Couldn’t find international news coverage of this, so I’ll do my best to translate it:

CHP spokesman Deniz Yucel has made a statement about his SIM card getting duplicated and WhatsApp account being hijacked by malicious actors:

"While the methods used by malicious actors are not fully clear, my phone number was taken over in 19 August 2024 around 14:40, via malicious actors pretending to be me to request a new SIM card for my 25 year old number. The SIM card on my phone has been automatically deactivated; the malicious actors first changed my Whatsapp profile picture to President Erdogan, then sending the people I’ve added or to the visible groups pictures of Alpay Ozalan captions similar to ‘would you like Alpay Ozalan to hit you too?’(*), Soon after discovery, we’ve sent a warning message on social media channels about this incident and contacted to people I’ve added through WhatsApp, and soon after got the account terminated. We’ve been in official talks to fully resolve this situation.

Note that this issue isn’t caused by any security vulnerability caused by me or the party. This attack was done because of my position within the party. If malicious actors can do this to someone within my position, we can assume no one’s communications and personal data is truly safe; but I am leaving what to think of this up to the public. I will be suing my operator turkcell for all damages, and will report this incident to the prosecution’s office to pursue anyone involved in this attack.

Don’t doubt that we will follow this all the way through and ensure similar incidents won’t happen against any of 85 million Turkish citizens."

(*) The message is a reference to the previous parliament crisis in Turkey

  • @[email protected]
    link
    fedilink
    English
    44 months ago

    The amount of security flaws in the systems forming our cellular networks is staggering.

    • @[email protected]
      link
      fedilink
      English
      34 months ago

      And the collateral damage to EVERYTHING because (at least in the US) SMS or calls are somehow an acceptable 2fa method.

    • @perfectly_boiled_pizza
      link
      English
      24 months ago

      I worked in one of the biggest telecom companies in Europe. This is most likely an order made through customer service. The telecom companies have known about this problem for a long time. They are trying balance security and ease of use for the customer.

      If company A implements noticeably stricter requirements for identification to order stuff, the average customer gets annoyed and switches to company B.

      Therefore the companies watch each other closely and implement stricter requirements slowly at about the same rate as their competitors.

      Protip: You can contact customer service of most telecom companies and ask them to write down a password that you need to tell them before you can order a SIM or other stuff.