Bulgaria: Getting urgent IT experts for revealing vulnerabilities in software
Petko Petrov - a famous IT expert - was arrested on charges of arbitrarily exploiting and disclosing information about the security vulnerability of the software system used by local kindergartens.
Recently Bulgarian lawmakers have decided to arrest a famous IT specialist in this country - Petko Petrov - on charges of arbitrarily exploiting and disclosing information about the system's security vulnerabilities. Software used by local preschools.
This vulnerability allowed Petko Petrov to download details of 235,543 people in Stara Zagora, a province in central Bulgaria with a population of only 333,000. Thus, the system gap made personal information of about two-thirds of Stara Zagora's population fall into the hands of this IT expert.
- Hacker successfully stole 100,000 photos from border control database
Famous Bulgarian IT expert Petko Petkov
After successfully hacking into the vulnerability above, Petko Petkov did not hesitate to share the video recording the entire process on personal Facebook on June 25 last.
The video shows in detail how Petkov conducted an automated attack on the website where parents registered their children for kindergarten. At the same time this site is also under the management of the local government. Well-known IT professionals have used security vulnerabilities to collect personal data of Bulgarian citizens hosting on this site - mainly by parents.
In the video posted on Facebook, Petkov said he tried to contact the site management team as well as information storage software, and of course the local government but was ignored. At the same time, the video description of Petko Petkov also includes a link to the GitHub repository, where people can download the vulnerability exploit code, and it is this 'foolish' action that makes him entangled in the cycle. physical.
- GoldBrute botnet campaign is trying to hack 1.5 million RDP servers worldwide
The act of publicly revealing how to exploit the vulnerability caused Petkov trouble
After Petkov's public disclosure of how to exploit the security breach, Stara Zagora provincial authorities collaborated with Bulgarian security authorities to make an emergency arrest of the IT researcher at the end. last week, June 29.
Petko Petkov was detained for 24 hours, then was released on bail, but was banned from leaving his residence to serve the investigation.
According to ZedNet's report, local prosecutors are still waiting to consolidate the allegations under Article 319A of Bulgaria's Criminal Code, regulations on personal sanctions and organizations trying to steal information under management. government through illegal acts. According to local media, if proven guilty, Petkov will face a sentence of 1 to 3 years in prison, and must pay a fine of up to 5,000 Bulgarian leva (about 2,900 USD).
Immediately after Petko Petkov's arrest, Stara Zagora provincial authorities also removed software containing this serious security hole. At the same time, it is said that the representative of the software company responsible for managing and maintaining the website could not answer well the question from the government officials in charge of the investigation, so this company will also be subject to a big penalty. However, the details of the fine have not been disclosed yet.
- Start-up corner: Sell drugs on the dark web in exchange for Bitcoin, young men 'peel off calendar' for 10 years
The governor of Stara Zagora said the company was named Information Services AD - the company behind the site contained a vulnerability, would have to repair its software on its own, and report the consequences of the recovery to the authorities in detail.
As for Petkov, the expert thinks that the same software system is used in many other Bulgarian localities, which means that until the problem is resolved, hackers can absolutely Easily collect data from Bulgarian citizens through the above flaw.
Data collected through the vulnerabilities discovered by Petko Petkov including information that is usually stored in a central national database, maintained by the Office of Civil and Administrative Services Management Bulgaria (GRAO).
- Power theft from oil rig to dig Bitcoin, a Chinese man is about to be "fed the State"
Bulgarian government building
It is known that the GRAO database has the same value and significance in determining social security index (or similar) in some other countries. This system is stored as personal data including name, age, address, marital status, parenting, passport data, nationality and relatives (children, siblings) of About 10.5 million Bulgarian citizens (including 2 million people died).
You should read it
- Security vulnerabilities - basic insights
- IBM developed a new technology to patch security holes
- The Mail app on iOS has serious vulnerabilities
- Many serious vulnerabilities have been discovered that allow attackers to take full control of the 4G router
- New dangerous vulnerability in Intel CPU: Works like Specter and Meltdown, threatening all PCs and the cloud
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Release software to check DNS server vulnerabilities
- Intel's chip has eight new serious vulnerabilities
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- Find security holes on every site with Nikto
- Vulnerabilities in Android allow malware to read device information even without permission
Maybe you are interested
Instructions to turn off the Spotify Canvas feature How to add wallpapers to the Debian 10 terminal Dell Latitude 9510 officially launched: 5G support, up to 30 hours of battery life Fix error 'Unfortunately Google Allo has Stopped Error on Android' 10 great reasons to visit Madrid in 2017 10 types of people you should avoid as far as possible in your life