[BreachExchange] 'Wizard' cybersecurity expert charged with record hack of Bulgarian tax agency

[Destry Winant]

https://uk.reuters.com/article/uk-bulgaria-cybersecurity/wizard-cybersecurity-expert-charged-with-record-hack-of-bulgarian-tax-agency-idUKKCN1UC0GO

SOFIA (Reuters) - A 20-year-old Bulgarian cybersecurity worker has
been arrested and charged with hacking the personal and financial
records of millions of taxpayers, officials said on Wednesday, as
police continue to investigate the country’s biggest-ever data breach.

Bulgaria’s NRA tax agency is facing a fine of up to 20 million euros
(£18 million) over the hack, which was revealed this week and is
thought to have compromised the records of nearly every working adult
among Bulgaria’s 7 million people.

Yavor Kolev, head of the police’s cybersecurity unit, said the male
suspect was arrested on Tuesday afternoon. Officers raided his home
and office in the capital Sofia and seized computer devices containing
encrypted data.

“Overnight, the relevant examination was carried out, a very initial
one, which suggests that the suspect is connected to the crime,” Kolev
said.

The investigation into the hack is still at an early stage, he added,
and police are looking into the possibility that other people were
involved.

Sofia city prosecutors said the man had been charged with a computer
crime, would be held for another three days and faced up to eight
years in jail if found guilty.

The attack has reignited a long-running debate about lax cybersecurity
standards in Bulgaria. A person claiming to be a Russian hacker and
responsible for the breach emailed local media on Monday and denounced
the government’s cybersecurity efforts as a “parody”.

‘UNIQUE BRAINS’

Speaking at a government meeting on Wednesday, Prime Minister Boyko
Borissov described the arrested man as a “wizard” hacker and said the
country should hire similar “unique brains” to work for the state
rather than against it.

But some experts who have examined the stolen data said the techniques
used in the attack were relatively basic and spoke more to a lack of
adequate data protection measures than the hacker’s ability.

“The reason for the success of the attack does not seem to be the
sophistication of the hacker, but rather poor security practices at
the NRA,” said Bozhidar Bozhanov, chief executive at cybersecurity
firm LogSentinel.

Kolev said the arrested man was a researcher who tested computer
networks for possible vulnerabilities to prevent cyber attacks. But he
had also engaged in some criminal activity, Kolev added: “In his life,
he has been on both sides.”

Bulgarian media identified the suspect as Kristian Boykov. George
Yankov, senior manager at the Bulgarian office of U.S. cybersecurity
firm TAD Group, said Boykov was an employee of the company and
confirmed he had been arrested. He dismissed the allegations against
him.

Boykov’s lawyer, Georgi Stefanov, told Reuters his client denied the
charges against him. “He says he is innocent and has no connection
whatsoever with the issue. Prosecutors have ... accused him despite a
complete lack of evidence,” Stefanov said.

Boykov, from the Bulgarian city of Plovdiv, some 80 miles (130 km)
south-east of Sofia, had posted regularly on social media about
cybersecurity and hacking news before his arrest.

In 2017, he made national news after exposing flaws in the Bulgarian
Education Ministry’s website, work he then described as “fulfilling my
civic duty” in a television interview. Deputy Education Minister
Denitsa Sacheva thanked Boykov at the time for his help.

HEFTY FINES

Bulgaria’s tax agency now faces a fine of up to 20 million euros, or
4% of its annual turnover over the data breach, said Veselin Tselkov,
a board member at the Commission for Personal Data Protection.

“The amount of the sanction depends on the number of people affected
and the volume of leaked information,” he told Reuters, adding that
the commission was still waiting for full report on the attack.

Bulgaria’s leading business organization BIA, which warned about
possible flaws in the tax agency’s data protection system a year ago,
demanded that detailed information for the leaked documents be sent to
every person and company affected.

“We need to know so that at least we can be aware of possible
dangers,” said BIA deputy head Stanislav Popdonchev.

Bulgaria’s finance minister Vladislav Goranov has apologised for the
attack, which exposed the names of millions of people and companies
and revealed information about incomes, tax declarations, health
insurance payments and loans.

The hack happened at the end of June and compromised about 3% of the
tax agency’s database. Officials said earlier this week initial signs
suggested it was conducted from abroad.