Hacker with Bulgarian ‘Golden Passport’ Attacks Ukraine from Sofia

A Bulgarian company launched a successful DDOS attack against the website of the Ministry of Defense of Ukraine and brought it down to demonstrate the capabilities of its cyber-attack system to a head of the Russian intelligence services. This happened in Sofia on February 5, 2015. The attack is a crime under the Bulgarian Penal Code. In 2015, these actions became known to the Bulgarian services, but they did nothing, on the contrary. Four years later, the National Security Agency (DANS) approved the application for Bulgarian citizenship of the co-owner of the company Yuri Gushin, a Soviet-born hacker with Israeli citizenship, who in 2020 acquired a Bulgarian “golden passport”.

“We are bringing down the Ministry of Defense of Ukraine…”

In 2015, the independent Russian news site Medusa told a shocking story about a cyber-attack carried out in Sofia. Vasily Brovko, head of communication services at Russia’s Rostech state corporation, had arrived in Sofia to meet with Packets Technologies. The purpose of his visit had been to evaluate and purchase innovative technology for DDOS attacks.

Packets Technologies had demonstrated its technology on February 5, 2015 from its offices in Sofia. Two targets abroad had been attacked and temporarily shut down: the website of the Ukrainian Ministry of Defense and the website slon.ru, an independent Internet resource that publishes materials critical of the government.

Slon.ru has confirmed for Medusa that the site has been the subject of a successful DDOS attack just at the time when the demonstration of cyber technology from Sofia took place.

The Russian IT expert Alexander Vyara, who accompanied Brovko in Sofia to assess the qualities of the system, is a witness of the attack. He found that the attacked sites had been successfully removed and discussed technical details with Packets specialists. Brovko had been interested in the price of this cyber weapon, which had been in the order of USD 1 million. Brovko later had tried to recruit Vyara to work for the Russian services, but he had refused and had emigrated to Finland, where he sought political asylum.

After the publication of Medusa, the Bulgarian investigative news site Bivol  found out that the technology owner was the Bulgarian company Packets Technologies. It was founded in March 2014 by three shareholders with equal shares: the Bulgarian Alex Behar , the Israeli Yuri Gushin and the Israeli-born Aviv Pode, who also has a Lithuanian passport. Apart from being a shareholder, Gushin is also the executive director of the company.

DDOS attacks from Sofia against a foreign country are crimes under the Bulgarian Penal Code. Bivol informed the Computer Crimes Department of the General Directorate for Combating Organized Crime and its then-chief Yavor Kolev promised a probe.

There was obviously no probe, as Yuri Gushin subsequently acquired expensive properties in Sofia and freely obtained Bulgarian citizenship under the investor procedure.

From defense to attack. Who is Yuri Gushin?

It is understood from public sources that Yuri Leonidovich Gushin, born in 1985 in the former USSR, is a self-taught information security specialist, with an expertise in new and emerging technologies, security architecture and network and application protocols. He has worked for the company Radware, which deals with protection against DDOS attacks. Together with his colleague Behar, he has participated in hacking conferences, where he has demonstrated the theoretical and practical aspects of network attacks and protection against them.

As Gushin’s career proves, cyber-attack technologies can easily be converted into aggressive cyber-weapons and make good money. This is exactly what his company Packets Technologies did, and even demonstrated from NATO-member Bulgaria an attack against Ukraine to Russian “top cops”. As can be seen from the annual financial statements of the company in the Daxi system, between 2015 and 2019 it regularly earned over BGN 1 million from sales.

At the end of 2017, Yuri Gushin invested in real estate, paying BGN 2,230,800 for a house with 307 square-meter total built-up area, a 660 square-meter yard and garage in the “Residential Park” in the Bulgarian capital Sofia, according to a reference in the Property Register. The seller of the expensive property is the company KID 2227 EOOD, sole property of KID 2225 EOOD, which is the sole property of Petar Kurumbashev, former lawmaker from the Bulgarian Socialist Party in the 41^st  and the 42^nd National Assembly, former MEP and since March 2020 Honorary Consul of Malaysia in Bulgaria. The deal materialized in the first year of Kurumbashev’s accession to the European Parliament.

Gushin became a Bulgarian citizen with Presidential Decree 115 of June 17,2020, file number 6553/2019. At the moment he does not own shares and does not manage companies in Bulgaria, but he has a Bulgarian and respectively a European passport.

Offshore deal with Qatar

Most likely to clean its reputation after receiving media coverage, Packets Technologies was renamed Vitosha Labs in 2016. Then the ownership was transferred to an offshore company, and finally the company was re-registered with another Unified Identification Code (UIC). This happened in several stages.

