20-year-old arrested over attack on Bulgaria's National Revenue Agency named

Twenty-year-old cyber security researcher apprehended on suspicion of involvement

Police in Bulgaria have arrested a 20-year-old cyber security researcher on suspicion of involvement in the attack on the National Revenue Agency, Bulgaria ' s tax-collection agency.

The individual, named as Kristiyan Boykov, resides in Bulgaria's second-largest city, Plovdiv and had worked since 2017 for a local cyber security firm called TAD Security.

The attack spilt the personal details of some five million people in Bulgaria - a country with a population of just seven million.

Police claimed that the suspect had left a number of obvious pointers behind. These include his user name, time stamp, and software used to access the NRA ' s computers.

However, the evidence that Bulgarian police claim to have easily found undermines the Prime Minister ' s claim that the hacker was uniquely talented.

https://twitter.com/VessOnSecurity/status/1151738487030390785?ref\\_src=twsrc%5Etfw

Yavor Kolev, the chief of the police ' s cybersecurity unit, revealed that officers raided the home and office of Boykov and seized several computers containing encrypted data.

"Overnight, the relevant examination was carried out, a very initial one, which suggests that the suspect is connected to the crime," said Kolev, according to Reuters.

Kolev further revealed that the suspect was a security researcher involved in penetration tests of the computer networks of government departments. But, he was also involved in some criminal activity, according to Kolev.

In 2017, Boykov exposed several flaws in the Bulgarian Education Ministry ' s website, and was praised by Deputy Education Minister Denitsa Sacheva for his work.

https://twitter.com/VessOnSecurity/status/1151533636895805441?ref\\_src=twsrc%5Etfw

If charged and found guilty, Boykov faces up to five years in prison and a fine of up to BGN10,000. Police are also currently exploring the possibility of involvement of other people in the hack.

In addition, Bulgaria ' s National Revenue Agency faces a fine of up to $22.43 million over the hack, which compromised the personal data of "nearly all adults" in the country. Among the details stolen were names of individuals, their addresses and even their personal income.

The hacking incident happened in June, although it was revealed to the public on Monday after one of the hackers sent an email to Bulgarian media, describing government's cyber-security standards as a comedy.

The hacker also offered access to the stolen data, claiming that it contained information on more than five million people, as well as businesses.

The Bulgarian Industrial Association (BIA), Bulgaria ' s biggest business group, demanded that the government provide detailed information about the data leak to all individuals and businesses affected.

"We need to know so that at least we can be aware of possible dangers," said BIA deputy head Stanislav Popdonchev.