[ttn]

TR citizen here, for the last 10 years only those who are really close to AKP got the government contracts including software like this etc. for stupid amounts of money with no know-how. Therefore this is absolutely normal -at least for us-, only thing that surprised me about this leak is this got into front page of HN.

Those software "companies" take millions of liras, usually for stupid CRUD stuff, develop it in like years and result is goddamn vulnerable, unaesthetic pieces of garbage.

I'm on that list as well. With that info, a terrorist can buy a SIM card for my name, use it to proxy-blow up a goddamn bomb aaaaand I'm in jail.

[istoica]

Not only there, in other countries in Europe too, in Romania they are prosecuting the boss of the biggest software company we have, he has to sell his paintings and artwork for not being arrested(bail).

The usual opinion is that they all got rich with state contracts building stupid and expensive things that young kids would do in no time for nothing.

As a government agency, of course one would not prefer to hire kids, but these countries, they have good IT persons, they have universities that are struggling with funds and finance(as education is for free there and state universities are way beyond the private factories of diplomas that are known as private universities).

Instead of throwing that money, they could have helped education and develop infrastructure in the same time. Nobody has bloody consciousness any more!

[lubonay]

Also kinda sounds like Bulgaria. Maybe we should not be thinking in nation-defined terms but rather look for a global, state-independent solution. Bureaucracies tend to be sluggish anyways...

[sliekasbekelniu]

That sounds like Lithuania to me.. One of the largest local IT companies are prosecuted now because of dirty contracts with SODRA (social care stuff)..

[ossmann]

That sounds like definitely TURKEY to me!!!

[gcatalfamo]

It might sound like Italy, but here corrupt people are those OUT of jail.

[garyfirestorm]

that sounds like india to me

[nunobrito]

Is he talking about Portugal?

Well, at least we still have good weather.

[iBzOtaku]

That sounds like Pakistan to me.

[user_3286]

That sounds like China to me.

[mikeehun]

that sounds like hungary to me

[0xdada]

Do you have any anecdotes you can share? I'd be interested.

[mikeehun]

Our government bought two $1M+ websites in the past years. It's not that the websites would pose as a security risk, or store any valuable information, it's just plain corruption ...

500k only for the planing and teaching how to use $1,2M total, for a site what is essentially a video sharing website: https://hu.wikipedia.org/wiki/Korm%C3%A1nysz%C3%B3viv%C5%91....

$1,7M for the new site of the chamber of agriculture http://index.hu/gazdasag/2016/02/03/agrarkamara/

fun fact in general, the corruption consumes 50% of the eu funded government investment in Hungary according to Transparency International, which means 11.6 billion euro currently

[frostymarvelous]

That sounds like Ghana to me

[agiamas]

It's Greece!

[dragandj]

You are all wrong, folks. Clearly, this is Serbia.

[igl]

that sounds like bavaria to me

[eltronix]

that sounds like Kenya to me

[keymon]

That sounds like Spain to me.

[low_battery]

Just a note, it looks like this data comes from Mernis(1), a project with quite bad history, developed in 90's and launched in 2000 and internet access started in 2002.

I know a bit about government IT departments and contractors at the time and I had zero faith in their competence so this breach is no surprise to me. Current government is no different than is predecessors, just business as usual.

(1)https://en.wikipedia.org/wiki/Turkish_Identification_Number

[jacquesm]

It should actually be the other way around. Now that this information is public any kind of link with personally identifiable information should be considered suspect rather than to be used as evidence for wrongdoing without further checking. That information became less valuable with this leak, not more valuable and those things that you could do with that information before should now become harder.

[ttn]

I learned this leak through HN not TR media. Forget about front page, it is NOT even mentioned.

It is only mentioned by social media website @DikenComTr who are heavy-opposition to AKP regime -related with a NL journalist Frederike Geerdink, just because you are NL I wanted to mention-. Diken journalists love to spend some time in custody time to time and website gets shut down every once in a while.

[diminish]

This leak was everywhere on Reddit for along time. Your opposition stories don't mean innocent people ID info should be put online..

Your type of comments show how clueless you are and can't grasp personal privacy attacks from politics bullshit.

[egeozcan]

I think one of us didn't understand the parent correctly.

[dang]

Please don't be rude here.

[nacs]

> With that info, a terrorist can buy a SIM card for my name

Well that escalated quickly.. Terrorists wouldn't need this database to supply them with names and addresses as most of that info is public in most countries (white-pages is one place). And I can go to any local shop and get a pre-paid SIM card without any personal info involved.

Also, if your country convicts you merely because someone used your name with no other evidence to tie you to the crime, you have bigger problems.

[ttn]

Name and maybe address can be found somehow but identity number absolutely can not be found (should not be from now on). Private companies confirm auth with name, surname, X,Y,Zth number of identity number.