In May 2017, Alex Behar transferred his shares to the other two shareholders. At the end of November 2018, Yuri Gushin and Aviv Pode endorsed their shares in B.Tech Limited, an offshore company from the British Virgin Islands. The change of ownership was entered on December 17, 2018 in the Commercial Register and thus the offshore company became the sole owner of the shares of Vitosha Labs.

Who is behind Vitosha Labs emerged in 2019, when the companies were mandated to declare their real owners. The declaration submitted to the Commercial Register shows that this is the Qatari Black Oryx QSTP-LLC. It is in turn owned by Barzan Holdings QSTP-LLC, whose sole owner is the Ministry of Defense of Qatar.

In mid-December 2019, Vitosha Labs, UIC 202998553, was deleted and its successor became Vitosha Labs, UIC 205941543, sole property of the same offshore company B.Tech Limited. The beneficial owner of the account of this company has not been declared and the company is formally in breach of the law, although the relationship with the beneficial owner is found in the documents of the closed company.

The new Vitosha Labs remains active and last year had eight employees, according to a check in the National Social Security Institute. The company’s website states that it specializes in software optimization, automation activities and information security. BIRD made an attempt to contact the company on the phone left during the registration of the domain vitosha-labs.bg, but the number turned out to be inactive. We also did not receive answers to the questions sent to the company’s email.

BIRD has data on those who have received “golden passports” as investors and conducts journalistic research on their connections with business and politics. In previous articles in the series, we reported on the golden passport of Roman Savushkin, obtained when he was CEO of United Wagon Company, a strategically important enterprise in Russia. We also revealed the golden passports of top Russian bankers Dmitri Kushaev, Credit Suisse Head Russia, Roman Nagaev, Head of Investment, Credit & Project Finance at the Russian investment bank VTB Capital and Igor Finogenov, former Chairman of the Management Board of the Eurasian Development Bank and a person close to people in power in Russia.

***

За да научавате преди всички за нови разследвания, инсталирайте си нашето мобилно приложение:

Щом сте стигнали дотук, вероятно вече си задавате въпроса как се финансира този журналистически проект.

Отговорът е: Финансира се от чекмедже, в което читателите оставят по нещо, ако им е харесало съдържанието.

Чекирайте се и Вие!

При възможност, станете наш редовен спомоществовател с опцията Чекирай Редовно. Това ни помага да предвиждаме бъдещи разходи и да планираме дейността си за месеци напред.

• Веднъж
• Редовно
• Crypto
• Кой е чекирал?

БРРД Eднократно 2022 / BIRD One time 2022

16,429€ of 50,000€ raised

Donation Amount: €

 

Euros

• 2 €
• 5 €
• 10 €
• 20 €
• Custom Amount

Would you like to help cover the processing fees?

Искам да платя и таксите 0 за чекирането

Select Payment Method

• PayPal
• Debit or Credit Card
• Apple Pay or G-Pay

Personal Info

First Name *

Last Name

Email Address *

Make this an anonymous donation.

Comment

Credit Card Info

This is a secure SSL encrypted payment.

Terms

Приемането на каквито и да е вноски, подаръци или безвъзмездна помощ е по преценка на Бюрото за Разследващи Репортажи и Данни (БРРД) с издател сдружение с идеална цел Data for Reporters Journalists and Investigators (DRJI). DRJI управлява даренията за BIRD като юридическо лице, регистрирано във Франция.

БРРД ще приема само такива дарения, които могат да бъдат използвани или последователно изразходвани за целта и мисията на БРРД.

Няма да се приемат безвъзвратни дарения, независимо дали по същността си са дадени наведнъж или като пожизнен доход, ако при какъвто и да е набор от разумни обстоятелства, дарението би застрашило финансовата сигурност на донора.

БРРД ще се въздържа от предоставяне на съвети за дължими данъци или друго третиране на даренията и ще насърчава дарителите да търсят напътствия от техните лични професионални съветници, които да им помагат в процеса на правенето на дарения.

БРРД няма да приема дарения от пари в брой на ръка или публично търгувани ценни книжа. Дарения под формата на услуги в натура ще бъдат приемани по усмотрение на БРРД.

Вноски, чиито източници не са прозрачни или чието използване е ограничено по някакъв начин, трябва да бъдат прегледани преди приемането им заради повишените специални задължения или пасивите, които могат да представляват за БРРД.

