Canada busts teen over Heartbleed hack

Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the Heartbleed bug to steal taxpayer data from a government website, the Royal Canadian Mounted Police (RCMP) said on Wednesday.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said Monday that about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site. The social insurance number (SIN) is a nine-digit number that provides access to government programs and benefits. It is also required of workers.

The suspect, Stephen Solis-Reyes, was arrested at his home in London, Ontario, on Wednesday and faces criminal charges of unauthorized use of computer and mischief in relation to data.

"It is believed that Solis-Reyes was able to extract private information held by CRA by exploiting the vulnerability known as the Heartbleed bug," the RCMP said in a statement.

The CRA was forced to shut down its publicly accessible website when the world learned about the Heartbleed computer bug, a previously undiscovered global Internet security vulnerability.

Police seized computer equipment belonging to Solis-Reyes and scheduled his court appearance for Friday.

Internet companies, technology providers, businesses and government agencies and many individuals have been scrambling to figure out whether their systems are vulnerable to attack since the flaw was disclosed a week ago.

Security experts have warned that more attacks will follow.

Wire services