Teen Arrested For Using Heartbleed To Get Canadian Taxpayer Info; Did Nothing To Hide Himself

from the that-didn't-take-long dept

One of the most high profile victims of the Heartbleed vulnerability was the Canadian tax service, Canada Revenue Agency, which shut down its online tax filing offering. A few days later, the agency admitted that about 900 Canadians had information copied from the site via someone exploiting the vulnerability, prior to the site being shut down. And, from there, it was just a day or so until it was reported that a teenager, Stephen Arthuro Solis-Reyes, had been arrested for the hack.

Given the speed of the arrest, it would not appear that Solis-Reyes did very much to cover his tracks. In fact, reports say he did nothing to hide his IP address. He's a computer science student -- and his father is a CS professor, with a specialty in data mining. It seems at least reasonably likely that the "hack" was more of a "test" to see what could be done with Heartbleed and (perhaps) an attempt to show off how risky the bug could be, rather than anything malicious. It will be interesting to see how he is treated by Canadian officials, compared to say, the arrests of Aaron Swartz and weev.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: canada, canadian revenue agency, cra, hacking, heartbleed, stephen arthuro solis-reyes


Reader Comments

Subscribe: RSS

View by: Thread


  1. identicon
    Anonymous Coward, 18 Apr 2014 @ 7:14am

    Re: Re: Re:

    "There's no situation where a human being would unknowingly start giving you private information about someone else. "

    LOL


    "accessing confidential private information without permission, he broke the law."

    A) He was given it. (information stored in ram)
    B) There could have been anything in that ram.
    C) The people who gave him it are relevant.



    "Inadvertently" .... you said it yourself. "a bug was responsibly for inadvertently giving away information".
    Leads to the question. Who had the bug?


    Look, I agree that the morality is questionable. The information was sensitive. It was an unwanted feature/bug. However, to ignore the glaring "who dun it" because of that is plain ignorant to the facts. The tax office gave out information. THEY DUN IT.

    Heaven forbid we hold the tax office accountable for not donating to openssl and dictating/securing the wanted features in it.

    To blame some kid for using it is an applauding "pass the buck" scenario.
    They had a feature, someone used it. It's their fault. It's that simple.



    FFS, You had WHAT feature ?

    You better remove that feature you asshole.


    meh... don't say it. Direct your anger at some kid stupid enough to use the feature. Like he is the worst type of person that could have used THEIR feature.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.