Heartbleed bug accused charged by RCMP after SIN breach

The RCMP's National Division has charged a 19-year-old London, Ont., man following the theft of 900 social insurance numbers reported by the Canada Revenue Agency.

The charges come after the CRA reported that 900 social insurance numbers were stolen in a web security breach due to the Heartbleed bug. Stephen Arthuro Solis-Reyes was arrested at his home on Tuesday without incident, RCMP said Wednesday.

The RCMP allege that Solis-Reyes was able to extract the private information from the CRA by exploiting the security vulnerability known as the Heartbleed bug. He faces one count of unauthorized use of a computer and one count of mischief in relation to data.

Heartbleed bug accused charged by RCMP after SIN breach

I did a search and didn't find this already posted.

There was a post on ATS about the NSA knowing about the Heartbleed bug for the last two years.
I wonder if they are going to try to pin this whole thing on this poor kid or if he will just be charged with the SIN theft?

Your thoughts?

From what I gathered he is just being charged with mischief and non authorized use of a computer. He just took advantage of the bug so I think they understand that well but who knows they may change there story. This guy deserves some punishment though but not as much as who ever set this virus.

Too soon to tell if he is going to be the fall guy or not .It will be worth following the story as it goes further though .I wonder what the plan was to do with them ? I would imagine they would come in handy for creating false id's for covert operations and the like .Could also be a part of a plant to send more military support to Syria ..who knows ..

A 19 year old kid ...hmmm What would cause a 19 year old to steal 900 SIN? I hope RCMP are tracking the contacts on this guys computer,because chances are he stole them for the highest bidder. Identity theft is rampant and easily rivals the drugs for earning money . Gosh I miss the days when kids weren't too smart for their own good.

I told you guys to watch out for Canada!

They sit there playing innocent but.....

(just joking Canada.)

I have to stop myself because I got a really bad case of deja vu.

Hmmm....off-topic but strange.

AccessDenied
Gosh I miss the days when kids weren't too smart for their own good.

I for one, am glad that older people can admit our generation is smarter.

19 years old means he isn't a kid..

He didn't find the Heartbleed bug, he just took advantage of it after the bug was publicized.

19 years old means he is an adult, not a kid.

I was doing more advanced things with computers at age 12 (18 years ago).

Is there any way to find out wether or not your SIN is among the 900 stolen?

reply to post by Shepard64

It's not a virus, but a weak spot in the code.

TKDRL
Is there any way to find out wether or not your SIN is among the 900 stolen?

The Government of Canada is by law, forced to advised you.

Actually, they are also forced to provide you with a NEW SIN # to compensate, as now that it's been stolen once, it's permanently vulnerable.

I dealt with this a few years ago.

~Tenth

reply to post by tothetenthpower


Good to know, did they contact you by mail or phone?

reply to post by TKDRL


Registered mail.

Had to sign for it, had to call a #, go through a hell of a verification process.

www.servicecanada.gc.ca...

I believe these days they might have you do it via this link above.

~Tenth

legally speaking, yes 19 is an adult but when we live to be around 100, 19 is still a kid imo.

I too wonder if he was going to sell those 900 SINs. I'm glad I didn't file my taxes yet, I'm going to do it the old school way with a paper form

knoledgeispower
legally speaking, yes 19 is an adult but when we live to be around 100, 19 is still a kid imo.

I too wonder if he was going to sell those 900 SINs. I'm glad I didn't file my taxes yet, I'm going to do it the old school way with a paper form

Agreed. Sorry but I have kids older than him, so to me he is a kid.

a reply to: TKDRL

Thank you, for pointing that out. A lot of people keep thinking this was a virus.

Back-On-Topic: And right there is 900 individuals who wouldn't have had this happen to them if the NSA would have done there job 2+ years ago, instead of doing like the 19 year old and exploiting it.

Reason #267 why I will never electronically file my income taxes... never have, never will.

People are getting far too comfortable with conducting all of their business across the digital highway these days, and completely poo-pooing the fact that it's highly insecure and direly vulnerable. Anytime, anywhere, all the time.

A person's tax return contains every single possible piece of personal information that a crook needs to steal your identity... and/or worse... all conveniently available for them in one fell swoop of a keystroke.

They literally would have your social insurance number, your full name, your date of birth, your address, your spouse's name, your spouse's social insurance number, your children's names, the daycare your children might be attending, your place of employment, your income, your spouse's net income, your banking institution, whether you have investments and with which companies, any capital gains is an indicator of valuable tangible assets, dividends, the account/customer numbers of those investments, etc etc !!

Why the hell would anyone choose to offer up that smorgasborg of information transferred across the internet ?!

originally posted by: TKDRL
reply to post by Shepard64

 

It's not a virus, but a weak spot in the code.

As a software professional; I have serious reservations on how accidental the programming error actually was. From the various reports I read, it seems the NSA were exploiting this "error" as soon as it was released. Further, it seems that the error was known way back in 2011, at the time of the last version release. By the way, recently the newest version was released.

originally posted by: CranialSponge
A person's tax return contains every single possible piece of personal information that a crook needs to steal your identity... and/or worse... all conveniently available for them in one fell swoop of a keystroke.

That statement made me wonder why identity theft wasn't more prevalent back when all we had was the postal service. I mean, all that personal information was there in the paper form too. I guess the "keystroke" is so much easier than driving around opening mailboxes looking for tax returns.

originally posted by: LogicalGraphitti

originally posted by: CranialSponge
A person's tax return contains every single possible piece of personal information that a crook needs to steal your identity... and/or worse... all conveniently available for them in one fell swoop of a keystroke.

That statement made me wonder why identity theft wasn't more prevalent back when all we had was the postal service. I mean, all that personal information was there in the paper form too. I guess the "keystroke" is so much easier than driving around opening mailboxes looking for tax returns.

I'm thinking it might be because identity theft was a lot more difficult back in the day.

Before everything became computerized, you had to actually walk into a bank and produce a piece of physical ID to withdraw monies from a bank account... or have the physical credit card in hand to purchase something in a store.

Nowadays, all you need is somebody's password and you've got instant access to a person's bank account or credit card info, etc. with no need to show your face to conduct transactions. You can literally bleed someone dry now in the "comfort of your own home".

No doubt identity theft is more prevelant now because of how easy and convienent it's become.

Scary thoughts indeed.