July 17, 2014 7:23 am

Teen charged in CRA Heartbleed hack to appear in Ottawa court

R.C.M.P. investigators walk past the house of Stephen Arthuro Solis-Reyes, 19, in London, Ont.


TORONTO – A 19-year-old Western University student accused of using the Heartbleed bug to gain access to social insurance numbers on the Canada Revenue Agency (CRA) website will make his first appearance in an Ottawa court Thursday.

Story continues below

Police allege the teen used the bug, which crippled the CRA’s website in April, to access roughly 900 numbers.

RCMP arrested Stephen Arthuro Solis-Reyes, of London, Ont., at his home on April 15. He faces one count of Unauthorized Use of Computer and one count of mischief. Police seized computer equipment during a search of the teen’s home.

READ MORE: Hacker charged in CRA Heartbleed breach ‘straight-A’ engineering student

Solis-Reyes’ lawyer, Faisal Joseph of Lerners Law Firm, described the teen as a “straight-A” second-year engineering student. He is listed as a 1500-metre runner on multiple running websites. His father is a computer science professor at Western University.

Yearbook photo of Stephen Solis-Reyes.

File Photo

Heartbleed, which some experts called the biggest security vulnerability in the history of the Internet, was a flaw found in a line of code in OpenSSL.

The security flaw created an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. Heartbleed allowed attackers to snoop on Internet traffic even if the padlock icon was closed.

READ MORE: SINs stolen from CRA website prompt identity theft concerns

The security breach shut down the CRA’s website for days and caused the agency to extend the tax deadline. Canadians affected by the CRA breach were notified via registered letter.

© 2014 Shaw Media

Report an error


Want to discuss? Please read our Commenting Policy first.

Global News