Bulgaria hacking suspect worked on government cybersecurity before tax agency breach

Written by

Bulgarian authorities have arrested a 20-year-old government contractor in connection with a hack on the country’s national tax agency that involved information about roughly 5 million adults, prosecutors said Wednesday.

Prosecutors described the suspect only as “KB,” though Bulgarian media quickly identified him only as Christian Boykov, or Kristian Boykov, a computer specialist from the city of Plovdiv. The Sofia City Prosecutor’s Office described the hacking suspect as a “cyber security expert” who is “involved in testing and auditing information systems,” according to a translation of their announcement. Boykov has been conducting cybersecurity training for the GDOC, a Bulgarian government agency, his lawyers told MediaPool.ng.

The arrest is related to the data breach at the National Revenue Agency, which announced Monday that an outsider had compromised its systems, prosecutors said. A hacker had contacted local media outlets from a Russian email provider with databases containing millions of rows of Bulgarians’ personal information including names, addresses, income figures, and other financial data. The hacker claimed the stockpile totaled 21 gigabytes.

Boykov’s Facebook page lists his employer as TAD Group, a security firm with offices in Sofia, Bulgaria’s capital. The company’s website lists penetration testing, information security audits and vulnerability assessment among its services. Prosecutors said the suspect’s actions have nothing to do with his employer, though TAD addressed the matter in a statement.

“Christian is our 2017 official in the ‘Cybersecurity Expert’ position,” the company said. “As part of the company, Christian has always been ethically, professionally and loyal to his work commitments, including our clients and the entire team.”

The incident was enough for Bulgarian Prime Minister Boyko Borissov to call an emergency meeting earlier this week to discuss the incident. Finance Minister Vladislav Goranov said 3 percent of the NRA’s database was compromised, according to Reuters, and apologized “to all Bulgarian citizens who have been made vulnerable.”

The then-unknown hacker wrote a note to media outlets claiming to be a Russian citizen with a Bulgarian wife, a storyline that police say has been debunked, according to local media.

Borissov told said the suspect has a “unique brain” and “above the world level” intellect, according to MediaPool. Investigators determined “KB” was responsible because of forensic data in a National Revenue Agency server which included a computer configuration, unique username, date, time, and software application used to access the file tying the 20-year-old to the breach.

He now faces up to eight years in prison.