You have to provide them name, surname and identity number in order to get a SIM card, in this example.

You don't need to be convicted for anything anymore if someone wants you to go to jail :) They get you in and start writing bill of indictment(?).

[ttn]

To give a little more context, if you are TR citizen what information you use and should keep private is: 1)Identity Number 2)Your mother's pre-marital surname.

[petertodd]

My mom never changed her name...

[ttn]

Officials would tell her to use both or she'd have to go to European Court of Human Rights to have that simple right. A woman attorney did go ECHR iirc

[usrusr]

How does the private company verify that the identity number is not bogus? Do they have some tamper-proof crypto box that validates a secure hash hidden in the ID or would a case like that only be flagged when the SIM registration is pushed to the government?

In any case, if it is customary to routinely hand the whole number to private companies (I read your description as "full number on registration, some digits on subsequent authentication"), then this leak has made that name/ID tuple only slightly less secret than it was before.

[ttn]

It is actually a grey area since the start. Today they get a zerox copy of your entire ID card which includes Identity Number as well but they should not do that.

The terrorist example I gave came from this grey area in fact. IIRC 2 years ago it was in the news that terrorists open up new SIM cards with regular citizens' information. When I checked it with my info, there was only 1 registered which was mine, when I checked my father however, had 4 SIMs registered and only 2 of them were his.

[elros]

> And I can go to any local shop and get a pre-paid SIM card without any personal info involved.

Which I gather is fully on-topic as you're a Turk writing from Turkey, right?

[outworlder]

> And I can go to any local shop and get a pre-paid SIM card without any personal info involved.

You see, the fact that I could go to any shop and buy a pre-paid SIM card in the US was a surprise to me. Don't expect that to hold true anywhere else. Taking Brazil as an example: you need to provide a photo ID.

[13of40]

I had to present a passport in Spain and Russia, though in Russia they accepted my (US) passport card.

[Muromec]

>Don't expect that to hold true anywhere else.

It is still possible in some countries. For example Ukrainian president was kicked out of office when he tried to make SIM card registration mandatory like in Russia.

[nunobrito]

In Portugal, Spain, Germany and Belgium (at minimum) you can buy a pre-paid SIM without any hassle.

[keymon]

That is not true for Spain. Since the attacks on 11-M 2014 in Madrid, it is mandatory to provide in the local shop your National ID card or passport to activate any SIM card. But the verification is done by the shop attendant.

Anyway, I do think it is pointless as there are plenty of ways to get a SIM card anonymously: buy it in other country, steal it, buy it from somebody, clone it...

[shushugah24]

Italy as well

[tamana]

> you have bigger problems

Yes, we do! And that is why leaks like this are especially harmful.

[tomc1985]

From experience, some countries require a national ID number to get a SIM, even for the prepaid ones

[n1myls]

UPDATE: It turns out the database that was claimed captured by hacking is actually a semi-public data. What's correct is the origin of the source of the database. However that database having limited information about voters are shared by the state agency and distributed to the political parties before the public polls by the mandate of voting laws. The database is actually from 2010 and was not obtained by hacking or anything but leaked by one of the political parties.

When I saw the news I did download the database and searched for myself. My information was not there. Because I am not a registered voter since I live in States. However all my siblings' and parents' information there unfortunately.

There's a fierce political rivalry in Turkey increasingly becoming uglier by day. The story was smelling from the beginning anyway, like implicating president, accusing cronyism and trying to score for some political agenda.

[seewhat]

I have seen the term "tenderpreneur" applied to those who become enriched through favourable access to government contracts, as in...

https://en.wikipedia.org/wiki/Tenderpreneur

  ... a tenderpreneur is a person in government who abuses their
  political power and influence to secure government tenders and
  contracts. The word tenderpreneur is a portmanteau of "tendering"
  and "entrepreneur".

Could the meaning be applied here too?

[nirkrakowski]

But now you can easily claim the information was stolen, so no judge will ever convict you.

[scotchmi_st]

> With that info, a terrorist can buy a SIM card for my name, use it to proxy-blow up a goddamn bomb aaaaand I'm in jail.

Or, you know, dead. It's a bit optimistic in the current climate to assume they'd arrest you peacefully.

[ttn]

Yeah, this is the worst case. If you google "Ali İsmail Korkmaz" you'll see a young protester, beaten to death by police and regime supporter bakery guy. He was classmate of my gf and he probably was the nicest person you can ever met.

[babayega2]

That sounds like Burundi to me. Incompetence is encouraged.

[artellectual]

Sounds like Thailand to me.

[beachstartup]

> Those software "companies" take millions of liras, usually for stupid CRUD stuff, develop it in like years and result is goddamn vulnerable, unaesthetic pieces of garbage.

that's great news! sounds like turkey is closer than anyone expected to being a full fledged western member state!