Heartbleed: First arrest made of 19-year-old Canadian for Heartbleed hack

Teenager was allegedly involved in attack last Friday on Canadian tax records
  • @jjvincent

The first hacker suspected of using the Heartbleed bug in order to steal personal data has been arrested in Canada.

The Royal Canadian Mounted Police (RCMP) said that 19-year-old Stephen Arthuro of London, Ontario was arrested on Tuesday for his alleged involvement in the theft of taxpayer’s records from the Canada Revenue Agency (CRA).

On Monday the CRA’s commissioner Andrew Treusch had announced that the social insurance numbers of more than 900 taxpayers had been removed from the institute’s systems.

The attack took place on Friday, five days after the Heartbleed bug was made public.

The flaw in a widely used encryption standard had gone unnoticed for more than two years, with web companies scrambling to update their systems after the announcement was made by Google and Finnish security group Codenomicon.

The bug allowed for malicious users to request random chunks of data from secure servers – an imprecise method of attack, but one that offered potential access to all manner of personal data.

In the case of the CRA, affected customers will be receiving a letter to inform them that their data was comprised. For added security these notifications will not be made via email.