After having conducted a digital examination that triggered a physical search, the Turkish lawyer and digital forensics expert, Dr. Levent Mazılıguney, found traces of spyware in the business computers of ten lawyers, and also located bugs at four law offices in Ankara, DW Turkish reported.
Dr. Levent Mazılıgüney shared his findings with the Union of the Turkish Bar Association (UTBA) in a submission, and called the UTBA to take the necessary steps to protect lawyers.
In his submission, Dr. Mazılıgüney said that fellow lawyers sought his help after they encountered technical problems with their computers and information systems, e.g.:
- Mouse marker movement without any interference,
- Problems with CD readers: CD readers opening on their own, making sounds, etc.
- Their computer closing down on its own,
- Their computer making irrelevant noises (something like a USB plug-in sound),
- Even though a print order had not been given, the printer would work at inopportune times.
- The re-location of desktop icons,
- Common issues after USBs were used for e-signatures, when UYAP or other portable flash drives are plugged into the computer,
- Computers slowing down for no reason,
- Computers overheating,
- Lengthened turning on and off periods for computers,
- Internet connection speeds being extraordinarily slow,
- Automatic shutting down of Windows Defender or anti-virus programmes, etc.
The submission continues as follows:
Since some of the issues conveyed to me relate to the possibility of computers being remotely accessed, the log records of the computers that use a Windows operating systems were investigated by using the “Event Viewer” tool. Unfortunately, I came across findings that showed external entries to those computers that my colleagues use for occupational purposes. When the scope of the investigation was expanded, findings were made that showed that there were “bug” devices located in some of the law firms where my colleagues work. There has thus been the need for notification.
Finding a log record diversion that interrupts the chronological order in the “Windows Event Viewer” programme is evaluated as evidence that there is a strong possibility that there has been an outside unauthorised breach into a computer. These entries are usually in red in the log records. Since remote access into these computers can only be achieved through an internet connection, and since a computer cannot be accessed in the IP system without an internet connection, all unauthorised connection information is recorded in red, with universal shortcuts for terms like Wi-Fi, browser, ethernet, etc. Error codes in red that do not divert the chronological order are also dangerous, but codes in red that do divert the chronological order are most probably cases of unauthorised entry into the computer.
Similar records presenting unauthorised remote access were found in the “Windows Event Viewer” records of approximately 10 of my co-workers’ computers, those that they use for occupational purposes. A screenshot of an example of a similar record can be seen below. In the screenshot, it has been determined that there have been multiple occasions on which there was unauthorised remote access to this device after January 29th, 2020.
After the Event Viewer findings, the use of bugs. which are physically placed devices that are used to watch/listen in a room, was taken into consideration. In addition to physically planting bugs, methods like using devices with high frequencies to watch/listen, the presence of which is very hard to determine, may also be used. However, with the limited individual opportunities available, it is impossible to determine such a situation.
In the investigations I conducted with my own hands and eyes, bugs were found to have been located in 4 (four) of the offices of our co-workers. One was in the computer hardware, one in the cable trench, one in the junction box, and one in the drawers located behind the office desk in a place hidden from plain sight. A photograph of the one found in the cable trench is presented below. The device in the photograph has a battery that lasts up to 18 months.
Illegal surveillance, bugging law offices and digital intrusion into the computers of lawyers in Turkey may be new low, following the ongoing relentless arrest campaign that has so far victimised more than 1600 lawyers across the country.
According to a recent report, entitled The Crackdown, which was published by the Arrested Lawyers Initiative, more than 1,600 lawyers have been arrested and prosecuted, while 615 lawyers have been remanded to pretrial detention. Subsequently, 474 lawyers have been sentenced to a total of 2,966 years in prison on the grounds of membership of an armed terrorism organisation (Art. 314 of The Penal Code), or of spreading terrorist propaganda.
According to the UN Basic Principles on the Role of Lawyers, Governments shall recognise and respect the principle that all communications and consultations between lawyers and their clients, within their professional relationships, are confidential.
Categories: Situation in Turkey