The Royal Canadian Mounted Police (RCMP) said Wednesday it arrested a 19-year-old man from London, Ont. who is alleged to have used the Heartbleed computer bug to steal 900 social insurance numbers from the Canada Revenue Agency (CRA).
The RCMP’s National Division Integrated Technological Crime Unit (ITCU) said its operatives picked up Stephen Arthuro Solis-Reyes at his residence on April 15. He now faces one count of unauthorized use of a computer and one count of mischief in relation to Data.
“The RCMP treated this breach of security as a high priority case and mobilized the necessary resources to resolve the matter as quickly as possible. Investigators from [the] national division, along with counterparts in ‘O’ Division, have been working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorization and liaising with our partners,” said Gilles Michaud, RCMP assistant commissioner, in a statement on Wednesday.
This investigation was conducted as part of the ITCU’s mandate to investigate pure computer crimes where the federal government and Canadian critical IT infrastructure are victimized.
The national division’s mandate is to focus its expertise on sensitive, high-risk investigations into significant threats to Canada’s political, economic and social integrity.
The CRA was forced to shut down its website last week as news about the Heartbleed bug spread around the world.
Some researchers said the existence of the bug has been a known fact for at least two years, but little has been done by organizations to protect their systems against it.
On Monday, the CRA said it discovered the Social Insurance Numbers (SIN) of 900 Canadian taxpayers have been compromised.
Solis-Reyes is scheduled to appear in court in Ottawa on July 17. The investigation is still ongoing.