A man has been arrested as part of an investigation into a breach of Canada’s tax authority that used the infamous Heartbleed bug.
Stephen Arthuro Solis-Reyes, a 19-year-old from Ontario, was arrested on Tuesday by the Royal Canadian Mounted Police (RCMP) and charged with two separate offences relating to the Canada Revenue Agency attack.
“The RCMP treated this breach of security as a high priority case and mobilised the necessary resources to resolve the matter as quickly as possible,” said Assistant Commissioner Gilles Michaud.
“Investigators from National Division, along with our counterparts in ‘O’ Division have been working tirelessly over the last four days analysing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners.”
Solis-Reyes has been scheduled to appear in court in Ottawa on 17 July.
Just a week after disclosure of the Heartbleed bug, which was resident in the OpenSSL encryption standard, the Canada Revenue Agency warned as many as 900 citizens’ social insurance numbers had been compromised as a result of the breach.
UK website Mumsnet was also targeted, but it appeared the attackers had not sought to do anything malicious with the usernames and passwords they acquired.
The Heartbleed fallout has continued throughout this week, with various organisations pushing out OpenSSL patches to protect customers.
It’s believed encryption keys could now be stolen from any VPN service running the OpenVPN protocol, according to reports. Many popular services, including HideMyAss, let users run supposedly secure connections over OpenVPN.
For anyone who wants to contribute to the OpenSSL fund to help ensure epic mistakes like the one that caused Heartbleed don’t happen again, t-shirts (pictured) are currently on sale, proceeds from which go to the open source effort.
Update: we stumbled on this Heartbleed T-shirt. All proceeds go to the OpenSSL project, say the creators, who describe themselves as “a bunch of people who want to help create a safer Internet”.
Love IT security? Try our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…