Posted on July 19, 2019 at 10:31 AM
Reports of the Bulgarian’s NRA database theft were only published a few days ago, and already the data emerged on hacking forums. The hack itself supposedly happened during last weekend, after which the hackers sent the sample of the stolen data to local reporters.
After the hack, Bulgarian authorities apologized to the public, admitting that a significant percentage of the National Revenue Agency database was stolen. Analysts suspected that nearly every person in the country was affected by the hack, and links to the hacked database have already started to emerge.
Hacker dumps the stolen data
According to new reports, the links were shared by a data trader going by the name of Instakilla, who is believed to be a hacker operating from Bulgaria itself. The data dump appears to be authentic, as confirmed by many who are in contact with Bulgarian sources. It also contains the same data that was sent to the reporters immediately after the attack took place.
The data dump is 10.7 GB-large and contains 57 folders. Within, there are financial and personal details of a massive number of the country’s population, all consistent with what the reporters have said they received via the email from the attacker. The information includes tax data, personally identifiable information, and more. Interestingly enough, the data includes information from the NRA, as well as from several other government-related agencies that the NRA has been collaborating and sharing data with.
So far, the data trader did not comment or respond to additional information requests. It is known that he has been sharing hacked information for several years. In the past, he shared data stolen from gaming forums, Bulgarian citizens’ selfies where they are holding their IDs, and more. Instakilla also has its own website. The site’s older version was previously used for drug distribution, particularly cocaine sale.
Further, the hacker has linked a Facebook profile, although it is currently impossible to tell if this is truly the person behind the handle or just someone who Instakilla wants to frame for his actions.
Meanwhile, Bulgarian authorities started an investigation that has already started bringing in some interesting results. The NRA itself is participating in it, and the agency shared several pieces of information in regards to the incident on their website. One detail states that the hack took place around 20 days ago, which is contradictory to the hacker’s own claims. The hacker stated that the hack was performed several years earlier. Further, the NRA claims that the attacker only managed to gain access to around 3% of their total database.
Initial reports of the incident have stated that the data belonging to around five million citizens was stolen, which makes up for about 70% of Bulgaria’s total population. In the last several days, however, these figures were downgraded. New reports claim that data theft also impacted deceased individuals, but also visiting foreigners.
Bulgarian police arrests the wrong criminal
The country’s police also already arrested a suspect two days ago, on Wednesday, July 17th. The suspect is a 20-year-old who was then released the following day. A local media outlet, Dnevnik, claims that the suspect is a Plovdiv-based computer expert who has illegally copied the data from the NRA-owned servers. However, the copied data is not the same as the information stolen in a recent attack.
Even so, breaching the NRA’s security and stealing data is a serious crime, and the perpetrator is likely facing five to eight years in prison, in addition to a hefty fine.
For the time being, Bulgaria’s authorities continue to blame Russian hackers for the attack. Speculation about the hacker being a foreigner was going around ever since the hack itself. The authorities believe that Russians are to blame as the hack came right after Bulgaria admitted to purchasing F-16 fighter jets from the United States. With no clear proof that this is the case, however, the investigation continues.