17 April 2014 | 1,149 views

Royal Canadian Mounted Police Arrest Heartbleed Hacker

Check For Vulnerabilities with Acunetix

The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far.

And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and hails from London, Ontario.

It seems he was using Heartbleed against the tax system in Canada (CRA or the Canada Revenue Agency).

Hearbleed Hacker in Canada

Cops in Canada have arrested a teen they believe to be behind an attack on the country’s tax system using the Heartbleed bug.

The Royal Canadian Mounted Police (RCMP) said 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario, was cuffed and charged with the unauthorized use of a computer and criminal mischief in relation to the theft of taxpayers’ personal records from the Canada Revenue Agency (CRA).

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” assistant commissioner Gilles Michaud said in a statement.

“Investigators from National Division, along with our counterparts in [Ontario] Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”

He must be pretty n00b tbh if he wasn’t proxying/bouncing his IP around/using TOR/VPNs etc and gets caught in 4 days. But the majority of people that get caught for ‘hacking’ are at that level – script kiddy level.

They get a tool like Heartbleed, and run it against a server without really understanding what is going on – and how easily they can be caught. And then boom – they are in prison trying not to drop the soap.

Solis-Reyes is alleged to have exploited the Heartbleed vulnerability, present in OpenSSL running on the CRA’s servers, to swipe 900 social insurance numbers. The CRA believes that whoever hacked the systems gathered the sensitive information during a six-hour window on April 9, which was after the first public reports of the flaw and before the computers were patched.

The attack marked one of the first known instances of hackers actively exploiting the Heartbleed condition in the wild to steal user data. Though if reports are to be believed, the NSA and (likely) other government organizations have been exploiting the flaw for years in order to gather intelligence info.

The RCMP reported that it arrested Solis-Reyes without incident on April 15. The Mounties also seized computer equipment from his home. He is scheduled to appear before a court in Ottawa on July 17 to begin trial.

The investigation is still ongoing, although the Mounties did not report of any other persons involved in the attack.

So far I haven’t seen anyone else getting arrested for exploiting Heartbleed, and by now Stephen is pretty much World famous. It’ll be interesting to see if any other cases come out, I’m not sure if social insurance numbers are valuable in Canada – or if you could do anything with them – or sell them?

Here’s the algorithm and analysis – Social Insurance Number Authentication

Source: The Register



Recent in Exploits/Vulnerabilities:
- Sony Pictures Hacked – Employee Details & Movies Leaked
- Gruyere – Learn Web Application Exploits & Defenses
- Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

Related Posts:
- Heartbleed Implicated In US Hospital Leak
- Seattle Computer Security Expert Turns Tables On The Police
- Heartbleed Bug SSL Vulnerability – Everything You Need To Know

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 228,468 views
- AJAX: Is your application secure enough? - 119,242 views
- eEye Launches 0-Day Exploit Tracker - 85,114 views

Advertise on Darknet

One Response to “Royal Canadian Mounted Police Arrest Heartbleed Hacker”

  1. Dominick 18 April 2014 at 6:38 am Permalink

    It’s amazing how some people call themselves hackers. Not changing your IP or any of that crucial information is like robbing a bank without a mask and pausing for a picture on the camera before leaving. But who knows if this story is the real story?! Great write up, and glad this little kid got caught!