— AM980 London News (@AM980News) April 16, 2014
The first suspected Heartbleed hacker is a 19-year-old kid with a faint mustache, short black hair, and a disposition that’s so diffident his lawyer often refers to him as “a nerd, a stereotypical computer geek.” But he’s a computer geek, his lawyer says, with a history of hacking.
On Wednesday, the Royal Canadian Mounted Police announced the arrest of Stephen Solis-Reyes, which the agency said went down “without incident.” Accusing the Ontario man of the “malicious breach of taxpayer data from the Canada Revenue Agency,” it charged him with two criminal counts of illegal cyber activity and alleged he had used Heartbleed to steal 900 social insurance numbers.
His apprehension was the first arrest related to the now-infamous Heartbleed computer bug, which analysts say skilled hackers can manipulate not only to mine Internet passwords, but also to design fake Web sites to trick users into forking over personal information.
There’s little doubt, his attorney, Faisal Joseph, told The Washington Post, that his client has skill.
Raised in a family where computers were as familiar as toasters, the 19-year-old tinkered with programming for years. Dad Roberto Solis-Oba teaches classes on computer technology and his studies include “parallel algorithms” and “data mining,” according to his university biography.
Joseph said Solis-Reyes’s fascination with hacking began at a young age. “Here’s the background,” Joseph said in a phone interview. “This kid, when he was in high school was in the top of his class. He was extremely gifted. So he sent a letter to the [London District Catholic School Board in Ontario] indicating that their school system was susceptible to hacking.”
The attorney said the school officials were nonplussed. “They said they’d like to test it themselves. He was a quote computer nerd unquote and they didn’t take him seriously.”
So the 14-year-old, Joseph claims, went into the computer system and found “all the confidential information.” But then, right when things could have turned criminal, Joseph said his client stopped. “He could have changed everything, and changed nothing,” Joseph said.
Messages left with the London District Catholic School Board weren’t answered by Thursday morning.
This was apparently a successful chapter in Solis-Reyes’s life. The Globe and Mail reports he was part of a high school team that won a district-wide programming competition. In 2011, when he was still years away from graduating high school, he authored this Blackberry app called SodokuSolver that “can solve Soduku puzzles for you … solutions are computed almost instantly.”
The high school student, however, apparently wasn’t as successful with friends. “He was very smart, but he was kind of a loner,” one ex-schoolmate told Fort McMurray Today.
Months after Solis-Reyes entered his second year at the University of Western Ontario — and less than one week after news of Heartbleed broke — the Canada Revenue Agency reported a problem. Nine-hundred social insurance numbers had been stolen. Investigators suspected it was related to Heartbleed.
Days later, cop cars rolled up to Solis-Reyes’s London house, which he shares with his parents and siblings. “They scared the hell out of the family,” Joseph said. The authorities confiscated his phone and every computer in the house. “They wouldn’t let me see him [after he was arrested] and his father [was] an emotional wreck.”
Joseph said he hasn’t spoken to the 19-year-old yet about the state’s accusations, and hasn’t determined whether they are true. “This whole thing has been a dog show and a circus,” he said.