He is 20 years old. Since his childhood, computers have been the center of his life. He works in the capital of Bulgaria, Sofia, as a cybersecurity expert at a firm owned by an American company in Washington, D.C. “There is so much you can learn,” Kristiyan Boykov said. “Endless possibilities.”
In just a day at the end of July, Boykov became one of the most famous young people in Bulgaria. He was arrested on charges of unprecedented hacking of the system of the National Revenue Agency (a state authority under the Minister of Finance in Bulgaria), the equivalent of the U.S. Internal Revenue Service. The personal data of over five million Bulgarian citizens, nearly every working adult, was stolen remotely and virtually from this institution. The case led to an unseen scandal that continues.
Sent to several media by an e-mail with a Russian address, the data then appeared on the Internet, accessible to the whole world. The Minister of Interior Mladen Marinov even hinted that Russia may be behind the attack. “Organized criminal groups involved in cyberattacks usually seek financial profits, but political motives are possible,” he told reporters. “One can make a guess here.”
The breach was made with one of the most basic tools in the hacker kit, known as SQL Injection — the attacker uses a login page to insert malicious code that allows access to data.
And while much of the Bulgarian society is just beginning to realize what cyberterrorism is, the situation in the United States is a lot different. According to a recent survey conducted by The Chicago Council on Global Affairs, Americans perceive cyberattacks on computer networks as the greatest threat. International terrorism, the nuclear programs of North Korea and Iran, and climate change are next, respectively.
In August, the account of Twitter’s CEO and Co-Founder, Jack Dorsey became the target of a cyberattack. His profile, which is followed by more than four million people, was programmed to tweet obscene, offensive and racist messages for 15 minutes.
“The phone number associated with the account was compromised due to a security oversight by the mobile provider,” Twitter said in a statement. “This allowed an unauthorized person to compose and send tweets via text message from the phone number.”
The hackers used a technique known as “simswapping” (or “simjacking”) to control Dorsey’s account.
Major hacking attacks also occurred during the 2016 presidential race. In that case, hackers digitally broke into the email accounts of the Democratic National Committee and John Podesta, the Clinton campaign chief, and then published stolen emails online.
Tom Burt, a vice president of customer security and trust at Microsoft, said the majority of nation-state attacks the company has detected against all Microsoft customers have originated with actors in Iran, North Korea and Russia. The Microsoft data suggest that, when it comes to the threat of cyberattacks, the 2020 elections are shaping up to be as bad or worse than 2016.
According to the company, Iranian hackers made more than 2,700 attempts to identify the email accounts of current and former U.S. government officials, journalists covering political campaigns and accounts associated with a presidential campaign.
“The threat is real and it’s not stopping,” Tom Burt says. “Anyone involved in the democratic process needs to know that it’s likely not a question of if they’ll be targeted, but whether they will be breached. And there’s a lot they can do today — basic cybersecurity hygiene — to protect themselves.”
Back in Bulgaria, alleged cyberterrorist Boykov is pleading not guilty. The Prosecutor’s Office accused him of creating instability in the country. Boykov’s bosses were also arrested on suspicious of being the ones organizing the cyberattack. They also deny guilt. The case against them is yet to start.
The lesson after this situation is that some institutions, at least in Bulgaria, are easy targets for hacking. In fact, no one should feel completely protected in this new era of unpredictable cyber threats, because no one is untouchable.