The Largest PII Hack Ever -- Or So It Seems

By Paul Rosenzweig
Tuesday, April 5, 2016, 9:59 AM

Information warfare continues to morph before our eyes into tactics and problems that we cannot really conceive. You may have thought that the OPM hack was a problem -- the personal information of every security-cleared American exfiltrated by the Chinese. You ain't seen nothing yet. Yesterday, someone (no credit claimed yet -- though note the suggestion that the hackers are American) posted online what appears to be the personal information of EVERY Turkish citizen -- all 49+ million of them. It's more than 6 GB of data, apparently. Humorously, the first listed individual is:

national_identifier      | 17291716060
first                    | RECEP TAYYIP
last                     | ERDOGAN

Here is the opening of the dump:

Turkish Citizenship Database

Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?

This leak contains the following information for 49,611,709 Turkish citizens: (IN CLEARTEXT)

  • National Identifier (TC Kimlik No)
  • First Name
  • Last Name
  • Mother's First Name
  • Father's First Name
  • Gender
  • City of Birth
  • Date of Birth
  • ID Registration City and District
  • Full Address

Lesson to learn for Turkey:

  • Bit shifting isn't encryption.
  • Index your database. We had to fix your sloppy DB work.
  • Putting a hardcoded password on the UI hardly does anything for security.
  • Do something about Erdogan! He is destroying your country beyond recognition.

Lessons for the US? We really shouldn't elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.