Royal Canadian Mounted Police Arrest Heartbleed Hacker


The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far.

And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and hails from London, Ontario.

It seems he was using Heartbleed against the tax system in Canada (CRA or the Canada Revenue Agency).

Hearbleed Hacker in Canada

Cops in Canada have arrested a teen they believe to be behind an attack on the country’s tax system using the Heartbleed bug.

The Royal Canadian Mounted Police (RCMP) said 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario, was cuffed and charged with the unauthorized use of a computer and criminal mischief in relation to the theft of taxpayers’ personal records from the Canada Revenue Agency (CRA).

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” assistant commissioner Gilles Michaud said in a statement.

“Investigators from National Division, along with our counterparts in [Ontario] Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”


He must be pretty n00b tbh if he wasn’t proxying/bouncing his IP around/using TOR/VPNs etc and gets caught in 4 days. But the majority of people that get caught for ‘hacking’ are at that level – script kiddy level.

They get a tool like Heartbleed, and run it against a server without really understanding what is going on – and how easily they can be caught. And then boom – they are in prison trying not to drop the soap.

Solis-Reyes is alleged to have exploited the Heartbleed vulnerability, present in OpenSSL running on the CRA’s servers, to swipe 900 social insurance numbers. The CRA believes that whoever hacked the systems gathered the sensitive information during a six-hour window on April 9, which was after the first public reports of the flaw and before the computers were patched.

The attack marked one of the first known instances of hackers actively exploiting the Heartbleed condition in the wild to steal user data. Though if reports are to be believed, the NSA and (likely) other government organizations have been exploiting the flaw for years in order to gather intelligence info.

The RCMP reported that it arrested Solis-Reyes without incident on April 15. The Mounties also seized computer equipment from his home. He is scheduled to appear before a court in Ottawa on July 17 to begin trial.

The investigation is still ongoing, although the Mounties did not report of any other persons involved in the attack.

So far I haven’t seen anyone else getting arrested for exploiting Heartbleed, and by now Stephen is pretty much World famous. It’ll be interesting to see if any other cases come out, I’m not sure if social insurance numbers are valuable in Canada – or if you could do anything with them – or sell them?

Here’s the algorithm and analysis – Social Insurance Number Authentication

Source: The Register

Posted in: Exploits/Vulnerabilities, Legal Issues


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


One Response to Royal Canadian Mounted Police Arrest Heartbleed Hacker

  1. Dominick April 18, 2014 at 6:38 am #

    It’s amazing how some people call themselves hackers. Not changing your IP or any of that crucial information is like robbing a bank without a mask and pausing for a picture on the camera before leaving. But who knows if this story is the real story?! Great write up, and glad this little kid got caught!