Thousands of innocent Turks imprisoned due to malware

On July 15, 2016, Turkey suffered yet another coup attempt, which the Turkish government maintains was initiated by supporters of Fethullah Gülen, a Turkish imam who has been living in self-imposed exile in the U.S. Gülen had been allies with the ruling AK party (AKP) until late 2013. However, in late December 2013, public prosecutors started a massive corruption operation, arresting several ministers along with their sons. Erdoğan, then prime minister, was also implicated.

Erdoğan became enraged and accused the prosecutors and the police of being followers of Gülen, using the alleged corruption case to bring down the government on behalf of Gülen. Erdoğan then proclaimed Gülen and his followers were members of a terrorist group, labelling it the Fethullahist Terror Organisation (FETÖ) and stating that they were no different than the Kurdish insurgent Kurdistan Workers’ Party (PKK) and other armed militant groups. 

On the heels of the coup attempt, the government dismissed hundreds of thousands of government employees, arresting over tens of thousands of suspected Gülen followers, including members of the military and police, in addition to judges, prosecutors, government employees, journalists, academics and civilians. The government also claimed that many of Gülen’s followers communicated with each other using an encrypted communication app called ByLock.

Turkey’s Supreme Court ruling on the ByLock app stated, “The use of, or downloading of the app onto a mobile device, is sufficient evidence that a crime has been or will be committed.” The government subsequently arrested thousands of people claimed to have been ByLock users.

Recently, however, Ali Aktaş, a lawyer whose client was arrested on the charge of having used  ByLock, discovered that malware -  a term used to refer to a variety of intrusive software, including computer viruses, worms, Trojan horses and spyware - had been utilised  in order to give the false appearance that the user was accessing the ByLock program.

Aktaş discovered the malware when he was sent an anonymous report with a music app. Upon reviewing the music app, Aktaş came to understand that each time the app was accessed or a song was played, the malware briefly accessed a dummy ByLock site, thereby creating a false record of activity.

Aktaş, who teamed up with cyber forensics experts, discovered that many other simple apps people used daily, such as apps for music, a dictionary or apps which alert for the Muslim times for prayer - such as “Turkish Prayer Times,’’ or the direction of prayer, the “Qibla Trap,” or the music app “Freezy”- left a false ByLock ‘imprint’ each time they were accessed. 

The program was accessed for only a brief time and this happened at the same time for all users of the same app, such as the app which alerts users for prayer times. The police believed these false imprints were real, using this as rationale to imprison thousands of innocent people.

Armed with this knowledge, Aktaş was able to have his client released, and believes that this information will ultimately help in freeing approximately 11,000 others who have been arrested on the same charges. With support from unions, journalists and other groups, Aktaş took the matter to the Chief Prosecutor in Ankara, who in turn sent the new information to all the courts involved in ByLock cases in order to start proceedings to release those who have been arrested on ByLock charges.

Aktaş argues "the malware programs were deliberately developed by FETÖ members in 2014, after the government had identified ByLock as a communication tool for FETÖ." The malware programs were sent to users of the other apps with the intention of expanding the pool of ByLock users so as to cause confusion and help conceal the identity of FETÖ members. The malware was downloaded when the users of the abovementioned programs routinely updated their apps. Ultimately, these malware programs were responsible for thousands being falsely imprisoned.

Aktaş holds that having had the ByLock app alone is not enough to convict anyone on charges of being a member of a terror organisation: “The Supreme Court must change its ideology regarding ByLock. There are some private imams (who are followers of Gülen), whose only function is to keep their congregations tied to them. This is different from being part of an armed militant group.”

Aktaş goes on to speak about arrests made in conjunction with the ominous app, noting:

“This was a trap which caused a lot of harm. The government should have recognized this (malware) and addressed it earlier. Sure, there are actual (ByLock) users, but there are also (for example, uniformed) women who only go into chat rooms. We are talking about people who may have been brainwashed or whose religious beliefs have been compromised. When the conflict between the government and Gülen started, they (the Gülenist leaders) wanted to keep their followers close to them. So they created such apps. Those whom we accuse of being part of an armed militant group are really people who can be called sympathizers. ByLock needs to be eliminated as evidence of being a member of that (terror) group.”