Russian hackers attack Bulgaria the day after the government signs the F-16 delivery contract

Russian hackers attack Bulgaria the day after the government signs the F-16 delivery contract

ilian vassilev



There is little doubt that the hackers attack on the National Revenue Agency’s (NPA) database has been engineered and sponsored by the Russian secret services. In the best of Russian tsarist masquerade traditions, the act will be disguised as a lone effort by a concerned Russian citizen who has taken to heart the destiny of Bulgaria and its society. This is what propaganda and Byzantine politics are all about. The hackers will assume the moral high ground, claiming that the Bulgarian government is corrupt and inadequate. And while much of this rings true, demagoguery lies at the core of the hybrid warfare waged by the Russian special services. The use of credible and tangible weak spots and vulnerabilities in the governance of the country will arouse mistrust and undermine inconvenient political opponents at a given political time.


The current moment is more than ripe as the deal for the US F-16 is a Rubicon in Bulgaria’s transition – it benchmarks a breakup of the country from Russian geopolitical orbit. But it’s not just that. Two days ago the Supreme Administrative Court in Sofia turned down the claim of the consortium led by the Russian TMK, who is the Kremlin’s favorite to build the Bulgarian section of the Turk Stream – Kremlin’s top political bet in the region.


Few have noted the turf war behind the scenes, but there was a real clash between the Russian and the Bulgarian favorites as the Saudi company Arkad was encouraged all along by leading Bulgarian politicians and businessmen willing to be in the driver’s seat on the project. This also marked a fresh sign of independence and the first time a project involving transit of Russian gas has gone against Moscow’s preferences. The Bulgarian government did that on purpose in order to legitimize its participation before its Western partners.


With too long a list justifying the Kremlin’s dissatisfaction with Borisov, Putin decided to order a direct hit in the open. This why the head of Russian foreign intelligence met demonstratorly with a former Bulgarian minister of the interior who few days later insisted on a unlimited moratorium on the ratification of the F-16 deal threatening dire consequences. Under normal circumstances, such a Bulgarian politician should have been investigated for treason, but this is not happening in Borisov’s Bulgaria. The Kremlin actually mocks him – “your government is mentally retarded. Your cyber-security is a parody”. Putin dares Borisov to respond and punish all those that work in his service on Bulgarian territory.


Most probably the hack has been carried out by the same ‘bears’ with the GRU formation that feign to serve the citizens’ natural craving for more information and freedom of speech. The same matrix has been frequently used with engineered leaks that nurture the egos of people serving the right of free media to inform society – the cornerstone of any free society. On the other hand the Kremlin always retains, as in the case of Julian Assange, the capacity to control and navigate and manipulate the leaks dosing and directing it along with the needs of the GRU command.


Do not be fooled, the textbooks of hybrid war in the world are being written at this very moment. Such that this is the case, the Kremlin is the best tutor being that negative force is the only one remaining with Moscow. Putin keeps honoring his heroes post mortem, including the last 14 dead in the sunken submarine, for preventing a catastrophe of a “planetary scale,” without even answering why on earth is he investing at all in Armageddon projects.


What if next time the humans behind the force are not heroes or they fail?


There is more to Lenin’s classic of “useful idiots”, that includes media and journalists who are self-inspired to believe they fulfill their civil and professional duty by “conveying the message.” But what they are doing instead is become an instrument in sophisticated Kremlin propaganda and the subversive actions of their special services.


The very idea that Putin, in his state of extreme authoritarianism, will allow any Russian hacker without special services supervision and consent to continue attacking foreign governments, (including the NPA data base since 2012) is utter nonsense. The last thing one should expect is the Russian government to formally take credit for such actions.


Over the years both the military intelligence GRU, the civil intelligence SVR and FSB have diversified operations setting up ‘independent’ private armies, troll factories, undercover agents acting as businessmen, hackers, merchants, journalists etc. Hence the Kremlin can always claim ‘a clean hand’ and disengage. I do not know of many instances when a Russian hacker, working for the state services, has managed to break away from their grip. Even among those that have successfully fled to the West. Visible channels of influence and dependencies are usually left behind and can be easily exploited, in other words “you are okay there, but you have relatives here”. The Trotsky, and more recent times the Litvinenko and Skripal syndrome, works flawlessly.


