A “Heartbleed” arrest – the first to come by officials who warn of likely additional scams – put a 19-year-old Canadian fellow under arrest Wednesday by the Royal Canadian Mounted Police. The Heartbleed bug has left millions concerned over online privacy and security, and has spawned a new outlet for computer hackers looking to manipulate the bug to their advantage.
Reports Reuters on April 16, via MSN News: “Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the ‘Heartbleed’ bug to steal taxpayer data from a government website… In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.”
The teen, identified as London, Ontario resident Stephen Solis-Reyes, now faces criminal charges of “unauthorized use of computer and mischief” in relation to compromised data. Essentially, the Solis-Reyes used Heartbleed to tap into the Canadian “IRS” as it were, stealing personal data.
“It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug,” Canadian police said in a statement.
Explains the Los Angeles Times:
The Heartbleed bug was an error in the code for OpenSSL, a technology used by two-thirds of the Web's servers to keep sensitive data secure. Heartbleed could be used to easily circumvent OpenSSL and quickly gain access to user data, including their passwords.
Because of the hack, the CRA actually shut down its web site completely last week after the vulnerability was discovered. Solis-Reyes also singlehandedly pushed back Canada's tax-filing deadline from April 30 to May 5.
The Heartbleed bug makes it possible for hackers to retrieve code from websites and other online services, granting them access to information ranging from personal information, to locator information, to banking and credit card numbers.
What can you do to protect yourself? The Los Angeles Times put together an 11-minute YouTube video explaining in layman’s terms what the bug is and how we can protect our online presence.