Russia suspected in Bulgaria's National Revenue Agency data breach

The hacking bears the hallmark of an operation by Moscow's military intelligence service, the GRU

Photo: BGNES Kristiyan Boikov

Kristiyan Boikov was 14 years old when his parents gave him his first computer as a gift. He was soon obsessed, teaching himself a variety of computer languages and then, like many of his friends, turning his focus to issues of network security. The world of cryptography held a special appeal, New York Times wrote in a big article devoted to the recent giant hack in Bulgaria.

Six years later, Boikov finds himself at the centre of the largest hacking case in the nation's history, accused by prosecutors of stealing the personal data of nearly every working adult in the country from the National Revenue Agency and working to “create instability in the country.”

He denies all the charges, and many people, including Western intelligence officials and security experts, have expressed doubts about the government's case, noting that whoever was responsible, the episode raised serious concerns about the state of the countrys cybersecurity.

The hack was made public', with the data leaked to news media organizations from an email bearing a Russian address, just as Bulgaria was finalising its purchase of eight new F-16s as part of an American-backed plan to replace the countrys aging Soviet-era jets and bring its air force in line with NATO standards. The deal worth $1.25bn, the largest military procurement by post-Communist Bulgaria, includes the jets, ammunition, equipment and pilot training. Six single-seat and two two-seat F-16s would be delivered by 2023.

In the immediate aftermath of the breach, Bulgarias Ínterior Minister, Mladen Marinov, raised the prospect that Russia might have had a hand in the attack, given the timing. “Organised criminal groups involved in cyberattacks usually seek financial profits, but political motives are possible,” he told reporters. “One can make a guess here.”

Several American officials who follow Russia closely say the hacking bears the hallmark of an operation by Russias military intelligence service, the GRU, to include a financial and political influence campaign targeting key decision makers within Bulgaria’s government. But US spy agencies have not yet conclusively determined who carried out the attack.

Some Bulgarian analysts say Russia views Bulgaria’s membership in NATO and the EU as “a Trojan horse” that Moscow could use to exert influence over the two groups’ collective decision-making to blunt initiatives that contradict Russian interests. But such a scenario requires that Russia maintain a sufficient influence over Bulgarias domestic and foreign policy.

Ognian Shentov, the director of the Centre for the Study of Democracy in Sofia, said Bulgaria had perhaps the closest relationship with Russia of any EU member. “We have always been halfway between the Visegrad countries and Russia,” he said.

Russias biggest lever in Bulgaria is in the energy sector, in which it controls 100% of the countrys nuclear power, 100'% of its natural gas and most of its fuel supply, Shentov added. Moscow has not hesitated to use it. The first government of PM Boiko Borisov collapsed in 2013 after a spike in energy prices that led to widespread protests, which Shentov said had been fueled by Russia. At the same time, there was pressure on the government to sign off on a moratorium on gas exploration by Western companies. After Borisov resigned and was then re-elected, the moratorium remained in place.

The recent hack, in which the data of about five million people was stolen, has renewed concerns about other ways Russia could exert its influence. “While an enthusiastic member of NATO, Bulgaria has weak and porous cyberdefenses, probably the worst in the alliance,” Adm. James. G. Stavridis, a four-star former NATO military commander, said. “Significant cybercriminal activity, including some sponsored by the Russian state, is rife,” he added.

State Department officials also acknowledge the seriousness of the hack — regardless of who carried it out — and said it represented “a wake-up call” for the Bulgarian government at a time when Washington and other NATO allies are seeking to counter what they call Russia’s “malign influence.”

Similar articles