blackMORE Ops Learn one trick a day ….
Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure? This came via a recent post made in Reddit. This list includes data of the country’s president. The database, which comprises 49,611,709 documents, was posted on the website of an Icelandic group that specializes in divulging leaks on Monday.
Turkish citizenship database leaked ? http://185.100.87.84/ pic.twitter.com/16pspqyr3S
— Dmitry Chestnykh (@dchest) April 4, 2016
This leak contains the following information for 49,611,709 Turkish citizens: (IN CLEARTEXT) 
- National Identifier (TC Kimlik No)
- First Name
- Last Name
- Mother’s First Name
- Father’s First Name
- Gender
- City of Birth
- Date of Birth
- ID Registration City and District
- Full Address
Lesson to learn for Turkey:
- Bit shifting isn’t encryption.
- Index your database. We had to fix your sloppy DB work.
- Putting a hardcoded password on the UI hardly does anything for security.
- Do something about ! He is destroying your country beyond recognition.
Lessons for the US? We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than does.
Let’s take a look at the data:
mernis=# SELECT * FROM citizen WHERE last = '~SNIP~' AND \
first = '~SNIP~' AND \
date_of_birth LIKE '%/%/~SNIP~';
-[ RECORD 1 ]------------+-------------------------
uid | ~SNIP~
national_identifier | ~SNIP~
first | ~SNIP~
last | ~SNIP~
mother_first | ~SNIP~
father_first | ~SNIP~
gender | E
birth_city | ISTANBUL
date_of_birth | ~SNIP~
id_registration_city | RIZE
id_registration_district | ~SNIP~
address_city | ~SNIP~
address_district | ~SNIP~
address_neighborhood | ~SNIP~.
street_address | ~SNIP~
door_or_entrance_number | 26
misc |
mernis=# SELECT * FROM citizen WHERE last = '~SNIP~' AND \
first = '~SNIP~' AND \
address_city = 'ISTANBUL' AND \
date_of_birth LIKE '%/~SNIP~';
-[ RECORD 1 ]------------+------------------
uid | ~SNIP~
national_identifier | ~SNIP~
first | ~SNIP~
last | ~SNIP~
mother_first | ~SNIP~
father_first | ~SNIP~
gender | E
birth_city | ~SNIP~
date_of_birth | ~SNIP~
id_registration_city | ~SNIP~
id_registration_district | ~SNIP~
address_city | ~SNIP~
address_district | ~SNIP~
address_neighborhood | ~SNIP~
street_address | ~SNIP~
door_or_entrance_number | 25
misc |
mernis=# SELECT * FROM citizen WHERE last = '~SNIP~' AND \
first = '~SNIP~' AND \
mother_first = '~SNIP~';
-[ RECORD 1 ]------------+--------------------
uid | ~SNIP~
national_identifier | ~SNIP~
first | ~SNIP~
last | ~SNIP~
mother_first | ~SNIP~
father_first | ~SNIP~ ~SNIP~
gender | E
birth_city | ~SNIP~
date_of_birth | ~SNIP~
id_registration_city | ~SNIP~
id_registration_district | ~SNIP~
address_city | ~SNIP~
address_district | ~SNIP~
address_neighborhood | ~SNIP~ ~SNIP~.
street_address | ~SNIP~
door_or_entrance_number | 3
misc |
Turkish users already confirmed that the data is Authentic though somewhat outdated. A post in Reddit explains:
Just downloaded the data set, and can confirm it’s real. I’m not in there, but my parents and brother are. The information on there isn’t that critical, but it’s still very disconcerting.
However the database doesn’t contain entries of people born after march 1991.
Download
- mernis.sql.tar.gz (1.5GB compressed – 6.6GB uncompressed)
- Torrent | Magnet URL
- SHA512(mernis.sql): b1f61764c44117ae9d11e3a825b34b042e973797b94b29a5b4b65cfc009ea5b49
- be7fc5438c2f5fb388b7431c3d967ea959bc976c4bc81123a18dee68a61feba
Source
- https://www.reddit.com/r/security/comments/4d9f22/turkish_citizenship_database_dumped/
- http://185.100.87.84/
Hahahaha tayyip fail :)
Hahaha :) Anan fail.
[comar kopegi detected]
Hey database download link?
I’d perpetually want to be update on new posts on this website, saved
to favorites!
şerefsizler