Massive Data Breach in Bulgaria
On July 17, 2019, major international outlets, including the New York Times, reported on the hacking of Bulgaria’s National Revenue Agency (NRA). The breach exposed the personal information — names, addresses, incomes, and social security numbers — of nearly five million individuals, nearly the entire adult population of Bulgaria.
The potential implications are significant. Under EU regulations, companies and institutions that mishandle personal data can face fines of up to €20 million. The NRA now faces scrutiny from regulators and the public alike.
Kristian Boykov: White Hat Hacker or Convenient Suspect?
At the center of the investigation is Kristian Boykov, a 20-year-old Bulgarian programmer. Known for exposing security flaws in government systems, Boykov had previously identified vulnerabilities in the Bulgarian education ministry’s website and claimed to act in the public interest.
However, questions remain about his actual role in the NRA hack. Though charged with illegally accessing and copying data, the action does not appear to be classified as a full-scale cyberattack. According to NPR reporting, Bulgarian authorities later downgraded the charges against Boykov, citing limited evidence of a coordinated cyberattack. He was released and now faces a possible prison term of up to 3 years and a fine of 5,000 BGN.
In a government meeting, Prime Minister Boyko Borisov referred to Boykov as a “wizard” and suggested the state should consider hiring people like him to work in cybersecurity. This remark drew both support and criticism, further fueling debate about how Bulgaria should handle ethical hacking and digital vulnerabilities.
Meanwhile, Interior Minister Mladen Marinov has suggested a Russian connection, hinting that the breach may have been retaliation for Bulgaria’s recent decision to acquire U.S.-made F-16 fighter jets.
Alleged Connection to Gal Barak
A Bulgarian media outlet has speculated that Gal Barak, an Israeli national facing fraud charges, may have some connection to the case. The article referenced possible ties between Barak and Boykov, though no official confirmation has been provided. A screenshot of the newspaper coverage circulated online, adding fuel to rumors.
If Russian hackers are indeed involved, Barak’s close association with Vladislav Smirnov—a Russian national with alleged ties to the cybercrime world—could make the theory plausible. Scam-or Project has previously reported on the close professional ties between Barak and Smirnov.
Fake Case to Block Extradition?
According to sources contacted by Scam-or Project, the speculation surrounding Barak’s involvement in the NRA hack may be deliberately manufactured. Insiders suggest that initiating a parallel investigation in Bulgaria was a tactic intended to delay or prevent Barak’s extradition to Austria, where more serious charges await.
The EU Arrest Warrant and Extradition Status
Gal Barak was arrested in Sofia in February 2019 following a joint enforcement effort between Austrian, German, Czech, and other EU authorities. He faces charges of fraud, money laundering, and participation in a criminal organization. Investigators estimate losses to EU investors to exceed €100 million.
Barak’s associate, Uwe Lenhoff, was arrested in Austria in January 2019 and transferred to Germany, where he remains in custody. In contrast, Barak was released into house arrest in Sofia, reportedly for health reasons. His legal team in Austria and Bulgaria continues to resist extradition. A key court date in Sofia is scheduled for August 7, 2019.
Who is Gal Barak?
Gal Barak is described by authorities as a key figure in a cyberfraud network responsible for massive investor losses across the European Union. His operations span several industries and rely heavily on deceptive infrastructure.
1. Broker Scams
Barak allegedly ran a network of fraudulent online trading platforms such as:
-
XTraderFX
-
SafeMarkets
-
OptionStarsGlobal
-
CryptoPoint
These platforms targeted retail investors and, according to investigators, misappropriated tens of millions of euros.
2. Boiler Rooms
Barak and his Bulgarian partner Marina Andreeva are said to operate E&G Bulgaria, which maintained illegal boiler rooms in Bulgaria, Serbia, and Bosnia-Herzegovina. These call centers, masked as marketing agencies, served as the direct contact point for defrauding clients by phone.
Hundreds of employees reportedly worked in these centers, generating income both for Barak’s platforms and those of third parties.
3. Client Data Trading
Barak’s network is also believed to engage in the trafficking of client-victim data, which is used to retarget individuals through additional scams or “fund recovery” frauds.
Final Thoughts: Barak and the Boykov Link
Given the documented criminal history of Gal Barak, it is difficult to reconcile his reputation with the claim that Kristian Boykov — who had previously exposed government flaws — would knowingly align himself with such a figure.
Unless, of course, Boykov was not acting as a “white hat” hacker in this case.