SUMMARY: Hackers have Penetrated the Bulgarian National Revenue Agency through the Tax Refund System
The penetration in the NRA system, which shared personal data for millions of citizens and businesses, was probably done through the "tax" service and, in addition to registration of the hacker's email, there is no other evidence of a "Russian connection". This was understood by the statements of the Minister of Finance Vladislav Goranov and the Interior Minister Mladen Marinov after the meeting of the Council of Ministers of the Council of Ministers, which was convened by Prime Minister Boyko Borisov. Goranov specified that this e-service is used to refund value added tax (VAT) to companies trading abroad.
Three percent of the NRA's total database is affected by the hacker attack, Goranov said. According to him, this information does not constitute classified data, as "it was created by the persons themselves in the form of declarations". Experts say that fragments of the huge database the NRA has been working on and which is constantly creating have been downloaded. "In this sense, it can not be considered that on the basis of this fragmented information a comprehensive analysis can be made," Goranov said. According to him, the financial security, measured through the fiscal and the revenues, is also not jeopardized.
Asked whether there would be penalties and resignations at the NRA, the minister said that good IT specialists in the public sector are very difficult to find at the established levels of pay. "IT specialists in the private sector are receiving more than the employees in the public administration, a big problem, we need to build additional capacity and put additional resources," the Finance Minister said.
Goranov noted that the entire database of the NRA "is consistent and this will not prevent it from carrying out its activities".
The investigation of the hacker attack against the NRA continues, measures to minimize the damage have been taken, Interior Minister Mladen Marinov said. "What has been established so far is that a message was sent from a Russian domain to Bulgarian media," he said. He explained that the links lead to a server where information has been uploaded
"We can say that this information coincides, it is available on NRA's servers, which confirms that unauthorized access to NRA information has been made," Marinov said.
The theory of contact with Russia is still conspiracy
Earlier today, Marinov said the hacker attack "has in all cases a political effect and affects national security." He also said that, according to the initial information of the investigators, including SANS, the NRA server breakthrough occurred a month ago and links the attack with the F-16 purchase from the United States. After a Dnevnik question, whether there is other evidence of interference from Russia in addition to the hacker's mail that is registered in the Russian Yandex service, Goranov said that this is a conspiracy theory on which there is work but no other data.
The attack was carried out outside Bulgaria
The hacker attack was carried out outside Bulgaria, the NRA spokesman Rosen Bachvarov said at an extraordinary press conference. According to him, the investigators do not exclude the co-operation of a NRA employee. According to the NRA, the attack has become possible due to the vulnerability in the security of the electronic service "Reimbursement of VAT paid abroad". Through it, the attack on 29 June has gained access to about 3% of the database, according to the NRA.
Help will be sought from the European Cyber Attack Service
The Prosecutor's Office and the Personal Data Protection Commission will be seized for the hacker attack on NRA, we have also contacted the European Cyber Attack Service, Goranov said. He added that the state would seek assistance from the European Cyber Attack and Rapid Reaction Office to help make a more holistic audit of more sensitive systems.
"We did a dose of naivety to those who hosted the information to remove it, of course we did not get any reaction on their part," the minister said.
Yesterday, anonymous email to some media was spreading personal data to millions of citizens and businesses. The 57-folder of over 1 million rows contains PINs, names, addresses, and even earnings. According to the authors, the information is extracted from one of the servers of the Ministry of Finance.
More about what the files contain and how they are grouped read here.
For its part, the unification "Democratic Bulgaria" demanded the resignation of the finance minister. They insist that he leave his post "because of the risks left to his subordinate structures, which is why thousands of citizens and their businesses are at risk".
- » Police Detained a Bulgarian in France with Nearly 30 kg of Cannabis
- » 1kg of Cocaine and Almost 5kg of Heroin Seized by Police in Plovdiv Area
- » Cyberterrorists Attacked 40 US Cities
- » Bulgarian Special Prosecutor's Office Files Indictment Against Controversial Banevi Family
- » Over One Tonne of Cannabis Was Found Aboard a Yacht in Greece
- » Bulgarian Police Seizes 76 kg of Cocaine Hidden Among Fruits