Royal Canadian Mounted Police Arrest Heartbleed Hacker

Keep on Guard!


The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far.

And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and hails from London, Ontario.

It seems he was using Heartbleed against the tax system in Canada (CRA or the Canada Revenue Agency).

Hearbleed Hacker in Canada

Cops in Canada have arrested a teen they believe to be behind an attack on the country’s tax system using the Heartbleed bug.

The Royal Canadian Mounted Police (RCMP) said 19-year-old Stephen Arthuro Solis-Reyes of London, Ontario, was cuffed and charged with the unauthorized use of a computer and criminal mischief in relation to the theft of taxpayers’ personal records from the Canada Revenue Agency (CRA).

“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,” assistant commissioner Gilles Michaud said in a statement.

“Investigators from National Division, along with our counterparts in [Ontario] Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”


He must be pretty n00b tbh if he wasn’t proxying/bouncing his IP around/using TOR/VPNs etc and gets caught in 4 days. But the majority of people that get caught for ‘hacking’ are at that level – script kiddy level.

They get a tool like Heartbleed, and run it against a server without really understanding what is going on – and how easily they can be caught. And then boom – they are in prison trying not to drop the soap.

Solis-Reyes is alleged to have exploited the Heartbleed vulnerability, present in OpenSSL running on the CRA’s servers, to swipe 900 social insurance numbers. The CRA believes that whoever hacked the systems gathered the sensitive information during a six-hour window on April 9, which was after the first public reports of the flaw and before the computers were patched.

The attack marked one of the first known instances of hackers actively exploiting the Heartbleed condition in the wild to steal user data. Though if reports are to be believed, the NSA and (likely) other government organizations have been exploiting the flaw for years in order to gather intelligence info.

The RCMP reported that it arrested Solis-Reyes without incident on April 15. The Mounties also seized computer equipment from his home. He is scheduled to appear before a court in Ottawa on July 17 to begin trial.

The investigation is still ongoing, although the Mounties did not report of any other persons involved in the attack.

So far I haven’t seen anyone else getting arrested for exploiting Heartbleed, and by now Stephen is pretty much World famous. It’ll be interesting to see if any other cases come out, I’m not sure if social insurance numbers are valuable in Canada – or if you could do anything with them – or sell them?

Here’s the algorithm and analysis – Social Insurance Number Authentication

Source: The Register

Posted in: Exploits/Vulnerabilities, Legal Issues


Latest Posts:


Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.
LOIC Hivemind - Low Orbit Ion Cannon LOIC Download – Low Orbit Ion Cannon DDoS Booter
LOIC Download below - Low Orbit Ion Cannon is an Open Source Stress Testing and Denial of Service (DoS or DDoS) attack application written in C#.


One Response to Royal Canadian Mounted Police Arrest Heartbleed Hacker

  1. Dominick April 18, 2014 at 6:38 am #

    It’s amazing how some people call themselves hackers. Not changing your IP or any of that crucial information is like robbing a bank without a mask and pausing for a picture on the camera before leaving. But who knows if this story is the real story?! Great write up, and glad this little kid got caught!