Much ado about nothing: A case study of how hacking controversies are framed in the media

(1)

Much ado about nothing: A case study of how hacking controversies are

framed in the media

Student name: Desislava Slavova

Student number:11832517

Email address:

_{Purespectrum12@gmail.com}

University of Amsterdam

BA Research Seminar & Thesis – Media and Information

16.12. 2019

Supervisor: Maxigas

Abstract

This research employs a media framing theory to investigate the way in which the Bulgarian news sources framed the recent hack of the Bulgarian National Revenue Agency which resulted in the release of personal information for almost five million Bulgarian citizens. The use of content analysis on fifty local online news sources focusing on the controversy, as well as a focus group formed for this research, showed that the different news sources frame the same issue very differently, creating numerous scenarios without solid proof. Furthermore, instead of shaping the opinion of the Bulgarian population, the media framing of this controversy furthered the suspicions and distrust the Bulgarian population has in its government, media and institutions. The results also showed that people did not

(2)

feel so worried about the leak of their personal information but they criticized the government for stimulating this big media fuss and moral panic instead of handling the issue more subtly and effectively.

Keywords:

_{Media framing theory, NRA Leaks, Bulgarian media, hacking}

controversy, media frames, audience frames

Introduction

On the 15th of July 2019, it was discovered that Bulgaria had become a victim of possibly the largest hacking activity in its history. It was reported that anonymous hackers have hacked the secret

databases of the Bulgarian National Revenue Agency (NRA) and leaked private information for more than five million Bulgarian citizens. The controversy was also dubbed as “NRA Leaks” by the media. One of the most interesting things is that the file containing 11GB of the leaked information was first sent to various Bulgarian media outlets by the anonymous hackers in the form of an email with the message that these media sources are free to read and analyse it however they want. This already puts the Bulgarian media in the center of this newly created hacking controversy and suggests the need to follow how the local Bulgarian media read into and presented this information.

Previous research conducted on the role that the mainstream media and governmental bodies have in perceiving, presenting and acting upon hacking controversies, for example, shows that this connection does not necessarily have to be negative. For instance, Sebastian Kubitschko uses the Chaos

Computer Club (CCC) to argue that by gaining trust and access to mainstream outlets and engaging directly with institutionalized politics, the members of the club could conduct hacking activities to bridge the expert-public gap by teaching ordinary people the political value of complex technological processes (2015). He highlights the difference between media coverage and access because “coverage entails some news space and time, but not necessarily the context for favourable representations, whilst access denotes the news space, time and context to reasonably represent one’s goals and beliefs” (Kubitschko 2015, p.363). In this sense, by having media access, the members could conduct hacking activities to show the system’s security flaws and fight against monopolistic situations without being framed as criminals or terrorists. Kai Denker (2014) also uses the Chaos Computer Club, specifically two of the founders Herwart “Wau” Holland and Steffen Wernéry, who managed to hack Germany’s BTX interactive videotext system. Instead of being framed as criminals, the CCC’s hackers were praised as heroes for reporting on a big weakness in the system. However, Denker argues in his article that the image of the CCC’s members of consumer protection activists rapidly changed in the late 1980s after new computer crime legislation was accepted. Although the “good hacking practices” were not meant to be included, the boundaries were very blurred and the CCC’s members were now seen and covered by the media, not as heroes but criminals. The case analysed in Denker’s article is very similar to some frames that I have identified in this research, which already points to the fact that hacking activities can be framed extremely different depending on the influence of state authorities and media production practices. Another article presents how hackers often dub their hacking practices as ethically motivated and for having critical purposes but at the same time, the

(4)

state claims that they are criminals, terrorists and pose a threat to the body politic (Fish and Follis 2016). The authors write that “state practices of stigmatization and degradation—as well as the application of labels like criminal, terrorist, or felon to hacktivists feed into these anxieties and supplement these narratives” (Fish and Follis 2016, p.4). Furthermore, they discuss how “the mainstream media play an important role in manifesting hacktivists’ goals of bringing attention to political causes” (Fish and Follis 2016, p.8). To prove this statement, the authors mention Julian Assange’s case and argue that because of the framing practices of mainstream media, people will always connect Assange’s persona to Wikileaks.

As the previous research in the field of hacking controversies suggests, the media, mostly influenced by institutionalized politics, has a great influence on the creation of certain narratives surrounding hacking activities. For this reason, the main question I want to answer with this research is “How did the online Bulgarian news sources frame the hacking of the Bulgarian National Revenue Agency?”. I have specified online because the corpus of this research will be fifty online journalistic articles on the subject of “NRA Leaks”. As sub-questions, I am interested if through the frames it is putting forward, the media is reassuring the population that the situation is kept under control and that people need to keep calm or it is stimulating moral panic. The theory of moral panic is explained by Stanley Cohen (1972) as a phenomenon that appears when the media is defining a certain situation or somebody as a threat to the values and interests of society when it is actually overreaction or inaccurate framing. The next sub-question is “Who trusts who?”. Despite sounding too abstract of a question, it is simply about whether Bulgarian citizens trust their government and media and if the media trusts the state authorities, etc., which can be seen in the identified media frames. Furthermore, I have used the focus group methodology to answer my last sub-question, which is “How are the media frames influencing the individual/audience frames, if they are at all?”.

With this research, I am hoping to contribute to the limited literature on media framing of hacking controversies. I believe that this research will identify certain frames, actors and scenarios that can be used and compared to future hacking controversies or debates on hacking and leaking of personal information on a global scale. Indeed, the findings from this research can be interesting for

comparison between the media framing of techno-social controversies in Eastern Europe compared to the framing practices of Western media outlets on related issues. Furthermore, by applying the media framing theory as the theoretical framework for this research, I will enrich the scope of application of this theory, since most of the literature on media framing theory is related to political issues

(Scheufele 1999; Iyengar 1994; Fishman 2014; Kostadinova and Dimitrova 2012) and environmental issues and debates (Hansen 2011, Lester and Hutchins 2009, Anderson 1991).

(5)

This article is organized in the following manner:

Firstly, I have devoted a section to familiarize the readers of this research with more details on the hacking of the NRA, since it is the central subject of this paper. The second section is presenting a literature review on media framing theory for the purpose of introducing the process of framing and the various types and functions of frames. In the following section, I am beginning to unravel the question of how the Bulgarian media have framed the NRA Leaks in Bulgaria. For this purpose, I had to choose a specific corpus because it would have been too much to analyse newspapers, TV news and interviews or social media activity on the subject altogether. Therefore, I decided to conduct a content analysis on fifty online news articles by local Bulgarian media channels to see how these media sources construct our social reality by framing such interesting hacking controversy (Fairclough 1992). I chose this corpus because people are relying more and more on the internet to easily find all kinds of information on the issues that interest them, furthermore, most of these articles can be found as recommended on people’s Facebook feeds or under news on a user’s phone. In order to collect these articles, I have used the keyword “Хакването на НАП” ( The hacking of the NRA) as a Google search specifically set for the region of Bulgaria. From this search, I have collected the first fifty articles from local news channels focused on the subject. The last section of this paper is discussing the focus group methodology and the results from the creation of one such group meeting focused on the hacking of the NRA. As Entman (1993) suggests when discussing the process of media framing, it is very useful to connect the identified media frames in a debate with a certain selection of people. In other words, to reflect on the effect the media frames might have on the audience/individual frames. Therefore, I have conducted a focus group of ten people all working and studying in the field of information technologies and programming with the idea to bridge the results from the framing analysis with their ideas, opinions and reactions on the subject of “NRA Leaks”.

