Jump to content
Sign up to our newsletters
Independent
US election
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Heartbleed: First arrest made of 19-year-old Canadian for Heartbleed hack

Teenager was allegedly involved in attack last Friday on Canadian tax records

James Vincent
Sunday 20 April 2014 02:09 EDT
Comments
Heartbleed, the latest internet security flaw, was only made possible because many big online businesses use OpenSSL
Heartbleed, the latest internet security flaw, was only made possible because many big online businesses use OpenSSL (Getty Images)

Your support helps us to tell the story

Support Now

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The first hacker suspected of using the Heartbleed bug in order to steal personal data has been arrested in Canada.

The Royal Canadian Mounted Police (RCMP) said that 19-year-old Stephen Arthuro of London, Ontario was arrested on Tuesday for his alleged involvement in the theft of taxpayer’s records from the Canada Revenue Agency (CRA).

On Monday the CRA’s commissioner Andrew Treusch had announced that the social insurance numbers of more than 900 taxpayers had been removed from the institute’s systems.

The attack took place on Friday, five days after the Heartbleed bug was made public.

The flaw in a widely used encryption standard had gone unnoticed for more than two years, with web companies scrambling to update their systems after the announcement was made by Google and Finnish security group Codenomicon.

The bug allowed for malicious users to request random chunks of data from secure servers – an imprecise method of attack, but one that offered potential access to all manner of personal data.

In the case of the CRA, affected customers will be receiving a letter to inform them that their data was comprised. For added security these notifications will not be made via email.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in