Turkish Journalist Jailed For Terrorism Was Framed, Forensic Report Shows

An anonymous reader quotes a report from Motherboard: Turkish investigative journalist Baris Pehlivan spent 19 months in jail, accused of terrorism based on documents found on his work computer. But when digital forensics experts examined his PC, they discovered that those files were put there by someone who removed the hard drive from the case, copied the documents, and then reinstalled the hard drive. The attackers also attempted to control the journalist's machine remotely, trying to infect it using malicious email attachments and thumb drives. Among the viruses detected in his computer was an extremely rare trojan called Ahtapot, in one of the only times it's been seen in the wild. Pehlivan went to jail in February of 2011, along with six of his colleagues, after electronic evidence seized during a police raid in 2011 appeared to connect all of them to Ergenekon, an alleged armed group accused of terrorism in Turkey. A paper recently published by computer expert Mark Spencer in Digital Forensics Magazine sheds light into the case after several other reports have acknowledged the presence of malware. Spencer said no other forensics expert noticed the Ahtapot trojan in the OdaTV case, nor has determined accurately how those documents showed up on the journalist's computer. However, almost all the reports have concluded that the incriminating files were planted. "We are not guilty," Baris Pehlivan told Andrada Fiscutean via Motherboard. "The files were put into our computers by a virus and by [attackers] entering the OdaTV office secretly. None of us has seen those documents before the prosecutor showed them to us." (OdaTV is the website Pehlivan works for and "has been critical of the government and the Gulen Movement, which was accused by Turkish president Recep Tayyip Erdogan of orchestrating the recent attempted coup.") In regard to the report, senior security consultant at F-Secure, Taneli Kaivola, says, "Yes, [the report] takes an impressive level of conviction to locally attack a computer four times, and remotely attack it seven times [between January 1, 2011, and February 11, 2011], as well as a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation."

Two words:

[no-body]

Sick people!

Re:

[Guy Harris]

For a while it looked like Turkey would be the one exception to the rule that majority-Muslim states cannot have democracy.

So presumably you're not counting (post-Suharto) Indonesia as a democracy.

Re:

[Gavagai80]

Iraq is a democracy too (now) -- an example of why democracy isn't necessarily a good thing for a developing country with deep internal tensions.

Re:

[unixisc]

Previously, under its Kemalesque regimes, Turkey was not a democracy. It was a military backed authoritarian regime, which was benevolent enough in that it cared for the well being of its people, recognized Islam as a problem, and therefore did what it could to supplant the cult of Mohammed w/ the cult of Ataturk. But they never developed a pluralistic culture that embraced all their differences - religious (Armenian), cultural (Kurds) and the end result was that people either had to swear by Ataturk or b

Re:

[unixisc]

Any evidence that Gen Franco and his supporters were inspired by the Inquisition and the Catholic zeal of Ferdinand & Isabella?

Re:

[Rick Zeman]

For the last century America has engaged in realpolitik, propping up and supporting reprehensible regimes and tyrants like in Turkey. .

Yes, and it all started with propping up Stalin and the Soviet Union. For shame, US, for shame.

Re:

[Rick Zeman]

Obviously, they didn't teach you any history of what happened between 1940 and 1942/3 in your little world: Think American food, American gas, American vehicles, American clothes, American weapons, American planes, even American cigarettes. The Soviet Union wouldn't have lived to regroup to defeat the Germans if it wasn't for the Americans because they had none of the above, only bodies.

Re:

[unixisc]

What the Soviets had was hinterland. There was endless real estate for them to keep retreating. Aside from the Winter, there was a limit to how many German troops there were, and how far they could have gone. Had the Soviets lost Leningrad, Moscow, Rostov and Stalingrad, they could have kept on retreating to Sverdlovsk, Novosibirsk, Alma Ata and Tashkent. An advantage that none of the European countries had as the blitzkrieg overtook them

Re:

[fredgiblet]

Eh, the Soviets wouldn't have lost. The Germans lacked the manpower and logistics to actually overrun the rest of the Soviet Union. That said without western allied support they wouldn't have pushed the Germans back with anywhere near the speed they had IRL.