The case of “ NRA Leaks”

Before I introduce the theoretical framework of this research and begin with the analysis on the way local Bulgarian news sources frame the” NRA Leaks” case, I believe it is necessary to first make you, my audience, much more familiar with this issue because every Bulgarian citizen, who watches TV, has access to social media or is basically not living under a rock, has heard about the NRA hacking. However, I am aware that many of you, are foreigners, therefore, you have probably never heard of this controversy and to understand this research and its relevance you need to know what I am talking about.

(6)

On the fifteenth of July 2019, the Bulgarian National Revenue Agency (NRA) announced on their official website that on this date unauthorised access to 3% of the whole information held in the NRA’s databases has been detected. According to them, this information included the personal details of more than five million Bulgarian citizens, from which around 4 million belong to real people and one million to people who have passed away. The NRA stated that the leaked information of

individuals and legal entities is just partial and it needs to be additionally processed in order to be used for embezzlement. However, they admitted that sensitive data for many people was leaked and it is possible to include names, personal identification numbers, addresses of local citizens and foreign nationals, phone numbers and emails, as well as tax and social security information, such as data from annual tax returns, records of income, health insurance status and et cetera. Later it was reported that the leaked information also contains, loan payment details, vehicle numbers, civil contracts, IP addresses and whether you are involved in gambling activities. It was proved that some of the leaked information is from more than a decade but some of it is recent which shows that it was, indeed, recently hacked. It is believed that the data leakage was possible because the National Revenue Agency’s administration did not follow elementary security measures. However, in their official statement, the National Revenue Agency ensured the people that they have taken all the necessary steps to improve the security of their information systems after the leak happened.

More interesting, at least for me, is what happened with the leaked files. The National Revenue Agency’s system was not simply penetrated by anonymous hackers, the files that were stolen from its databases were leaked to numerous Bulgarian media and news outlets. Therefore, the first entity to get its hands on the leaked datasets was the local media by receiving 57 folders containing eleven

gigabytes information, which, according to the anonymous hackers, is leaked data from 57 out of the 110 compromised NRA’s databases. Unfortunately, I can not confirm whether the media first publicly announced the hack and then the NRA made an official statement, or the NRA was the first to make a statement.

The leaked data was sent via email to the various media channels, in which the hackers wrote that the Bulgarian government is sluggish, our cybersecurity is a parody and quotes the founder of Wikileaks Julian Assange with the invocation that he should be released since Assange was arrested earlier this year. The hackers invite the various media channels to use the leaked files however they want and to conduct investigative research. Another thing to be noted about this email is that it was written in Russian and its location, although most probably intentionally manipulated for the protection of the hacker’s anonymity, was based in Russia.

(7)

Now I will drift a bit from the official information that is known on the case to mention that I can not help but wonder why would they mention Julian Assange’s arrest. This was not answered or

questioned by no Bulgarian media and news source. However, when I briefly familiarized myself with the case of Julian Assange, the only connection that I found between the hacker's email and Wikileaks is that in 2018 it was proven that Russian Intelligence officers were found guilty for working with Wikileaks and spreading stolen files. Which fits the fact that the email sent to the Bulgarian media was Russian. However, things are not so straightforward and this could be just a coincidence. Furthermore, I am not aiming at finding who are the perpetrators because this is beyond my capabilities and resources. Instead, I am interested in how the Bulgarian media framed the NRA hacking controversy since they had a first-row view on the case from the very beginning. (nap.bg 2019; Capital.bg 2019)

Literature review on media framing theory

We are at the stage when the Bulgarian media suddenly have eleven gigabytes of leaked information and a hot new issue to cover. How did they use it and how did they frame the event? This is what I am about to unravel next by basing my research on the theory of media framing which I will now

introduce.

Drawing from the literature on news framing, we can identify the frame building and frame setting as the two central aspects of the process of news framing (Scheufele 1999). First, let’s look at the frame building mechanism. It refers to “processes that influence the creation or changes of frames applied by journalists” (Scheufele 1999, p.115). Boesman and Van Gorp (2017) suggest three important elements of frame building, which are the news values, news pegs, and story angles. News values can be considered as the driving force of the formation of frames. All stages of editing and reporting news are guided by the news values. Furthermore, they help in determining what aspect of the issue needs to be emphasized. The second aspect is the news peg, which refers to the event which provokes the need to produce news that will frame this event in a specific way. In relation to my research project, the peg can be considered the hacking of the National Revenue Agency. This “specific way” of framing the event or the issue is the story angle. The story angle is the way in which a frame is realized and it can be described as “the chosen perspective, emphasis, bias or focus from which a news item is told” (Zelizer and Allan 2010, p.6).

(8)

The second mechanism of the framing process is the frame setting, which will be the main focus of my research. The frame setting describes how the frames influence the news audiences to perceive, evaluate, think about and act upon the issue that is being framed and the mass media can “actively set the frames of reference that readers or viewers use to interpret and discuss public events (Scheufele 1999, p.105). The frame setting concerns the frames that depict a certain issue or event and what story each frame aims at presenting to the audience.

As many of the authors writing about the theory of media framing have pointed out, ever since the early 1980’s we have been in a period which is heavily characterised by “social constructivism” (Scheufele 1999; Kostadinova and Dimitrova 2012). This means that mass media has a huge impact on the construction of reality by framing it in a very deconstructed and patterned manner. However, looking at the literature on the subject it seems that some authors view the framing process from different perspectives. They differentiate the framing between perceived importance and accessibility of frames. According to Entman (1993) to frame means to highlight or “promote a particular problem definition, causal interpretation, moral evaluation, and/or treatment recommendation’’ (Entman 1993, p.52) by choosing some aspects of a perceived reality and making them more salient. The term salience he defines as “making a piece of information more noticeable, meaningful or memorable to audiences” (Entman 1993, p.53). In support of this framing practice is Edelman who writes:

The characters, causes, and consequences of any phenomenon become radically different as changes are made in what is prominently displayed, what is repressed and especially in how observations are classified...The social world is...a kaleidoscope of potential realities, any of which can be readily evoked by altering the ways in which observations are framed and categorised (Edelman 1993, p.232)

The kaleidoscope of potential realities can be framed differently, according to Scheufele (1999). The author suggests salience/accessibility of frames plays only a minor role and that perceived importance and its role in the framing process is much more important. Similarly, Nelson and his colleagues write that “frames influence opinions by stressing specific values, facts, and other considerations, endowing them with greater apparent relevance to the issue that they might appear to have under an alternative frame” (Nelson et al 1997, p.569). More simply said, according to them, framing is done by

highlighting and giving more importance only to selected aspects of the issue/peg that is being covered.

