Turkey's govt actually has quite a robust IT infrastructure and the Turkish citizens can do pretty much anything through the turkiye.gov.tr portal. It's really useful, you can even cancel subscriptions to services and utilities from there. You can book appointments for documents services or hospitals, see all your medical history or even heritage records.
These leaks keep appearing since many years but their origin is not necessarily a hack of the government infrastructure. The leaks usually occur at election cycles because the address based electorate data is handled and processed by the political parties(which are not exactly IT elites) and gets stolen or leaked.
Then there were high profile hacks of large food delivery services or other e-trade platforms.
All this resulted in people collecting and merging data from multiple leaks and re-selling those.
Edit: At some point, all the lawyers were using this data to track down people relevant to their court cases. They were selling it in CD format back then. Scammers and other criminals probably use this data too.
Every time I try to search for a phone number (Bing/ddg) I get pages and pages of clearly auto generated fake names associated with numbers, all hosted on that same Turkish government portal. I don't know why.
When these fake name/number sites first appeared about 5-8 years ago, they didn't have any ads or even outgoing links. (I looked without an ad blocker.) Ads might be the explanation for many of them today, but I don't think it's the original or sole reason. Though I suppose it may have begun as a proof of concept without ads to gauge the traffic, then ads got added years later.
I've read speculation that they were started by telephone spammers to poison the utility of those who-called-me websites that highlighted spammers' phone numbers. I don't think that's the real reason either. It sounds too cute and clever for spammers. (As an aside: nowadays those services are useless since spammers can so easily fake the caller-ID.)
I'm still thinking that there is an interesting story for the original purpose.
Not entirely sure, no. Happens on work PC using Chrome (with uBlock Origin and most lists activatsd), but not at all on phone using Firefox, despite identical searches just tested now. I don't know enough about how this works to say much more.
I'm not sure what exactly it contains but all those leaks contain Name, Address and your national identity number(something like social security number). It must also contain the birthplace and date because the last elections there was question over how many refugees got citizenship and the opposition said they checked the birthplaces and the number is not too high.
BTW, this data is available for the citizens too during the election cycle so you can check who lives in the same building with you and correct any mistakes. The list of the electorate is also attached at the polls so anyone can check for something fishy.
Then in Turkey there's this obsession with companies about collecting as much as info possible about you, so when the food delivery service is hacked the hackers now can easily add your phone number, update your current address by matching your national identity number because for some reason they need to have that info to deliver some kebab.
Also, this national identity number is generated through some algorithm which gives away your relatives and thanks to this, the hackers can also build your social graph from the leaks. Here is a repo about that algo: https://github.com/kerematam/akrabatcno
AFAIK it’s used in “your grandson had an accident and needs emergency surgery, send this much money ASAP” scams.
> AFAIK it’s used in “your grandson had an accident and needs emergency surgery, send this much money ASAP” scams.
Sad to hear that that scam is also used in Turkey, some very low and despicable people also use it here, in Romania, targeting elderly people, and it’s really vile. I explicitly warned my parents not to fall for it in case someone calls them.
> this data is available for the citizens too during the election cycle so you can check who lives in the same building with you and correct any mistakes.
Why are they crowdsourcing a task that is a basic bureaucratic process in any state?
I mean, is Turkey a state that doesn't know who its citizens are and where they live?
It's primary function is to prevent election fraud. In Turkey, elections are a serious business with participation rate above 85% and people are meticulous about the process.
Also, in Turkey the address registration is self declaration based and the government doesn't actually check if you live there. So theoretically, it can be possible for a political party to arrange it's voters distribution in such a way that it is advantageous for them. The idea is that citizens should be able to check against such things.
I'm from Italy. When I change the place where I live I declare the new address and before they update my data an officer comes and checks that I really live there. They can get in and check that's not an empty house and I'm only pretending to live there, if they want to. The check is usually nothing more than peeking through the door though.
Wow that's creepy even for me, who lived for many years in Turkey. In Turkey, the only check is a reference from someone who is already registered in that address. All this can be done online, you declare your new address from turkiye.gov.tr and someone who's registered in that address can approve your declaration.
Do you know that in UK they don't even have such a registry? The government doesn't know where you live(at least officially) and when you need to apply for something that requires proof of address they would use bank statements on your name sent by mail to that address.
I wonder how do you feel about it? Do you think that the Italian approach is better? Why would the government has to know where you live for sure? Is it to prevent benefit frauds?
No idea, it's been like that since forever AFAIK. At least it solves a lot of problems (you just show your photo id) and basically everybody you have a contract with would know that information anyway, utilities, banks, etc.
