The traffic control system of the Sofia Municipality (SO) has been "hacked", it can be used for racketeering, tracking and recording, Boris Bonev, chairman of the "Continuing Change-Democratic Bulgaria" ("Save Sofia") group in the Sofia Municipal Council (SOC), said at a briefing in the Sofia Municipality.
He presented a report prepared by the "Digitalization, Innovations and Investments" directorate in the Sofia Municipality, according to which recognition and tracking software can be installed in the traffic control system. "With just the push of a button, traffic in Sofia can be controlled, this audit proves it," said Boris Bonev. He explained that the traffic management system is key because it controls hundreds of traffic lights in the city, monitors very high-resolution cameras. In terms of national security, this system knows, monitors and gives priority to all cars of the National Security Service. These are the cars that the statesmen and women drive - the president, prime minister, speaker of the National Assembly, as well as the cars that lead intergovernmental delegations, Bonev explained.
He cited excerpts from a report initiated by the deputy mayor for transport Iliyan Pavlov, which identified security gaps and incorrect configurations in the network. The report states that “the directorate faces a significant risk of vulnerabilities and external threats. It is currently impossible to monitor, detect or respond to malicious activities. The lack of appropriate user management practices further complicates the problem. There is no structured approach to creating, managing or auditing users across the entire network and system", quotes excerpts from the report by Boris Bonev. He explained that using the so-called cascading VPN networks, one user may be on the computer in the Traffic Management Center, on his computer, but through VPN an unlimited number of other people, regardless of location, can also enter this system and manipulate it. There is no system to track who, where and when did something in this system. There is no time synchronization in the operation of the systems, said Bonev. The system has not been updated for more than two years, the municipal councilor emphasized. Given these weaknesses, the directorate is highly exposed to internal risks, in which malicious individuals with legal access can extract sensitive information without being detected, said Boris Bonev.
He admitted that facial recognition software for people and cars may already be installed. When this is done with unregulated actions, without a way to track who, when and how does it, it is clear what the reasons would be for someone to take advantage of these vulnerabilities - for racketeering, extortion and threats. The system has been breached, and the intervention cannot be identified, Bonev stressed. He pointed out that this is a matter of national security and it is a matter of exceptional vulnerability of the Sofia Municipality. This is more dangerous than the leakage of the Personal Identification Number, because this is an active system that allows control, tracking and recording.
"At the head of this entire structure is Dimitar Petrov, the head of the "Traffic Management and Analysis" Directorate of the Sofia Municipality. This eternal director of the directorate, whom even Vasil Terziev refuses to replace and dismiss, after all three reports from Iliyan Pavlov with arguments that he is not doing well as director," said Boris Bonev. "After this revelation, I want to know what Vasil Terziev's arguments would be for this person to remain in this position. What else do we need to reveal and happen so that measures can finally be taken", Bonev asked the mayor of Sofia in absentia. "Unless the said Mr. Dimitar Petrov is a participant in the whole scheme. Unless he provides information and assists in collecting compromising material and in the confusion of traffic in Sofia", Boris Bonev also said.