers announced their discovery of the bug and issued a fix for it earlier this month.

It’s unclear to what extent the Heartbleed bug has been exploited to steal user data, but at the very least, it was used to compromise the Canada Revenue Agency.

The CRA was forced to shut down its website last week after learning that it may have been vulnerable to Heartbleed hacks, and earlier this week, the agency said it had been informed that a security breach had indeed occurred.


As a result of the hack, the CRA was forced to push Canada’s tax-filing deadline from April 30 to May 5.


Microsoft’s Clippy returns in Windows Phone 8.1 ‘Easter egg’

Google to sell basic version of modular smartphone in January


Apple, Samsung, others commit to anti-theft tools for smartphones