Heartbleed vulnerability which was headlines from last two weeks have once again made a new headline. A 19 years old, Stephen Arthuro Solis-Reyes an computer science student of Western University have been arrested by the Royal Canadian Mounted Police (RCMP). He is been charged with the unauthorized access of the computer and criminal mischief in relation to the data breach of taxpayer’s private information from the Canada Revenue Agency (CRA) website.
Assistant Commissioner Gilles Michaud said in a statement-
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,”
After the public disclosure of the Hearbleed, Stephen have exploited the vulnerability present on the Canada Revenue Agency (CRA) website and extract the private and sensitive information, including the social insurance numbers from the company’s system, before the computers were patched.
“Investigators from National Division, along with our counterparts in ‘Ontario’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” Assistant Commissioner added.
Heartbleed is one of the critical and biggest vulnerability in the recent history, that was found in the OpenSSL's implementation of the TLS/DTLS heartbeat extension. This vulnerability allows the hackers to steal major credentials data from the affected server.
Exploiting the Heartbleed bug itself rarely leaves any traces, unless the attacker is not sending millions of heartbeats continuously from his own IP addresses. "The fact that they were able to trace it back to someone implies that it is not the work of organized crime or a professional hacker. It would be someone of very low skill." said Mark Nunnikhoven, Trend Micro.
Stephen Arthuro was arrested at his residence without incident on April 15 and is scheduled to appear in court in Ottawa on July 17, 2014, RCMP reported. The police also seized computer equipment from his residence, while the investigation is ongoing.
Assistant Commissioner Gilles Michaud said in a statement-
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible,”
After the public disclosure of the Hearbleed, Stephen have exploited the vulnerability present on the Canada Revenue Agency (CRA) website and extract the private and sensitive information, including the social insurance numbers from the company’s system, before the computers were patched.
“Investigators from National Division, along with our counterparts in ‘Ontario’ Division have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations and liaising with our partners,” Assistant Commissioner added.
Heartbleed is one of the critical and biggest vulnerability in the recent history, that was found in the OpenSSL's implementation of the TLS/DTLS heartbeat extension. This vulnerability allows the hackers to steal major credentials data from the affected server.
Exploiting the Heartbleed bug itself rarely leaves any traces, unless the attacker is not sending millions of heartbeats continuously from his own IP addresses. "The fact that they were able to trace it back to someone implies that it is not the work of organized crime or a professional hacker. It would be someone of very low skill." said Mark Nunnikhoven, Trend Micro.
Stephen Arthuro was arrested at his residence without incident on April 15 and is scheduled to appear in court in Ottawa on July 17, 2014, RCMP reported. The police also seized computer equipment from his residence, while the investigation is ongoing.
No comments:
Post a Comment