Advertisement 1

Cybersecurity expert charged with hacking Bulgarian tax agency says he's innocent

His lawyer says prosecutors have 'accused him despite a complete lack of evidence'

Article content

SOFIA — A 20-year-old Bulgarian cybersecurity worker has been arrested and charged with hacking the personal and financial records of millions of taxpayers, officials said on Wednesday, as police continue to investigate the country’s biggest-ever data breach.

Bulgaria’s NRA tax agency is facing a fine of up to 20 million euros ($22.43 million) over the hack, which was revealed this week and is thought to have compromised the records of nearly every working adult among Bulgaria’s 7 million people.

Advertisement 2
Story continues below
Article content

Yavor Kolev, head of the police’s cybersecurity unit, said the male suspect was arrested on Tuesday afternoon. Officers raided his home and office in the capital Sofia and seized computer devices containing encrypted data.

Article content

“Overnight, the relevant examination was carried out, a very initial one, which suggests that the suspect is connected to the crime,” Kolev said.

The investigation into the hack is still at an early stage, he added, and police are looking into the possibility that other people were involved.

The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA

Bozhidar Bozhanov, LogSentinel chief executive

Sofia city prosecutors said the man had been charged with a computer crime, would be held for another three days and faced up to eight years in jail if found guilty.

The attack has reignited a long-running debate about lax cybersecurity standards in Bulgaria. A person claiming to be a Russian hacker and responsible for the breach emailed local media on Monday and denounced the government’s cybersecurity efforts as a “parody.”

Speaking at a government meeting on Wednesday, Prime Minister Boyko Borissov described the arrested man as a “wizard” hacker and said the country should hire similar “unique brains” to work for the state rather than against it.

Article content
Advertisement 3
Story continues below
Article content

But some experts who have examined the stolen data said the techniques used in the attack were relatively basic and spoke more to a lack of adequate data protection measures than the hacker’s ability.

“The reason for the success of the attack does not seem to be the sophistication of the hacker, but rather poor security practices at the NRA,” said Bozhidar Bozhanov, chief executive at cybersecurity firm LogSentinel.

People walk outside Bulgaria’s National Revenue Agency building in Sofia, Bulgaria, July 16, 2019.
People walk outside Bulgaria’s National Revenue Agency building in Sofia, Bulgaria, July 16, 2019. Photo by Dimitar Kyosemarliev /Reuters

Kolev said the arrested man was a researcher who tested computer networks for possible vulnerabilities to prevent cyber attacks. But he had also engaged in some criminal activity, Kolev added: “In his life, he has been on both sides.”

Bulgarian media identified the suspect as Kristian Boykov. George Yankov, senior manager at the Bulgarian office of U.S. cybersecurity firm TAD Group, said Boykov was an employee of the company and confirmed he had been arrested. He dismissed the allegations against him.

Boykov’s lawyer, Georgi Stefanov, told Reuters his client denied the charges against him. “He says he is innocent and has no connection whatsoever with the issue. Prosecutors have … accused him despite a complete lack of evidence,” Stefanov said.

Advertisement 4
Story continues below
Article content

Boykov, from the Bulgarian city of Plovdiv, some 80 miles (130 km) south-east of Sofia, had posted regularly on social media about cybersecurity and hacking news before his arrest.

In 2017, he made national news after exposing flaws in the Bulgarian Education Ministry’s website, work he then described as “fulfilling my civic duty” in a television interview. Deputy Education Minister Denitsa Sacheva thanked Boykov at the time for his help.

Bulgaria’s tax agency now faces a fine of up to 20 million euros, or 4% of its annual turnover over the data breach, said Veselin Tselkov, a board member at the Commission for Personal Data Protection.

Recommended from Editorial
  1. The Communications Security Establishment Canada (CSEC) complex is pictured in Ottawa on October 15, 2013.
    Canada's cybersecurity chief says jury still out on whether Russian disinformation bots are having any impact
  2. Delta says only “a small subset” of customers were affected, with payment information exposed.
    Sears, Delta Air Lines say customer payment information breached in cyberattack
  3. A Con Edison power plant stands in a Brooklyn neighborhood across from Manhattan on March 15, 2018 in New York City.  As US officials step up sanctions on Russian intelligence for its interference in the 2016 elections, members of the Trump administration have accused Russia of a cyber-assault on the domestic energy grid and other key parts of America's infrastructure.
    Russian cyber hackers are attacking U.S. energy grid and manufacturing sectors, FBI warns

“The amount of the sanction depends on the number of people affected and the volume of leaked information,” he told Reuters, adding that the commission was still waiting for full report on the attack.

Advertisement 5
Story continues below
Article content

Bulgaria’s leading business organization BIA, which warned about possible flaws in the tax agency’s data protection system a year ago, demanded that detailed information for the leaked documents be sent to every person and company affected.

“We need to know so that at least we can be aware of possible dangers,” said BIA deputy head Stanislav Popdonchev.

Bulgaria’s finance minister Vladislav Goranov has apologized for the attack, which exposed the names of millions of people and companies and revealed information about incomes, tax declarations, health insurance payments and loans.

The hack happened at the end of June and compromised about 3% of the tax agency’s database. Officials said earlier this week initial signs suggested it was conducted from abroad.

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our daily newsletter, Posted, here.

Article content
Comments
You must be logged in to join the discussion or read more comments.
Join the Conversation

Postmedia is committed to maintaining a lively but civil forum for discussion. Please keep comments relevant and respectful. Comments may take up to an hour to appear on the site. You will receive an email if there is a reply to your comment, an update to a thread you follow or if a user you follow comments. Visit our Community Guidelines for more information.

Latest National Stories
    This Week in Flyers