Suspect arrested after Bulgarian cyber attack (UPDATE 2)

EuroNews reports an update to a story noted earlier this week on this site:

Bulgarian police said on Wednesday they have arrested a suspect for a cyber attack on the country’s National Revenue Agency (NRA), which led to the leak of personal and financial data of millions of people.

“We have a suspect that has been detained,” a police spokeswoman said, declining to elaborate.

The breach on the NRA happened at the end of June and is considered to be the biggest leak in the country with hackers securing names, personal data and financial earnings of individuals and companies.

Read more on EuroNews.

This is the second arrest of an IT specialist in Bulgaria in the past month. DataBreaches.net previously reported that Petko Petkov had been detained after demonstrating a vulnerability in a municipal system after the municipal system reportedly did not respond to his notification (see the previous post here). Today, the Sofia Globe reports that a 20-year-old Bulgarian national was arrested.

The man is described as a cybersecurity expert tasked with testing and auditing IT systems. He was arrested on July 16 at his place of employment, but prosecutors said that his actions had no relation to his employer’s activity.

Law enforcement officers also raided his residences in Sofia and Plovdiv, seizing computers and storage devices, the prosecutor’s office said.

Read more on The Sofia Globe.
Update:  The Guardian names the suspect. It is not Petkov, but it is someone with a history of exposing vulnerabilities:

Bulgarian media identified the suspect as Kristian Boykov. George Yankov, senior manager at the Bulgarian office of US cybersecurity firm TAD Group, said Boykov was an employee of the company and confirmed he had been arrested. He dismissed the allegations against him.

Boykov’s lawyer, Georgi Stefanov, told Reuters his client denied the charges against him. “He says he is innocent and has no connection whatsoever with the issue. Prosecutors have … accused him despite a complete lack of evidence,” Stefanov said.

Boykov, from the city of Plovdiv, 130km (80 miles) south-east of Sofia, had posted regularly on social media about cybersecurity and hacking news before his arrest.

Read more from Reuters on The Guardian.

About the author: Dissent