Bulgarian IT expert arrested after demoing vulnerability in kindergarten software


Bulgarian authorities have arrested an IT specialist for demonstrating a security flaw in the software used by local kindergartens.

The vulnerability allowed the IT expert, named Petko Petrov, to download the details of 235,543 citizens of Stara Zagora, a province in central Bulgaria with over 333,000 inhabitants.

Petkov demoed the security flaw in a video he posted on Facebook earlier this week, on June 25.

The video shows Petkov launch an automated attack against the local municipality’s web portal where parents can sign up children for kindergarten, and using the security flaw to obtain data of Bulgarian citizens.

In a caption posted with the Facebook video, Petkov said he tried to contact the software maker and local authorities but was ignored.

He posted the code on GitHub

The Facebook caption also included a link to a GitHub repository where anyone could download the code for exploiting the vulnerability.

Following Petkov’s public disclosure, Bulgarian authorities arrested the security researcher on Friday. He was jailed for 24 hours but was subsequentially set free.

Local prosecutors are still pending charges under Article 319A of the Bulgarian Criminal Code, on accusations of obtaining government information using illegal methods. If charged and found guilty, Petkov faces from one to three years in prison, and a fine of up to 5,000 Bulgarian leva ($2,900), according to local press [1, 2, 3, 4].

Same software used in other provinces

In the meantime, Stara Zagora officials have taken down the vulnerable software.

The mayor of the city of Stara Zagora told local media[1, 2, 3] that the software maker has not responded to requests for comments from government officials.

The Stara Zagora mayor said the company, named Information Services AD, will have to fix its software on its own expense.

Petkov said the same software is also used in other Bulgarian provinces, meaning hackers may have an open door to harvest Bulgarian citizens’ data.

The data collected via the vulnerability Petkov found includes information usually stored inside a central national database managed by the Department Civil Registration and Administrative Services (GRAO).

According to its website, the GRAO’s database “is like the Social Security Number (or similar) identification in other countries.”

“The system stores as personal data names, addresses, marital status, death, parentage, passport data, nationality and relatives – children, brothers and sisters of about 10.5 million citizens (counting 2 million dead people).”

More vulnerability reports:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
Solana42.12 0.56 % 2.22 % 3.81 %
? --- 0.00 % 0.00 %

Bitcoin (BTC) $ 24,034.00
Ethereum (ETH) $ 1,899.71
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 322.83
XRP (XRP) $ 0.374082
Cardano (ADA) $ 0.532273
Binance USD (BUSD) $ 1.00
Solana (SOL) $ 43.18
Polkadot (DOT) $ 9.39