Bulgaria’s police raid cybersecurity firm linked to hack attack on tax authority

Bulgaria’s police raid cybersecurity firm linked to hack attack on tax authority
By bne IntelliNews July 24, 2019

Bulgaria’s police have raided the office of TAD Group, seized computers and arrested one of its managers they suspect is related to the hacking of Bulgaria’s tax administration, Nova TV reported on July 24.

The news came shortly after Ivan Geshev, deputy-chief prosecutor and the sole candidate for chief prosecutor, accused BNT TAD Group of being involved in cyber blackmailing and suggested the company was related to the hack attack, in an interview with Bulgaria's public broadcaster. 

Several days earlier, the prosecution arrested 20-year old Kristian Boylkov, an employee of TAD Group, accusing him of hacking the data of Bulgaria’s National Revenue Agency (NAP), getting access to the personal and financial data of millions of Bulgarians and leaking it to several Bulgarian media from a Russian email address.

According to Nova TV, after a second raid on TAD Group’s office, executed several hours after Geshev’s interview, the company’s commercial director Georgi Yankov was arrested. The information was revealed by one of Boykov’s lawyers, Georgi Stefanov.

Geshev said in his interview that TAD Group had breached various information systems of its clients and blackmailed their owners. 

Moreover, he said the prosecution has proof as it had decrypted one of TAD Group’s computers. According to Stefanov, if the police have done this they breached procedures, and even if proof is found a court cannot use it.

According to information from NAP, the hacker or hackers accessed the system of Bulgaria’s tax agency, revealing tax declarations, personal identification numbers, names, addresses, income and other information kept by NAP.

Initially, Interior Minister Mladen Marinov suggested the attack might have been related to the government’s decision to buy US F-16 fighter jets and might come from Russia. However, Finance Minister Vladislav Goranov denied such a possibility, saying the attack was executed before the government’s decision to sign the deal for the jets.

Also on July 16, several media received anonymous emails from someone claiming to be the hacker, threatening to reveal more data unless the government tells the truth. The hacker claimed to be a Russian citizen married to a Bulgarian woman and also wrote the leak has been happening for 11 years now.

He has also claimed that data was hacked back in 2012 as well, but that nobody found out at the time that 30 GB of information had been accessed.

The hacker has threatened to upload 21GB of data on Russian and Bulgarian torrent trackers if Bulgarian security services fail to reveal the truth.