Since I discussed the different ways of framing, I now want to concentrate on the various frames and the role they play. Frames define problems, diagnose causes- identify who caused the problem, make moral judgements- evaluate the effects resulting from the problem and the causal agent and, lastly,

(9)

suggest remedies- offer a solution to the problem that is being framed (Entman 1993). Frames select certain aspects of reality and highlight them to create a synthesized narrative of the whole. With every decision of what should be put forward and what should be omitted, new clusters of facts are being created which subsequently affects consumer’s responses to the framed issue (Capella and Jamieson 1996). According to Entman (1993), frames can be located in four places in the communication process. Firstly, the communicators/journalists decide how to tell the story, guided by frames. Secondly, the text which contains the frames. The text is the corpus which allows for the categorization and analysis of frames. Next is the receiver who evaluates and acts upon the

information suggested by the frame. Lastly, the culture, which contains a set of common frames that play a role in both the production of news frames and their evaluation. Apart from that, frames can be most notably divided between media frames and audience frames (Scheufele 1999). Media frames can be defined as the central organizing idea that interprets events from everyday reality. They also “allow journalists to quickly identify and classify information” (Scheufele 1999, p.106). Whereas, audience frames, or also called Individual frames, are defined as “mentally stored clusters of ideas that guide individual’s processing of information” (Entman 1993, p.53) or as “cognitive patterns or schemata that individuals hold” (Kostadinova and Dimitrova 2012, p.1)

One of the most important things that should be noted is that media frames can significantly affect the creation of audience/individual frames ( Cappella and Jamieson 1996; Iyengar 1987; Entamn 1993; Kahneman 2003). The framing of various issues in the mass media can determine how the viewers or readers will understand and evaluate the importance of the presented events. Thus, media frames are possible to have influence over the human consciousness through the transfer of information from a text or other material which contains these frames. In order not to neglect both of these perspectives, I will first analyse the creation of media frames, regarding the hacking of the NRA in Bulgaria, and after that, I will present results from the focus group that I managed to form with the specific intention to reflect on the audience frames that might have been influenced by the media framing of this issue.

Framing the hacking of the NRA

Methodology

Since I introduced the theory of media framing as the theoretical framework of this research, It is time to proceed to the methodological and analytical part. Therefore, in this section, I discuss the first methodology that I will employ in this research.

(10)

For the corpus of this research, I have selected to analyse fifty online journalistic articles only from Bulgarian media agencies to see how differently they frame the same issue of “NRA Leaks”. I chose to analyse online articles on the subject because I believe that they are more easily available to people and can quickly travel across various social media platforms to reach and influence a larger audience. The idea that most people have begun to search and receive their information mostly online is

confirmed and discussed during the focus group, which I will discuss in the next sections. Regarding the methodology of this research, firstly, I am applying content analysis to the fifty selected online articles, to evaluate the various frames that have been put forward by each of them. Secondly, I have organized a focus group with the intention to bring the data from the content analysis inside to elaborate and debate around it. Furthermore, to see how the media frames analysed in this section affect the individual or audience frames.

The first step from the methodology was to decide on what basis will the articles be selected.

Therefore, as my sampling strategy, I decided to extract the top fifty journalistic articles on a Google search, conducted through a clean Google profile, to avoid personalization of the results as much as possible, and specifically setting the location of the search to Bulgaria. The keyword, or phrase, that I used was “Хакването на НАП” ( The hacking of the NRA). The choice of this keyword was based on selecting the most straightforward choice of search on the subject, furthermore, the keyword which has mostly journalistic style of articles, rather than forum discussions, YouTube videos, results from the official website of the NRA, etc.. Next, a content analysis was conducted on all fifty articles to identify the elements, people, scenarios and other, that each article highlights through their frames. Content analysis can be generally described as the “analysis of manifest and latent content of a body of communicated material (as a book or film) through classification, tabulation, and evaluation of its key symbols and themes in order to ascertain its meanings and probable effect” (Krippendorff 2012, p. 1). More specifically, content analysis can be separated into two techniques, quantitative content analysis and qualitative content analysis. The quantitative CA aims at collecting the symbolic elements of a text and quantifying them, put differently, “the intent of this approach is to convert textual entities into numerical variables in order to establish statistical relationships among them and, ultimately, test specific hypotheses“ (Caliandro and Gandini 2016, p. 192). Whereas, the qualitative content analysis is ” embedded in constant discovery and constant comparison of relevant situations, settings, styles, images, meanings and nuances” (Altheide, 1987, p. 68) but also requires the definition of certain categories or variables in order to systemise and interpret the data.

(11)

Based on the distinction between the two techniques explained in the literature on content analysis, I have identified the qualitative content analysis technique as the most appropriate one for this project. This means that the main focus will be the text’s elements which serve as a product that needs to be categorized for further interpretation. The articles will be categorized based on the people, scenarios, sentiments, etc., present in them. Each described category is going to be a different frame presented by the Bulgarian media. The categories will be created using inductive approach, meaning that they will be assigned while engaging with the data, instead of being pre-defined.

Limitations

After I had already collected and analysed the fifty articles, I realized that the results from a Google search do not provide for a very stable dataset. Fortunately, I had saved references to these articles in numerous places, for example, in Zotero. However, for a future revision of this research paper, I suggest the application of more specialized news databases, such as LexisNexis. Furthermore, although I tried to be as precise as possible when doing the categorization of frames, I believe that if more than one researchers revise the categories, the results will be less biased and more accurate.

Analysis

After a thorough content analysis on the fifty articles that frame the recent hacking of the Bulgarian National Revenue Agency, I had identified seven different frames, which I named “The order”, “Russian connection”, “Mistrust in the Bulgarian authority”, “The IT wizards”, “Kristian Boykov and TAD Group”, “Alarming” and “A call for reassurance”. I will now define the elements that determine each frame/category and the difference between them. In order not to make the text too heavy with full references, I will number each article and they can later be found in the bibliography of my primary sources.

A Call for Reassurance

The first category consists of articles that frame the hacking of the NRA case as not so worrying and tries to reassure the Bulgarian population that the situation is held under control and they do not need to panic. The articles from this cluster do not aim at framing who are the hackers and whose fault was it that it happened, as the majority of the articles in the other clusters. Instead, they touch upon the biggest fear of the population, that their data can be used for fraud, hence, they reassure the readers

(12)

that there haven't been any reports of embezzlements and there will not be, according to the

statements of the authorities [32]. For example, one article states: “So far, we have not identified any cases of misuse of personal data as a result of the depletion of the NRA bases. I want to reassure the public, such abuses have not been detected, ”explained Louisa Stoeva, Deputy Chairman of the Notary Chamber” [9]. Another article from this cluster, do not simply aim at convincing people that there is nothing to worry about, but also provides the citizens with a set of suggestions on the most adequate steps they can take, instead of panicking [33].