Re:

[fredgiblet]

The US (and the Brits) send enormous amounts of Lend-Lease support to the Soviets in WW2. Without that it's likely they would have ended up in a stalemate with the Germans for a while, being bled out.

reach out and "touch" someone

[MoFoQ]

You mean "hackers" don't know how to use the "touch [die.net]" command?

Re: reach out and "touch" someone

[bestweasel]

Not Turkish Government hackers in a hurry. Maybe they're an all Windows shop. Of course they will be reading these forensic reports more keenly than most, so they don't make the same mistakes in the future.

good use of bitlocker

[rhubarb42]

to keep turkish evil maids from planting files.

Access to evidence

[manu0601]

How did Mr Spencer got access to the evidence, that is, the PC?

The story suggests the journalist was framed, but by who? If it was by Turkish government, then why did it let a third party had the opportunity to review the fake evidences?

Re: Access to evidence

[bestweasel]

"Arsenal studied Pehlivanâ(TM)s computer after being contacted by the Turkish defense attorney. According to Mark Spencer, it was a pro bono case."

"There are more than a dozen computer forensics reports on OdaTV computers. Experts from three universities in Turkey and the US-based Data Devastation company acknowledged the existence of malware and suggested the journalists had nothing to do with the files found on their PCs."

The short answer is because that's the way it's done by governments which wish

Re:

[sg_oneill]

Because despite what you might think, Turkey has a modern liberal legal system and just because the government might want to block its evidence from review theres absolutely no reason why the judge must comply.

Re:

[bloodhawk]

considering the amount of judges and lawyers that were all just recently rounded up by the government as supposed traitors I can see a shit load of reasons why a judge would comply.

Re:

[manu0601]

Because despite what you might think, Turkey has a modern liberal legal system

I did not judge Turkey legal system, I just noted something did not make sense: if whoever planted evidence knew it would be discovered, why did that person did it? If the legal system works, that person will be indicted and probably jailed at some time.

Re:

[rtb61]

It represents the typical arrogance of corrupt governments. Why leave evidence behind because they mostly do not give a crap, they are corrupt, not skilled, just corrupt and got their positions by being corrupt, not skilled. So good people, do good work and try hard, bad people do not, they lie, cheat and steal and they do that to get their jobs not just once they have their jobs. Basically, yes, corrupt scum bags do shitty jobs because they do not give a crap about the job, just what they can get out of i

Re:

[Anonymuous Coward]

Because the Turkish government changed course since then

At the time of the Ergenekon affair, the gulenist were calling the shots and were setting up cangoroo courts for those perceived as their opponents; now it's their turn on the other end of the stick, and some lucky victims may be rehabilitated.

It's like that succession of show trials, purges, 'mistakes were made', and purges of purgers in Stalin's and Hrushchev's time.

Contain highly technical content :)

[khz6955]

Has it become Slashdot official policy to not mention Microsoft windows in relation to remote access trojan malware?

"Spencer .. said he and his team .. examined BarıÅY Pehlivanâ(TM)s computer using a technique they developed to deal with sophisticated tampering of evidence."

'It's called "Anchors in Relative Time," which means putting events logged by computers such as startups and shutdowns in chronological order, regardless of any associated dates and times that might had been altered by attackers'. ref [vice.com]

Re:

[khz6955]

@anonymous coward: "because how exactly is it relevant? Are you trying to imply other OS's are somehow immune to a targeted trojan?"

I not implying anything, I'm stating that slashdot and the technical press are being financially enthused to not mention malware when it's Microsoft.