Edit: there is a difference between the place you live and the place you are registered into. Example: a student is registered at parents' home and goes to study at a university in another city. He rents a room there. He has a contract there and the landlord must notify that the student lives there (since the terrorism laws in the 70s) but the student is still registered and votes at the city of his parents unless he registers at the other city.
This is common also for workers. Maybe they live for years in a city (and the state knows) but they are still registered on their home one.
In the UK we have the electoral register. In order to vote, you need to be registered to it. The government most definitely does use it, as do credit scoring agencies and identitity verification services.
A lot of places do accept bank statements as a backup if you are not on the electoral roll.
It is a bit premature to declare this leak "more of the same" because I am hearing people's medical records are out in this one. That would point to a new, probably wider leak.
A few anectodal things from ekşisözlük claiming people were able to look up the medicines they are taking. Nothing conclusive and I didn't really have the chance to do a deep dive with my current bandwith. The files are supposed to be around 64GB.
That might be because some interface(s) are supposed to show something like demo data when you enter an ID number. They want a membership for more. But this is speculation. I am sure we'll find out in a few days when it's already forgotten.
Turkey has an universal healthcare system, government has to have all that info anyways. You have option to hide specific items from your medical history so not even your doctors can see them. Every access to your records by your doctors are also logged and reported.
An aspect of this that some people find problematic is that many employers use these services to do background checks on individuals before hiring. Background checks are of course customary for some positions, in which case official police records will be retrieved with the candidate's knowledge or consent. For positions where background checks haven't historically been customary, these services will often be used instead, since they are much faster and cheaper in terms of administration, don't require consent and don't notify the candidate that they have been used, and (at least in the past) show offenses that no longer show up in the official records.
Yes, people can look you up and threaten you and that has happened to me more than once now.
Criminals use it a lot which is increasingly a large problem due to the mass immigration that has sky-rocketed violent crimes in our country. They also use it to hijack peoples identity (haven't happened to me), since the social security number is available to everyone.
It's mostly not actual leaks though. Just result of countless government beuracrats working for $300 / month. Considering fact that some people going to die on frontlines for $3000 / month leaking bunch of data for $100 is no brainer.
To give an example. Since authoritarian regime like databases every hospital have to put data about every appointment or vaccination into regional online database. So every single doctor, technicial or their friend have names, national insurance ID, home adress and passport data for every single person who ever used medical services in that region.
And since every phone number at least supposed to be registered on passport data it's super easy to connect any other non-government data leaks to specific person.
Be aware that the website(s) tied to this event has been down for quite a while and there are no concrete evidence that any of them have really worked. There were a few leaks back in the 2010s but nothing recently has come up (lots of claims, no real proof).
This is very weird. .com.tr and and .org.tr registrations in Turkey are heavily bureaucratised with proofs of actual trademark ownership required and humans involved. So it is unlikely that these 4 letter domains could be automatically registered. The clouflare block is also odd. Could this be a DNS attack on Google on non existing domains?
The Netherlands headline is alarmist and the full facts are not in yet: they did not say "all residents' data had been leaked; the number affected estimated at is 2+ million (population 17.5m). [0]
. The Dutch DPA did say they should use a different password everywhere, use secure login, request organizations to delete their data... "Citizens must assume that their personal data has already leaked or that this will happen at some point".
Meanwhile: back in May 2020 a Dutch hacker obtained virtually all Austrians' personal data (full name, gender, address, DOB), police say [1]
I'm curious if leaks like this are used to validate directory style websites or if they purely function off of official public records requests and releases.
There's a special place in hell for people who leak PII.
I think you are aiming for accountability but making a government step down for data breach is unrealistic and has many unintentional consequences.
In security you can account for many factors except the human factor.
If there's sufficient incentive like automatically bringing down the government, you are painting a huge target on the hardware & software infrastructure for both internal(political rivals) and foreign entities(think governments with significantly more resources).
There will always be at least one weak human link that can be exploited and that's far less price compared to what was done historically to topple governments.
Or, you know, people could stop voting for authoritarian assholes who don't care if bad things happen to average people because that's not why they are in government anyway.
Is that old information? I’m sure I have a dump on most Turkish civilians from a few years back… it also includes data on Erdogan, his birth place and ID number.
These leaks keep appearing since many years but their origin is not necessarily a hack of the government infrastructure. The leaks usually occur at election cycles because the address based electorate data is handled and processed by the political parties(which are not exactly IT elites) and gets stolen or leaked.
Then there were high profile hacks of large food delivery services or other e-trade platforms.
All this resulted in people collecting and merging data from multiple leaks and re-selling those.
Edit: At some point, all the lawyers were using this data to track down people relevant to their court cases. They were selling it in CD format back then. Scammers and other criminals probably use this data too.