Alarming

This category can be considered as the complete opposite of the previous one because if the previous frame called for reassurance and that any fraud, resulted from the leaked private information, can't be possible, since, for example, all agencies for fast credits are informed to tighten their process of acceptance, this frame is painting a very contrasting picture. The articles in this category frame the “NRA Leaks” as very problematic and as an actual threat to people [17][28]. They do so by providing the readers with various reports on withdrawn credits on the name of random Bulgarian citizens who are convinced that they have never asked for such [14][22][37]. Also, they include statements such as “It's dangerous, it's worrying that information about our income has leaked, which can at least lead to racketeering" [12]. After very alarming depictions of such events, all of these articles spare a few final lines to mention that all of the potential frauds were detected and reported before they were

accomplished. Furthermore, although the timing fits perfectly, there is no evidence that the cases are connected to the leaked data from the NRA. Another example from this cluster is warning people to be careful where they give their passwords because, according to them, every time an event

concerning privacy issues and leaked data happens, scammers are taking advantage of the situations and ask people to confirm their information in unauthorised places to, for example, get access to online banking accounts [23]. Although the second type of warning can be considered educational and helpful, the first mentioned cases, I consider simply as a means of stimulating a moral panic.

Russian Connection

The next categories, including this one, start to concentrate on the attributions of the crime. I have identified four categories in which different versions are put at the centre of the frame. The first related frame is regarding the version that the hackers might be connected to Russia. It is not surprising that this scenario was one of the first to be put forward by the Bulgarian media, since, although Bulgaria is now part of Europe, it still has a strong connection to Russia not only

(13)

historically, as Bulgaria is a post-communist country, etc., but also because currently, Russia is the main buyer of Bulgarian gas, therefore is strongly influencing our economy. If we combine the fact that the hacker’s email, containing the leaked files sent to the Bulgarian media, was Russian, it becomes the perfect opportunity for the media to start spreading anti-Russian propaganda. Indeed, according to some articles, Russia still has a very strong influence on the foreign relations and the domestic policy of Bulgaria. They even go further to paint the membership of Bulgaria in NATO and Europe as the “Russian’s Troyan horse that can be used for the manipulation of the decision making by the two organizations, when Moscow’s interests are threatened” [18]. That is why these articles frame the recent hacking as another tool for manipulation and a way for Russia to prove that Europe has a weak security spot which is Bulgaria [1].

Another version assigned to the Russian connection with the hacking is related to the recent decision that Bulgaria will buy the American military plane F-16, instead of one from Russia. This purchase was marked as probably the biggest military decision that Bulgaria has done in the past years. The articles highlight the fact that the NRA was hacked just when Bulgaria was finishing the military purchase with the USA, suggesting that Russia might have done it for spying purposes [1][5][18].

Kristiqn Boykov and “TAD Group”

Before the media could continue to frame Russia for having to do something with the hacking, without providing any solid proof, a new version became more interesting and the Russian connection was left behind. The collected articles did not specify how the authorities started to suspect the twenty years old IT specialist Kristiqn Boykov as the hacker but he immediately became the center of

attention in the majority of them. Kristiqn is a programmer specialised in cybersecurity, it was

reported that he even worked for the government to sustain and develop their systems but later moved to the private firm “TAD Group” which deals with cybersecurity and data protection. After the authorities reported that they have been trying to infiltrate and investigate the firm for days, the media seized the perfect opportunity to use the young IT specialist, the TAD Group’s owner Ivan Todorov and the executive director Georgi Yankov as the main heroes in their frame [8][24][34][35][42][43]. They began framing them as “terrorists” and “dangerous for society” [16].

The main version that was suggested after the prosecution office released messages shared between Todorov and Boykov as evidence to the media, was that Qnkov and Todorov have pushed Boykov to hack the NRA databases. It is mentioned that their intentions could be that after it is proven how

(14)

unreliable the systems are, it would be the perfect opportunity for “TAD Group” to offer their services [25][40][31][47].

Another evidence that was released to the media, was apparently found in the investigated computers after the special forces managed to infiltrate "TAD Group". The special prosecutor's office reported that they have found files containing NRA databases and information from insurance companies, Internet providing firms and others, as well as a whole file, named “NE SE CHISTIIIIIII’’, which contains data from 2099 personas who occupy higher positions. These pieces of evidence were shared by the media and used for the framing of the twenty years old Kristiqn Boykov, whose computer contained these files, and his colleagues as the hackers [2][10][11][16][46].

The third evidence can be found in one article which also frames Boykov as the hacker. The elements they have used to build this story were extracted from Boykov’s Facebook profile where he allegedly used to share a lot of news related to hacker attacks and a post where he brags about accessing data about 235 543 citizens of Stara Zagora, which is a city in Bulgaria [36].

Mistrust in the Bulgarian authority

Although, the category of articles, which frame Kristiqn Boykov and TAD group as the hackers, is quite extensive in comparison to the previous clusters, it is followed by another large and interesting frame. This next frame is connected to people’s mistrust in the Bulgarian authorities, which include the politicians, police, prosecution office, DGCOC (Directorate General for Combating Organized Crime), State Agency for National Security, MVR (Ministry of Interior) and the NRA. This frame can be separated into smaller sub-frames for better precision so I will now elaborate on all of them.

The first type of sub-frame is focusing on Kristiqn Boykov but instead of framing him as the offender, they put forward his point of view. These articles give a stage for the comments made by Kristiqn Boykov that the pieces of evidence provided against him are “stupid facts” and he hopes that the judges will understand he is not guilty [6]. Furthermore, it is mentioned that he has been threatened and pressured by MVR to plead guilty [15]. Another article highlights that his release for the moment is adequate because the unauthorized copies of NRA information found in his computer were taken from an information system that is not part of the critical infrastructure. Also that his young age should help for his immediate release [20].

(15)

How is this related to mistrust in the Bulgarian authorities? I already mentioned that some articles focus on the news that the MVR might have threatened Boykov to admit something that he hasn't done. However, the frame goes even further. According to most of the articles in this cluster, the pieces of evidence which I discussed in the previous category, are actually fabricated to paint the twenty years old programmer as the hacker. For example, it is mentioned that the file “NE SE CHISTIIIIIII”, which DGCOC use as the main evidence against Boykov, were created through “Windows”, whereas the other files containing NRA data proven not to be part of the critical infrastructure, were made through the massively used by programmers operating system “Linux”. Therefore, they frame the DGCOC as being guilty of infiltrating the investigated computers with the Windows files to frame Boykov and “TAD Group” as the perpetrators [7][19][21].

It is also pointed out that it is highly unprofessional and problematic that the prosecution office keeps releasing new pieces of evidence against Boykov and “TAD Group” without having any solid prove how truthful they are and if they were not really placed inside the computer after it was taken for investigation. Furthermore, all evidence immediately becomes public, instead of being kept private before the end of the case against Kristiqn Boykov and “TAD Group” [13][21].

