Heartbleed bled out and now, an arrest

The RCMP have managed to track down and arrest the first ne'er do well in London, Ontario. The RCMP have not indicated how they managed to puzzle out who attacked the Canada Revenue Agency. I am curious myself but, not for the same reasons. I'm curious what led a 19 year old from Southern Ontario to think that activity was acceptable.

From RCMP press release:

The RCMP's National Division Integrated Technological Crime Unit (ITCU) has  charged a 19 year old London, Ontario man in relation to the malicious breach of taxpayer data from the Canada Revenue Agency (CRA) website.

Stephen Arthuro Solis-Reyes was arrested at his residence on April 15 without incident. He faces one count of Unauthorized Use of Computer and one count of Mischief in Relation to Data contrary to Sections 342.1(1)(a) and 430(1.1) of the Criminal Code.

This knuckle head was banging away on the CRA's website because he could. This is indicative of a problem that I have seen too many times. Young men and women who, lacking sage advice, end up making career (and in some cases life) limiting moves. Had   they taken the time to think it through would have had said, "What was I thinking?"

As a member of the security community I'm troubled by this trend that I've been witnessing. How can we reach out to these younger security enthusiasts and help to guide them so that they're not writing themselves a one way ticket to Club Fed?

I realize that there are programs like Safe and Secure Online as well as various mentorship initiatives. I'm just wondering if there isn't more that can be done? We often talk of lessons learned for post incident review. I'm curious as to how we can better capture lessons learned from stories such as this to help guide younger (and in some cases older) folks so that they're not repeating the errors of their peers who have gone before them.

I would love to hear your thoughts on this. Please drop me a comment so we can start the discussion.

Join the CSO newsletter!

Error: Please check your email address.

Tags Canada Revenue Agencycyber attacksespionagesecurity

More about CRA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dave Lewis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place