A relatively small data breach at the Canadian Revenue Agency has resulted in the arrest of the first public Heartbleed hacker. That is: this is the first person to show up in the media as an exploiter of the Heartbleed vulnerability.
It’s a 19 year old kid from Ontario.
Now, perhaps it was a bit misleading to open with a sentence like “a relatively small data breach…” as the breach actually delayed the filing deadline by 5 days. If this turns out to be a bit bigger than originally though (the reason that the Canadian authorities are playing it so safely), this kid from London, Ontario might gain hacker fame overnight.
While it’s unclear at this point that Stephen Arthuro Solis-Reyes is the sole perpetrator of this crime, he has caused some major concerns. Sure, he isn’t the architect of the heartbleed vulnerability, and he likely won’t be the last to be arrested for trying to exploit it, but he is the first. More likely than not, he’s been in Wikipedia since before his arrest, on twitter before the Police notified the press and getting virtual high fives on the “deep web” since at least 10 days ago.
Mr. Solis Reyes’ handiwork will be sorted out over the next month or so, and we will likely be seeing many new names on the hacker hall of fame rolls soon enough.