Heartbleed SIN breach suspect ID'd by RCMP

CBC

April 15, 2014 at 10:11 p.m.

RCMP have identified a "possible offender" after the Canada Revenue Agency saw 900 social insurance numbers stolen in a web security breach due to the Heartbleed bug.

The Mounties said in a statement Tuesday that they asked the CRA not to tell the public Friday about the breach so they could look into a "viable" lead in their investigation.

But the NDP wants to know more about the government's decision to shut down the CRA website and whether it could have done more to avoid the security breach in the first place.

The CRA spent days patching a hole in its security that allowed hackers to steal information without leaving a trace. The Heartbleed bug affected servers around the world.

"This deferral permitted us to advance our investigation over the weekend, identify possible offender(s) and has helped mitigate further risk" the RCMP said.

The RCMP would not provide further details about the suspect.

The CRA temporarily shut down some access to its website late Tuesday last week after warnings that a security flaw in website encryption software — the Heartbleed bug — could leave websites vulnerable to hackers.

The shutdown was extended to other government websites later in the week.

The CRA said Monday that it realized on Friday that 900 social insurance numbers had been stolen during a six-hour attack that exploited the Heartbleed vulnerability. It did not indicate when the hour attack had occurred.

The agency notified the privacy commissioner's office Friday and referred the matter to the RCMP.

Fears of a bug in the OpenSSL software used for encryption on two-thirds of the world's internet servers surfaced more than a week ago. The U.S. Department of Homeland Security issued a public warning on April 7. Public Safety Canada issued a notice about the vulnerability the next day, and by the end of the day, CRA had closed parts of its website.

The NDP says there are troubling gaps in what the government has said about the matter to date.

"What's really disturbing is the lack of clarity on what CRA did when they found out about the Heartbleed bug," MP Charlie Angus told CBC News.

Angus and fellow NDP MP Murray Rankin wrote a letter Tuesday calling on Revenue Minister Kerry-Lynne Findlay to "reassure Canadians" by explaining:

Who notified the CRA of the Heartbleed bug.

When the CRA learned that the bug was in its system and whether precautionary checks were made when the world learned of the bug on April 7.

Why the CRA delayed shutting down web operations until Tuesday when news of Heartbleed was made public Monday.

The letter also notes that on the day the CRA website was shut down, the agency's assistant commissioner and chief privacy officer, Susan Gardner-Barclay, was telling MPs on a House of Commons committee that the agency's security systems were "one of, if not the strongest security regimes" in any government department, while making no mention of Heartbleed.

"The world was told on Monday that this backdoor was open. On Tuesday, CRA's top privacy experts were in Parliament saying we've got the best firewall systems anywhere, everything is fine.

"So what happened between the world being told and all the hackers being told that the Heartbleed bug was out there, and CRA taking action?" Angus said.

Gardner-Barclay told CBC News she didn't know of the Heartbleed bug when she appeared at the Commons committee early Tuesday afternoon.

The CRA restored public access to its site over the weekend and extended the tax filing deadline for Canadians to May 5.

