Royal Canadian Mounted Police Arrest Heartbleed Hacker

The New Acunetix V12 Engine


The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far.

And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and hails from London, Ontario.

It seems he was using Heartbleed against the tax system in Canada (CRA or the Canada Revenue Agency).

Hearbleed Hacker in Canada

Cops in Canada have arrested a teen they believe to be behind an attack on the country’s tax system using the Heartbleed bug.

The Royal Canadian Mounted Police (RCMP) said 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario, was cuffed and charged with the unauthorized use of a computer and criminal mischief in relation to the theft of taxpayers’ personal records from the Canada Revenue Agency (CRA).

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” assistant commissioner Gilles Michaud said in a statement.

“Investigators from National Division, along with our counterparts in [Ontario] Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”


He must be pretty n00b tbh if he wasn’t proxying/bouncing his IP around/using TOR/VPNs etc and gets caught in 4 days. But the majority of people that get caught for ‘hacking’ are at that level – script kiddy level.

They get a tool like Heartbleed, and run it against a server without really understanding what is going on – and how easily they can be caught. And then boom – they are in prison trying not to drop the soap.

Solis-Reyes is alleged to have exploited the Heartbleed vulnerability, present in OpenSSL running on the CRA’s servers, to swipe 900 social insurance numbers. The CRA believes that whoever hacked the systems gathered the sensitive information during a six-hour window on April 9, which was after the first public reports of the flaw and before the computers were patched.

The attack marked one of the first known instances of hackers actively exploiting the Heartbleed condition in the wild to steal user data. Though if reports are to be believed, the NSA and (likely) other government organizations have been exploiting the flaw for years in order to gather intelligence info.

The RCMP reported that it arrested Solis-Reyes without incident on April 15. The Mounties also seized computer equipment from his home. He is scheduled to appear before a court in Ottawa on July 17 to begin trial.

The investigation is still ongoing, although the Mounties did not report of any other persons involved in the attack.

So far I haven’t seen anyone else getting arrested for exploiting Heartbleed, and by now Stephen is pretty much World famous. It’ll be interesting to see if any other cases come out, I’m not sure if social insurance numbers are valuable in Canada – or if you could do anything with them – or sell them?

Here’s the algorithm and analysis – Social Insurance Number Authentication

Source: The Register

Posted in: Exploits/Vulnerabilities, Legal Issues


Latest Posts:


SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.


One Response to Royal Canadian Mounted Police Arrest Heartbleed Hacker

  1. Dominick April 18, 2014 at 6:38 am #

    It’s amazing how some people call themselves hackers. Not changing your IP or any of that crucial information is like robbing a bank without a mask and pausing for a picture on the camera before leaving. But who knows if this story is the real story?! Great write up, and glad this little kid got caught!