Teen charged in CRA Heartbleed hack to appear in Ottawa court
TORONTO – A 19-year-old Western University student accused of using the Heartbleed bug to gain access to social insurance numbers on the Canada Revenue Agency (CRA) website will make his first appearance in an Ottawa court Thursday.
Police allege the teen used the bug, which crippled the CRA’s website in April, to access roughly 900 numbers.
RCMP arrested Stephen Arthuro Solis-Reyes, of London, Ont., at his home on April 15. He faces one count of Unauthorized Use of Computer and one count of mischief. Police seized computer equipment during a search of the teen’s home.
Solis-Reyes’ lawyer, Faisal Joseph of Lerners Law Firm, described the teen as a “straight-A” second-year engineering student. He is listed as a 1500-metre runner on multiple running websites. His father is a computer science professor at Western University.
Heartbleed, which some experts called the biggest security vulnerability in the history of the Internet, was a flaw found in a line of code in OpenSSL.
The security flaw created an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. Heartbleed allowed attackers to snoop on Internet traffic even if the padlock icon was closed.
The security breach shut down the CRA’s website for days and caused the agency to extend the tax deadline. Canadians affected by the CRA breach were notified via registered letter.
© Shaw Media, 2014