First arrest made in Heartbleed hack case

A 19-year-old man from Canada has been arrested in relation to the computer security breach Heartbleed.

Stephen Arthuro Solis-Reyes from Ontario was accused by the Royal Canadian Mounted Police (RCMP) of hacking into the website of the Canadian Revenue Agency (CRA)’s website last Friday.

Solis-Reyes is the first person to be charged in connection with the internet security bug.

According to the RCMP, after gaining access to the site, Mr Solis-Reyes proceeded to steal 900 social insurance numbers.

The Heartbleed bug was revealed to the public last week by Google and Codenomican, a small security firm from Finland, which independently identified the issue. 

The computer bug works by exploiting a flaw in OpenSSL, a cryptographic software library, which is used to keep data transmissions private.

Apart from the CRA website, the bug has affected a number of other organisations, including the British social networking site Mumsnet.

In a post on the website, the hacker said: “I hope the actions of hijacking Justine’s account help draw attention to how big a deal this is. I suspect a lot of people would not have taken it seriously otherwise. Be thankful that the person who got access to the server information was kind enough to let you all know (and at least try and be funny with it) instead of simply sitting on the information.”

The RCMP has been investigating the case for last four days and has charged Mr Solis-Reyes with “unauthorised use of a computer” and “mischief in relation to data”.

The hacker is expected to appear in court on 17^th July 2014.

Security experts warn that many more similar breaches are likely to be revealed soon.

 Simon Wyatt