Monday, December 23, 2024

The Bulgarian Tax Agency Hack, conspiracy theories, and the alleged involvement of Israeli scam operator Gal Barak

Spread financial intelligence

On July 17, 2019, even the New York Times reported on an investigation into the theft of personal data of nearly every adult in Bulgaria which led to the arrest of the 20-year-old computer programmer Kristian Boykov. Bulgaria’s National Revenue Agency (NRA) was hacked. The names, addresses, incomes and social security information of as many as five million Bulgarians and foreign residents — in a country of only seven million — had been taken. The European Union fines companies that mismanage their data and thus NRA is facing a fine of up to 20 million euros, or $22.4 million, for the data breach.

White Hat Hacker of Russian attack?

Boykov purportedly may be a “white hat hacker”, i.e. a hacker that breaks into computer networks with the intention to expose weaknesses to be fixed. In 2017, he hacked the Bulgarian education ministry’s website to expose its vulnerabilities. In a television interview, he described the work as “fulfilling my civic duty.”

According to various media reports, it is actually not clear whether Kristian Boykov was the hacker. He has indeed stolen data from the NRA illegally from a server, but that should not have been the actual hack. He was therefore released from detainment on lesser charges. He faces up to 3 years imprisonment and a fine of up to BGN 5,000. Bulgarian Prime Minister Boyko Borisov said in a government meeting that Boykov is a “wizard” hacker and that the country should hire similar people to work for the state.

Bulgarian Interior Minister Mladen Marinov continues to push the idea that Russian hackers are behind the security breach. Ehe NRA database was hacked after Bulgarian authorities announced the purchase of US-made F-16 fighter jets.

The Israeli Gal Barak a co-conspirator?

According to a newspaper report in Bulgaria, the Israeli #cyberscam entrepreneur Gal Barak could be involved in this data theft, which is now classified by the public prosecutor’s office as a rather harmless crime. The newspaper article mentions relations between Gal Barak and Kristian Boykov. A screenshot of the newspaper is provided on top of this article.

Gal Barak with Vlad Smirnov and Kristianb Boykov
Gal Barak (left), Vladislav (Vlad) Smirnov (middle), and Kristian Boykov

If, on the other hand, the Bulgarian Interior Minister’s hypothesis about Russian involvement is valid, then Gal Barak‘s network would be the right one. The Russian cyberscam entrepreneur Vladislav Smirnov is one of the closest business partners of Gal Barak. FinTelegram met them a few months ago and can confirm their close relationship. Smirnov is also said to have excellent relations with the Russian political establishment.

Avoiding extradition

However, FinTelegram has learned from insiders that Gal Barak‘s alleged involvement in this “white hack” or whatever criminal case in Bulgaria is merely a fake. The suspicion was deliberately spread so that the public prosecutor’s office in Sofia could start investigations against Barak. So the rumors say. In view of these ongoing investigations against Barak in Bulgaria, extradition to Austria is to be prevented. FinTelegram received this information weeks ago from an employee close to Barak.

EU arrest warrant against Gal Barak

The Austrian authorities have obtained an EU arrest warrant against Gal Barak in close cooperation with authorities in Germany, the Czech Republic, and other EU countries. He was arrested in Sofia in February 2019 following an internationally coordinated enforcement operation. He, his German partner Uwe Lenhoff and eight other suspects are being investigated for financial crime, money laundering, and commercial fraud. The damage to retail investors in the EU is expected to be well over 100 million. The maximum sentence for this is 10 years imprisonment. Lenhoff has been arrested in Austria in January 2019 and currently is in custody in Germany. Awaiting his indictment.

While Lenhoff will most likely not be released before his trial Barak was released into house arrest in Sofia due to alleged health issues. Since then, the Austrian authorities have tried to obtain his extradition. So far, Barak’s Austrian and Bulgarian lawyers have prevented this extradition. The next court date in this regard is scheduled for 7 August 2019 in Sofia.

Preliminary conclusion

Gal Barak is one of the leading Israeli #cyberscam entrepreneur and runs several businesses wieth his criminal network:

  • Broker scams: an operator of an international network of broker scams that apparently cheated tens of thousands of retail investors in the EU out of more than 100 million euros.
  • Boiler Rooms: he E&G Bulgaria of Gal Barak and his partner, the Bulgarian Marina Andreeva, operate illegal boiler rooms in Bulgaria and the Balkans. Via these boiler rooms, retail investors are lured into the scams by boiler room agents over the telephone. Boiler rooms are officially camouflaged as call centers and marketing agencies. But in fact, they are the heart of the broker scams and the ultimate perpetrators. Barak operates these boiler rooms for its own scams such as SafeMarkets, XTraderFX, OptionStarsGlobal or CryptoPoint and also for the scams of other operators. All in all, hundreds of people work in these illegal boiler rooms.
  • Data trading: Gal Barak‘s organization also deals with client-victims data which is one of the main sources of income.

On the basis of the information available, it is difficult to imagine that a white hacker like Kristian Boykov would ally himself with a cybercriminal like Gal Barak. Unless he wasn’t a white hacker.