Turkey’s Citizenship Database has been published online, containing the personal information of 49.6 million of the country’s citizens.
The data was published anonymously at the website http://220.127.116.11 where torrent & magnet links allow for the 6.9GB database (uncompressed, 1.44GB compressed) to be downloaded via the deep web using Peer-to-Peer tools. The data itself contains:
- National Identifier (TC Kimlik No)
- First Name
- Last Name
- Mother’s First Name
- Father’s First Name
- City of Birth
- Date of Birth
- ID Registration City and District
- Full Address
Interestingly, the data itself is old – the most recent birth date in the dump is 29/03/1991 (2307 births registered on that day). With individuals’ data only being registered into the database when they leave home at adulthood, it would make sense that this new leak, is in fact the surfacing of an old database that was originally stolen in 2008 (17 years later) and only now is being published in cleartext for anyone to download and read.
The website that is today publishing links to this information states:
“Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?”
“Lesson to learn for Turkey:
- Bit shifting isn’t encryption.
Index your database. We had to fix your sloppy DB work.
Putting a hardcoded password on the UI hardly does anything for security.
Do something about Erdogan! He is destroying your country beyond recognition.
Lessons for the US? We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.”
So what does this mean for those listed in the database (Turks born before 30/03/1991)? Firstly it’s worth noting that this data does not contain the Mother’s maiden name but this could be deduced with some light investigation. Secondly, the database contains no email addresses, so a mass phishing attack would require some other data set to make possible. Crucially the data does contain enough information to conduct ID theft and fraud on a targeted individual. In turn, anyone listed should monitor their credit activities closely and be extra vigilant with their Internet hygiene (password usage, phishing, antivirus, etc…).
About the Leak
The leak was published on the website http://18.104.22.168 which resolves to a server in Amsterdam in the Netherlands. This server looks to be controlled by “FlokiNET ehf” of Iceland. The webpage appears in Google as the top result when searching for “Turkish Citizenship Database” (hence why we’re showing the website address in full here). Google cached the page on 3rd April 10:32 GMT.