Forgot your password?
typodupeerror
Canada Crime Encryption Privacy Your Rights Online

RCMP Arrest Canadian Teen For Heartbleed Exploit 104

Posted by timothy
from the they-got-their-man dept.
According to PC Mag, a "19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug. Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data." That exploit led to a deadline extension for some Canadian taxpayers in getting in their returns this year. The Register has the story as well. The Montreal Gazette has some pointed questions about how much the Canadian tax authorities knew about the breach, and when.
This discussion has been archived. No new comments can be posted.

RCMP Arrest Canadian Teen For Heartbleed Exploit

Comments Filter:
  • by Godai (104143) * on Thursday April 17, 2014 @10:27AM (#46778929)

    The Montreal Gazette article covers that. They asked a computer security consultant and he said the 24-hour delay was pretty reasonable given the impact taking down the site would have on people given the timing (tax season); not so much that they waited before doing it so much as it was a reasonable time to discuss it and come to a decision. So my guess is that no one will get burned over that.

    The real questions are fairly simple: when did the breach occur, and how did they know? Also, how did they know 900 SIN numbers were taken and how do they know more weren't? None of these are necessarily conspiracy-esque questions, but they're relevant. Though it sounds like the CRA may not be at liberty to say anything about some (or any) of that, having been asked by the RCMP not to while they firm up charges.

  • by compro01 (777531) on Thursday April 17, 2014 @11:03AM (#46779315)

    It does have a somewhat specific legal meaning. [justice.gc.ca]

    (1.1) Every one commits mischief who wilfully
            (a) destroys or alters data;
            (b) renders data meaningless, useless or ineffective;
            (c) obstructs, interrupts or interferes with the lawful use of data; or
            (d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.
    ...
    (5) Every one who commits mischief in relation to data
            (a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or
            (b) is guilty of an offence punishable on summary conviction.

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...