БРРД ще предоставя потвърждения на дарителите, които отговарят на данъчните изисквания, за собственост получена от благотворителна дейност. Въпреки това, с изключение на дарения в брой и публично търгувани ценни книжа, няма да се записва стойност на която и да е разписка или друга форма на обосновка на подарък дарен на БРРД.

БРРД ще уважава намерението на донорите да предоставят дарения с поверителни цели и тези заявили желание да останат анонимни. По отношение на анонимните дарения, БРРД ще ограничи информацията за донора само до тези членове на екипа, за които е необходимо да я знаят.

БРРД няма да компенсира, независимо дали чрез комисионни, плащания за намиране или други средства, която и да е трета страна за насочване на дарение или на дарител към БРРД.

БРРД няма да продава или предоставя лични данни събрани в процеса на правене на дарението. Моля, проверете политиката ни за поверителност преди да приемете условията.

Приемайки настоящите условия декларирам също, че произходът на дарените средства е законен и съм съгласен да предоставя доказателства за това в случай, че такива ми бъдат поискани от компетентни правоохранителни институции.

Acceptance of any contribution, gift or grant is at the discretion of the Bureau for Investigative Reporting and Data (BIRD), with publisher the non-for-profit organisation Data for Reporters Journalists and Investigators (DRJI). DRJI is registered in France and is managing the donations for BIRD through Stripe and PayPal.

BIRD will not accept any gift unless it can be used or expended consistently with the purpose and mission of BIRD.

No irrevocable gift, whether outright or life-income in character, will be accepted if under any reasonable set of circumstances the gift would jeopardize the donor’s financial security.

BIRD will refrain from providing advice about the tax or other treatment of gifts and will encourage donors to seek guidance from their own professional advisers to assist them in the process of making their donation.

BIRD will NOT accept donations of cash or publicly traded securities. Gifts of in-kind services will be accepted at the discretion of BIRD.

Contributions whose sources are not transparent or whose use is restricted in some manner, must be reviewed prior to acceptance due to the special obligations raised or liabilities they may pose for BIRD.

BIRD will provide acknowledgments to donors meeting tax requirements for property received by the charity as a gift. However, except for gifts of cash and publicly traded securities, no value shall be ascribed to any receipt or other form of substantiation of a gift received by BIRD.

BIRD will respect the intent of the donor relating to gifts for restricted purposes and those relating to the desire to remain anonymous. With respect to anonymous gifts, BIRD will restrict information about the donor to only those staff members with a need to know.

BIRD will not compensate, whether through commissions, finders' fees, or other means, any third party for directing a gift or a donor to BIRD.

BIRD will not sell or give any personal data collected during the donation process. Please, check our Privacy policy before accepting the conditions.

I/we, hereby, declare by accepting the Terms and Conditions, that the funds donated are derived from legitimate sources and that I/we will also provide the required evidence of the source of funds if required to do so by law enforcement subpoena.

Show Terms Hide Terms

Съгласни ли сте с условията ни? Do you Agree to our Terms and Conditions?

Donation Total: 5.00€

{amount} donation plus {fee_amount} to help cover fees.

 

БРРД Ежемесечно / BIRD Monthly

19,238 of 1,000 donors

Donation Amount: €

 

Euros

• 2 €, Monthly
• 5 €, Monthly
• 10 €, Monthly
• 20 €, Monthly
• Custom Amount

You have chosen to donate 5.00€ monthly.

Would you like to help cover the processing fees?

Искам да платя и таксите 0 за чекирането

Select Payment Method

• PayPal
• Debit or Credit Card
• Apple Pay or G-Pay

Personal Info

First Name *

Last Name

Email Address *

Make this an anonymous donation.

Comment

Create an account

Already have an account?  Login

Credit Card Info

This is a secure SSL encrypted payment.

Terms

Приемането на каквито и да е вноски, подаръци или безвъзмездна помощ е по преценка на Бюрото за Разследващи Репортажи и Данни (БРРД) с издател сдружение с идеална цел Data for Reporters Journalists and Investigators (DRJI). DRJI управлява даренията за BIRD като юридическо лице, регистрирано във Франция.

БРРД ще приема само такива дарения, които могат да бъдат използвани или последователно изразходвани за целта и мисията на БРРД.

Няма да се приемат безвъзвратни дарения, независимо дали по същността си са дадени наведнъж или като пожизнен доход, ако при какъвто и да е набор от разумни обстоятелства, дарението би застрашило финансовата сигурност на донора.

БРРД ще се въздържа от предоставяне на съвети за дължими данъци или друго третиране на даренията и ще насърчава дарителите да търсят напътствия от техните лични професионални съветници, които да им помагат в процеса на правенето на дарения.

