A man was charged in a heartbleed attack on the Canada Tax Agency, authorities revealed. Stephen Solis-Reyes, 19, was arrested Wednesday for using the virus to steal personal information like private social security numbers and possibly other data.
Solis-Reyes allegedly stole 900 social insurance numbers – these are similar to social security numbers in the U.S. – and other information from the Canada Tax Agency website by exploiting a known flaw in the OpenSSL software, the organization stated. After his arrest at his London, Ontario home, he was charged with unauthorized use of a computer and mischief in relation to data, Reuters reported.
"It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug," the Royal Canadian Mounted Police said in a statement. "The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible."
This has been the most high-profile Heartbleed bug attack so far, as major websites like Facebook, Twitter, Chase, Yahoo! and various others have quickly eliminated the vulnerability and asked users to change their passwords.
The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a "heartbeat," which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.
To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe.
Solis-Reyes is scheduled to appear in court on July 17.