Slashdot Mirror

← Back to Stories (view on slashdot.org)

RCMP Arrest Canadian Teen For Heartbleed Exploit

Posted by timothy on from the they-got-their-man dept.

According to PC Mag, a "19-year-old Canadian was arrested on Tuesday for his alleged role in the breach of the Canada Revenue Agency (CRA) website, the first known arrest for exploiting the Heartbleed bug. Stephen Arthuro Solis-Reyes (pictured) of London, Ontario faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data." That exploit led to a deadline extension for some Canadian taxpayers in getting in their returns this year. The Register has the story as well. The Montreal Gazette has some pointed questions about how much the Canadian tax authorities knew about the breach, and when.

10 of 104 comments (clear)

  1. Good. by jellomizer · · Score: 5, Insightful

    I for one welcome arresting people who seem to think it is a good idea to enter someones home just because they didn't get to update all their locks on their home.

    Sure it is easy to update your PC, but if you have a mission critical application running, you need to make sure you take all the right steps even with the security vulnerability to make sure it doesn't go down.
     

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Good. by Anonymous Coward · · Score: 5, Funny

      Ok, thanks for that, we have the moderate perspective covered. Anyone feel like voicing a hard line?

    2. Re:Good. by neoform · · Score: 4, Insightful

      >I for one welcome arresting people who seem to think it is a good idea to enter someones home just because they didn't get to update all their locks on their home.

      I think your example is a bit too gentle.

      This is more like someone kicking your locked front door down and pointing out that your door isn't strong enough to prevent someone from kicking it down.

      The system was "locked" for all intents and purposes, as best the system administrators knew how to lock it. It wasn't because they were lazy or forgot, they just didn't know the door had any weaknesses.

      --
      MABASPLOOM!
  2. Re:And how about the CRA? by Godai · · Score: 5, Informative

    The Montreal Gazette article covers that. They asked a computer security consultant and he said the 24-hour delay was pretty reasonable given the impact taking down the site would have on people given the timing (tax season); not so much that they waited before doing it so much as it was a reasonable time to discuss it and come to a decision. So my guess is that no one will get burned over that.

    The real questions are fairly simple: when did the breach occur, and how did they know? Also, how did they know 900 SIN numbers were taken and how do they know more weren't? None of these are necessarily conspiracy-esque questions, but they're relevant. Though it sounds like the CRA may not be at liberty to say anything about some (or any) of that, having been asked by the RCMP not to while they firm up charges.

    --
    Wood Shavings!
    - Godai
  3. Script Kiddy by RichMan · · Score: 3, Insightful

    Ah the brilliance of youth -
    "I have a script for an exploit"
    "I can try it against the tax man"
    "I won't get caught"
    "I'm not going to use the results so no-bad"

    "Hey what's with the cuffs!"

  4. Story important for pacifying headlines by hessian · · Score: 3, Insightful

    Here in USA it's being reported this way:

    "Heartbleed hacker caught in Canada"

    Translation:

    Media sheep, go back to sleep. We caught THE hacker responsible for Heartbleed, thus it can fall into the memory hole. Any concerns you may have about your fellow citizens, their business interests or governments monitoring you, or perhaps about the general competence of software development (!!!) can also go back to sleep.

    Sleep, sleep my lovelies. Tomorrow there is obedience at school/job, and then shopping and sexy videos on the internet. Sleep, sleep.

    --
    Futurist Traditionalism
  5. Mischief in Relation to Data by dcollins117 · · Score: 4, Funny

    I like the name of the "Mischief in Relation to Data" charge. It sounds vague enough it could mean just about anything.

    Heck, this might even be on my resume, I'll have to check.

    1. Re:Mischief in Relation to Data by compro01 · · Score: 4, Informative

      It does have a somewhat specific legal meaning.

      (1.1) Every one commits mischief who wilfully
              (a) destroys or alters data;
              (b) renders data meaningless, useless or ineffective;
              (c) obstructs, interrupts or interferes with the lawful use of data; or
              (d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto.
      ...
      (5) Every one who commits mischief in relation to data
              (a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or
              (b) is guilty of an offence punishable on summary conviction.

      --
      upon the advice of my lawyer, i have no sig at this time
    2. Re:Mischief in Relation to Data by wonkey_monkey · · Score: 4, Funny

      It won't go anywhere. They'll let him plea bargain to Second-Degree Shenanigans and that'll be the end of it.

      --
      systemd is Roko's Basilisk.
  6. Re:LOL CANADA LOL by Russ1642 · · Score: 5, Interesting

    You guys will never understand the RCMP. They're probably one of the last competent police forces on the planet, and the vast majority of Canadians respects them. Our city or provincial police forces on the other hand...