Coup plotters’ use of ‘amateur’ messaging app helped Turkish authorities map Gülenist network

Coup plotters’ use of ‘amateur’ messaging app helped Turkish authorities map Gülenist network

FRANKFURT/ ISTANBUL - Reuters
Coup plotters’ use of ‘amateur’ messaging app helped Turkish authorities map Gülenist network

A woman looks at to her mobile phone on a street near the Galata Tower, illuminated in Turkish flag colors on August 1,2016 at Galata district in Istanbul. AFP photo

Turkish authorities have been able to trace thousands of people accused of being members of the Fethullahist Terrorist Organization (FETÖ), which was behind the July 15 failed coup attempt, by cracking the weak security features of a little-known smartphone messaging app. 

Security experts who looked at the app, known as ByLock, at the request of Reuters said it appeared to be the work of amateur software developers and had left important information about its users unencrypted. 

A senior Turkish official said Turkish intelligence cracked the app earlier this year and was able to use it to trace tens of thousands of members of the movement of U.S.-based Islamic scholar Fethullah Gülen.

The Gülenists stopped using the app several months ago after realizing it had been compromised, but it still made it easier to suspend tens of thousands of teachers, police, soldiers and justice officials in the wake of the failed takeover.

“The ByLock data made it possible for us to map their network - at least a large part of it,” a senior Turkish official said. “What I can say is that a large number of people identified via ByLock were directly involved in the coup attempt.” 

The Turkish official said ByLock may have been created by the Gülenists themselves so they could communicate. However, experts consulted by Reuters were not able to verify this. 

“ByLock is an insecure messaging application that is not widely used today,” Tim Strazzere, director of mobile research at U.S.-Israeli security firm SentinelOne told Reuters. “Anyone who wanted to reverse engineer the app could do so in minutes.” 

More than a dozen security and messaging experts contacted by Reuters had never heard of ByLock until it was mentioned in recent days by the Turkish authorities. 

According to Matthew Green, a cryptologist and assistant professor of computer science at Johns Hopkins University in the United States who examined the app’s code after being contacted by Reuters, the ByLock network generates a private security key for each device, intended to keep users anonymous. 

But these keys are sent to a central server along with user passwords in plain, unencrypted text, meaning that anyone who can break into the server can decrypt the message traffic, he said. 

“From what I can tell it was either an amateur app (most likely) or something that someone wrote for the purpose,” he said in an email. 

The ByLock messaging app appears to have been launched in 2014 on both the Apple and Google Play app stores, only to be removed by the developers later the same year. New versions subsequently appeared on less secure app downloading websites targeting Android, Windows Phone and Blackberry users.

An anonymous blog post in November 2014 purporting to be from the developer claims ByLock had attracted around 1 million users, making it difficult to maintain, in part because the app had come under attack from unnamed “Middle East countries.” 

Even if it had reached 1 million users, that would still make it miniscule compared to mainstream smartphone messaging apps like Facebook Messenger or WhatsApp, which each have around a billion users worldwide, or iMessage, the messaging app available on all Apple iPhones. 

According to some websites that allowed users to download ByLock, and to the security certificate inside the software itself, the author of the app was listed as David Keynes of Beaverton, Oregon. Reuters was unable to locate anyone matching that name or verify whether this identity was genuine. 

Starting in May 2015, Turkey’s National Intelligence Agency (MİT) was able to identify close to 40,000 undercover Gülenists, including 600 ranking military personnel, by mapping connections between ByLock users, the Turkish official said. 

However, the Turkish official said that while ByLock helped the intelligence agency identify Gülen supporters, it was not used for planning the coup itself. Once Gülenists realized ByLock had been compromised they stopped using it, the official said. 

Instead, the coup plotters seem to have switched to the far more secure WhatsApp by the time they launched their failed attempt. 

While WhatsApp encryption is harder to crack from the outside than ByLock, the authorities have been able to access messages sent late on July 15 by getting their hands on the phones of detained plotters. 
Transcripts published by Turkish media show officers coordinating troops movements in WhatsApp chat groups. 

“With thousands of people in a single WhatsApp chat, it only takes one person to get captured while their phone is unlocked to discover every planned detail,” said Dan Guido, head of New York-based information security firm Trail of Bits.

Quark.Models.Entities.Ancestor?.Title?.ToUpperInvariant() Türkiye, Iraq sign key deals to launch new term in ties

Türkiye, Iraq sign key deals to launch 'new term' in ties
LATEST NEWS

  1. Türkiye, Iraq sign key deals to launch 'new term' in ties

    Türkiye, Iraq sign key deals to launch 'new term' in ties

  2. Security forces destroy 82 PKK hideouts, says Yerlikaya

    Security forces destroy 82 PKK hideouts, says Yerlikaya

  3. Israeli military intel chief resigns amid ‘new step’ in war

    Israeli military intel chief resigns amid ‘new step’ in war

  4. Czech-Turkish park to be built in Prague

    Czech-Turkish park to be built in Prague

  5. German president in Istanbul on first leg of 3-day Türkiye visit

    German president in Istanbul on first leg of 3-day Türkiye visit
Recommended
Bahçeli calls for immunity removal for DEM Party MPs amid probe

Bahçeli calls for immunity removal for DEM Party MPs amid probe
CHP leader praises AI in local election success

CHP leader praises AI in local election success
Election watchdog rejects annulment bids for Hatay, Ordu

Election watchdog rejects annulment bids for Hatay, Ordu
MHP leadership reshuffle marks four changes

MHP leadership reshuffle marks four changes
MHP says ready for work on new civilian charter

MHP says ready for work on new civilian charter
CHP leader set to convene victorious mayors

CHP leader set to convene victorious mayors
Deadlock grips top appeals court in election for new head

Deadlock grips top appeals court in election for new head

WORLD Israeli military intel chief resigns amid ‘new step’ in war

Israeli military intel chief resigns amid ‘new step’ in war

Israel's military intelligence chief has resigned after taking responsibility for failures leading to the Hamas attack on Oct. 7, 2023, the military said on April 22, as Israel carried out more shelling in war-battered Gaza overnight.
ECONOMY Malaysia to build massive chip design park: PM

Malaysia to build massive chip design park: PM

Malaysia's leader on Monday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation's role in the global chip industry.
SPORTS Tour of Türkiye embarks on 8-stage journey

Tour of Türkiye embarks on 8-stage journey

The 59th Presidential Cycling Tour of Türkiye (TUR) kicks off on April 21 in the Mediterranean resort city of Antalya with the participation of 25 professional cycling teams.