First Arrest Related to Heartbleed SSL Flaw Reported
NEWS ANALYSIS: Though experts are still assessing the full impact of Heartbleed, police in Canada made the first arrest related to the SSL encryption flaw.The Heartbleed bug has dominated the security headlines for the past week as organizations around the world scramble to limit the risk. Although the impact of Heartbleed globally is still being calculated, the first arrest in the world related to the Secure Sockets Layer encryption flaw has now been made. On April 16, the Royal Canadian Mounted Police (RCMP) announced that it had arrested a 19-year-old student in connection with exploitation attacks against the Canadian Revenue Agency (CRA) targeting the Heartbleed flaw. "The RCMP treated this breach of security as a high-priority case and mobilized the necessary resources to resolve the matter as quickly as possible," the RCMP noted in a statement. Charged with one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data is Stephen Arthuro Solis-Reyes. The police seized Solis-Reyes' computer equipment on April 16, and he is scheduled to appear in an Ottawa, Canada, courtroom on July 17.
The actual Heartbleed flaw was first publicly revealed on April 7 by the OpenSSL project. The flaw is technically a vulnerability in the Heartbeat SSL monitoring function in the open-source OpenSSL cryptographic library. OpenSSL is widely deployed on Linux servers, Websites and technologies around the world to secure data in transit.