At the end of June, the tax authorities in Bulgaria were exposed to the most extensive hacking attacks the country has ever experienced.
The stolen information includes social security numbers, income figures, loans, and private health information from the country's health service, writes Reuters.
The country's finance minister, Vladislav Goranov, said the leaked information is neither a secret stamp nor a risk to the country's economic balance.
He apologized to anyone in Bulgaria who was affected by the hacking.
And that was very much to put it that way.
1; Citizens and Enterprises
– According to a researcher for data security at the Bulgarian Academy of Sciences, Vesselin Bontchev, it was about personal information from virtually the entire adult Bulgarian population.
One person who claimed to be a Russian hacker sent an email to journalists in Bulgaria last Monday. According to an e-mail he wrote that Reuters saw that more than five million Bulgarian and foreign residents and businesses were affected.
A total of seven million people live in the countryside.
Arrested and charged.
The following day, a 20-year-old Bulgarian computer security employee was arrested and charged with hacker attacks. The police continue the investigation and do not exclude that others were involved.
The defendant can be sentenced to eight years in prison if found guilty.
Magician or luck?
The country's prime minister, Boyko Borissov, described the man as a "magician" according to Reuters and that the country should use similar "unique minds" to work for the country rather than against it.
Experts say that the techniques are very simple, pointing to ignorance rather than "tremendous abilities."
– Hacker's success is not about sophistication, it's about poor security systems at the tax authorities, says director of data security firm LogSentinel, Bozhidar Bozhanov.
The tax authorities in Bulgaria can expect a fine of up to 20 million euros after the extensive hacking.
20-year-old Bulgarian is innocent.
– You have no evidence, says lawyer Georgi Stefanov to Reuters.
Officials in Bulgaria believe that the hackers have invaded the tax authorities' database by exploiting a vulnerability in the system when they filed the tax return from abroad.
– Can happen in Norway
– Can this also happen in Norway?
– It's clear that it can, says security advisor Ludwig Sandell of the Data Security Company Dignatio AS.
– Something can be built digitally, so it can be hacked as well. But without knowing the systems in Bulgaria, there were probably some weaknesses that fortunately we are wary of in Norway, he says to Aftenposten.
– How would that happen?
– Security breaches occur in two ways. Either the software is set up wrong so that the hacker gets into the back door, or there is a human weakness. According to Sandell, someone who has access to the systems has clicked on a link or downloaded software.
Abduction and blackmail
– In Norway we use Altinn and two-factor authentication. It's much safer, Sandell says, adding that the Norwegian authorities regularly update their systems and that "you should work pretty hard" to break their wall.
– What does a hacker do with information about pay, credits and taxes
– This data can be very interesting for everyone. It can be used to extort money from people who are about to go bankrupt or to get an overview of wealthy people. You can plan kidnapping attempts or weaken confidence in the country's authorities. Or sell your information to commercial players, says Sandell.
– Or they'll simply prove to the authorities that you're smarter than them.