Re:

[ArsenalConsulting]

You have asked a question we would like more people in our industry to ask! My (this is Mark Spencer) last two articles in Digital Forensics Magazine introduced the Anchors in Relative Time analysis technique and included examples of cases in which it was applied. I'm going to try and strike a compromise in my explanation below between my technical articles and the Motherboard article:

What do you do if you need to analyze a Windows computer but already have reason not to trust any of its dates and times? On

That is how a surveillance-state does it

[gweihir]

The next step is, of course, to dispense with the need for forensic "evidence" on people's computers and do this fully with "intercepted" communications. And here is the real danger of a surveillance-state: They can send anybody, any time to prison for as long as they desire, and there is no possibility to defend yourself unless they screwed up massively (as they did in the case at hand).

Re:

[ruir]

What next step? It is perfectly documented by leaked files that is how they do it in Europe and in the USA...
https://theintercept.com/2014/... [theintercept.com]
Sysadmin Manual - Tactical Network injector instalation http://ftp.icm.edu.pl/packages... [icm.edu.pl]

Re:

[Gravis Zero]

And here is the real danger of a surveillance-state: They can send anybody, any time to prison for as long as they desire, and there is no possibility to defend yourself unless they screwed up massively (as they did in the case at hand).

seems like reason enough to start using open source software and open hardware. it won't be perfect but it can't be any worse than windows on an intel chip.

Re:

[gweihir]

Interesting. As it is the first thing I throw out of a new installation, I do not really follow its security-record. Have a reference?

Safety of foreigners

[ruir]

I was thinking of going in holidays in Turkey a few months ago...I think I will pass the opportunity.

amazing forensics?

[bloodhawk]

So how exactly do you forensically determine files were copied onto a computer by someone after removing the HDD and then returning it? I am sure that could of happened but how the fuck would you ever tell?

Re:

[bloodhawk]

That does not prove they removed it from the case, you could do that simply by booting it from a USB key and doing that. They specifically say they can forensically prove the files were copied while it was removed from the computer case.

Re:

[bloodhawk]

when you are talking forensic and proof, circumstantial means it would be shot to pieces in a court room.

filesystem feature

[kdayn]

while reading this article, it realized that it could be possible to create filesystem feature which would not encrypt but sign all files when password is provided during mounting, otherwise fs would work in read only mode, this feature could prove that files where created by owner of password and planting evidence like this would be impossible and this would not break any laws, the fs contents are always accessible in read-only mode without password. maybe something like this already exists?

Re:

[kdayn]

You can argue like that indefinitely about anything. At least you can not siply copy files over, you have to backdoor your target.

Ergenokon

[LienRag]

Ergenekon is not "an armed group", it's the Deep State - alliance between secret service, far-right politicians, some high-ranked officials, some big business representatives, and organized crime, all more or less under CIA control, in order to "fight communism".
It's standard procedure in all NATO, but pushed to unprecedented levels in Turkey (even more than in Italy), and fell under the spotlights with the Susurluk car crash [wikipedia.org] in 1996.

So the Ergenekon trials were a very important step in the democratiz

forgery = copy paste

[peawormsworth]

...a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation.

You think forgery and date-time manipulation is easy for a digital record? No. No. It's very very difficult and requires you to level up your skilz before you can do it.

Re:Turkey is due for some DEMOCRACY

[unixisc]

Actually, democracy, as imposed by the EU, was what brought Turkey to this point. Under Kemal Mustafa Ataturk and his successors, Turkey was a military backed authoritarian regime that kept Islam on a leash. Then, when they wanted to enter the EU, Brussels told them that they had to become as democratic as the EU countries.

Problem w/ that was that while geographically, Turkey may be positioned to be a part of Europe, culturally, the Turks are not European at all: they are Islamic. Their democratic underpinnings are similar to that of their Arab and Iranian neighbors: it shows in their attitudes towards the Armenians and the Kurds. Also, under Erdogan, Turkey has been only too happy to rediscover not just its Ottoman, but also its greater Turkic past - be it Seljuk, Tatar, Khwarezmid, Timuride, Moghul... pasts. Which is fine, but it doesn't lay the groundwork of a democratic Turkey being a pluralistic society the way the EU would desire.

