L’État turc maintient, en dépit du bon sens et de tout ce que l’on sait de la #sécurité_informatique, une base de données de toute la population, #MERNIS. La présentation officielle :
▻http://www.nvi.gov.tr/English/Mernis_EN,Mernis_En.html
Et un article publicitaire qui avait été envoyé à Bruxelles :
▻https://joinup.ec.europa.eu/community/epractice/case/turkish-identity-information-sharing-system
Le problème, c’est que MERNIS s’est fait pirater et que la base est dans la nature, distribuée en BitTorrent (non, je ne vous donne pas le « magnet », mais la base semble réelle). Je copie ici le texte du distributeur, verbatim (moins les liens), hébergé sur un serveur islandais :
Turkish Citizenship Database
Who would have imagined that backwards ideologies, cronyism and rising religious extremism in Turkey would lead to a crumbling and vulnerable technical infrastructure?
This leak contains the following information for 49,611,709 Turkish citizens: (IN CLEARTEXT)
National Identifier (TC Kimlik No)
First Name
Last Name
Mother’s First Name
Father’s First Name
Gender
City of Birth
Date of Birth
ID Registration City and District
Full Address
Lesson to learn for Turkey:
Bit shifting isn’t encryption.
Index your database. We had to fix your sloppy DB work.
Putting a hardcoded password on the UI hardly does anything for security.
Do something about Erdogan! He is destroying your country beyond recognition.
Lessons for the US? We really shouldn’t elect Trump, that guy sounds like he knows even less about running a country than Erdogan does.
Let’s take a look at the data:
mernis=# SELECT * FROM citizen WHERE last = ’ERDOGAN’ AND \
first = ’RECEP TAYYIP’ AND \
date_of_birth LIKE ’%/%/1954’;
–[ RECORD 1 ]------------+-------------------------
[Personal data deleted]
mernis.sql.tar.gz (1.5GB compressed - 6.6GB uncompressed)