There is little secret that the hackers “free” brotherhoods such as Anonymous and Wikileaks  have enjoyed close relations with Russian state special services. In late Soviet times under Yuri Andropov the KGB mastered a global grip on anarchists, left-wing radicals, communists, and later in Russian times its offshoots mastered eco-activists and hackers – practically everyone that could elevate the soft power potential of Moscow.


The NAP leaks are a public message from Putin to Borisov – straightforward and unambiguous – classic case of Russia’s hybrid war that Bulgarian society is not ready to react to. Not at the level of special services, public diplomacy or even at the level of investigative resources or judicial system.


There was ample time, but Bulgarian politicians preferred to lay low and pretend to be asleep.


There is a long track record of at least 10 years of attacks. The policy of the government and of Borisov personally was to ignore them after implementing King Boris the Third mantra never to stand up against Russia. Which in itself is an oxymoron and a meaningless guide in times when Moscow attacks you. And that is what has been happening for quite a while. Even succumbing to the absurd philosophy of remaining mute and keeping a “low profile,” there is no excuse for the lack of systemic policy, response capability and investment in cyber security. This not talking about easy money ending in someone specific’s purse – Yavor, George or Ivan, but of well thought of strategy and systematic action based on the best world standards in this field and above all on the unequivocal and public recognition of the source of the attack and the threat.


Bulgaria’s vulnerability is also embedded in the “double” bottom of its politics in the field of digitalization of governance. The indiscriminate abuse of funds spent without strategy and focus, sustainable and systemic solutions results in low cyber defense capacities and compromised immune systems. No matter how strongly we call on our partners in the EU and NATO, they can hardly make up to the time lost and the years of absenteeism.


What we see today from the first public comments of the ministers and the NRA are futile attempts to downplay the importance and the damage – suffice to refer to the ‘only’ 3 percent of NRA’s databases being affected? The truth is that the records of millions of Bulgarian citizens are in public display and at the mercy of potential criminals, when people have entrusted their personal data to be protected by state institutions. The fact that 97 percent of the total data base of NAP is not affected is irrelevant as the bulk of it is internal technical data or reserve copies.


The individual islands of different databases of the administration databases remain isolated and this is intentionally done. That’s why we do not have an e-government, as its existence will imperil the manual control and the asymmetrical access to information that nurtures corruption and inequality.


Those who have released the information are in all likelihood GRU agents. They aim at achieving at least two things.


First, to publicly humiliate the Bulgarian government for its decision to sign the contract for the American aircraft – a show of force that Borisov will understand. This is Putin’s old tactic – to scare the disobedient and force him to squat.


Secondly, to fuel intrigue and division in the Bulgarian society by launching logical litigation and investigations to build on the information provided. Here we have at least two triggers of public discontent – one for the Big Brother state concerns and the other one for data that some citizens will use against others.


Divide et impera.


I am not surprised by the actions of the Russian government and Vladimir Putin. 20 years spent working on Russia and Putin was long enough to be able to figure out their moves. But what I have not been able to do is to convince my compatriots, especially those in power, that no one can negotiate with his regime from a weak and vulnerable position.


Yet again, I see depression and fear in the ministers’ eyes, not so much that Bulgaria is humiliated by inaction, but that they might be losing their posts.


Otherwise you will find portrait of our Apostle Vassil Levski in every high office.


Pathetic, ain’t it?


By Ilian Vassilev

Leave a comment

Risks and stakes in the Turk Stream for Bulgaria

Risks and stakes in the Turk Stream for Bulgaria

PM Borisov’s pet project – the Balkan Gas Hub has risen in prominence after his talks with President Trump. Not…
PM Borissov's visit to Washington - making use of Trump's transactional foreign policy

PM Borissov's visit to Washington - making use of Trump's transactional foreign policy

There has been much talk recently of a return to the balance of great power interests and spheres of influence.…
Foul play at the auctions 2020 Revithoussa LNG - the consequences

Foul play at the auctions 2020 Revithoussa LNG - the consequences

Last week the Bulgarian PM inspected work progress at the Interconnector Greece-Bulgaria, noting that it is a landmark project for…