Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?
Seen online after a subsequently-deleted tweet called attention to it:
This paste with a link to a 6.6 GB file, purportedly containing clear-text information on 49,611,709 Turkish citizens, including the following details:
- National Identifier (TC Kimlik No)
- First Name
- Last Name
- Mother’s First Name
- Father’s First Name
- Gender
- City of Birth
- Date of Birth
- ID Registration City and District
- Full Address
An IP lookup places the IP in Iceland, with the owner as Flokinet Ehf, website: twistednetworks.net.
[UPDATE: a commenter points that the source I used was wrong:
First: the IP is located in Romania
Second: that twistednetworks.net has nothing to do with the hosting company Flokinet Ehf. It’s very obvious in the IP whois or even if you do a simple google search, that the host website is https://www.flokinet.isPlease check your facts carefully.
Weird… I’ll have to go back to figure out which lookup site I used that was so wrong, but thanks!
The hackers left a terse message:
Lesson to learn for Turkey:
- Bit shifting isn’t encryption.
- Index your database. We had to fix your sloppy DB work.
- Putting a hardcoded password on the UI hardly does anything for security.
- Do something about Erdogan! He is destroying your country beyond recognition.
Lessons for the US? We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.
Update: Turkish minister calls massive data leak report an ‘old story’:
Turkey’s communications minister has denied reports of a massive data leak containing the personal information of nearly 50 million Turkish citizens, saying the leak was an “old story” from 2010, as allegations triggered concerns over personal data protection.
“This is a very old story. A similar allegation was made in 2010,” Turkish Transportation, Communication and Maritime Affairs Minister Binali Yıldırım told reporters during a meeting with board members of the Turkish World Union of Engineers and Architects (TDMMB) on April 5.
Denied reports? “Similar allegation?” Is he saying that the data are fake or just that it’s an old leak and not new data? The reporters could have done a better job on questioning and follow-up here, but it seems that my suspicion that this was an old leak was correct.
Update: as more info comes out, it seems that yes, these are not new data, but then why didn’t the government ever investigate this leak before? Media (including this site) reported this leak more than one year ago.
Update2: Turkey’s election authority says the leak was not from their system, but the data appear to be data they had shared with others. So one down (if they’re telling the truth), and a bunch of other entities to check with.
did anyone verify that dataset yet?
I can verify as a turkish person, its 100% true. My mom’s identify is correct. There is no info about me cuz i wasn’t 18 on 2009.
So this is data from 2009?
yep, it’s from 2009, this db leaked 2 times before (in this year and a few years ago) as encyripted. Encyripted version can be use with its Delphi written program named Sorgu.exe
Someone decyripted the table and leaked it 3. time.
i can definetly verify too. mine, my mom’s my bf’s, my boss’ are correct too…
Looks like old data to me. The entry I checked is at least a couple of years old.
How can we reach the data
https://thanksgiving.who.ec
Please take this off!
phising 😉
Do you have specific knowledge that phishing was used or are you guessing? If you have specific knowledge or proof, please contact me via encrypted email or contact me on Wickr at pwr2016.
if u are interested in the database: [deleted]
There’s already a link to the paste in the story, and I try to avoid links in comments, as later on, they can become malicious, etc.
> An IP lookup places the IP in Iceland, with the owner as Flokinet Ehf, website: twistednetworks.net.
Not sure what IP whois tool are you using, but it must be one of the crappiest ever.
First: the IP is located in Romania
Second: that twistednetworks.net has nothing to do with the hosting company Flokinet Ehf. It’s very obvious in the IP whois or even if you do a simple google search, that the host website is https://www.flokinet.is
Please check your facts carefully.
Noooo idea how that happened, and I’ll try to find the site again because those were the results from that site, but thanks for pointing out the error. Have corrected the post now.
thumbs up for correcting it so quickly 🙂
I know I will make mistakes on this blog, although to be wrong on an IP lookup after 17 years of looking up IP addresses is somewhat astonishing. But yeah, I will always issue a correction if an error is pointed out to me. No silent deletes, either. Public self-flogging is in order when I screw up. 🙂
Data is correct but somehow old – this does not change fixed information like parent’s name or national ID
The one who let hackers got this should do a suicide
But they won’t even quit their jobs
Attempts by the govt to minimize the public leak by declaring it an “old story” or “old allegations” are despicable. Even if it is an old hack, identity info doesn’t change (as you note), and making this all publicly available puts people at risk. Whether a fuller database was ever for sale on some forum or not, more people are now seeing it, able to access it conveniently, and misuse it.
The data is, as far as we got with our research, no older than 2008 but not newer than 2012. We will look further.
2008 – 2011 …I don’t know if we get it any better. We checked the records of more than 10 different people from all big cities for their topicality.
If there are data from 2011, that would mean that it’s not the previously leaked data. The commenter “noname :)” says his data weren’t in there as he hadn’t turned 18 by 2009. If 2010, 2011 data were in there, he should have found himself. Hmmm…
No that is not what I said. We found data that would be valid inbetween 2008 and 2011. So it cannot be older than 2008 but also not newer than 2011. 2009 is plausible here.
Ah, ok, I misunderstood, I guess. Thanks for clarifying.
It’s a shame for Turkey that (Turkish Transportation, Communication and Maritime Affairs) Minister still sits on that chair and yet to resign.
This is total weakness and not fit for the job if most important personal public information is somehow (?) leaked.
Having said that, even if the data is very very old, everyone who can read this, knows this data belongs roughly 2009. Population of Turkey was 72.561.312 in 2009 and it was 78.741.053 last year (url to Wikipedia deleted). Change is 6 million since then. This makes that data is valid and accurate at least 92.5% accurate and correct !
site name??? or ip
Did you look at the paste or link to it? It’s in the story.
Fuck 🙁
I live in Turkey and this has all the correct credentials. These are the information of the people who have voted.
According to your govt, this is not a new leak. So where was the public outcry and investigation back in 2010 and 2015? Did the general public not know about this all then? I had covered some of it in 2010 here: http://www.databreaches.net/15-released-pending-trial-in-massive-id-theft-in-turkey/ and more than one year ago here: http://www.databreaches.net/weak-state-servers-breach-causes-mass-identity-theft-in-turkey-over-50-million-citizens-identity-info-stolen/
So why are the Turkish people finding this so shocking now?
Its an old story. The reason why the public is so shocked about this info is now they can easily seach and find their info. At 2010 this database was released in corrupted sql form. You have to fix it and to make it searchable you should know sql language. So not many people can do this. And ofcouse meantime the goverment is very good at fogging, hiding info such as this one. In such cases the government creates news for public to direct their attention to another point. Now the database is indexed and served to people in easily searchable , understandable interface such as https://thanksgiving.who.ec/ . Public enters the website seaches themselves and gets shocked. The difference after six years is UI.