Another sub-frame includes the framing of the NRA and the team responsible for testing, developing and improving the agency’s cybersecurity as guilty for not doing their job well. Some elements employed in this frame include that the hack was done through SQL injections, which specialists claim are a very popular way for hacking and not so hard to prevent. Furthermore, the software and systems the NRA uses are so old and unreliable that they are not even updated and maintained by their developers [26][30]. For this reason, another article highlights the statement made by the lawyer Ivailo Iurukov that Bulgarian citizens need to demand compensation of 1000 leva per person because of the incompetence of the National Revenue Agency which let this massive data leakage happen and now, according to him, the population is faced with the fear of identity theft and other frauds [27].

The Order

This next frame was originally part of the previous category “Mistrust in the Bulgarian authority’’. However, during the process of analysis, it became clear that there is a significant number of articles framing the issue a bit differently, therefore I decided to separate them in a different category. The reason this frame is still connected to the previous one is that it suggests that behind the hacking hides the “evil genius” of a Bulgarian politician or a political party [50]. In contrast to the articles in the previous frame, which suggested that Kristiqn Boykov might have been set up to appear guilty of

(16)

more charges, the articles from this cluster frame Kristiqn and “TAD Group” as the real authors of the crime. However, they put forward the version that the young programmer and “TAD Group” were actually ordered to sabotage the NRA databases by a politician from the “Yes, Bulgaria” party. One article mentions that “In recent years, the term cyberterrorism has been widely used. One of its definitions is when using computer programs, information systems, you hack or hit certain databases in order to achieve certain political goals and influence the society psychologically or its attitudes” [44]. The interesting distinction between the “Mistrust in the Bulgarian authority “ frame and “The Order” is that in the first one, DGCOC were framed as the malicious side that tries to blame someone innocent for the whole data leakage, whereas in “The Order” frame the DGCOC are mentioned as the one who reported on having evidence that Kristiqn and “TAD Group” really did commit it but only because they were ordered and paid to do so by a politician [4][29][39][41][44][48][50].

The IT Wizards

This frame appears to be the smallest one of all with only two articles, however, it still depicts the hacking in a very interesting and unique way. Here the articles are very short and serve to highlight a statement made by the Bulgarian prime minister Boyko Borisov. In this statement, he mentions that Bulgaria is full of IT wizards and that if a twenty years old boy is capable of hacking the NRA databases, then the Bulgarian educational system is only getting better [3][49].

(17)

Figure 1

To present the results in a more organized manner, I have created a chart (figure 1) which includes every frame identified in the previous section and the percentage of articles that each category contains compared to the others.

The frames with the smallest percentage of media coverage appear to be “A call for reassurance” with 6.0% and “The IT wizards“ with only 4.0%. If compared to the elements, storylines, sentiment put forward by other frames, both frames can be viewed as aiming at mitigating the wave of potential panic after the NRA data leakage and even shifting the focus to the positive side, for example, the improvement of the Bulgarian educational system. However, even if we join their percentages, they steal appear 4.0% behind the “Alarming” frame which is serving as the complete opposite. This points us to the conclusion that the Bulgarian media has more interest and benefit in stimulation moral panic in the Bulgarian society, to gain more readers and to keep them on the edge, instead of trying to keep the situation under control.

The rest of the categories/frames can be generalized as focusing on who hacked the Bulgarian National Revenue Agency and who should the society blame and suspect. As I already discussed in relation to the “Russian connection” frame, it was the first to appear in the media and was quickly replaced by the more attention grabbing frame “Kristiqn Boykov and TAD Group”. This might explain why it only received 6.0% media coverage in contrast to the 34% belonging to the “Kristiqn

(18)

Boykov and TAD Group” frame which also places it as the largest frame. This could be explained in several ways. Firstly, the media might have estimated that framing a twenty years old boy for such a controversial activity can raise more interest and stimulate the readers to follow the story and learn how someone at such a young age can be experienced enough to do it or was he just a puppet in someone’s hands. Secondly, this could be the easiest and most convenient story, since the prosecution office keeps releasing new pieces of evidence that in no way can be proven trustworthy, however, serve as the perfect way to throw dust in people’s eyes.

The last two frames “Mistrust in the Bulgarian authority” and “The Order”, which I already

mentioned are very similar yet the first frames DGCOC as untrustworthy for counterfeiting evidence during their investigation, whereas the second highlights the DGCOC as the authority which reports on the malicious politician who ordered the hack, they both employ the mistrust in the Bulgarian authorities, whether they are politicians or official agencies for investigating and fighting crime. Combining their percentages, we receive 36% of media coverage, which is even more than the “Kristiqn Boykov and TAD Group”. This shows that either the authors of these articles are being more critical towards who should be believed, or they know that the majority of the Bulgarian population has long ago lost their trust in both the security of their private information and the intentions of our government and authorities, therefore they would be more prone to relate to these articles and even subscribe for more information on other issues.

Focus Group

Returning to the literature on media framing, I would like to remind that media frames should always be considered in relation to individual/audience frames because they have the power to influence them. Furthermore, as Entman suggests (1993), the researcher should seek to evaluate and see the relation between the audience frames and media frames, instead of neglecting one of them. Therefore, I intend to examine the audience frames, that might have been developed or affected by the media frames which I identified in the previous section, by organizing a focus group.

Methodology

The focus group methodology was initially developed by psychologists and sociologists but recently, we can observe its application in a broader set of disciplines (Ivey 2011). Drawing from Folch-Lyon and Trost (1981), and Carey (2015), we can define focus groups as a qualitative research technique in which discussions revolving around a specific topic of interest to the investigation are conducted in a

(19)

small group of between six to twelve people, preferably from the same sex and around the same age. During these discussions, participants are invited to share their opinions, experiences and even contradictions. The selected participants should be knowledgeable on the subject and “chosen from some target group whose opinions and ideas are particularly germane to the investigation”

(Folch-Lyon and Trost 1981, p.444). These face-to-face discussions are the main source from which data is obtained, therefore an unbiased moderator should take notes and lead the debate by ensuring that the conversations are not going out of the topic’s reach and to provide some initial structure which is flexible to change during the debate (Carey 2015).

I selected this specific method, rather than, for example, semi-structured interviews, because focus group discussions are proven to encourage the participants to be more active during the conversations and generally makes them feel safer and more comfortable to voice their opinions. This is because they are surrounded by like minded people (Folch-Lyon and Trost 1981).

Here is my process of organizing the focus group. Firstly, I was contemplating what should be the group of participants that would suit the topic of investigation best. Fortunately, I have a friend who works in the IT industry as a software engineer and he managed to connect me with his colleagues and arrange the focus group. This fit perfectly, because we succeeded in gathering ten people between the age of twenty and twenty nine, who work in the same place and are all keen on subjects like

technology, programming, hacking and more. I believe that the selection of participants is very interesting since they might be more informed about the whole hacking event. Also, they might relate more to frames such as “The IT wizards” and “Kristiqn Boykov and TAD Group” since they are working in the same industry and are around the same age as Kristiqn Boykov.

