Personal data of millions of Bulgarians leaked after cyber-attack against National Revenue Agency, Procedure for electing new Prosecutor General begins

Top stories:

Unprecedented cyber-attack leaks personal data of millions but at least “no information was lost”, says minister

An unprecedented cyber-attack on the National Revenue Agency compromised the personal data of nearly every adult in Bulgaria. The news broke after the person, claiming to have executed the attack sent an anonymous tip to some Bulgarian media outlets this Monday.

The attack is colossal, it seems, but only in terms of amount of data stolen. Many experts and reports have come forward since, making it clearer by the day that one does not need be a cyber security genius – contrary to PM Boyko Borissov’s assertion – to break into the NRA’s database. Rather, the data was so weakly guarded that it was only a matter of time before someone stole it. This is hardly surprising for many reasons, not least of which is last year’s – also unprecedented – collapse of the Trade Registry, which revealed that one of the most crucial databases in the country virtually runs on sheer chance. It seems not much has changed, and not much is different for the NRA’s servers as well.

The hackers leaked the personal data of over five million Bulgarians, mostly from their tax returns. The data can be misused in a vast number of ways: the information is good for anything from identity theft to extortion, fraud or plain using sensitive data for profiling.

As is the norm for this government, it quickly embarked on spins to make the hack unimportant. It also did its other go to: use law enforcement to pin the crime on someone and shift the focus on the alleged criminal.

The special police forces arrested a twenty-year old cyber security expert, who coincidently has trained officers in cyber-crime. Kristian Boykov was held for 72 hours before he was released. The evidence against him consist of a file, which according to prosecutors, make the case of his guilt. A number of prominent IT specialists, and Boykov’s lawyers maintained that the file is planted. They presented evidence to that effect not least of which was that the file in question was created under Windows, while Boykov’s uses only Linux. But the reason for his release is not the file. His charges were changed after the NRA declared that its database is not part of the so-called “critical infrastructure” of the country. Infrastructures, which the state deems critical are sensitive to national security. Apparently, the personal data of nearly all Bulgarians does not qualify for such a title.

The Bulgarian government, which co-operates this captured state for over a decade does one thing consistently and predictably well. Securing public procurements to known companies, whose unskillfulness in whatever the sphere is devastating at best. One may wonder how could a company produce a bad product, yet stay in business and actually get ahead. In Bulgaria the quality of the product is a technical formality: what wins public contracts is not skill, but having the right people in the right places. For all intents and purposes Bulgaria is not a market economy. And this must be made very clear.

The country is run by corrupt politicians, but this is hardly their only fault. The excruciating incompetence and failure to grasp simple concepts is the key factor, which has made this country unreliable to its allies and friends and hopeless and dangerous for its citizens. It is key, and as such is no coincidence. Utter incompetence and complacent foolishness is the bedrock of this administration and its next-level corruptness.

Many red lines have been crossed to get to a place where money is the least and most trivial of damages from this nepotistic regime. Billions go down the drain to maintain the status quo (and the status of its leaders) but the carefully cultivated incompetence across the board has become a physical danger as well. Just as the roads are not only low in quality and carelessly built, they are just as dangerously designed. The healthcare system is in ruins for the same reasons; energy security is becoming more and more under question, the deteriorating border security, systematic destruction of natural recourses, the list goes on. The decline of all these spheres have one thing in common: the interests of oligarch circles, cemented together with concrete political backing.

Somewhere along this list-of-everything is how the government has ensured the safety of its citizens’ personal data. And it has done that in the exact way it managed to lay at least five meters continuous straight line of paving stones along the infamous Graf Ignatiev; or how it succeeded on building safe roads; or kept the Trade Registry from collapsing. It didn’t. And for the most part, the reason is the same: the public contracts for cyber security have been awarded to companies, who are completely unable to deliver passable results. According to the cyber security expert Stanislav Georgiev, these companies (again – not surprisingly, as this is a universal model in the country) consistently win public procurements but never get hired by anyone who actually needs for the data they store to be safe. In a word, just as so many other companies from various fields, these exist almost exclusively on public funding.

The hackers released some 11 GB of the NRA’s data, and threatened to release another dump of about 20GB. The current bunch includes the personal numbers of over 5 million Bulgarians (virtually, everyone who have submitted tax returns to the NRA in the past decade), information about their income, as well as other financial information, ID numbers and more. The amount and scope of information is colossal. But then again, as the minister of finance suggested at first, if the information was not on computers, this wouldn’t have happened. (?!)

In the face of this massive leak, Finance Minister Vladislav Goranov apologized but refused to resign. He had much work to do in taking ‘measures’ in dealing with the aftermath of the attack, he said. Whatever that might mean. As always, the Bulgarian government insists through wording and acts that anything prior any given crisis has no relevance whatsoever, let alone anyone taking responsibility for not taking appropriate measures to prevent a crisis. Especially in this case, where just about all one can do is preventive in nature. Once the data is leaked, there is no going back. Some officials’ calls for the hackers to delete the data was not only comical, it revealed just how clueless this administration is regarding digital data on the most basic of levels. Another such reveal was Goranov’s “reassurance” that while the fact that the data got stolen is bad, the most important thing is that “no information [at the NRA] was lost or destroyed” (?!) as a result of the hack. In his address after the news broke, he said something similar: people shouldn’t worry because the NRA still has all its data Meaning? Has someone made sure to explain to the minister that the stolen data is not on paper? The problem isn’t if the NRA has the data, it is that everyone does, but somehow the minister of finance (!) is unable to grasp such a concept.

Finally, the speaker of the NRA weighed in: After all, nothing life-threatening has occurred”. The director of the NRA is on vacation.

