There was a massive data leak from the Bulgarian National Revenue Agency (NRA) after an alleged “Russian hacker” managed to infiltrate the institution’s servers on July 15th.
Hacked information included data about natural and legal persons, and declared and paid taxes, Rossen Bachvarov, head of NRA’s Communication Directorate, said at a press conference.
“This unauthorized access was gained through vulnerability in one of the electronic services provided by the NRA, namely the refund of VAT paid abroad, so-called VAT refund,” Bachvarov said.
“Through this vulnerability, unauthorized access to about 3 percent of the information contained in the NRA databases has been gained,” he said, adding that the vulnerability has already been fixed.
Bulgarian Interior Minister Mladen Marinov confirmed that there was, in fact, unsanctioned access to the NRA’s servers.
“Today I spoke to Yavor Kolev (head of the Cybercrime branch of the General Directorate on Combating Organized Crime) and he confirmed that there was unsanctioned access to an NRA server, from which some information was leaked.”
The alleged hacker sent an email claiming that one of the servers of the Ministry of Finance was hacked.
“I am no specialist on political analysis, but usually organized crime groups, which deal in hacker attacks seek a financial profit – to somehow make their actions fruitful, or maybe in the case a political analysis may be conducted. The Ministerial Council took an important decision yesterday to purchase F-16 fighter jets, while the email in the hacker’s message is Russian,” Marinov said.
He further said that any limited access system has its weaknesses and that incidents such as this don’t happen only on Bulgaria.
“Yes, it may be the first case of such an incident in Bulgaria, which ends in success and a large amount of personal information was stolen.”
Finance Minister Vladislav Goranov said that approximately 3% of the data from the NRA was accessed.
He called it an “exquisitely unpleasant attack.” According to him, the leak included not only personal information, but also tax and insurance data.
According to an analysis by Capital, the 57-folder data mass contains more than a thousand files that anonymous hackers sent to Bulgarian media on July 15th.
Upon reviewing the information, Capital has opened databases with more than 1 million rows containing Personal Identification Numbers, names, addresses, and even earnings. And the fact that it is a real leak can be confirmed by regular reports, in which data was found on several journalists from the newspaper. And also, the Finance Minister Vladislav Goranov confirmed it.
Much of the information is old and reflects reports from more than a decade ago. In others, it can not be determined at what point the data is. But some of the files contain new entries even from June, which suggests that the breakthrough was made soon.
Following the attack, an absurd email was sent to several of the main Bulgarian outlets in which the alleged hacker said he was a Russian citizen and that his wife was Bulgarian. The only evidence of the alleged perpetrator being Russian is that the email address they sent came from the Russian domain Yandex.ru, which proves absolutely nothing since every single person on the planet with access to Internet, with or without a VPN, can get an account.
The email that was sent is the following:
Associate Professor Zlatogor Minchev, chief of the joint center on training, simulation and analysis at the Bulgarian Academy of Sciences said that the claim that a Russian hacker carried out the attack was absurd.
“Once the investigation is complete, it will be clear. The version that the Russians have hacked and made it so prominent is a little fantastic at the moment. Rather, it is an implicated inner man. It may be personal revenge – someone who has worked at the NRA at one point.”
The NRA claimed that the attack originated outside of the country, but it was possible that there was an “inside man.”
“Let’s speak professionally. Through a VPN from Bulgaria, you can go out of the country. This simple pleasure costs less than $10. This is the official version – the IP indicates it is entered from outside. Who outside the country would have reasons to do that? It just sounds weird simply listening to the version.”
“What does the message “your government mentally retarded and your cybersecurity status is a parody” lead us to believe?
Well, the source is from Bulgaria. Who will waste such resources from abroad to inform us of something we already know? And we are implementing projects to modernize the state administration, but then there are no additional investments. It is clear that in 2-3 years the technology should be replaced and the people who support it should be constantly trained. It would be nice to have these specific systems not made with ready-made templates and have some checks to see if they are vulnerable. There is still much to be desired in the direction of information security in the country. We have a strategy and that is all, it’s all on paper. There are no real actions, since they also need more investment.”
Despite the absurdity of the ‘Russian hacker’ version, it’s expected that soon multiple English-language maisntream media outlets will report this as the main, if not the only, version of the incident.
MORE ON THE TOPIC: