An unprecedented decline in personal data from Bulgarian institutions hacked by mail sent to the editorial offices of several Bulgarian media, including Capital, which was first reported by the alleged cyber-raider. For the evidence, the perpetrators also sent part of the information.
In the letter, hackers say one of the servers of the Ministry of Finance is "broken" and the content of more than 110 databases has been taken. "More than 5 million Bulgarian and foreign citizens are affected," they write.
A link to some information is attached as evidence. The audit of archive content shows a large number of file names similar to those of institutions such as the NHIF and the Employment Agency. They at least appear to contain data on the arrays indicated. Some of the columns are incomprehensible or related to system codes, but others contain, for example, wires that resemble UCN and UIC numbers of individuals and legal entities.
Today, before 17:00, a message is published on the NRF's website, according to which "NRA and specialized bodies in the Ministry of Internal Affairs and SANS are checking the potential vulnerability of the State Revenue Agency's computer system."
Earned data is volume 21 GB, hackers were reported at this stage 11GB with the promise of publishing the other half of this information.
In addition to the NRA, the Ministry of the Interior and SANS have already checked the weaknesses of computer systems and financial security is threatened.
Hacker's motives are unclear, but their announcement ends with the call of WikiLeaks maker Julian Assange, who will be released. "Your government is mentally retarded, your cyber security is a parody," cybercriminals write.
Has the country's national and financial security been reduced we will be able to say tomorrow morning with our colleagues from SANS and GDOK, BTV spokesman Rosen Bachvarov, spokesperson for the Revenue Agency.
"We are checking each of these millions of records whether it's leaking information and whether the information we publish is true – this is the first task we have – to see if these data are true or not, and that's why we are working tonight."
– Check of Capital reports that the data are authentic. Apart from the names and PINs, we are talking about the income of these people. Is this information authentic?
– We are currently checking. Will we be able to answer this morning whether it is authentic and whether it is completely authentic. This is the first thing we need to check to find out whether or not we have leaked confidential information. These data are claimed to be very sensitive data from tax returns, including tax records and other similar sensitive data.
– If this information seems authentic, i.e. is not manipulated, not a fraud, what are the moves, what are the steps for the state?
– We will continue to answer this question. At present, we will not consider hypotheses. Tonight, we will check whether the expired data are actually true, and tomorrow morning we will announce the following moves when we can answer the first, most important question – whether these data are actually true.
– Is it clear where the attack comes from – from Bulgaria or from abroad?
– No, at this stage it's not clear. Right now, along with law enforcement agencies, we are trying to find out if NRA's computer systems are available in an unauthorized manner. We still do not have an answer to this question.
"At present, most of the Bulgarian citizens who have income can be profiled, segmented and appropriately attacked privately or by businesses from people who know who has money and who can pay to be part of a particular action or simply to exclude it from it. Concern is that sensitive data is being accessed and is currently widespread, "he said. Jasen Tanev, an expert on cyber security.