Yahoo Canada Style
Sophie Grégoire Trudeau is leaning into the unknown for her next chapter: 'I'm OK with the uncertainty'
No question was off limits in Yahoo Canada's candid and emotional conversation with the "Closer Together" author.
a day ago
People
La. Man Sentenced to Physical Castration, 50 Years for Raping 14-Year-Old Girl
Glenn Sullivan, Sr., 54, pleaded guilty to raping a teen multiple times, resulting in pregnancy, according to prosecutors
2 hours ago
HuffPost
Lara Trump Alarms Critics With 'Frightening' Comment About RNC's Election Plans
"Sounds like a perfect authoritarian election plan to me," fascism expert Ruth Ben-Ghiat commented.
6 hours ago
HuffPost
How Toxic Is Trump? Republican Group's Hidden Camera Reveals Uncomfortable Truth.
The former president's behavior just doesn't fly out in the real world.
2 days ago
The Daily Beast
Trump Bruised by Another Brutal Haley Protest Vote in Pennsylvania Primary
Curtis Means/ReutersDonald Trump may well have had the Republican nomination in the bag for weeks now, but legions of GOP voters are still apparently unable to stomach the idea of casting their ballots for him.The former president was given another reminder of the scale of his problem on Tuesday with the Pennsylvania primary. Nikki Haley, who axed her own campaign over a month ago, managed to take 16.5 percent of the vote.Nikki Haley Nabs More Votes Than Ron DeSantis in FLORIDATrump, the only ca
10 hours ago
People
Ex-Aide Says Melania Trump Will Be Watching 'Every Ounce' of Hush Money Trial — and Looking for 1 Thing
Stephanie Grisham, who served as chief of staff and press secretary to Melania, offered a window into her former boss's thinking as Donald's alleged affairs take center stage in the Manhattan trial
a day ago
HuffPost
Donald Trump Will Hate What Mitt Romney Just Said About The Hush Money Trial
"So far as I know, you don't pay someone $130,000 not to have sex with you," the Utah senator remarked about the ex-president's payments to Stormy Daniels.
a day ago
People
'My Drink Tasted Funny': Pregnant Woman's Last Words Revealed After Alleged Fatal Poisoning by Boyfriend
Jade Benning died on her 25th birthday on March 6 after she was rushed to the hospital the week before
a day ago
People
Joan Collins, 90, Wears Sheer, Embellished Top and Oversize Bow for London Date Night with Her Husband Percy Gibson
The couple, who wed in 2002, supported their friend Gabriela Peacock’s book launch at the Broadwick Soho
3 hours ago
ABC News
'So appalled': What witnesses told special counsel about Trump's handling of classified info while still president
In the summer of 2019, only hours after an Iranian rocket accidentally exploded at one of Iran's own launch sites, senior U.S. officials met with then-president Donald Trump and shared a sharply detailed, highly classified image of the blast's catastrophic aftermath. Worried that the image becoming public could hurt national security efforts, intelligence officials urged Trump to hold off until more knowledgeable experts were able to weigh in, the sources said.
an hour ago
The Daily Beast
Trump and His Mar-a-Lago Co-Defendants Switch Tactics
Reuters/Curtis MeansAttorneys for Donald Trump’s co-defendants appeared to switch direction in a motion Tuesday, seemingly arguing that FBI agents weren’t thorough enough in their search of the ex-president’s Mar-a-Lago estate when they retrieved top-secret documents from there in 2022.The abrupt about-face—after over a year of Trump and his allies decrying the search itself as “unconstitutional” and invasive—referred to the fact that federal investigators missed a “hidden room” near Trump’s bed
19 hours ago
People
Kim Kardashian Reveals the Viral SKIMS Nipple Bra Was Modeled After Her Own Breasts
The bra was first released in October 2023
a day ago
Cosmo
Anitta coordinates her teeny bikini with her… fridge?
Anitta shared a series of pics on IG posing in a teeny tiny green string bikini with yellow trim perfectly coordinated to her Smeg fridge and orange juice.
12 hours ago
People
Florida Man Runs Over 11-Foot Alligator with Truck to Save Neighbor from Attack
"We pulled over and I got out of the car and saw that an alligator had him by the leg," Walter Rudder recalled to a local news outlet about the scary incident
17 hours ago
The Daily Beast
Fox News Anchor Comes Unglued, Berates ‘Dumb’ Liberal Colleague
Fox NewsFox Business Network anchor Charles Payne blew a gasket on Wednesday when a liberal pundit attempted to defend President Joe Biden’s gaffes, calling his on-air colleague’s comments “dumb” and “insulting.”During the Fox News midday panel show Outnumbered, Payne blasted the president for repeating his oft-told false claim that he had previously driven an 18-wheel big rig.“It’s interesting. I saw someone complaining about Donald Trump exaggerating,” Payne groused. “There’s a big difference
3 hours ago
HuffPost
Jesse Watters Self-Owns With Stunningly Clueless Take On Trump Foes
"The level of self-awareness here is in the deep negatives," one commenter wrote.
12 hours ago
People
Claudia Schiffer Shouts Out Kylie Jenner's Vintage Bikini — and Shares Glam Photo Wearing the Same One in the '90s
Schiffer modeled the Chanel bikini on the runway and in the fashion house's ads
3 hours ago
HuffPost
Trump Makes His Final Case To Supreme Court To Avoid Prosecution For His Coup Attempt
How quickly justices rule on his "absolute immunity" claim is as important as how they rule, with the window for a pre-election trial closing fast.
5 hours ago
People
Okla. Man May Face 12-Year Sentence in Turks and Caicos for Traveling with Ammunition: 'Bonehead Mistake'
Tourists Ryan and Valerie Watson were both detained on the island earlier this month after ammunition was found in their carry-on bag at the airport
8 hours ago
Associated Press
Ukraine uses long-range missiles secretly provided by US to hit Russian-held areas, officials say
Ukraine for the first time has begun using long-range ballistic missiles provided secretly by the United States, bombing a Russian military airfield in Crimea last week and Russian forces in another occupied area overnight, American officials said Wednesday. Long sought by Ukrainian leaders, the new missiles give Ukraine nearly double the striking distance — up to 300 kilometers (190 miles) — that it had with the mid-range version of the weapon that it received from the U.S. last October. "We’ve already sent some, we will send more now that we have additional authority and money,” White House national security adviser Jake Sullivan said.
6 hours ago

Latest Stories