Re:Turkey is due for some DEMOCRACY

[Solandri]

Politically, the whole fustercluck dates back to the end of the first World War. The Ottoman Empire [weebly.com] was on the losing side, and ceased to exist after WWI. The European victors carved its territory up along arbitrary lines, without regard for the cultural and even lingual boundaries. Those lines became the modern country borders we know today. Most of the modern Middle-eastern conflicts trace their roots back to this. Iraq, Kuwait, Syria, Israel/Palestine, and Turkey.

Culturally, it would've made a lot more sense to divide the territory up into Turkey, Kurdistan, and Arabia [vox-cdn.com] plus maybe a few other small countries, instead of the patchwork it is today.

Re:Turkey is due for some DEMOCRACY

[unixisc]

I'd toss in Israel, since the Jews didn't have a state of their own and were dhimmis in Palestine under everybody before the Brits - be it the sultanates of Egypt or Syria, the Ottomans and so on. And Lebanon, for the sake of the Maronites.

But you are right. Iraq was an artificial country, and the only thing defining it was British occupation. Like Syria and Lebanon w/ French occupation. Instead, a few countries - Turkey, Kurdestan, Azerbaijan, Greater Arabia, Israel/Palestine (in that time, the people who were called Palestinians were the Jews, not the Arabs. Such an arrangement would have prevented the Armenian genocide, as well as the Arab-Israeli wars.

Re:

[Anonymous Coward]

I'd toss in Israel, since the Jews didn't have a state of their own...

That brings up a decent discussion point. Why do Jews need or deserve a specific country for their own? We don't do this for any other religion. Where is the country founded by, for, and exclusively run by Lutherans? What about Janists or Sikhs?

Why does one and only one religion get massive support to have their own country when no other religion gets that privilege?

Re:

[sudon't]

Look, I don't support the takeover of Palestine, nor the ethnic cleansing that went on there, but Jews are different than Lutherans, and most other religions, in that they're not simply a religion. If not for anti-Semitism, they'd likely be happily living in Europe, (and probably would have been fully assimilated a long time ago). No doubt you've heard of the Nazi genocide? While two wrongs don't make a right, it's understandable that they'd want to pick up and leave after that. Unfortunately, they let thei

Re:

[unixisc]

Palestine was not 'taken over'. First of all, it had native Jews there even before the 7th century Arab/Muslim conquests. Then, in the late 19th & early 20th centuries, Jews, who were fleeing persecution from places like Tsarist Russia and even mainland Europe moved their and bought land from the Arabs at above market prices. (That's a sharp contrast from the way the Arabs settled in places like Syria, Egypt and much of North Africa.) And the original partition of that area was done, w/ Israel bein

Religious groups rights to have countries

[unixisc]

It's historical. That Jews had been persecuted in most places in Europe, and there was no compelling reason for the few places that did not persecute them to take them all in e.g. no reason why the Netherlands would have had to take in Jews from Russia, Germany and other places in Europe. While there was a zionist movement after WWI, what gave it impetus was the holocaust. That, and also the not so minor fact that they lived as dhimmis when they were a part of Muslim entities, be it the Ottoman empire

Re:

[Perky_Goth]

Except if their not of an Abrahamic religion like, say, the Kurds.

Re:

[unixisc]

You mean the Yazidi religion? Kurds were Zoroastrians in pre-Islamic times, like the Sassanids. And Islamized after the Arab conquests. While the Yazidis are a separate religious group within the Kurds, they are by no means a majority. I'd be fine w/ Yazidis having their own nation, but prefer it if the Kurds totally de-Islamize and become a state where religious freedom of all non-Muslims are guaranteed.

Re:

[Perky_Goth]

Well, you're right, I was stupid. The point was that cultural independence was only supported for those that are similar to us, and while the Ottomans are to blame, we didn't do much about it when we should.

Re:Turkey is due for some DEMOCRACY

[fredgiblet]

Basically our entire world right now can be traced back to WW1 really. WW1 and WW2, which was directly caused by WW!, completely re-wrote the entirety of the world order.

