I would like to help today and donate

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Massive cyberattack puts presumption of innocence under the microscope in Bulgaria

admin - August 16, 2019 - Presumption of innocence


In Bulgaria, questions are being asked as to how seriously the country takes the right to the presumption of innocence, guaranteed by the EU Directive 2016/343.

On July 16, 2019, the Bulgarian National Revenue Agency (NRA) published a press release confirming that there had been a cyberattack on the tax agency in late June, which saw nearly every adult in Bulgaria have their personal data compromised. As the data hack made local and international news for its unprecedented scale, the authorities were quick to identify who they claimed was responsible, making numerous public statements implying their guilt, despite EU minimum rules on ensuring that suspects and accused persons are presumed innocent until proven guilty according to law.

The data breach is the most serious intrusion on personal data in the history of the country, and has highlighted the shortcomings in cybersecurity at the national tax agency. The data leak disclosed not only Bulgarian identity numbers, but also information including tax returns, loan payment data, car registration information, civil contracts, and information about those receiving pensions or renouncing health insurance.

News of the leak came the day before the NRA’s press release, when a person claiming to be a Russian hacker got in touch with local media to claim responsibility for the cyberattack and to offer access to the stolen data. According to the individual, the aim of the data leak was to expose corruption of the country’s prime minister, the chief public prosecutor, and other high-ranking officials.

However, the Bulgarian authorities were instead quick to point the finger at a 20-year-old Bulgarian national, who the Prime Minister labelled as a “wizard hacker”. Bulgarian media publicly identified the 20-year-old suspect as Kristian Boykov, a researcher specialised in detecting vulnerabilities in computer security systems. His lawyer denied he played any role in the breach. He was then arrested alongside Ivan Todorov and Georgi Yankov, two representatives of TAD Group, a cybersecurity company that the 20-year-old worked for. The three were charged with cyberterrorism. The terrorism offence allows the prosecutor’s office to use much harsher investigative means and detention measures.

EU Directive 2016/343 prohibits the presentation of accused persons as guilty by public authorities, yet this ban has been repeatedly violated by the former Bulgarian Chief of the Special Prosecutor's Office and the current deputy Chief Prosecutor, who is also the only candidate running for the role of head of the state prosecutor’s office – Ivan Geshev. The incident was politicised immediately, when conservative Member of European Parliament Emil Radev claimed that the hacking of the database was a political act, having been identified as one of the targets of the hack. Radev’s allegations were followed by Ivan Geshev, who claimed that the hack was political, stating also that it was ‘indisputable’ and ‘a matter of proof’.

There were further public statements issued by the specialised prosecutor’s office, which were subsequently relayed by all media directly and indirectly related to liberal MP Delyan Peevski, who is also implicated in the leak. He is described on his Wikipedia page as an oligarch and media mogul, in addition to his position as a member of the national assembly. Peevski controls the majority of print, TV and online media in Bulgaria, a country that currently holds the 111st spot on the 2019 World Press Freedom Index due to widespread corruption and collusion between media, politicians and oligarchs. 

On July 21, it was being reported that Boykov had been released by police, having seen his charges downgraded.

However, since then, there have been further press conferences, and with them further accusations from the special prosecutor’s office. It was claimed on July 31, that the TAD group had also attempted to take control of the irrigation systems of the National Assembly building in the centre of Sofia, with the aim of targeting government vehicles or those of foreign guests to spray them and cause disruption and delay. The supervising prosecutor suggested that the misuse of these irrigation sprinklers around important central administration buildings could lead to "... instability in our entire political system."

The watering conspiracy splashed water on the prosecutor's office because it triggered an avalanche of ridicule, especially after it became clear that neither the National Assembly's watering ponds, nor the municipal lawns, which were mechanically irrigated, had anything to do with computer programs for remote control, Internet and other technologies.

A day later, the prosecutor’s office released 13 specially selected pieces of evidence from the ongoing investigation against the head of the TAD group, Ivan Todorov, so as to reassure the public of the seriousness of the crimes, contrary to the above mentioned EU Directive, which stipulates that EU Member States should take appropriate measures to ensure that, when they provide information to the media, public authorities do not refer to suspects or accused persons as being guilty.

Two pieces of evidence were specifically used by the prosecutor’s office to suggest involvement of the popular independent media “Bivol,” known for its investigative journalism exposing high level corruption and often causing political earthquakes with its revelations. Many believe that it was not a coincidence that the released evidence contained references to Bivol. For now, however, no journalist has been accused of any wrongdoing and the prosecutor’s office has not presented any concrete evidence against the media outlet.

The decision of the prosecutor’s office to disclose selected evidence was broadly criticized by Bulgarian legal experts, but instead of apologizing, the deputy Chief Prosecutor Ivan Geshev promised publicly that his office will continue to release evidence “whenever the defense or anybody else lies”. The deputy Chief Prosecutor kept his promise. On August 9, the prosecutor’s office uploaded on its official website a new set of selected evidence, which allegedly represent online chats between the defendants.

The whole episode has played out publicly in Bulgarian media, raising questions as to what impact it may have on any eventual trial. A guidance published by the European Court of Human Rights on the right to a fair trial, provides that “a virulent press campaign can… adversely affect the fairness of a trial by influencing public opinion and affect an applicant’s presumption of innocence”.

The prosecutor’s decision to publicly disclose evidence puts the reputation of the Bulgarian judiciary, whose primary role is to protect the public interest independently of the legislature and the executive, under the microscope.

If you are a journalist interested in this story, please call the media team on +44 (0) 7749 785 932 or email [email protected]

Keep up to date

Receive updates on our work and news about Fair Trials globally

Activities in the following sections on this website are supported by the Justice Programme of the European Union: Legal Experts Advisory Panel, Defence Rights Map, Case Law Database, Advice Guides and Latest News. More information about our financial supporters is available here.