I never meant harm, says student who hacked Canada Revenue to show vulnerability to Heartbleed virus
A student computer whiz who stole 900 social insurance numbers from the files of the Canada Revenue Agency to demonstrate its online vulnerability pleaded guilty and apologized on Friday.
Two years ago, when Stephen Solis-Reyes of London, Ont., was 19, he stole the files to demonstrate the agency’s online vulnerability to the Heartbleed computer bug.
The result: a sudden, panicked shutdown of the CRA’s website for four days, which in turn lead to the extension of its tax-filing deadline by a week.
Solis-Reyes had a lot of support in Canada, where he is an outstanding and highly talented computer sciences student. He appears to be one of those kids whose talents need to be nurtured, his youthful transgressions forgiven, and let him get on with his life. The way he was interrogated, if accurate as alleged in the news report, was despicable. I realize law enforcement tends to view young hacktivists and hackers as criminals and possible terrorists, but that is no excuse for such inappropriate threats and treatment.
The court seemed to agree that Solis-Reyes should not be dealt with as a threat to national security or master criminal.
He was sentenced to an 18-month conditional sentence — the first four months under house arrest, the rest under supervision. He also must serve two years of probation, with 200 hours of community service ordered.
Okay, I think the house arrest is unnecessary and too harsh for a student, but at least he will not be in jail.