20-Year-Old Suspect Arrested for Revenue Agency Hack
July 17 (BTA) - A 20-year old resident of Plovdiv (South
Central Bulgaria), identified by prosecutors as K.B., was
arrested on Monday afternoon in connection with a hacker attack
against the servers of the National Revenue Agency (NRA), BTA
learnt from investigators on Wednesday.
The man is an employee of a cyber security firm and worked on
testing security networks and computer systems. Apparently, he
does not have a criminal record.
Experts will now analyze the information stored in the computers
seized from the suspect, a large part of which is encrypted. It
was precisely in part of these data sets that investigators
found a trace leading to the NRA hack.
Later in the day, the man was charged with unauthorized copying
of data from a NRA server, which is an element of the critical
infrastructure. On conviction, the charge carries five to eight
years' imprisonment and a maximum fine of 10,000 leva.
The suspect is detained in custody for 72 hours.
The file that has been circulated to the media and exists online
contains data about over 5 million Bulgarian and foreign
nationals and companies, including full names of individuals,
personal identity numbers of Bulgarian citizens, business names
and uniform identification codes of merchants, tax and
social-security information submitted in annual tax returns and
received from other institutions in Bulgaria as part of
international information exchange in the VAT REFUND information
system used by the NRA and stored on a NRA server.
On Monday a number of Bulgarian media outlets received an e-mail
from an anonymous group of hackers with a link to databases
containing personal information on millions of Bulgarian
citizens and companies, accessed from the NRA servers. "Your
government is mentally retarded. The state of your cyber
security is a parody," the e-mail reportedly said. It included
an appeal for the release of WikiLeaks founder Julian Assange.
At a news briefing on Tuesday morning, Finance Minister
Vladislav Goranov specified that approximately 3 per cent of the
NRA's database can be considered affected, as it is publicly
accessible online through a Russian domain. "Evaluations and
analyses show that the tax and social-security information that
was released and is being circulated is insufficient to draw a
clear reasoned conclusion about the property or financial status
of any individual concerned," Goranov added.
Expert assessments have established that scraps of information
had been stolen from NRA's database. This information is not
classified but is confidential.
Interior Minister Mladen Marinov said on Tuesday that this
personal and unstructured tax and social-security information
needs an additional and specific processing in order to identify
a particular individual.
* * *
Prime Minister Boyko Borissov suggested that people like the
20-year-old who was arrested for the hacker attack should be
offered a government job.
"We have unique brains, and it is very important that we should
be able to pay them more, so that the services and we ourselves
could use them instead of them doing such damage and then get
indicted," the PM told journalists at the start of Wednesday's
Cabinet meeting. As he put it, such people can be enlisted to
work for the benefit of the government because they have
world-class training. RY/LG