The Bulgarian Centralized Excise Duty Information System (BACIS) for exchange of information between the Customs and the National Revenue Agency (NRA) is at the center of a political scandal and one of the reasons for the no-confidence vote against the government for failure to fight corruption. A classified report by the National Security Agency (DANS) claims that the system is unreliable and allows manipulation and deletion of data.

Up to now, the public was told that BACIS has been created by a Bulgarian company, which is not exactly the case. A Bulgarian-Hungarian consortium between IBS Bulgaria and Idom 2000 Konzulens Zrt. has been given the BACIS contract in 2012 for BGN 4.4 million, according to the Public Procurement Agency’s (PPA) data.

The same consortium has also won another public procurement contract from the Customs Agency for “Standardizing IT Processes as a Service at the Customs Agency under the Best Global Practices “. It is from 2009 and is funded under the EU Operational Program Administrative Capacity (OPAC).

From what we have learned so far, it becomes clear that the system had given access to all users from 340 different points with the same password. This is a very serious breach of information security that is not at all aligned with standards or good global practices.

What’s more, the password has been extremely easy, something like 1245678 or abv1234, Bivol learned from insider sources.

DANS’ reports on the broken BACIS system have been sent to the Prosecutor’s Office, but it has not seen any evidence of a crime and has refused to initiate pre-trial proceedings.

Who Is Who in BACIS’ case?

“IBS – Bulgaria”, whose manager and majority owner is named Goran Blagoev, has won over the years alone and in consortia public procurement bids for more than BGN 50 million, a check by Bivol in the PPA data shows.

The Customs Agency, the NRA, the Interior Ministry, the Ministry of Foreign Affairs, the State Fund Agriculture (SFA), the State Railways BDZ, the Cadaster, Bulgarian Posts, several municipalities and the Kozloduy Nuclear Power Plant (NPP) are among the clients of “IBS”.

One of the big orders, for BGN 4 million, is from the Ministry of Foreign Affairs for the upgrade of the National Visa Information System (NVIS) and the visa activity in the consular services of the Republic of Bulgaria.

As Bivol wrote earlier, despite the millions poured into it, the Bulgarian NVIS system cannot be integrated within the Schengen visa system, which is one of the main technical obstacles preventing Bulgaria from joining the Schengen area.

Idom 2000 Konzulens Zrt. is a Hungarian software giant, created in 2000 by Adam Gödri, Peter Kertesch and Zoltan Kovacs.

The company develops key information systems for public services in Hungary, the Schengen Information System, the National Healthcare System and many others. It is so strategic that the Hungarian government has decided to nationalize it for national security reasons.

However, the nationalization has been carried out in a hurry and raises doubts about corruption and conflict of interest, Bivol’s partner at the OCCRP, Atlastzo.hu, writes.

Nationalized e-services company linked to the procurer office’s leader

Ivan Dimitrov is the Director of the Information Systems and Analytical Activities Directorate at the Customs Agency. He is a former Director of the Communications and Information Systems Directorate at the Interior Ministry. The scandalous public tender with Siemens for biometric ID documents took place during his term in office. As Bivol wrote earlier, due to omissions in the assignment, Bulgaria’s system of ID documents cannot pass a security audit to this day.

 

***

Радваме се, че стигнахте дотук. Ако намирате, че статията е интересна и полезна, можете да ни подкрепите, за да продължим да правим независима разследваща журналистика.

Платете Данъкъ Биволъ!

Включете се с еднократен данък или станете един от нашите редовни, месечни данъкоплатци

This post is also available in: Bulgarian