БРРД няма да приема дарения от пари в брой на ръка или публично търгувани ценни книжа. Дарения под формата на услуги в натура ще бъдат приемани по усмотрение на БРРД.

Вноски, чиито източници не са прозрачни или чието използване е ограничено по някакъв начин, трябва да бъдат прегледани преди приемането им заради повишените специални задължения или пасивите, които могат да представляват за БРРД.

БРРД ще предоставя потвърждения на дарителите, които отговарят на данъчните изисквания, за собственост получена от благотворителна дейност. Въпреки това, с изключение на дарения в брой и публично търгувани ценни книжа, няма да се записва стойност на която и да е разписка или друга форма на обосновка на подарък дарен на БРРД.

БРРД ще уважава намерението на донорите да предоставят дарения с поверителни цели и тези заявили желание да останат анонимни. По отношение на анонимните дарения, БРРД ще ограничи информацията за донора само до тези членове на екипа, за които е необходимо да я знаят.

БРРД няма да компенсира, независимо дали чрез комисионни, плащания за намиране или други средства, която и да е трета страна за насочване на дарение или на дарител към БРРД.

БРРД няма да продава или предоставя лични данни събрани в процеса на правене на дарението. Моля, проверете политиката ни за поверителност преди да приемете условията.

Приемайки настоящите условия декларирам също, че произходът на дарените средства е законен и съм съгласен да предоставя доказателства за това в случай, че такива ми бъдат поискани от компетентни правоохранителни институции.

Acceptance of any contribution, gift or grant is at the discretion of the Bureau for Investigative Reporting and Data (BIRD), with publisher the non-for-profit organisation Data for Reporters Journalists and Investigators (DRJI). DRJI is registered in France and is managing the donations for BIRD through Stripe and PayPal.

BIRD will not accept any gift unless it can be used or expended consistently with the purpose and mission of BIRD.

No irrevocable gift, whether outright or life-income in character, will be accepted if under any reasonable set of circumstances the gift would jeopardize the donor’s financial security.

BIRD will refrain from providing advice about the tax or other treatment of gifts and will encourage donors to seek guidance from their own professional advisers to assist them in the process of making their donation.

BIRD will NOT accept donations of cash or publicly traded securities. Gifts of in-kind services will be accepted at the discretion of BIRD.

Contributions whose sources are not transparent or whose use is restricted in some manner, must be reviewed prior to acceptance due to the special obligations raised or liabilities they may pose for BIRD.

BIRD will provide acknowledgments to donors meeting tax requirements for property received by the charity as a gift. However, except for gifts of cash and publicly traded securities, no value shall be ascribed to any receipt or other form of substantiation of a gift received by BIRD.

BIRD will respect the intent of the donor relating to gifts for restricted purposes and those relating to the desire to remain anonymous. With respect to anonymous gifts, BIRD will restrict information about the donor to only those staff members with a need to know.

BIRD will not compensate, whether through commissions, finders' fees, or other means, any third party for directing a gift or a donor to BIRD.

BIRD will not sell or give any personal data collected during the donation process. Please, check our Privacy policy before accepting the conditions.

I/we, hereby, declare by accepting the Terms and Conditions, that the funds donated are derived from legitimate sources and that I/we will also provide the required evidence of the source of funds if required to do so by law enforcement subpoena.

Show Terms Hide Terms

Съгласни ли сте с условията ни? Do you Agree to our Terms and Conditions?

Donation Total: 5.00€ Monthly

{amount} donation plus {fee_amount} to help cover fees.

BTC: bc1q8asgyunzwue3esm7p6nj8yv7umcppssktjv6e7

PD

Pavel Dimitrov

10.71€ 4 July 2022

MD

Milena Dimitrova

5.00€ 3 July 2022

RM

Rossa Mineva

2.43€ 3 July 2022

MD

Maksim Dimitrov

10.71€ 3 July 2022

Produljavaite rabotata si, imame nujda ot neq!

NZ

Nadezhda Zlatanova

10.40€ 3 July 2022

AK

Anonymous

5.32€ 3 July 2022

KD

Kaloyan Dobrev

10.71€ 3 July 2022

ИГ

Anonymous

2.28€ 3 July 2022

NG

Neno Ganchev

20.54€ 3 July 2022

TG

Tsonko Georgiev

10.40€ 3 July 2022

AT

Anita Tsarska

10.40€ 2 July 2022

SK

Svetoslav Kartchevski

203.09€ 2 July 2022

Load more