A day before the leak, Bulgaria purchased F-16 fighters to replace their aging MIG-29 aircraft.
The ReasonsĪs the situation develops, different theories emerge. However, his defense maintains a stand on his innocence and emphasizes that even a fine would destroy the 20-year old’s cybersecurity career. This means that Boikov would face only a fine. Supposedly the NRA stated that the system from which Boikov copied data was not part of the criminal infrastructure. That is why some security experts believe that Boikov was framed.īoikov was subsequently released and charges against him were reduced.
#Sqli Anonfile professional
However, many commenters doubt that a professional whitehat hacker would be involved in such an activity and be sloppy enough to leave behind such obvious information.
This information supposedly matched data found on Boikov’s seized personal computer.
#Sqli Anonfile software
The authorities stated that one of the leaked files contained information about the attacker: computer configuration, a unique username, date, time, and software used to read the database. This fact and Boikov’s continuous activity in the cybersecurity scene are believed to be why he was immediately arrested as a suspect. The ministry ignored his reports, so Boikov turned to the media and made the information public.
Two years ago he found a vulnerability in a system managed by the Ministry of Education and Science. Several facts don’t seem right about this arrest.īoikov has no criminal record but he has been in the news before. His employer, the TAD Group, describes him in an official statement as ethical and professional. On July 17, authorities arrested a 20-year old whitehat hacker – Christian Boikov. They also state that the system was attacked back in 2012 which led to them acquiring 30 GB of information. In a follow-up email sent to three media outlets, the original attacker claims that the vulnerability has been there not for 4 but for 11 years. Several sources state with certainty that the leak was a result of an SQL Injection. The VulnerabilityĪccording to various sources, the vulnerability that led to the leak was in a VAT refund service and it existed since 2015. On the other hand, the Ministry of Finance stated that only 3% of the agency’s information was accessed, thus playing down the scope of the attack. Bulgaria’s minister of finance Vladislav Goranov and prime minister Boyko Borissov issued public apologies. They also include information about companies and information imported from other databases.
#Sqli Anonfile full
The databases include full names, income information, personal identification numbers (EGN), and more: employment status, social benefits, medical insurance. Records supposedly contain tax data for 5 million citizens (Bulgaria’s population is approximately 7 million) over a span of 10 years, some of them now deceased.
#Sqli Anonfile password
It took only a couple of hours for blackhat hackers to crack the password and share it via underground forums. The package was password-protected, so one of the local stations saw no harm in showing the download link on TV. Last Tuesday, Bulgarian media received such an email from a account along with an anonfile link to approximately 10 GB of data – supposedly half of all the data stolen from the Bulgarian National Revenue Agency (a department of the Ministry of Finance). This email is bulk sent to every single Bulgarian media as well as Reuters and BBC. At the moment of writing, the authorities still haven’t been able to determine who was behind the attack and what was the reason for it. The stolen databases are already available for download via underground forums. The attacker sent half of the data as proof to many Bulgarian and international media sources. On July 16, the world found out that the tax data of millions of Bulgarian citizens have been stolen.