In Turkey a journalist is arrested for covering an alleged hacking of a government database · Global Voices | #emailsecurity | #phishing | #ransomware


Hilmi Hacaloğlu, Public domain, via Wikimedia Commons via (CC BY-NC-ND)

Authorities in Turkey arrested an independent journalist İbrahim Haskoloğlu on April 19 on charges of illegally obtaining and disseminating personal information. The arrest comes after Haskoloğlu reported on an alleged hacking of a government database. The journalist said he was contacted by the group that claimed to be behind the hack two months ago. Local authorities refuted reports of any data breach while the “Ministry of Interior filed a complaint against İbrahim Haskoloğlu, who shared ID cards allegedly belonging to President Recep Tayyip Erdoğan and National Intelligence Organization (MİT) Chair Hakan Fidan on Twitter,” reported online news platform Bianet.

Some two months ago when I was on air, I was contacted by a hacker group. They told me they had breached personal data from the e-government website and other government websites. They told me they were leaking that data. They also shared some of the government officials data with me. This data includes new ID cards.

Prior to his arrest, Haskoloğlu also tweeted correspondence between him and the authorities after sharing publicly the screenshots from the hacker group. “They [the authorities] stated that the data (Personal ID) shared here [on Twitter] came not from the e-Government database, but from ÖSYM [the Center for Assessment, Selection and Placement is the body responsible for organizing the national level university entrance examination],” said Haskoloğlu, adding that “it does not matter where the data came from, but that it was breached.”

In a statement issued by the Committee to Protect Journalists, CPJ Program Director Carlos Martinez de la Serna said, “Turkish authorities should be more concerned with the alleged hacking of government databases than the journalists who are covering it.”

According to ExpressionInterrupted, a platform that documents and monitors legal processes leveled against journalists, Haskoloğlu told the prosecutor’s office he shared all of the information he was given by the hacker group with relevant state institutions including the ruling Justice and Development (AK) Party Group Deputy Chairman Mahir Ünal, the Speaker of the Parliament Mustafa Şentop, and opposition Republican People party Group Deputy Chairman Özgür Özel and Engin Özkoç. Ünal advised Haskoloğlu “to turn over the relevant information to the General Directorate of Security (EGM). Haskoloğlu also said in his statement that he explicitly asked the Directorate of Communications “whether reporting the incident would cause any problems,” at which point he “was not given any negative feedback.”

Haskoloğlu’s lawyer, Emrah Karatay, confirmed that his client was arrested on the grounds that he failed to inform relevant authorities — though according to the journalist’s statement, he did. “He thought he had to warn people as a journalist and posted these. Now he’s arrested,” said Karatay.

On April 20, journalist Seyhan Avşar said the breach was likely real. In a thread shared on Twitter Avşar said, “Maybe somebody does indeed has access to all of our IDs at the moment and yet, the truth of the matter is that a journalist who tried exposing this breach is currently behind bars.”

In an April 14th story in the online news site Yetkinreport said, there was indeed a breach of data, except was not the government database that was hacked, but rather information of some 30,000–40,000 users of the government database that was leaked online through phishing.

Turkey’s pattern of arresting journalists

Haskoloğlu is not the first journalist to stand trial for illegally obtaining and disseminating personal information. Journalist Yakup Önal was charged with the same crime in November 2021. The court acquitted Önal.

In another case, six journalists were accused of the same crime for covering former Minister Berat Albayrak’s email leak. The six journalists were also accused of spreading “terrorism propaganda,” participating in the “hindrance or destruction of a data processing system,” “committing crimes on behalf of a terrorist organization without being its member,” and “membership in a terrorist organization.” Citizen journalist Metin Cihan is facing up to six years in prison over the same charge “for publishing documents that point to widespread nepotism in appointments to state jobs through a foundation close to the government.” In 2019, six journalists were sentenced to 40 months in prison for “violation of privacy” and for “securing and disclosing personal data unlawfully.”

However, what makes Haskoloğlu’s case stand out is that he informed the authorities of the hack, and published the information afterward. It is also the first time a journalist has been charged for exposing a government database leak. In 2016, when Turkey’s Citizenship Database was hacked — exposing the personal information of almost 50 million citizens — nobody who reported on the leak was arrested. Similarly, in 2010 when journalists reported on a crime ring selling Turk’s personal data no one was charged.

According to BBC Turkish reporting, “experts agree that there is no major data leak from MERNIS [the Central Population Administration System] this time. However, it is thought that this time the attackers may have taken over a server or end-user accounts that have access to MERNIS.” 

In Turkey, journalists are often silenced through the Turkish Penal Code Article 136. According to the said Article, “Any person who illegally obtains, disseminates or gives to another person someone’s personal data shall be sentenced to a penalty of imprisonment for a term of two to four years.” In addition:

Article 135 sets out that a person who records personal data unlawfully will be punished with a prison sentence of one to three years. Apart from this, under Article 135/2, it is stipulated that (i) the recording of personal data concerning political, philosophical or religious opinions, racial origins; (ii) illegally recording of personal data revealing moral tendencies, sex life, health conditions or trade union relationship is sentenced to a term of imprisonment. In the event that a person charged with the erasure of personal data does not implement his/her duty in spite of expiration dates prescribed by law, he/she will be imprisoned from one to two years (Article 138/1).

Turkey’s track record of implementing broad national legislation in a bid to silence critics is extensive. Journalists often face the heaviest brunt. As a result, ahead of World Press Freedom Day,  Turkey’s media freedom environment is grim. According to #FreeTurkeyJournalists platform, which highlights the cases of detained and imprisoned journalists there are currently 36 journalists behind bars. Last year alone, the authorities prosecuted 241 journalists according to the platform’s tracker.





Original Source link

Leave a Reply

Your email address will not be published.

eighty eight + = 95