Macedonian Truth Forum   

Go Back   Macedonian Truth Forum > Macedonian Truth Forum > General Discussions

Reply
 
Thread Tools
Old 07-17-2019, 07:16 PM   #1
Risto the Great
Senior Member
 
Risto the Great's Avatar
 
Join Date: Sep 2008
Location: Macedonian Colony of Australia
Posts: 14,679
Risto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond reputeRisto the Great has a reputation beyond repute
Default What happens when a country’s entire adult population is hacked?

https://www.technologyreview.com/f/6...ion-is-hacked/

Quote:
After a massive hack in Bulgaria, the prime minister called the attacker a “wizard,” but cybersecurity experts said the security was simply inadequate.

The hack: A 20-year-old man was arrested in Sofia, Bulgaria, on Tuesday afternoon and charged with an unprecedented hack of the country’s tax authority, ending with the theft of sensitive personal records from nearly every adult in Bulgaria, according to local reports. The suspect, whose name is Kristiyan Boykov, according to Bulgarian media, faces up to eight years in prison. Police say others may have been involved.

The country’s officials have spent the week revealing and apologizing for the pillaging of Bulgaria’s National Revenue Agency (NRA) in June, Reuters reported. Personal and financial data for millions of taxpayers was leaked by email to local journalists. The data leak includes names, addresses, income and earnings information, and personal identification numbers, totaling 21 gigabytes and extending back over a decade.

In the email, the hacker described the Bulgarian government as corrupt. (Indeed, Bulgaria ranks as the most corrupt country in Europe, according to Transparency International.)

The reaction: Prime Minister Boyko Borissov called Boykov a “wizard” and said the country should hire people like him. Security professionals in Bulgaria are disputing the compliment and say the vulnerability never should have been exposed.

“It was alleged in the press that internal sources say the attack was an SQL injection,” said Bozhidar Bozhanov, an executive at the Bulgarian security company LogSentinel. “SQL injections are easy to detect and somewhat easy to exploit. Protecting from SQLi should have been done on many levels. First, in the software requirements. Second, during acceptance tests. And third, during operation by regularly scanning publicly facing services for vulnerabilities. Apparently none of this has been done.”

The facts: There is a gap between the hacker’s claims and what the Bulgarian government says happened. The facts are still being determined.

The hacker claimed to have stolen data from over 5 million Bulgarians. The country’s entire population is around 7 million. Finance Minister Vladislav Goranov said 3% of the NRA’s databases were impacted. Although the number is in the millions, it’s not clear how many individuals Goranov believes are affected, but he said financial stability was not in danger.

Goranov apologized to Bulgarian citizens in front of the country’s parliament.

Vesselin Bontchev, a cybersecurity researcher and assistant professor at the Bulgarian Academy of Sciences, said the suspect left a mountain of digital traces that led to his arrest.

“I can’t say the hacker was a ‘wizard,’” Bozhanov said. “If he indeed got caught so quickly, it means he was sloppy rather than a mastermind.”

The consequences: The scope of this attack is vast, and the number of unanswered questions remains significant.

The email the hacker sent to journalists with the leaked data came from a Russian email address. No one is quite sure what that means yet, but given the tension between Russia and Europe, especially in cyberspace, it’s a detail that’s attracted immediate attention.

Closer to home, the Bulgarians are looking at their government and wondering what went so badly wrong.

“We have to note that NRA is one of the most technically advanced administrations in Bulgaria,” Bozhanov said. “This issue may or may not be representative of the entire stack of technologies and services inside, but the fact that so much data was breached hints that few operational-security best practices were followed.”

The big open questions include who was behind the attack, and whether it was an individual, a group, or even a nation-state. Criminals, activists, and governments use hacked data in entirely different ways that can spell distinct forms of trouble for the Bulgarians affected by this breach.

One thing is clear: a reckoning has arrived for Bulgaria’s cybersecurity. Whether the government recognizes it or not, outside hackers certainly will.
A genius! Or maybe some pimply faced dude who got tired of the same old Bulgarian donkey porn.
__________________
Risto the Great
MACEDONIA:ANHEDONIA

"Holding my breath for the revolution."
Risto the Great is offline   Reply With Quote
Old 07-19-2019, 09:54 PM   #2
Carlin15
Senior Member
 
Join Date: Dec 2017
Location: Canada
Posts: 1,242
Carlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud ofCarlin15 has much to be proud of
Default

Networks suck. Most governments and companies don't do enough about cybersecurity & protecting personal information so this sort of hack is not surprising. We may expect this to continue and escalate going forward.

Equifax was breached as well, in 2017. The hackers stole personal information of 147.7 million Americans from its servers.

https://www.cnet.com/news/equifaxs-h...whats-changed/
Carlin15 is offline   Reply With Quote
Old 07-21-2019, 10:39 AM   #3
Rogi
Senior Member
 
Join Date: Sep 2008
Posts: 2,278
Rogi is on a distinguished road
Default

SQL injection is not even about network security, its just some bad code that didn't cover even the basics.
Rogi is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump