Reuters filed an exclusive report on Monday citing three “senior Western security officials” who blamed a recent wave of cyberattacks in Europe and the Middle East on “hackers acting in the interests of the Turkish government.”
The sources, including two British security officials and one American, actually went a bit further and described the cyberattacks as having “the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests.”
The online crime wave struck at least 30 targets, many of them linked to Turkey’s regional rival Greece or the island of Cyprus, a major political battleground for the two countries. Other attacks viewed as part of the same operation hit the governments of Albania and Iraq, where Turkey has strategic interests. The attacks began in late 2018 or early 2019 and are ongoing.
“Civilian organizations in Turkey have also been attacked, the records show, including a Turkish chapter of the Freemasons, which conservative Turkish media has said is linked to U.S.-based Muslim cleric Fethullah Gulen, accused by Ankara of masterminding a failed coup attempt in 2016,” Reuters reported.
Gulen, who lives in the United States, is a former ally of Turkish President Recep Tayyip Erdogan, who has become his arch-enemy and the all-purpose hobgoblin of Turkish government paranoia. Turkey has jailed, fired, or blacklisted hundreds of thousands of people accused of links to the Gulenist movement, and has been trying since 2016 to secure Gulen’s extradition from the United States.
The attacks used techniques and servers that have been linked to the Turkish government. The officials implied their agencies had compiled more information that made the hacks appear to be a Turkish operation, but they were not at liberty to discuss this intelligence in detail.
Most high-profile cyberattacks employ some form of “phishing,” which essentially means tricking the targets into divulging computer security information or opening email attachments that install malicious software on their computers. This one was more subtle and sophisticated, as the hackers tampered with the Domain Name System (DNS) servers employed by their targets to redirect traffic to phony websites.
The targets would click on a bookmark or enter the name of a legitimate website, but the hackers captured their traffic and brought the victims to realistic-looking phony websites that would capture everything they typed, including user names and passwords entered in the mistaken belief the user was visiting a legitimate website.
According to Reuters, all known victims of the cyberattack wave experienced DNS hijacking – or, as some security experts have pithily dubbed the technique, “DNSpionage” – on a scale that “alarmed Western intelligence agencies.” The only other DNS hijacking campaign of comparable scale was waged in 2018 by hackers believed to be working for the government of Iran.
Most of the governments named in the Reuters report – Turkish, British, U.S., Greek, Iraqi – declined to comment on the cyberattack story. The Cypriot government said it was aware of the attacks and had taken steps to counter them, but would not comment on their effectiveness.
The Greek government denied reports that its email system was compromised by DNS hijacking, but some criticism has been directed at Athens for using inadequate and outdated computer systems, combined with sloppy security protocols and poor response plans once security breaches were detected.
A highly aggressive cyberattack was launched against the Greek parliament, foreign ministry, finance ministry, and intelligence service two weeks ago, apparently in response to Greece opposing Turkish intervention in Libya. A group that identified itself as the “Anka Soldiers Team” took credit for the attack, which took down several important government websites. The group stated in a Facebook post that it was retaliating because Greece “threatened Turkey on the Aegean and East Mediterranean,” and would conduct more attacks unless Greece learned to “mind its step.”