The focus group was held in one of their offices with the knowledge and approval of their director. Before the focus group was arranged, all participants were informed about what is the topic of investigation ( the recent hacking of the NRA) and asked if they are willing to participate in the debate. Furthermore, they were informed that the discussion will be recorded but that no names and personal information will be given without their permission. During the discussion, I played the role of the moderator and asked them questions while also allowing them to deviate from the questions and suggest other relevant elements for discussion. I made sure that I am unbiased and invite the

appearance of contradictions. The data from this focus group session was collected via recording on my phone, visibly placed on the table with their knowledge, and though taking field notes.

(20)

In their article, Folch-Lyon and Trost argue that for the most accurate reflection on the subject that is being investigated, the researcher should conduct at least two different focus groups to be able to compare the data gathered from all focus group discussions (1981). Unfortunately, I did not have the opportunity to divide the people that took part in my focus group in two groups because of their lack of availability and the arrangement we had with their director. Furthermore, the limited time I had in Bulgaria prevented me from conducting focus group debates with another group of people.

Results

The focus group discussion went very smoothly by following the structure I had prepared in order for us to cover all important aspects of the investigation. Of course, there were some interesting additions to the discussion that only enriched my dataset.

The focus group began with me introducing myself, that what we are doing is part of the methodology for a bachelor thesis I am writing at the University of Amsterdam and a bit more information on how a focus group works. After that, I began the discussion by asking them where did they first hear that the NRA was hacked. Some of them said they heard from family members and friends, from chatting with old classmates and many of them mentioned articles shared on Facebook. The presence of articles on this subject in their Facebook feeds proved my point that online articles easily travel across social media platforms and influence a larger audience, therefore they are more worth for investigation than traditional newspaper articles or TV news representations.

Following the previous question, I was interested in whether they continued to follow the “NRA Leaks” controversy themselves by reading online articles, newspapers or watching TV.

Only one person said he is following the controversy by reading online articles and all others answered that they might hear from people about it but they are not reading or watching anything on the subject themselves. At this point, my suspicions as to why they do not feel interested in following what the media is covering on the subject, raised and I asked them whether they believe, and to what extent, in the way the Bulgarian media represents important issues to the Bulgarian society. All of them answered that they do not believe the Bulgarian media is covering important issues adequately. The participants had the following discussion:

(21)

Person 1: This problem that happened with these discs or backups that disappeared from the Commercial Register, it was covered the same way. That is why people started to joke about it because realistically the media did not say anything.

Person 2: They did not disappear, they blew up because they were not professionally configured.

Person 1: Yes, but they were also not professionally covered in the media.

By bringing previous controversial topics that happened in Bulgaria and were covered by the media, the participants wanted to prove that their trust in the way the Bulgarian media represents important issues is already lost.

Next, I wanted to learn more about their thoughts, feelings and worries regarding the hacking controversy, therefore I asked them how did they react when they heard that private information for more than five million Bulgarian citizens was leaked, as the articles state. Only one person answered that it can be worrying to have your private information stolen since he knows a person who was wanted by Interpol for a crime he did not commit. After I asked if this case happened because the NRA leaks, he specified that it is not connected to it. All other participants said that this is not the first time that private data leaks and it doesn't happen only in Bulgaria, therefore they are not really

worried about it. One person said:

Person 3: Personally, I was not worried because I know I have nothing on my name and the next day I checked that I am not in the leaked databases, so I was okay.

The person was referring to the application which the NRA created for everyone to check if their data is part of the leaked databases. This prompted a lively discussion in which everyone shared whether their names were there or not. However, even the people who said their information was part of the leakage, did not sound bothered. For example, these participants said:

Person 4: Apart from my unique citizenship number (EGN) and what I own nothing more can be found and honestly, this has not worried me in any way.

(22)

Person 4: I can run an algorithm to guess your EGN. The EGN is nothing, the EGN is just an ID. The only worrying thing is that we give money so that our data can be protected, this data is not extra sensitive but it leaked, tomorrow something else can leak.

Also Person 4: One thing is for information to be leaked and another to be lost. If they had lost it that would have been a total fail because, in practice, then you can do manipulations, or if you could erase some information and insert another, that would have been a problem.

The participants highlighted that they might not feel affected by the leak because they have more knowledge on the case but their parents and other family members have panicked when they heard about the hack through the media.

Person 6: Maybe for us it is not so alarming because we work in this industry but, for example, my mother was very worried because she didn't know what is in this data, how important it is and et cetera.

Person 3: My mother also called me if she should change some personal information and I told her to calm down.

After I had identified the prevailing attitudes of the participants towards the leaked private data, I wanted to turn back the focus of the discussion to the media coverage of the controversy. Therefore, I asked them that since a large part of the news content on the subject of the “NRA Leaks” is connected to the attribution of the crime, with what impression were they left. To make this question more clear, I specified that the question is not about their personal opinion on who might be the hackers but rather what impression is the media coverage of the issue making, according to them. They all replied that from what they have heard and seen on the media, Kristiqn Boykov and “TAD Group” are the main suspects for the attack. I asked this question with the specific intention to compare it to the percentage of media coverage of each frame identified in the previous sections. Their reply proved that the “Kristiqn Boykov and TAD Group” frame receives too much coverage for the lack of authenticity it has but despite that people immediately connote the hack with these personas. However, the

discussion quickly turned in the direction of their own opinions, which was welcomed by me, since my next intention was to reflect on their individual framing of the issue.

What caught my attention was that they stuck with the “Kristiqn Boykov and TAD Group” frame, which they had identified as the most prominent frame in the media environment, but they did not

(23)

simply view the subject through this lens. For example, some of them also believe that Kristiqn Boykov had an order by TAD Group's owner and executive director to test for weak security points in major systems but they also think a third party paid them for this as well. Here are some points the participants mentioned.

Person 4: Eventually, this boy is just twenty years old, he is not the marvelous hacker that he is portrayed as. They have just worked with pre-made scripts and tested the level of security in various places and one of these places was the NRA.

Person 3: They just wanted to show weak security points in the systems.

Person 4: According to me, it was just an order. They have the skills, someone came and told them “let’s make some misery”, and they said, “Okay, we know we can easily attack the NRA”. Most probably, they just wanted to make some money.

Person 6: Yes, it was not that they wanted to damage the state.

When asked what was their opinion on the scenario that there might be a Russian connection, the participants did not believe the hack was connected to Russia. They noted they remember that some media mentioned it but only at the beginning of the whole controversy and they do not think it is relevant. For example:

Person 3: In the beginning, they did not know who might be the hacker so they just decided to connect it to Russia.

Person 6: The media hears some gossip and it is important to be first with the news, even though it is fake news, the important thing is to have clicks.

Next, we discussed whether they trust the efficiency of the Bulgarian authorities, such as the MVR and DGCOC which were also heavily present in most media frames. To which they replied that they do not trust them at all. Furthermore, they blamed the authorities for having the mechanisms and laws when dealing with such attacks but not applying them on time.

