The Gateway That Guards Nothing
Confirmed - Breach Data
Bavra is Armenia's primary land border with Georgia. Every shipping container arriving from Georgian ports -- goods from Turkey, Europe, China -- passes through this crossing. It is the chokepoint of Armenian commerce. And every single one of the 18 customs officer accounts at this checkpoint is protected by the same password: 123456.
Not some accounts. Not most accounts. All eighteen. The digital infrastructure that controls what enters Armenia from its most critical trade corridor is protected by the most commonly breached password on earth.
This was not a configuration error at one terminal. This is a systemic pattern -- 18 identical credentials at one facility, suggesting either a deliberate policy of using default passwords or a complete absence of any password policy at all.
The Bavra Evidence
Confirmed - Breach Data
| Terminal | Domain | Password | Checkpoint |
|---|---|---|---|
| bavra-customs-01 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-02 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-03 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-04 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-05 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-06 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-07 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-08 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-09 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-10 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-11 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-12 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-13 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-14 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-15 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-16 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-17 | customs.am | 123456 | Bavra (Armenia-Georgia) |
| bavra-customs-18 | customs.am | 123456 | Bavra (Armenia-Georgia) |
Eighteen rows. One password. One border.
Bagratashen: The Karen Tonoyan Connection
Confirmed - Breach Data Pattern Analysis
Bavra is not the only compromised crossing. At Bagratashen -- Armenia's second major border checkpoint with Georgia -- the same password pattern appears. And here, the credentials carry a name: Karen Tonoyan.
Tonoyan's account at the Bagratashen customs checkpoint uses 123456. This is not an anonymous terminal identifier. This is a named individual operating within the customs service whose credentials are identical to those at Bavra -- the same password protecting a different border.
| Name | Domain | Password | Checkpoint |
|---|---|---|---|
| Karen Tonoyan | customs.am (Bagratashen) | 123456 | Bagratashen (Armenia-Georgia) |
When named customs officials use the same password as anonymous terminal accounts at a neighboring checkpoint, the pattern is no longer accidental. It is institutional. The Armenian Customs Service either mandates weak passwords, tolerates them, or has no password policy at all.
Meghri: The Iranian Corridor
Confirmed - Breach Data Confirmed - DNS Records
Armenia's third critical border -- the Meghri crossing with Iran -- presents a different but equally concerning pattern. Analysis of breach data and DNS records reveals the presence of IOSC-IR.COM -- an Iranian domain -- in the digital infrastructure connected to Meghri customs operations.
Meghri is Armenia's only land border with Iran. It is the corridor through which Iranian goods enter Armenia and, by extension, the Eurasian Economic Union. Under international sanctions regimes, the monitoring of this crossing is critical. The presence of Iranian domain infrastructure in the customs digital ecosystem raises immediate questions about data sovereignty and operational independence.
| Domain | Connection | Checkpoint | Concern |
|---|---|---|---|
| iosc-ir.com | Iranian entity | Meghri (Armenia-Iran) | Foreign infrastructure at sovereign border |
The question is not whether IOSC-IR.COM is malicious. The question is why any foreign domain -- particularly from a sanctioned country -- has any presence in the digital systems of a sovereign nation's border checkpoint. Who authorized this? Under what agreement? With what oversight?
Three Borders, One Pattern
Pattern Analysis
Together, the evidence from these three checkpoints paints a complete picture of Armenia's border security posture:
| Checkpoint | Border | Trade Significance | Security Finding |
|---|---|---|---|
| Bavra | Armenia-Georgia | Primary land entry for goods from Georgian ports | 18 accounts, all password 123456 |
| Bagratashen | Armenia-Georgia | Second Georgia crossing, high traffic | Named official (Tonoyan) using 123456 |
| Meghri | Armenia-Iran | Only Iran crossing, sanctions-sensitive | Iranian domain (IOSC-IR.COM) in infrastructure |
Armenia has four operational land borders: two with Georgia (Bavra, Bagratashen), one with Iran (Meghri), and one via the Upper Lars corridor. Three of the four have documented security failures. The borders with Turkey and Azerbaijan are closed.
The country's entire open land border infrastructure is compromised -- either by password negligence or by foreign digital presence.
Why This Matters: The Sanctions Question
Pattern Analysis
Armenia has faced increasing international scrutiny over sanctions evasion -- specifically, the transit of sanctioned goods to Russia through Armenian territory. The EU, US, and UK have all raised concerns about Armenian compliance with Russia sanctions.
This investigation shows that the digital systems meant to track and control what crosses Armenian borders are protected by 123456. Customs manifests, cargo declarations, transit documents -- all controlled by systems that any attacker could access with the world's most common password.
If Armenia cannot secure its own customs terminals, it cannot credibly claim to enforce sanctions compliance at its borders. The password is not just a cybersecurity failure. It is a sanctions enforcement failure.
The Systemic Picture
In Investigation #1, we mapped the 123456 password across Armenian institutions -- from BetConstruct to Armenia TV, from Bjni mineral water to the banana import company linked to cocaine smuggling. In Investigation #8, we connected the customs password to the cocaine pipeline.
This investigation completes the border picture. Every major land crossing has a documented security failure. The password that protects Armenian commerce is the same password that protects nothing.
Eighteen terminals. Three checkpoints. Two countries' borders. One password. Zero security. The question is not whether Armenia's borders have been compromised. The question is whether they were ever secured at all.
Methodology
This investigation is based on analysis of publicly available breach databases, DNS registration records, Armenian customs infrastructure documentation, and open-source intelligence. No systems were accessed, penetrated, or tested. All credentials referenced were already publicly exposed at the time of analysis. The IOSC-IR.COM connection was identified through DNS and domain registration analysis. OWL does not encourage unauthorized access to any system.