The first cracker to use the untraceable Heartbleed bug to steal data from the Canadian taxman has had his collar fingered by the Mounties.
Inspector Knacker of the London Yard arrested a 19-year-old man and charged him in connection with the attack.
The Canada Revenue Agency (CRA) said this week that about 900 social insurance numbers and possibly other data had been compromised because of an attack on its site.
Stephen Solis-Reyes faces criminal charges of unauthorized use of computer and mischief in relation to data.
Inspector Knacker confirmed in a statement that Solis-Reyes, allegedly, was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug.
They have seized Solis-Reyes computer equipment and scheduled his first court appearance for July 17, 2014.
Security experts have warned that more attacks will follow until companies update their software.
Solis-Reyes, a student at Western University, is the son of Roberto Solis-Oba who teaches computer science at Western.
According to his lawyer he is an A student and a very, very bright young man. Apparently the kid is too emotional to speak about the charges against him and police haven’t told him anything, either. So far no-one has seen the evidence.
Contrary to earlier reports Solis-Reyes voluntarily turned himself in to police on Tuesday after officers threatened to arrest him in the middle of one of his classes. Days earlier Mounties served a warrant at Solis-Reyes’s house at 1AM but left without advising of a charge.
The CRA temporarily shut down some access to its website late on April 8 in response to security concerns about the Heartbleed bug. This security flaw in its website encryption left it vulnerable to hackers.