[HN Gopher] Turkish citizens' personal data offered online after...
___________________________________________________________________
Turkish citizens' personal data offered online after government
site hacked
Author : giuliomagnifico
Score : 205 points
Date : 2023-06-09 17:51 UTC (5 hours ago)
(HTM) web link (balkaninsight.com)
(TXT) w3m dump (balkaninsight.com)
| xwdv wrote:
| A lot of this stuff is readily available in the right Telegram
| groups.
| hashworks wrote:
| This isn't the first time, it happened before sometime in 2015 I
| think?
| melvinmelih wrote:
| Yep, I was able to find my family's records in that leak...
| chalcolithic wrote:
| pffft
|
| Amateurs
|
| Russian citizens' personal data is sold online before government
| site gets hacked
| [deleted]
| [deleted]
| SXX wrote:
| That's true. In Russia databases of passport data sold on DVD
| on local markets long before government had any real online
| services.
| morkalork wrote:
| If you take what bellingcat posts at face value, the amount
| of data about Russian citizens for sale is absolutely
| comical:
|
| https://www.bellingcat.com/resources/2020/12/14/navalny-
| fsb-...
| SXX wrote:
| It's mostly not actual leaks though. Just result of
| countless government beuracrats working for $300 / month.
| Considering fact that some people going to die on
| frontlines for $3000 / month leaking bunch of data for $100
| is no brainer.
|
| To give an example. Since authoritarian regime like
| databases every hospital have to put data about every
| appointment or vaccination into regional online database.
| So every single doctor, technicial or their friend have
| names, national insurance ID, home adress and passport data
| for every single person who ever used medical services in
| that region.
|
| And since every phone number at least supposed to be
| registered on passport data it's super easy to connect any
| other non-government data leaks to specific person.
| contingencies wrote:
| Same in China.
| daniel-cussen wrote:
| [dead]
| kryptiskt wrote:
| In Sweden you can just buy all that data legally because it's
| all public information.
| erenkaplan wrote:
| They never claimed the data...
| data_maan wrote:
| Wasn't there a similar breach in India a few years ago?
|
| There should be a clause that governments have to step down if
| breaches like that happen.
|
| But until leaders, like Erdogan, themselves get doxxed and
| trolled, probably nothing will be done.
| mediumdeviation wrote:
| The prime minister of Singapore was the target of a breach
| against a healthcare provider in 2018
| https://en.wikipedia.org/wiki/2018_SingHealth_data_breach
| mrguyorama wrote:
| Or, you know, people could stop voting for authoritarian
| assholes who don't care if bad things happen to average people
| because that's not why they are in government anyway.
| orhmeh09 wrote:
| I can sell to you the Turkish president's address for a small
| price of $1000. PM for details.
| mrtksn wrote:
| Turkey's govt actually has quite a robust IT infrastructure and
| the Turkish citizens can do pretty much anything through the
| turkiye.gov.tr portal. It's really useful, you can even cancel
| subscriptions to services and utilities from there. You can book
| appointments for documents services or hospitals, see all your
| medical history or even heritage records.
|
| These leaks keep appearing since many years but their origin is
| not necessarily a hack of the government infrastructure. The
| leaks usually occur at election cycles because the address based
| electorate data is handled and processed by the political
| parties(which are not exactly IT elites) and gets stolen or
| leaked.
|
| Then there were high profile hacks of large food delivery
| services or other e-trade platforms.
|
| All this resulted in people collecting and merging data from
| multiple leaks and re-selling those.
|
| Edit: At some point, all the lawyers were using this data to
| track down people relevant to their court cases. They were
| selling it in CD format back then. Scammers and other criminals
| probably use this data too.
| hachiroku wrote:
| [dead]
| mghfreud wrote:
| Do the data shared with political parties contain real estate
| deeds?
| mrtksn wrote:
| I'm not sure what exactly it contains but all those leaks
| contain Name, Address and your national identity
| number(something like social security number). It must also
| contain the birthplace and date because the last elections
| there was question over how many refugees got citizenship and
| the opposition said they checked the birthplaces and the
| number is not too high.
