Bulgaria: Getting urgent IT experts for revealing vulnerabilities in software

Recently Bulgarian lawmakers have decided to arrest a famous IT specialist in this country - Petko Petrov - on charges of arbitrarily exploiting and disclosing information about the system's security vulnerabilities. Software used by local preschools.

This vulnerability allowed Petko Petrov to download details of 235,543 people in Stara Zagora, a province in central Bulgaria with a population of only 333,000. Thus, the system gap made personal information of about two-thirds of Stara Zagora's population fall into the hands of this IT expert.

1. Hacker successfully stole 100,000 photos from border control database

Famous Bulgarian IT expert Petko Petkov

After successfully hacking into the vulnerability above, Petko Petkov did not hesitate to share the video recording the entire process on personal Facebook on June 25 last.

The video shows in detail how Petkov conducted an automated attack on the website where parents registered their children for kindergarten. At the same time this site is also under the management of the local government. Well-known IT professionals have used security vulnerabilities to collect personal data of Bulgarian citizens hosting on this site - mainly by parents.

In the video posted on Facebook, Petkov said he tried to contact the site management team as well as information storage software, and of course the local government but was ignored. At the same time, the video description of Petko Petkov also includes a link to the GitHub repository, where people can download the vulnerability exploit code, and it is this 'foolish' action that makes him entangled in the cycle. physical.

1. GoldBrute botnet campaign is trying to hack 1.5 million RDP servers worldwide

The act of publicly revealing how to exploit the vulnerability caused Petkov trouble

After Petkov's public disclosure of how to exploit the security breach, Stara Zagora provincial authorities collaborated with Bulgarian security authorities to make an emergency arrest of the IT researcher at the end. last week, June 29.

Petko Petkov was detained for 24 hours, then was released on bail, but was banned from leaving his residence to serve the investigation.

According to ZedNet's report, local prosecutors are still waiting to consolidate the allegations under Article 319A of Bulgaria's Criminal Code, regulations on personal sanctions and organizations trying to steal information under management. government through illegal acts. According to local media, if proven guilty, Petkov will face a sentence of 1 to 3 years in prison, and must pay a fine of up to 5,000 Bulgarian leva (about 2,900 USD).

Immediately after Petko Petkov's arrest, Stara Zagora provincial authorities also removed software containing this serious security hole. At the same time, it is said that the representative of the software company responsible for managing and maintaining the website could not answer well the question from the government officials in charge of the investigation, so this company will also be subject to a big penalty. However, the details of the fine have not been disclosed yet.

1. Start-up corner: Sell drugs on the dark web in exchange for Bitcoin, young men 'peel off calendar' for 10 years

The governor of Stara Zagora said the company was named Information Services AD - the company behind the site contained a vulnerability, would have to repair its software on its own, and report the consequences of the recovery to the authorities in detail.

As for Petkov, the expert thinks that the same software system is used in many other Bulgarian localities, which means that until the problem is resolved, hackers can absolutely Easily collect data from Bulgarian citizens through the above flaw.

Data collected through the vulnerabilities discovered by Petko Petkov including information that is usually stored in a central national database, maintained by the Office of Civil and Administrative Services Management Bulgaria (GRAO).

1. Power theft from oil rig to dig Bitcoin, a Chinese man is about to be "fed the State"

Bulgarian government building

It is known that the GRAO database has the same value and significance in determining social security index (or similar) in some other countries. This system is stored as personal data including name, age, address, marital status, parenting, passport data, nationality and relatives (children, siblings) of About 10.5 million Bulgarian citizens (including 2 million people died).