Re:

[Perky_Goth]

From what I've been reading off an on, you can add another 100 years to it - Revolutionary Republics, Napoleon, Liberalism civil wars, the Holy Alliance, the scramble for Africa, the Unification of Italy and so on.

Re:

[unixisc]

Armenians

Re:

[bytesex]

I've got some Persians one the phone. They would like a word with you.

Persia and Iran

[unixisc]

Persians? The correct term is 'Iranians'. Persia - as was historically understood - was what is today the Fars province of Iran. Includes Shiraz. The ancient Median and Achaemenid empires, which were centered around Persepolis/Pasargadae, et al were Persian. The Parthian empire was what's today Khorasan. The different Islamic dynasties that ruled Iran, none of them were Persian They were either based in Khorasan or Isfahan or Teheran. None of which are in 'Persia'.

Re:

[gtall]

WWI my ass, the Middle East has been a cluster-f since forever. Read ancient history sometime, 6000 years ago the same groups that are pissing on each other back then are doing the same thing now. Any modern political theories are lost on the Mid-East, they have a tribal mindset that has resisted change for 6000 years. As long as they believe political power stems from gods, magic, whatever, they will never advance and be relegated to a backwater of human civilization, gnawing at each other and nursing cent

Re:

[unixisc]

6000 years? I doubt that the world is that old. Christ alone is 2000+ years, and if one tosses in the various ancient peoples, then toss in another 1000 or so. What you describe really seriously started after the spread of Islam throughout the Middle East. Yeah, you had the usual conquest wars b/w the Byzantines and the Sassanids, but that was more of a border territorial grab, as opposed to a complete transformation of the type Islam pulled off once it took over.

The problem w/ that region is not so m

Re:

[Mondor]

Perhaps you miss some education. Pyramids of Egypt are over 4700 years old. At that time Egyptians had developed writing, architecture, agriculture, art of war and it obviously wasn't given by God in one day. The history of China was written since over 3500 years ago, and Mycenaean phase of Greek history started over 3200 years ago. The Stonehenge is over 5000 years old... I hope you know what it is and where it is located, and that people didn't appear there, but came from Africa.

Oh, and have you ever hear

Re:Turkey is due for some DEMOCRACY

[Bongo]

I've hear that the Soviet Union went to great lengths to divide territory along cultural lines, and failed. Point is, it doesn't matter what identity you have, it matters whether you identify with it. There's a stage in psychological development that's authoritarian, and then after that... a loong time after that, comes the individual, with individual rights and freedoms.

Jesus, oddly, managed to implant the seed of that into the authoritarian systems of his time, which took a thousand years or more to develop. Or maybe it was the Greeks.

Anyway, point is, things like the French Revolution, Western democracy, the individual who can think for him or herself, and is given rights, all born equal, is a massive cultural change, and without it, elections don't really work. Tribes will vote for their authoritarian leaders and so on, religion remains a control freak which keeps grabbing more and more power, and individual freedom of expression is crushed, along with original thinking and invention.

So if you are X and identify as X and are part of group X and are under the control of X's authoritarian power, well you're not modern. It makes no difference whether next door there's another group that's Y and slightly different yet also authoritarian. You're all as "bad" as each other (from a modern viewpoint).

The fact that the two groups are not having their own lands strictly in an, you know, segregated way, is besides the point really. Lots of segregated authoritarian groups living next to each other, trying not to step on each others' toes, can only last so long. Arguably that's what happened to Lebanon.

What makes a person modern is that they can think for themselves outside of their group, and know why individual rights matter. Which is a whole different thing to the Life of Bryan and the famous scene where the crowd blindly repeat everything the Messiah says.

So point is, dividing up territory is meaningless if the people themselves don't identify with their group and are blindly moved by that group. A modern nation contains many many groups, yet they don't fragment along sectarian lines at the first bit of friction, because they are not "white" or "black" or "muslim" or "christian" or "buddhist" or "atheist"... they are citizens first, and the other stuff is secondary.