Apparently, any day the government manages not to kill us is a good day. This is how high the bar stands.

Going into the weekend, Goranov continued with his impressive comments, this time trying out a metaphor: “If you leave your car unlocked – he told a reporter – and someone steals it, it will not be your fault.” And while this metaphor is very lacking in its failure to convey the fact that my data is not the NRA’s car, but rather my car, and I have no choice but to hand it over to the NRA, hoping it will keep it safe, although I know it won’t, and just as I thought, it left it wide open for anyone to take, the metaphor still has its merits. Because really, it is a fantastic portrayal of the country as a whole: a car left out wide open, and unlimited copies of keys for anyone to take.

Supreme Judicial Council officially open the procedure to choose the next Prosecutor General

Current Prosecutor General Sotir Tsatsarov and PM Boyko Borisov

The procedure for choosing the next person to take over one of the most controversial and evidently – most powerful – positions in the country has begun. The position of Prosecutor General is virtually untouchable and unaccountable in Bulgaria. It has been at the center of most reports through the Cooperation and Verification Mechanism, which is the main instrument the EU has for pressuring Bulgarian and Romania into reforming their justice systems. The mechanism has mostly failed in Bulgaria, as none of its most important recommendations have been addressed by the Bulgarian government in the last decade, especially regarding the role and power of the Prosecutor General. This is virtually the only public position in the country, which is not accountable to anyone, and practically is immune to investigation and indictment.

The current Prosecutor General, Sotir Tsatsarov will leave his post in January of 2020.

The Supreme Judicial Council is the body, which carries out the procedure of electing a Prosecutor General, but in reality, the choice is always heavily influenced by the political realm. And understandably so, as the prosecution and the political elite have proven to be a well-oiled machine for protecting friends and pressuring inconvenient politicians, reporters, companies, etc.

The most likely candidate for now seems Sotir Tsatsarov’s deputy, Ivan Geshev, who is also head of the specialized prosecution. If he succeeds the post, this will be a clear sign that nothing is about to change in the way the prosecution operates in the next seven years, but maybe with some added loudness, as Geshev is the face of all the raids and theatrical cases, the prosecution carries out.

Another of Tsatsarov’s deputies, Maria Shishkova is also a likely candidate, and one that will not carry the mark of Tsatsarov’s rain so vividly. She is not nearly as ‘loud’ and controversial as Geshev, which makes her a good candidate in optics terms, especially in the eyes of our EU partners. She will follow in her predecessor’s footsteps but in a more reserved way. Two other women – the current speaker of the Prosecutor’s Office Rumiana Arnaudova, and Sofia’s district prosecutor, Emilia Russinova might be into consideration for similar reasons.

If the next Prosecutor General is from within the system, one of those will likely get it. Otherwise, the most likely candidate seems the head of the Specialized Court of Appeals Georgi Ushev.

In other news:

The judicial inspectorate leaked personal information of an inconvenient judge

Judge Miroslava Todorova

The judicial inspectorate leaked, seemingly on purpose, although this cannot be confirmed at this time, personal data of Judge Miroslava Todorova. Todorova is known for being one of the loudest voices, pushing for judicial reform. She previously headed the Bulgarian Judges Association, which is a non-profit, non-governmental professional organization.

The Supreme Judicial council fired Todorova back in 201 but was reinstated at the Sofia District Court after she took the case to the supreme court and won, but was demoted to the regional court.

Just recently the Supreme Judicial Council, which issues annual evaluations of judges, lowered Todorova’s mark on a technicality. The council did the opposite for another judge, Petia Krancheva, who apart from being known for her pro-government bias, recently sentenced the reporter Rossen Bossev from Capital Weekly in a defamation case on exceptionally questionable case by the prosecution.

New GERB-appointed member in the CEM has no education or experience for the job

Galina Georgieva

Galina Georgieva, an agriculture graduate with average grades is the newest member of the Council for Electronic Media. CEM is the body, which regulates electronic media outlets but especially the public media ones like the Bulgarian National Television and the Bulgarian National Radio. BNT recently got a new General Director, Emil Koshlukov, whose government-friendly positions and previous professional experience in media outlets, connected to the infamous media mogul Delyan Peevski, has raised much concern as to the future of quality reporting in the public network.

Many observers commented that the appointment of Koshlukov at the head of BNT has placed it within the realm of Peevski-owned and influenced media. The appointment of Georgieva at CEM rings also of the same.

Georgieva has graduating agriculture economics with average marks from the University of National and World Economy’s branch in Vratsa. She has worked in the production of a reality show at NOVA TV for a while and then in the marketing departments of Netera Communications, eFellows, Profon and others.

No surprises: military intelligence head resigns

Plamen Angelov

Plamen Angelov, the head of the military intelligence has resigned, Defense Minister Krassimir Karakachanov confirmed. Last week the military prosecution charged Angelov for granting access to secret information illegally. According to the prosecutors, Angelov and his predecessor are responsible for illegitimate access to information because the orders for access were signed by their deputies instead of by them. The charges do not have baring on the information itself: they only concern the technical question of whether or not their deputy had the authority to sign these documents.

The minister of defense has made indications that he will recruit Angelov in his team. The minister was against letting go of Angelov from the position of head of the military intelligence, when asked about it last week in the wake of the scandal.

According to Mediapool sources the likely candidate for Angelov’s successor is the current deputy head of the military intelligence and former employee of the State Agency for National Security, Yanko Zlatanov.

There is also a possibility for the military intelligence to be headed by a civilian. GERB and coalition partner the United Patriots have introduced amendments to allow such a possibility, which might mean they have someone in mind.