Newsletters
Türkiye's National Intelligence Organization (MIT) has busted an organized cybercrime ring that defrauded citizens using national postal service (PTT) and highway toll system names, resulting in 10 suspects being jailed following coordinated raids across six provinces.
The operation was conducted under an investigation led by the Istanbul Anatolian Chief Public Prosecutor's Office, with joint efforts by the MIT, Financial Crimes Investigation Board (MASAK), and Gendarmerie General Command.
Twelve suspects were detained, and 10 were arrested and sent to prison, Interior Minister Ali Yerlikaya announced on his social media account on Sunday.
MIT intelligence work determined that suspects installed malicious software on Android mobile devices. Through this malware, full control was gained over devices, and fake SMS messages were sent to third parties without citizens' knowledge, stating "You have a Highway Toll System (HGS) debt" and "PTT Cargo has an uncollected package for you."
Citizens were directed to fake websites through links in these messages, where they were asked to enter their credit card information.
Suspects' activities were monitored and exposed in a step-by-step process over six months.
During this process, numerous bank and cryptocurrency accounts were examined by MASAK. Technical and physical surveillance revealed the organization's structure, connections, and methods.
The cybercrime organization was directed through Telegram channels via its extensions in Georgia, and the revenues obtained through these accounts were laundered by converting them into international transfers and cryptocurrency.
MIT initiated efforts to identify and capture connections in Georgia.
Operations were conducted simultaneously in Istanbul, Izmir, Van, Elazig, Bingol, and Hakkari provinces, targeting identified suspects.
Twelve suspects were detained in dawn raids. Ten were arrested and two were released.
Numerous digital materials, cryptocurrency wallets, cash, and foreign currency were seized during searches.
Bank account movements of suspects totaled ₺900 million ($21.5M), Yerlikaya said. Authorities seized 200 bank accounts and 30 cryptocurrency accounts belonging to suspects under "laundering of assets derived from crime" charges.
The operation resulted in 318 websites identified as being used in phishing attacks and fraud activities being seized and blocked from access.
A special control panel used by the cybercrime organization to manage malicious software installed on mobile phones was also seized.
Through this panel, phones were controlled entirely, SMS messages could be sent to third parties without users' knowledge, incoming and outgoing calls could be redirected, the device's camera and screen could be remotely monitored, and real-time location information could be tracked.
The software also recorded keystrokes, transmitting the most sensitive information, such as passwords and one-time verification codes, to attackers.
Attacks were not solely for financial gain. Real-time location tracking was used to monitor targets, camera footage was used for blackmail, and thousands of citizens' credit card information was obtained.
Activities were coordinated through the organization's foreign extensions and also used for espionage purposes, officials said.
MIT continues to utilize all available capabilities and resources to prevent the victimization of citizens by cyber fraudsters, officials said.
2 min read
