Canadian law enforcement officials make first Heartbleed-related arrest

Shawn Knight

Posts: 15,256   +192
Staff member

canadian heartbleed-related patch bug arrest flaw data theft openssl heartbleed

The Royal Canadian Mounted Police in Canada have made the first of what is sure to be several more arrests related to the exploitation of the Heartbleed bug.

Officials arrested and charged Stephen Arthuro Solis-Reyes with unauthorized use of a computer and mischief in relation to data following an incident that forced the Canadian Revenue Agency (CRA) to close its website for nearly a week.

The breach took place last Friday, just days after the security vulnerability made headlines around the world and before the CRA was able to patch their servers. The 19-year-old from London, Ontario, managed to snag around 900 Social Insurance numbers which are similar to Social Security numbers in the US.

Given the undetectable nature of the vulnerability, some are questioning exactly how law enforcement officials were able to track the suspect down in the first place. Some have speculated that he might have been caught trying to sell or use the stolen data but that isn’t confirmed.

It’s also unclear exactly when the attack may have taken place. Did he exploit the bug before it was made public or was he simply able to take advantage of it before it was patched?

News of the exploit, which relates to certain versions of software library OpenSSL, first surfaced on April 8. A patch has been available ever since but even still, there’s no way to know how often it was used and by how many people. The best course of action is to change your login credentials at all of the sites that were affected.

Permalink to story.

 
There are numerous devices between the internet and a government webserver - like firewalls and routers and load balancers.

The logs in those devices may have caught the intruder even if heartbleed itself allowed access to the 64K chunks of data on the webserver.
 
Those Royal Canadian Mounted Police in Canada must have spent hours travelling to the UK JUST to catch that 1 guy..... Also this article needs more info as in we need to know how they found out about it and how they got juristiction to walk/fly to the UK and to arrest him.
 
Great news, your post is very impressive. Your post helped me to increase knowledge about

Heartbleed bug. Thanks to share such useful information with us.
 
Those Royal Canadian Mounted Police in Canada must have spent hours travelling to the UK JUST to catch that 1 guy..... Also this article needs more info as in we need to know how they found out about it and how they got juristiction to walk/fly to the UK and to arrest him.
They flew there on their magnificent flying mooses of course, how else would they get around?
 
Nice...that's great they found someone responsible for this recent vulnerability! no comment to the guy who thinks they went to England....
 
Next stop for this guy is San Quentin's gas chamber.
Don't you mean the gallows in the tower of London? (Ontario)

His death will be a grand affair when they hang, "The Man for All Algorithms".

The after party will include an Henry the VIII impersonator, reciting the medley of his hit, "Greensleeves". (That's always a big hit with any current queen. It tends to put them in touch with their inner mortal self).
Those Royal Canadian Mounted Police in Canada must have spent hours travelling to the UK JUST to catch that 1 guy..... Also this article needs more info as in we need to know how they found out about it and how they got juristiction to walk/fly to the UK and to arrest him.
Oops....:D

You, like many others, seem to believe the myth in which The Royal Canadian Mounted Police, can walk on water. It's only Mayor Rob Ford of Toronto who is able to do that. You take his crack pipe off of him though, and he sinks like a stone...:eek:

Oh well, who really knows very much aboot canadian geography anyhoo......AY? :D

They flew there on their magnificent flying mooses of course, how else would they get around?
Test2.JPG


You're goddamned right they did!
 
Last edited:
Also this article needs more info as in we need to know how they found out about it and how they got juristiction to walk/fly to the UK and to arrest him.
Consider what we we know:
(1) it's a secure SSL connection, so this requires a browser access, not ftp, telnet or some scripting bot
(2) the server-side is where the flaw is located, and all web servers have error and access logs
(3) the access log has the source IP address, the server status code (200 is a good reply), the file name of the resource that was requested and the size returned to the user in bytes of the reply.

a quick scanning tool simply looks for size >= 64k


@NotParker: router logs only capture source/destination and a small fragment of the data
 
Back