SUMMARY: Hackers have Penetrated the Bulgarian National Revenue Agency through the Tax Refund System

Crime | July 16, 2019, Tuesday // 15:42
Bulgaria: SUMMARY: Hackers have Penetrated the Bulgarian National Revenue Agency through the Tax Refund System

The penetration in the NRA system, which shared personal data for millions of citizens and businesses, was probably done through the "tax" service and, in addition to registration of the hacker's email, there is no other evidence of a "Russian connection". This was understood by the statements of the Minister of Finance Vladislav Goranov and the Interior Minister Mladen Marinov after the meeting of the Council of Ministers of the Council of Ministers, which was convened by Prime Minister Boyko Borisov. Goranov specified that this e-service is used to refund value added tax (VAT) to companies trading abroad.

Three percent of the NRA's total database is affected by the hacker attack, Goranov said. According to him, this information does not constitute classified data, as "it was created by the persons themselves in the form of declarations". Experts say that fragments of the huge database the NRA has been working on and which is constantly creating have been downloaded. "In this sense, it can not be considered that on the basis of this fragmented information a comprehensive analysis can be made," Goranov said. According to him, the financial security, measured through the fiscal and the revenues, is also not jeopardized.

Asked whether there would be penalties and resignations at the NRA, the minister said that good IT specialists in the public sector are very difficult to find at the established levels of pay. "IT specialists in the private sector are receiving more than the employees in the public administration, a big problem, we need to build additional capacity and put additional resources," the Finance Minister said. 

Goranov noted that the entire database of the NRA "is consistent and this will not prevent it from carrying out its activities".

The investigation of the hacker attack against the NRA continues, measures to minimize the damage have been taken, Interior Minister Mladen Marinov said. "What has been established so far is that a message was sent from a Russian domain to Bulgarian media," he said. He explained that the links lead to a server where information has been uploaded

"We can say that this information coincides, it is available on NRA's servers, which confirms that unauthorized access to NRA information has been made," Marinov said.

The theory of contact with Russia is still conspiracy

Earlier today, Marinov said the hacker attack "has in all cases a political effect and affects national security." He also said that, according to the initial information of the investigators, including SANS, the NRA server breakthrough occurred a month ago and links the attack with the F-16 purchase from the United States. After a Dnevnik question, whether there is other evidence of interference from Russia in addition to the hacker's mail that is registered in the Russian Yandex service, Goranov said that this is a conspiracy theory on which there is work but no other data.

The attack was carried out outside Bulgaria

The hacker attack was carried out outside Bulgaria, the NRA spokesman Rosen Bachvarov said at an extraordinary press conference. According to him, the investigators do not exclude the co-operation of a NRA employee. According to the NRA, the attack has become possible due to the vulnerability in the security of the electronic service "Reimbursement of VAT paid abroad". Through it, the attack on 29 June has gained access to about 3% of the database, according to the NRA.

Help will be sought from the European Cyber ​​Attack Service

The Prosecutor's Office and the Personal Data Protection Commission will be seized for the hacker attack on NRA, we have also contacted the European Cyber ​​Attack Service, Goranov said. He added that the state would seek assistance from the European Cyber ​​Attack and Rapid Reaction Office to help make a more holistic audit of more sensitive systems.

"We did a dose of naivety to those who hosted the information to remove it, of course we did not get any reaction on their part," the minister said.

Yesterday, anonymous email to some media was spreading personal data to millions of citizens and businesses. The 57-folder of over 1 million rows contains PINs, names, addresses, and even earnings. According to the authors, the information is extracted from one of the servers of the Ministry of Finance.

More about what the files contain and how they are grouped read here.

For its part, the unification "Democratic Bulgaria" demanded the resignation of the finance minister. They insist that he leave his post "because of the risks left to his subordinate structures, which is why thousands of citizens and their businesses are at risk".

We need your support so can keep delivering news and information about Bulgaria! Thank you!

Crime » Be a reporter: Write and send your article
Bulgaria news (Sofia News Agency - is unique with being a real time news provider in English that informs its readers about the latest Bulgarian news. The editorial staff also publishes a daily online newspaper "Sofia Morning News." (Sofia News Agency - and Sofia Morning News publish the latest economic, political and cultural news that take place in Bulgaria. Foreign media analysis on Bulgaria and World News in Brief are also part of the web site and the online newspaper. News Bulgaria