(24)

Through the use of media framing theory, as the theoretical framework of this research, and the content analysis conducted on fifty online Bulgarian news articles connected to the hacking of the NRA, I wanted to answer the question “How did the online Bulgarian news sources frame the hacking of the Bulgarian National Revenue Agency? After a thorough categorization of the fifty online articles, seven different frames were identified, which are: “The order”, “Russian connection”, “Mistrust in the Bulgarian authority”, “The IT wizards”, “Kristian Boykov and TAD Group”, “Alarming” and “A call for reassurance”. Three out of the seven frames were concentrated on influencing the overall feeling the citizens must have regarding the leak and the “Alarming” frame received more coverage than “The IT wizards” and “A call for reassurance” frames together. This lead to the conclusion that the media had more interest in feeding people’s fear of fraud and stimulating moral panic, most probably for the purpose of attracting more clicks on their pages. The other four frames were dealing with the attribution of the hack, with each of them putting a different version forward. The “Russian connection” frame was the first to appear when the media did not have much evidence on a more accurate scenario, hence, the anti-Russian propaganda became very useful in attracting more readers. However, after the prosecutors started to release various pieces of evidence against the twenty years old programmer Kristiqn Boykov and the firm he worked for “TAD Group”, the “Russian connection” frame was quickly forgotten and replaced. Here comes the question of trust. Did anybody believe that such a young boy can single handedly hack one of the most important state agencies in Bulgaria? According to the last two identified frames “The order” and “Mistrust in the Bulgarian authorities”, the state, politicians, DGCOC and MVR were deeply involved in controversial activities regarding the hack. Some media claimed that politicians have ordered the hack for the stimulation of moral panic during elections, others blamed the MVR and DGCOC for faking evidence and pushing Kristiqn Boykov to admit a crime that he did not commit. After I had identified how the media frames depict the “NRA Leaks”, I wanted to test their effect on people’s individual framing process. The results from a focus group in which ten Bulgarian programmers shared their opinions on the subject, showed that the individual frames were not so different from the identified media frames. The audience frames also identified the “Kristiqn Boykov and TAD Group” as the prevailing frame in the media environment, however, just as the “Mistrust in the Bulgarian authority” frame and “The order” together received more coverage than the “Kristiqn Boykov and TAD Group” frame, so did the participants agreed that these frames seem more trustworthy.

As a Bulgarian citizen, I dare to say that this controversy yet again depicts what a fiasco the institutionalized politics and media in Bulgaria are. The main goal of this research is to make the readers, especially the Bulgarian population who might read this, much more critical of how their

(25)

perception is being framed and how they are being governed. Here are the real problems that I have identified in this research: Firstly, the Bulgarian media keeps stimulating certain frames without giving any solid proof and evidence. Furthermore, what drives their news production practices is engagement, clicks, instead of striving to critically inform the Bulgarian population. This can be very damaging for real people depicted wrongly, such as Kristiqn Boykov. As Fish and Follis (2016) have pointed out in their research, mainstream media has the power to connect real personas to certain events and controversies. Similarly, although there is no actual proof that Boykov is the hacker, his persona will be permanently assigned to the “NRA Leaks” controversy, which can be damaging for his future career development. This brings us to the next problem. Most of the articles, mention some shady pieces of evidence that the authorities keep releasing against Boykov and “TAD Group”. May I mention that the case against them is still running and is expected to finish somewhere around the end of this year, which points to the fact that everything should be kept inside the court until the end of the case and what the prosecutors are doing is highly unacceptable.

The short conclusion of this research is that the media framing practices of the Bulgarian news sources and the pieces of evidence that are constantly released by the prosecution office point to the intentional stimulation of moral panic. This, however, is met by the ignorance of the Bulgarian population, who had long ago lost their trust in the media and government. After all, turns out it was just “Much ado about nothing”.

Bibliography

Primary sources Capital.bg. 2019. “От НАП са изтекли лични данни на милиони български граждани и фирми.” www.capital.bg. 2019. https://www.capital.bg/politika_i_ikonomika/bulgaria/2019/07/15/3938624_ot_nap_sa_izte kli_lichni_danni_na_milioni_bulgarski/. nap.bg. 2019. “Разпространени Данни На НАП.” 2019.https://nap.bg/page?id=749.

[1] actualno.bg. 2019. “Хакването на НАП през погледа на The New York Times - липса на вяра в кабинета ‘Борисов.’” 2019. https://www.actualno.com/politics/hakvaneto-na-nap-prez-pogleda-na-the-new-york-times-lipsa-na-vj ara-v-kabineta-borisov-news_785409.html. [2] tilda.bg. 2019. “Охранителна камера записала признание на Кристиян Бойков за хакването на НАП: Тилда.Новини.” Тилда. Accessed December 8, 2019. https://tilda.bg/story/Ohranitelna_kamera_zapisala_priznanie_na_Kristian_Bojkov_za_hakvaneto_na_ NAP-52083. [3] Bultimes. 2019. “Борисов: Щом 20-годишен хаква НАП, значи образованието ни е добро.”

Bulgarian Times (blog). July 17, 2019.

(26)

[4] vesti.bg. 2019. “Кристиян може да стане свидетел за хакването на НАП.” Vesti.bg. 2019. https://www.vesti.bg/bulgaria/kristiian-mozhe-da-stane-svidetel-za-hakvaneto-na-nap-6098244. [5] fakti.bg. 2019. “Младен Маринов: Руски Хакери Удариха НАП.” Fakti.Bg - Да Извадим Фактите Наяве. 2019.https://fakti.bg/bulgaria/395490-mladen-marinov-ruski-hakeri-udariha-nap. [6] glas.bg. 2019. “Кристиян Бойков: Натопен Съм! Представиха ‘Факти’, Които Са... Тъпи! - Glas.Bg.” Glasbg. 2019. https://glas.bg/super/kristiian-boikov-natopen-sam-predstaviha-fakti-koito-sa-tapi-412370/. [7] news.klamer.bg. 2019. “Кламер БГ - Новини: Обвиняемият за хакването на НАП излиза от ареста.” 2019. http://news.klamer.bg/Основателят-на-Телерик-Уликите-срещу-Кристиян-Бойков-са-фалшифици рани. [8] mediapool.bg. 2019. “Хакери пробвали преврат с офлайн пръскачки.” Mediapool.bg. 2019. https://www.mediapool.bg/hakeri-probvali-prevrat-s-oflain-praskachki-news296364.html. [9] clubz.bg. 2019. “Нямало Злоупотреби с Лични Данни На Граждани След Хакването На НАП.” Клуб “Z.” October 10, 2019. https://clubz.bg/88927-nqmalo_zloupotrebi_s_lichni_danni_na_grajdani_sled_hakvaneto_na_nap. [10] vesti.bg. 2019. “Прокуратурата пусна още доказателства срещу "ТАД Груп"” Vesti.bg. 2019. https://www.vesti.bg/bulgaria/snimki-ot-chat-sred-dokazatelstvata-sreshtu-tad-grup-6098485. [11] dnes.bg. 2019. “Бойков, Янков и Тодоров отиват на съд за хакването на НАП | Dnes.bg.” 2019. https://www.dnes.bg/temida/2019/07/25/boikov-iankov-i-todorov-otivat-na-syd-za-hakvaneto-na-nap. 417566. [12] vesti.bg. 2019. “Опасност След Хака На Данни От НАП: Най-Малкото Рекет - България | Vesti.Bg.” 2019. https://www.vesti.bg/bulgaria/opasnost-sled-haka-na-danni-ot-nap-naj-malkoto-reket-6097816. [13] clubz.bg. 2019. “Проблемите Около Хакването На НАП Не Са Един и Два, а (Много) Повече.” Клуб “Z.” July 26, 2019. https://clubz.bg/85959-problemite_okolo_hakvaneto_na_nap_ne_sa_edin_i_dva_a_mnogo_poveche. [14] fakti.bg. 2019. “Провалът с Хакването На НАП Започва От Премиера.” Fakti.Bg - Да Извадим Фактите Наяве. 2019. https://fakti.bg/mnenia/398300-provalat-s-hakvaneto-na-nap-zapochva-ot-premiera. [15] banker.bg. 2019. “Късите Крачета На Лъжата За Хакването На НАП.” 2019. https://www.banker.bg/obshtestvo-i-politika/read/kusite-kracheta-na-lujata-za-hakvaneto-na-nap. [16] 5gmedia.bg. 2019. “ХАКВАНЕТО НА НАП Е ЗАСЕГНАЛО СИГУРНОСТТА НА ДЕСЕТКИ ФИРМИ И ДЪРЖАВНИ ОРГАНИ.” 2019. http://www.5gmedia.bg/4350/hakvaneto-na-nap-e-zasegnalo-sigurnostta-na-desetki-firmi-i-drzhavni-o rgani. [17] pic.bg. 2019. “Комисията За Хакването На НАП с Първо Заседание - Информационна...” 2019. https://pik.bg/%D0%BA%D0%BE%D0%BC%D0%B8%D1%81%D0%B8%D1%8F%D1%82%D0% B0-%D0%B7%D0%B0-%D1%85%D0%B0%D0%BA%D0%B2%D0%B0%D0%BD%D0%B5%D1 %82%D0%BE-%D0%BD%D0%B0-%D0%BD%D0%B0%D0%BF-%D1%81-%D0%BF%D1%8A% D1%80%D0%B2%D0%BE-%D0%B7%D0%B0%D1%81%D0%B5%D0%B4%D0%B0%D0%BD% D0%B8%D0%B5-news867460.html.

