Forgot your password?
typodupeerror
Canada Crime Encryption Privacy Your Rights Online

RCMP Arrest Canadian Teen For Heartbleed Exploit 104

Posted by timothy
from the they-got-their-man dept.
According to PC Mag, a "19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug. Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data." That exploit led to a deadline extension for some Canadian taxpayers in getting in their returns this year. The Register has the story as well. The Montreal Gazette has some pointed questions about how much the Canadian tax authorities knew about the breach, and when.
This discussion has been archived. No new comments can be posted.

RCMP Arrest Canadian Teen For Heartbleed Exploit

Comments Filter:
  • Re:LOL CANADA LOL (Score:5, Interesting)

    by Russ1642 (1087959) on Thursday April 17, 2014 @10:39AM (#46779075)

    You guys will never understand the RCMP. They're probably one of the last competent police forces on the planet, and the vast majority of Canadians respects them. Our city or provincial police forces on the other hand...

  • by Anonymous Coward on Thursday April 17, 2014 @10:59AM (#46779269)

    The real questions are fairly simple: when did the breach occur, and how did they know? Also, how did they know 900 SIN numbers were taken and how do they know more weren't? None of these are necessarily conspiracy-esque questions, but they're relevant. Though it sounds like the CRA may not be at liberty to say anything about some (or any) of that, having been asked by the RCMP not to while they firm up charges.

    Full packet capture, probably. Just record all traffic (or only traffic to port 443) and then grep through it. All the common Heartbleed scripts don't bother setting up the encryption, just begin the handshake, fire off an unecrypted heartbeat request, get unecrypted response and disconnect. They could tben dig through responses and find which accounts got leaked.

    Or maybe even without raw traffic capture - suspicious activity on port 443 + everyone who accessed their accounts in that timeframe.

  • Re:LOL CANADA LOL (Score:2, Interesting)

    by Anonymous Coward on Thursday April 17, 2014 @11:25AM (#46779561)

    You guys will never understand the RCMP. They're probably one of the last competent police forces on the planet, and the vast majority of Canadians respects them.

    You gotta be kidding.

    There was the incident of 4 armed RCMP officers who tasered some poor unarmed schlub FIVE times and killed him:

    http://en.wikipedia.org/wiki/R... [wikipedia.org]

    And they lied about it and tried to cover it up by refusing to release the video.

    Then there was the RCMP officer who kicked Buddy Tavares in the face. Tavares was complying with the police, he was unarmed, and had his hands on the pavement. Oh, and it was recorded on video.

    http://thescottross.blogspot.c... [blogspot.ca]
    http://www.theglobeandmail.com... [theglobeandmail.com]

    There was the time the RCMP pepper-sprayed hapless protesters who were legally & peacefully protesting so that Suharto, the dictator of Indonesia wouldn't have to see them:

    http://www.cbc.ca/news/canada/... [www.cbc.ca]

    And many many more.

fortune: not found

Working...