Link to main version

66

Yavor Kolev on bomb threats: It could come from an enemy country

Such attacks will intensify, they do not require who knows what resources, the expert pointed out

Снимка: БГНЕС

The attack is aimed at spreading panic. It could come from an enemy country, because in the context of what is happening in Ukraine and the Middle East, there are many who aim to destabilize us as a member of NATO. This was said in the program “This Morning“ on bTV by cybersecurity expert Yavor Kolev.

The wave of emails about false bomb threats continued to flood courthouses and public buildings on Tuesday. For two consecutive days, the work of dozens of institutions across the country was hampered, and employees and visitors were evacuated. The threats were received by email.

“The goal is to spread panic in society. It is no coincidence that, as far as I saw the content of the letters and the origin, according to the email from which they were sent, the domain contains Beirut“, the expert pointed out.

According to him, there are religious messages that are Islamist, since society is sensitive to this topic. “We know that Islamist terrorists are particularly aggressive. That is the goal. But in no case can we say that the origin is like that. In cyber investigations, this is called a “false flag“. The authorities cannot be fooled, but that is the goal - to cause panic among society“.

“This is an asymmetric attack, which aims, as I said, to cause panic. It can be carried out by different sources. The hypotheses are different - by an independent perpetrator, by an enemy state, by a terrorist group or an organized criminal group. But it does not contain elements of extortion for the purpose of financial gain“, Kolev pointed out.

He said that he assumed that it was an independent perpetrator. “They could also come from an enemy state, because in the context of what is happening in Ukraine and the Middle East, there are many such groups and states that aim to destabilize us as a NATO member state“.

“Bulgaria has taken a side in these conflicts. From this point of view, it is quite normal for this to happen at any time. In addition, the summer holidays are coming up now and it is assumed that the institutions are paying a little less attention. But we see from the reaction of the Ministry of Interior and the Directorate of the State Crime Prevention and Prevention Department that the minister immediately stated that the case was handled by the Directorate of the State Crime Prevention and Prevention Department “Cybercrime“. We see that work is being actively done and I assume that very soon we will have a result and clarity on who the perpetrator is“, the expert believes.

According to Kolev, the professional directorate “Cybercrime“ begins the investigation with an analysis of the message itself, the header and the servers through which it passed.

“Such threats do not come from the Darknet. Artificial intelligence was probably used in composing the message. From the small part of the text that leaked, I saw that it was not very well structured. There are elements that indicate that it was probably not created by a native speaker of the Bulgarian language. But even when the tasks for artificial intelligence are not set well, there can also be such discrepancies“, said Kolev.

“Assistance will be requested from international institutions, partner services, electronic communications service providers and other countries, so that the origin can be established more quickly“, he explained.

Kolev said that the danger lies precisely in these repeated attacks, because the perpetrator or perpetrators monitor the activity of the services and the reaction of society. “Probably, the services need to act quickly to identify the perpetrator and stop this. There is a danger that society will experience some relief, which will subsequently lead to a lowering of vigilance“.

“I expect that at least the origin of this attack will be determined - which country it came from and what its possible origin is, whether it is a terrorist group“, he pointed out.

“We see that a large public resource was activated. We see that the institutions that were attacked were evacuated. The attack has achieved its goal to some extent“, the expert believes.

He said that these attacks do not require much resource, are very cheap and can be carried out by anyone with a computer and Internet access. “They will intensify. It's just that the punishments for those who commit them should be more severe in order to have a preventive effect“.

“The services should act in every case as if it were a real attack. There should be no complacency and we should accept this as something normal. In every case, we should be at the necessary level of readiness if, God forbid, a real terrorist act occurs“, Kolev believes.