A 19-year-old man from Canada has been arrested for his alleged use of the Heartbleed OpenSSL flaw to steal information on 900 citizens from the Canada Revenue Agency (CRA).
The Royal Canadian Mounted Police (RCMP) said that its National Division Integrated Technological Crime Unit (ITCU) arrested Stephen Arthuro Solis-Reyes at his home in London, Ontario, after tracing him as the source of the data theft. Police seized computer equipment and Solis-Reyes will appear in court in Ottawa on 17 July.
Assistant commissioner Gilles Michaud said the arrest demonstrated the importance with which the RCMP had attacked after the incident came to light. “The RCMP treated this breach of security as a high-priority case and mobilised the necessary resources to resolve the matter as quickly as possible,” he said.
“Investigators from National Division, along with our counterparts in 'O' Division have been working tirelessly over the last four days analysing data, following leads, conducting interviews, obtaining and executing legal authorisations and liaising with our partners."
The incident is the latest ramification from the discovery of the Heartbleed SSL bug. It was uncovered last week when security researchers revealed that an update to the open-source software in late 2011 left it open to attack.
Since then major firms have been rushing to upgrade their systems to avoid being caught out. Incidents such as that hitting the CRA and community website Mumsnet have demonstrated how quickly hackers react to exploitable threats.
The founders of the OpenSSL software have hit back at the tech community for not doing enough to help maintain the tool, claiming that they are unwilling to provide financial support, despite using the software across their services.
Watch our video below for all you need to know about Heartbleed and how to protect against the flaw.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.