Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Crime Government Data Storage Privacy Security Software Hardware Your Rights Online

Turkish Journalist Jailed For Terrorism Was Framed, Forensic Report Shows (vice.com) 103

An anonymous reader quotes a report from Motherboard: Turkish investigative journalist Baris Pehlivan spent 19 months in jail, accused of terrorism based on documents found on his work computer. But when digital forensics experts examined his PC, they discovered that those files were put there by someone who removed the hard drive from the case, copied the documents, and then reinstalled the hard drive. The attackers also attempted to control the journalist's machine remotely, trying to infect it using malicious email attachments and thumb drives. Among the viruses detected in his computer was an extremely rare trojan called Ahtapot, in one of the only times it's been seen in the wild. Pehlivan went to jail in February of 2011, along with six of his colleagues, after electronic evidence seized during a police raid in 2011 appeared to connect all of them to Ergenekon, an alleged armed group accused of terrorism in Turkey. A paper recently published by computer expert Mark Spencer in Digital Forensics Magazine sheds light into the case after several other reports have acknowledged the presence of malware. Spencer said no other forensics expert noticed the Ahtapot trojan in the OdaTV case, nor has determined accurately how those documents showed up on the journalist's computer. However, almost all the reports have concluded that the incriminating files were planted. "We are not guilty," Baris Pehlivan told Andrada Fiscutean via Motherboard. "The files were put into our computers by a virus and by [attackers] entering the OdaTV office secretly. None of us has seen those documents before the prosecutor showed them to us." (OdaTV is the website Pehlivan works for and "has been critical of the government and the Gulen Movement, which was accused by Turkish president Recep Tayyip Erdogan of orchestrating the recent attempted coup.") In regard to the report, senior security consultant at F-Secure, Taneli Kaivola, says, "Yes, [the report] takes an impressive level of conviction to locally attack a computer four times, and remotely attack it seven times [between January 1, 2011, and February 11, 2011], as well as a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation."
This discussion has been archived. No new comments can be posted.

Turkish Journalist Jailed For Terrorism Was Framed, Forensic Report Shows

Comments Filter:
  • Sick people!

  • You mean "hackers" don't know how to use the "touch [die.net]" command?
  • to keep turkish evil maids from planting files.
  • How did Mr Spencer got access to the evidence, that is, the PC?

    The story suggests the journalist was framed, but by who? If it was by Turkish government, then why did it let a third party had the opportunity to review the fake evidences?

    • "Arsenal studied Pehlivanâ(TM)s computer after being contacted by the Turkish defense attorney. According to Mark Spencer, it was a pro bono case."

      "There are more than a dozen computer forensics reports on OdaTV computers. Experts from three universities in Turkey and the US-based Data Devastation company acknowledged the existence of malware and suggested the journalists had nothing to do with the files found on their PCs."

      The short answer is because that's the way it's done by governments which wish

    • Because despite what you might think, Turkey has a modern liberal legal system and just because the government might want to block its evidence from review theres absolutely no reason why the judge must comply.

      • considering the amount of judges and lawyers that were all just recently rounded up by the government as supposed traitors I can see a shit load of reasons why a judge would comply.
      • Because despite what you might think, Turkey has a modern liberal legal system

        I did not judge Turkey legal system, I just noted something did not make sense: if whoever planted evidence knew it would be discovered, why did that person did it? If the legal system works, that person will be indicted and probably jailed at some time.

    • by rtb61 ( 674572 )

      It represents the typical arrogance of corrupt governments. Why leave evidence behind because they mostly do not give a crap, they are corrupt, not skilled, just corrupt and got their positions by being corrupt, not skilled. So good people, do good work and try hard, bad people do not, they lie, cheat and steal and they do that to get their jobs not just once they have their jobs. Basically, yes, corrupt scum bags do shitty jobs because they do not give a crap about the job, just what they can get out of i

    • Because the Turkish government changed course since then

      At the time of the Ergenekon affair, the gulenist were calling the shots and were setting up cangoroo courts for those perceived as their opponents; now it's their turn on the other end of the stick, and some lucky victims may be rehabilitated.

      It's like that succession of show trials, purges, 'mistakes were made', and purges of purgers in Stalin's and Hrushchev's time.

  • by khz6955 ( 4502517 ) on Monday August 22, 2016 @08:25PM (#52752659)
    Has it become Slashdot official policy to not mention Microsoft windows in relation to remote access trojan malware?

    "Spencer .. said he and his team .. examined BarıÅY Pehlivanâ(TM)s computer using a technique they developed to deal with sophisticated tampering of evidence."

    'It's called "Anchors in Relative Time," which means putting events logged by computers such as startups and shutdowns in chronological order, regardless of any associated dates and times that might had been altered by attackers'. ref [vice.com]
  • by gweihir ( 88907 ) on Monday August 22, 2016 @09:34PM (#52752971)

    The next step is, of course, to dispense with the need for forensic "evidence" on people's computers and do this fully with "intercepted" communications. And here is the real danger of a surveillance-state: They can send anybody, any time to prison for as long as they desire, and there is no possibility to defend yourself unless they screwed up massively (as they did in the case at hand).

    • by ruir ( 2709173 )
      What next step? It is perfectly documented by leaked files that is how they do it in Europe and in the USA...
      https://theintercept.com/2014/... [theintercept.com]
      Sysadmin Manual - Tactical Network injector instalation http://ftp.icm.edu.pl/packages... [icm.edu.pl]
    • And here is the real danger of a surveillance-state: They can send anybody, any time to prison for as long as they desire, and there is no possibility to defend yourself unless they screwed up massively (as they did in the case at hand).

      seems like reason enough to start using open source software and open hardware. it won't be perfect but it can't be any worse than windows on an intel chip.

  • I was thinking of going in holidays in Turkey a few months ago...I think I will pass the opportunity.
  • So how exactly do you forensically determine files were copied onto a computer by someone after removing the HDD and then returning it? I am sure that could of happened but how the fuck would you ever tell?
  • filesystem feature (Score:3, Interesting)

    by kdayn ( 874107 ) on Tuesday August 23, 2016 @01:14AM (#52753617)
    while reading this article, it realized that it could be possible to create filesystem feature which would not encrypt but sign all files when password is provided during mounting, otherwise fs would work in read only mode, this feature could prove that files where created by owner of password and planting evidence like this would be impossible and this would not break any laws, the fs contents are always accessible in read-only mode without password. maybe something like this already exists?
  • Ergenekon is not "an armed group", it's the Deep State - alliance between secret service, far-right politicians, some high-ranked officials, some big business representatives, and organized crime, all more or less under CIA control, in order to "fight communism".
    It's standard procedure in all NATO, but pushed to unprecedented levels in Turkey (even more than in Italy), and fell under the spotlights with the Susurluk car crash [wikipedia.org] in 1996.

    So the Ergenekon trials were a very important step in the democratiz
  • ...a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation.

    You think forgery and date-time manipulation is easy for a digital record? No. No. It's very very difficult and requires you to level up your skilz before you can do it.

I just need enough to tide me over until I need more. -- Bill Hoest

Working...