(27)

[18] trafficnews.bg. 2019. “‘Ню Йорк Таймс’ Заподозря Руска Следа в Хакването На НАП - Trafficnews.Bg.” 2019. https://trafficnews.bg/obshtestvo/nyu-york-taims-zapodozria-ruska-sleda-hakvaneto-nap-151656/. [19] segabg.com. 2019. “Предстоят още арести заради хакването на НАП.” СЕГА. August 2, 2019.https://www.segabg.com/node/84784. [20] nova.bg. 2019. “Вижте Хакера, Обвинен За Атаката Срещу НАП (ВИДЕО) - NOVA.” 2019. https://nova.bg/news/view/2019/07/17/257159/%D0%B2%D0%B8%D0%B6%D1%82%D0%B5-%D 1%85%D0%B0%D0%BA%D0%B5%D1%80%D0%B0-%D0%BE%D0%B1%D0%B2%D0%B8%D 0%BD%D0%B5%D0%BD-%D0%B7%D0%B0-%D0%B0%D1%82%D0%B0%D0%BA%D0%B0% D1%82%D0%B0-%D1%81%D1%80%D0%B5%D1%89%D1%83-%D0%BD%D0%B0%D0%BF-% D0%B2%D0%B8%D0%B4%D0%B5%D0%BE. [21] segabg.com. 2019. “Прокуратурата пак разкри доказателства по делото за хакването на НАП.” СЕГА. August 9, 2019.https://www.segabg.com/node/86164. [22] kanal3.bg. 2019. “След Хакването На НАП: Вече Има Случай На Изтеглен Кредит с Чужда Самоличност | Новини.” 2019. http://kanal3.bg/news/102023-Sled-hakvaneto-na-NAP%253A-Veche-ima-sluchay-na-izteglen-kredit-s-chudzda-samolichnost. [23] flashnews.bg. 2019. “Нова измама след хакването на сайта на НАП: Карат ни да си сменим паролата на електронното банкиране.” _Flashnews (blog). August 6, 2019.

https://www.flashnews.bg/nova-izmama-sled-hakvaneto-na-sajta-na-nap-karat-ni-da-si-smenim-parol ata-na-elektronnoto-bankirane/. [24] topnovini.bg. 2019. “Изслушванията за хакването на НАП продължават.” 2019. https://topnovini.bg/novini/845702-komisiyata-za-hakvaneto-na-nap-shte-prodalji-s-izslushvaniyata. [25] novavarna.net. 2019. “Нови доказателства за хакването на НАП. Вижте чатовете между Бойков и Тодоров (СНИМКИ).” Нова Варна. August 9, 2019. https://novavarna.net/2019/08/09/%d0%bd%d0%be%d0%b2%d0%b8-%d0%b4%d0%be%d0%ba%d 0%b0%d0%b7%d0%b0%d1%82%d0%b5%d0%bb%d1%81%d1%82%d0%b2%d0%b0-%d0%b7%d 0%b0-%d1%85%d0%b0%d0%ba%d0%b2%d0%b0%d0%bd%d0%b5%d1%82%d0%be-%d0%bd%d 0%b0-%d0%bd%d0%b0/. [26] topnovini.bg. 2019. “IT специалисти: Хакването на системите на НАП е заради зле написан софтуер.” 2019. https://topnovini.bg/novini/835095-it-spetsialisti-hakvaneto-na-sistemite-na-nap-e-zaradi-zle-napisan-softuer. [27] petel.bg. 2019. “Адвокат Юруков За Хакването На НАП: Давността За Подаване На Иск От Страна На Гражданите е 5 г. Ето Какво Да Правим, Ако Сме Потърпевши.” Petel.Bg. 2019. https://petel.bg/Advokat-YUrukov-za-hakvaneto-na-NAP--Davnostta-za-podavane-na-isk-ot-strana-na -grazhdanite-e-5-g--Eto-kakvo-da-pravim--ako-sme-potarpevshi__331905. [28] stolica.bg. 2019. “Чакат Експертизите За Хакването На НАП - Столица.Bg.” 2019. https://stolica.bg/oshte/chakat-ekspertizite-za-hakvaneto-na-nap. [29] bgdnes.bg. 2019. “Нищят Член На ‘Да, България’ За Хакването На НАП.” Bgdnes.Bg. 2019. https://www.bgdnes.bg/Article/7590794. [30] informiran.net. 2019. “Хакването На НАП Или Хакването На Празните Мозъци в България | Informiran.Net.” 2019. https://www.informiran.net/%D1%85%D0%B0%D0%BA%D0%B2%D0%B0%D0%BD%D0%B5% D1%82%D0%BE-%D0%BD%D0%B0-%D0%BD%D0%B0%D0%BF-%D0%B8%D0%BB%D0%B

Much ado about nothing: A case study of how hacking controversies are framed in the media