back to article Did hacktivists really just expose half of Turkey's entire population to ID theft?

A trove of leaked information, purported to be the entire Turkish citizenship database, has been leaked. The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens. If confirmed, the leak would become one of the biggest privacy breaches, by number of records, ever. Although billed as a …

  1. Anonymous Coward
    Anonymous Coward

    Nothing to hide, nothing to fear

    isn't that the mantra ?

    Seems those opposing the snoopers charter have got some more ammunition.

    At the least the UK isn't as susceptible to this sort of hack, if the disorganised unjoined-up antics of various government departments is anything to go by.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nothing to hide, nothing to fear

      "At the least the UK isn't as susceptible to this sort of hack, if the disorganised unjoined-up antics of various government departments is anything to go by."

      Yet.

      Give it time.

      George Carlin was bang on the money: “Never underestimate the power of stupid people in large groups.”

      1. TRT Silver badge

        Re: Nothing to hide, nothing to fear

        The intelligence of a crowd is the sum of the intelligence of the individuals that comprise that crowd.

        The stupidity of a crowd, however, is the product of the stupidity of the individuals making up the crowd.

        1. asdf

          Re: Nothing to hide, nothing to fear

          Or said even more simply none of us is as dumb as all of us. So sayeth the herd.

      2. Mark 85 Silver badge

        Re: Nothing to hide, nothing to fear

        George Carlin was bang on the money: “Never underestimate the power of stupid people in large groups.”

        Here in the States, the electorate is showing proof of that.

  2. Yag
    Joke

    We're only in april...

    ... and there's already stuffed Turkey on the menu.

    "Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?"

    You can replace Turkey by the name of most countries and stay relevant (might need to remove "religious extremism" in some cases, or replace it by "bigotry" as you wish)

    1. P. Lee

      Re: We're only in april...

      >You can replace Turkey by the name of most countries and stay relevant (might need to remove "religious extremism" in some cases, or replace it by "bigotry" as you wish)

      or indeed, replace the whole lot with "failure to budget and execute."

      While it may be cool to sneer and attribute bad things happening to things we don't like, we have Snowden from the NSA - hardly a religiously extremist organisation (as meant in the quote), OPM - again, probably not due to backwards ideologies. Whatever you think about the US, there aren't many security professionals who think the UK or Denmark or any other place won't eventually suffer something similar. It is a major reason for not creating massive databases of PII in the first place.

      That isn't to say that these things aren't a cause, but how many of them do you think you could remove and the crackers would still have done what they did?

      1. Pascal Monett Silver badge

        Re: "a major reason for not creating massive databases of PII in the first place"

        And, as usual where major reasons are concerned, it is immediately forgotten for the sake of expediency.

        Then the few who decide leave the chaos for others to mop up, and the suffering for everyone else.

      2. fajensen Silver badge

        Re: We're only in april...

        Denmark or any other place won't eventually suffer something similar.

        Denmark DID. The "IT provider of last resort" as we call it, CSC, was hacked. The hackers had full access to things like the CPR registry, the motor vehicle registry, the criminal records database.

        During the case it became obvious that CSC / "the authorities" in reality have no backups and no change controls - this despite hosting all in an IBM mainframe environment - the prosecution argued that it was not possible to determine if anything had been changed in the records.

        The court case was a farce in general, the defence and the prosecution had no access to raw data (the alleged hackers disk drive) and the prosecution did not "get" the concept of a laptop being a server.

        The IT skills on display were dire indeed, probably one of many reasons why we have one large IT project after another cratering with great fanfare, yet keep launching them.

        http://www.theregister.co.uk/2014/10/30/danish_court_finds_pirate_bay_cofounder_guilty_of_hacking_csc_servers/

        The Danish sites have better details:

        http://www.version2.dk/fokus/csc-hacking

  3. Anonymous Coward
    Anonymous Coward

    Is there a battle raging on the astral plane ?

    This, the Panama leaks, Snowden, Wikileak ...

    1. Mark 85 Silver badge

      Re: Is there a battle raging on the astral plane ?

      There's another biggie happening at the moment... look at "Mossack Fonseca".

      1. Anonymous Coward
        Anonymous Coward

        Re: Is there a battle raging on the astral plane ?

        The "Mossack Fonseca" info.

        No idea how legit though.

    2. Matt Bryant Silver badge
      Pirate

      Re: AC Re: Is there a battle raging on the astral plane ?

      "....the Panama leaks...." So, Russia is pissed at Turkey and vice versa over the Syrian mess. We get the Panama leaks, which point to massive corruption and cronyism in Putin's inner circle, then a week later we get a dump embarrassing Davutoglu.... How much of this is co-ordinated, encouraged or even directly actioned by spooks is a matter for conjecture.

  4. Anonymous Coward
    Anonymous Coward

    So when Turkey join the EU with free movement then won't this data be used by all and sundry to move about freely in the EU?

    Something is a bit a miss on this, why would hacktivists release information against the people under the government it has issue with?

    1. PleebSmasher
      Pirate

      "Hacktivist" is a broad label. You have only the group or individual's words and actions to judge them by, which could be highly misleading.