|
| BTW, this data is available for the citizens too during the
| election cycle so you can check who lives in the same
| building with you and correct any mistakes. The list of the
| electorate is also attached at the polls so anyone can check
| for something fishy.
|
| Then in Turkey there's this obsession with companies about
| collecting as much as info possible about you, so when the
| food delivery service is hacked the hackers now can easily
| add your phone number, update your current address by
| matching your national identity number because for some
| reason they need to have that info to deliver some kebab.
|
| Also, this national identity number is generated through some
| algorithm which gives away your relatives and thanks to this,
| the hackers can also build your social graph from the leaks.
| Here is a repo about that algo:
| https://github.com/kerematam/akrabatcno
|
| AFAIK it's used in "your grandson had an accident and needs
| emergency surgery, send this much money ASAP" scams.
| jimmygrapes wrote:
| Every time I try to search for a phone number (Bing/ddg) I get
| pages and pages of clearly auto generated fake names associated
| with numbers, all hosted on that same Turkish government
| portal. I don't know why.
| mrtksn wrote:
| Interesting, Are you sure it's turkiye.gov.tr?
| activiation wrote:
| Website sorgupaneli.org down
| phantom32 wrote:
| I think there have been multiple leaks in the past, and this
| website is not the first either...
| lr4444lr wrote:
| Why haven't the authorities moved in on the host of the site
| offering the data?
| 3327 wrote:
| [dead]
| 19h wrote:
| Is that old information? I'm sure I have a dump on most Turkish
| civilians from a few years back... it also includes data on
| Erdogan, his birth place and ID number.
| treesciencebot wrote:
| Be aware that the website(s) tied to this event has been down for
| quite a while and there are no concrete evidence that any of them
| have really worked. There were a few leaks back in the 2010s but
| nothing recently has come up (lots of claims, no real proof).
| commitpizza wrote:
| My country publishes everyones data which then is offered by a
| number of services: https://mrkoll.se as an example.
|
| I wrote a blog article about it:
| https://commit.pizza/2022/10/16/the-only-way-of-being-anonym...
| RajT88 wrote:
| The government has been silent on this so far, but I suspect the
| underlying story could be described as 'Byzantine'.
| belter wrote:
| Join the party...
|
| "Every Netherlands resident affected by data leak: watchdog" -
| https://nltimes.nl/2023/06/06/every-netherlands-resident-aff...
|
| "Medical Data of 500,000 French Residents Leaked Online (2021)" -
| https://www.infosecurity-magazine.com/news/500k-french-medic...
| namaria wrote:
| These days you just have to assume every piece of personal data
| (and meta data about your online activity) eventually is made
| public.
| smcin wrote:
| The Netherlands headline is alarmist and the full facts are not
| in yet: they did _not_ say "all residents' data had been
| leaked; the number affected estimated at is 2+ million
| (population 17.5m). [0] . The Dutch DPA did say they should use
| a different password everywhere, use secure login, request
| organizations to delete their data... _" Citizens must assume
| that their personal data has already leaked or that this will
| happen at some point"_.
|
| Meanwhile: back in May 2020 a Dutch hacker obtained virtually
| all Austrians' personal data (full name, gender, address, DOB),
| police say [1]
|
| [0]: https://www.iamexpat.nl/expat-info/dutch-expat-
| news/millions...
|
| [1]: https://www.reuters.com/world/europe/dutch-hacker-
| obtained-v...
| m00dy wrote:
| great, thanks. I'm now famous.
| usdogu wrote:
| It's not suprising. Turkish citizens' data is in the hands of 13
| y.o kids since 2015.
| x7ci wrote:
| This is unfortunately true. The "MERNIS" leak is freely
| available, containing some 49M citizens with their ID card
| numbers, addresses and a lot more.
___________________________________________________________________
(page generated 2023-06-09 23:00 UTC)