• United States




Heartbleed bled out and now, an arrest

Apr 28, 20142 mins

The RCMP have managed to track down and arrest the first ne’er do well in London, Ontario. The RCMP have not indicated how they managed to puzzle out who attacked the Canada Revenue Agency. I am curious myself but, not for the same reasons. I’m curious what led a 19 year old from Southern Ontario to think that activity was acceptable.

From RCMP press release:

The RCMP’s National Division Integrated Technological Crime Unit (ITCU) has  charged a 19 year old London, Ontario man in relation to the malicious breach of taxpayer data from the Canada Revenue Agency (CRA) website.

Stephen Arthuro Solis-Reyes was arrested at his residence on April 15 without incident. He faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data contrary to Sections 342.1(1)(a) and 430(1.1) of the Criminal Code.

This knuckle head was banging away on the CRA’s website because he could. This is indicative of a problem that I have seen too many times. Young men and women who, lacking sage advice, end up making career (and in some cases life) limiting moves. Had   they taken the time to think it through would have had said, “What was I thinking?”

As a member of the security community I’m troubled by this trend that I’ve been witnessing. How can we reach out to these younger security enthusiasts and help to guide them so that they’re not writing themselves a one way ticket to Club Fed? 

I realize that there are programs like Safe and Secure Online as well as various mentorship initiatives. I’m just wondering if there isn’t more that can be done? We often talk of lessons learned for post incident review. I’m curious as to how we can better capture lessons learned from stories such as this to help guide younger (and in some cases older) folks so that they’re not repeating the errors of their peers who have gone before them.

I would love to hear your thoughts on this. Please drop me a comment so we can start the discussion.

(Image used under CC from kris krug)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author