The Toronto Star reports that more charges have been laid against Stephen Arthuro Solis-Reyes who had been charged with using Heartbleed to extract data from the Canada Revenue Agency (CRA). Until now, he had (only) been charged with with one count of unauthorized use of a computer and one count of mischief in relation to data.
An expanded RCMP investigation produced more charges in the revenue case, plus new allegations of other attacks both in Canada and abroad.
The Mounties now allege Solis-Reyes transferred sensitive data from the revenue agency’s network and have charged the computer science student with obtaining a computer service directly or indirectly, and intercepting a function of a computer system.
They also allege he attacked several other unrelated computer networks.
The additional charges include illegally obtaining computer services, illegal interception of computer functions, five counts of possessing unauthorized computer passwords, three counts of possession of devices used to hack computers and two more counts of mischief to data.
Read more on The Toronto Star.
I’m surprised that they don’t charge this kid with developing SSL with a backdoor.
The gov got caught red-faced and didn’t act when they were told of it. I even recall the director of CIRA tweeting them that they’re vulnerable, yet the page stayed up.
Interesting links and tweets here:
https://twitter.com/hashtag/solisreyes?f=realtime&src=hash
If anything, it’s the CRA who should be up on charges. Not this kid. The kid is a scapegoat for the incompetency of the gov’s actions and failures to protect.