      1. Gordon 10 Silver badge

        In fact most often:

        :%s/hacktivist/wanker/

        regardless of whichever ideology they claim to follow.

  5. Anonymous Coward
    Unhappy

    You'd think that a protester could just release Erdogan's info

    Or he and his cabinet and prominent supporters.

    Sounds more like the bit about cronyism and such was just some crowing on the part of a hacker group.

    Well, anyone got some suggestions as to good stocks to buy in the Turkish credit monitoring industry?

  6. Anonymous Coward
    Anonymous Coward

    This is why governments can't have nice databases. Information is collected for political reasons; with not enough thought given to sociological, infrastructure, and security aspects. They are not -as a general rule of thumb- fit custodians for large amounts of data.

    Add to that that the gov in question has to be lucky all the time whereas an attacker only has to be lucky once and you get the current situation.

    We're going to be seeing more of this; and remember we're only seeing the tip of the iceberg...I'm pretty sure that not every hacked database is published and crowed about.

  7. allthecoolshortnamesweretaken

    Who claims to have done it?

    1. TRT Silver badge

      Bernard Matthews.

    2. This post has been deleted by its author

  8. pompurin

    It was only 18 months ago that the same thing happened to South Korea

    http://www.theregister.co.uk/2014/10/14/south_korea_national_identity_system_hacked/

    I would have guessed SKs security was better than Turkey, just from a pure personal opinion.

    Judging from some of the people I've met I wouldn't put it past the same happening in the UK. We've already had a significant hack with Talk Talk 'outsourcing' their support.

    Yesterday, Santander closed down all of their cash machines in Lancashire. You wonder how much of your information is already out there.

    1. Mark 85 Silver badge

      Re: It was only 18 months ago that the same thing happened to South Korea

      I'm still waiting for the SS Admin here in the States to be hit. There is one massively juicy database.

      1. Crazy Operations Guy

        Re: "I'm still waiting for the SS Admin here in the States to be hit."

        How do you know it hasn't? The Social Security Administration is, and pretty much always has been, incredibly underfunded. With as little money as they have, I doubt enough of it is going into InfoSec and even then, how much of that is going towards IDS / IPS systems and staffing to monitor those systems. It's likely that they've been hacked and people have been absconding with mounds and mounds of data.

        1. allthecoolshortnamesweretaken
          Coat

          Re: "I'm still waiting for the SS Admin here in the States to be hit."

          Don't worry, it's all backed up at Woodlawn. Mine's the one with the Die Hard DVD box in the pocket...

  9. TRT Silver badge

    Seriously did El Reg miss...

    referring to the breach as a data gobble?

    1. Anonymous Coward
      Anonymous Coward

      Re: Seriously did El Reg miss...

      All your baste are belong to us.

      1. Destroy All Monsters Silver badge

        Re: Seriously did El Reg miss...

        Erdogan is referred to as "controversial" not "stark raving bonkers", so it's ok.

  10. Anonymous Coward
    Anonymous Coward

    More to come?

    In February there was a leak of the Turkish national police database.

    https://www.hackread.com/anonymous-hacks-turkish-police-server-leaks-data/

    The hacker allegedly had "persistent access to various parts of the Turkish government infrastructure for the past two years".

  11. cbars

    I've said it before

    And I'll say it again. I feel sorry for the individuals.

    And the crackers are short sighted pricks with no empathy.

  12. rakoth132

    Looks to be a little old...

    Seems that this is dated back to 2007-9 according to some people looking up the data with family/friends. Still a breach and concerns, but might not be as current as the article seems to suggest.

    https://mobile.twitter.com/erenturkay/status/716623096338391040

    1. allthecoolshortnamesweretaken

      Re: Looks to be a little old...

      So maybe an old backup that wasn't disposed of properly?

  13. Anonymous Coward
    Anonymous Coward

    Putin is biting Turkey from all sides. Gas, Syria, Iraq, Azerbizan.... AK party govt. miscalculated about NATO subject. I've told them(

  14. Oengus

    Something doesn't add up here.

    49 million people's private data

    6.6Gb uncompressed

    means that there is less than 150 bytes per person (on average). There can't be much information about each individual. Full name, Date of birth, Address and phone number will almost take up that.

    1. Anonymous Coward
      Anonymous Coward

      You don't need much more. Consider a coding such as:

      1 = Ethnically Turkish

      2 = Turkmen/Azeri

      3 = Kurdish

      4 = Armenian

      5 = Greek

      6 = Arabic

      7 = Assyrian

      Now it is looking a little less friendly...

    2. John Brown (no body) Silver badge

      According to the second line of the article;

      "The leaked info appears to contain names, addresses and ID numbers of more than 49 million citizens."

  15. Anonymous Coward
    Anonymous Coward

    Safe here in Oz

    <smug>

    Our bandwidth is so appalling the hack-tards would never get to download 6.6G

    </smug>

  16. Winkypop Silver badge
    Devil

    Data wars!

    Tin-foils hats set to: stun!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022