Until the culture of the middle east moves to modern values and modern minds, they can't be citizens and their lands can't be modern nations in a democratic way.

Thing is, that's true for everyone and it is a historical accident that modernity appeared in some parts of the world first. And the authoritarian way worked ok more or less for thousands of years, so it isn't bad as such. Just, modernity makes certain things possible. But people have to grow to get there.

And the EU telling people to be democratic is, well, just doesn't realise what a huge change that is. If you take the Magna Carta, that started a gradual change over 800 years ago. How many countries today call themselves democratic when they obviously have fairly fascistic dictators? (Not counting the USA :-P )

Ethnic divisions b/w countries

[unixisc]

The Soviet attempt at doing this was laughable. For instance, on the Amur River, which is their border w/ Manchuria, they have a JAR - Jewish Autonomous Republic, which they had created to be a homeland for Russian Jews. Most Russian Jews (who've not already migrated to Israel) live where most other Russians live - in Moscow, St Petersburg and other major cities, while the population of JAR is overwhelmingly Russian Orthodox. Hardly an Israel within Russia.

In fact, since the breakup of the USSR, there

Re:

[Mondor]

Indeed, Soviets created many artificial republics that didn't exist before - Ukraine, Latvia, Estonia, Belarus and mentioned Asian republics. They also created Finland, which gave us Nokia and Linux. So I don't think that their "attempts" were laughable at all.
All of these countries were carved from Russia on grounds of ethnicity. However, I wouldn't say that it's only Soviet experiment, but rather Russian - they always tried to make ethnic groups within Empire content, same as they do now, and there are ov

Re:

[unixisc]

Ukraine was carved out of Russia in 1917, at the Treaty of Brest-Litovsk: the new incoming Soviet government wanted peace badly, and was willing to give the Germans whatever they wanted. From 1917-1921, Ukraine was an independent country, before it was annexed by the Soviet Union as a separate republic.

Finland was not a Russian creation - it was very much a Nordic country that was split b/w Russia and Sweden. They fought for and got their own independence from both countries. Estonia, similarly, was an

Liberal democracy & Islam

[unixisc]

I could ignore the AC, but what the heck!!!

I never said anything about a 'Clash of Civilizations'. For the simple reason that Islam is not a 'civilization'. I did say that Islamic countries can't have the things you describe - a liberal, democratic system that's capable of being self critical and thereby do all the things you mentioned. Reason? Islam itself!!!

To be capable of self-correcting and self-adjusting, the core values have to be capable of self-criticism. The reason it's not possible among

Re:Turkey is due for some DEMOCRACY

[flopsquad]

And war hawk Hitlery will see to it !

I know you were trying for a catchy, meme-worthy portmanteau, but all I can see is a half hour Home Shopping Network cooking demo where they're carving turkey with Hitler's cutlery. Replica war hawks on the pommels and everything!

Re:

[unixisc]

That name of hers was given by Michael Savage, and adapted by other haters/critics of HRC

Re:

[meerling]

I sure hope people recognize the sarcasm in your post and don't think it was real.
Err, that was sarcasm, right?

Re:

[flopsquad]

What? Are you against unhilded profits!?

What in the hild are you talking about?

Re:

[davester666]

clearly, the AC is talking about profit hilding. duh.

Re:Riiight!

[fredgiblet]

There's plenty of people today that seem to believe that an accusation is proof.

Re:

[sims 2]

Do you have something like this: http://www.okjailbirds.com/ [okjailbirds.com] in your state?

Re:

[fredgiblet]

I believe we do. I read a thing recently about how those places operate.

Re:

[sims 2]

Well its $1.50 a issue twice a month so I would assume that they operate with fairly high margins.

Other than that I don't know much about them.

Re:

[fredgiblet]

A lot of them put you name and photo in prominent places on search results then blackmail you if you want it removed. Essentially the idea is that if a potential employer searches for your name they'll get a mugshot unless you pay exorbitant amounts of money.