20-year-old suspect arrested for NRA hackEuropost , Sofia
A 20-year old resident of Plovdiv (South Central Bulgaria), identified by prosecutors as K.B., was arrested in connection with a hacker attack against the servers of the National Revenue Agency (NRA). The man is an employee of a cyber security firm and worked on testing security networks and computer systems. Apparently, he does not have a criminal record.
Experts will now analyze the information stored in the computers seized from the suspect, a large part of which is encrypted. It was precisely in part of these data sets that investigators found a trace leading to the NRA hack.
The man was charged with unauthorized copying of data from a NRA server, which is an element of the critical infrastructure. On conviction, the charge carries five to eight years' imprisonment and a maximum fine of BGN 10,000. The suspect is detained in custody for 72 hours.
The file that has been circulated to the media and exists online contains data about over 5 million Bulgarian and foreign nationals and companies, including full names of individuals, personal identity numbers of Bulgarian citizens, business names and uniform identification codes of merchants, tax and social-security information submitted in annual tax returns and received from other institutions in Bulgaria as part of international information exchange in the VAT REFUND information system used by the NRA and stored on a NRA server.
On Monday a number of Bulgarian media outlets received an e-mail from an anonymous group of hackers with a link to databases containing personal information on millions of Bulgarian citizens and companies, accessed from the NRA servers. "Your government is mentally retarded. The state of your cyber security is a parody," the e-mail reportedly said. It included an appeal for the release of WikiLeaks founder Julian Assange.
At a news briefing on Tuesday morning, Finance Minister Vladislav Goranov specified that approximately 3% of the NRA's database can be considered affected, as it is publicly accessible online through a Russian domain. "Evaluations and analyses show that the tax and social-security information that was released and is being circulated is insufficient to draw a clear reasoned conclusion about the property or financial status of any individual concerned," Goranov added.
Expert assessments have established that scraps of information had been stolen from NRA's database. This information is not classified but is confidential.
Interior Minister Mladen Marinov said on Tuesday that this personal and unstructured tax and social-security information needs an additional and specific processing in order to identify a particular individual.
Prime Minister Boyko Borissov suggested that people like the 20-year-old who was arrested for the hacker attack should be offered a government job.
"We have unique brains, and it is very important that we should be able to pay them more, so that the services and we ourselves could use them instead of them doing such damage and then get indicted," the PM told journalists at the start of Wednesday's Cabinet meeting. As he put it, such people can be enlisted to work for the benefit of the government because they have world-class training.