Slashdot Mirror
Turkish Journalist Jailed For Terrorism Was Framed, Forensic Report Shows (vice.com)
An anonymous reader quotes a report from Motherboard: Turkish investigative journalist Baris Pehlivan spent 19 months in jail, accused of terrorism based on documents found on his work computer. But when digital forensics experts examined his PC, they discovered that those files were put there by someone who removed the hard drive from the case, copied the documents, and then reinstalled the hard drive. The attackers also attempted to control the journalist's machine remotely, trying to infect it using malicious email attachments and thumb drives. Among the viruses detected in his computer was an extremely rare trojan called Ahtapot, in one of the only times it's been seen in the wild. Pehlivan went to jail in February of 2011, along with six of his colleagues, after electronic evidence seized during a police raid in 2011 appeared to connect all of them to Ergenekon, an alleged armed group accused of terrorism in Turkey. A paper recently published by computer expert Mark Spencer in Digital Forensics Magazine sheds light into the case after several other reports have acknowledged the presence of malware. Spencer said no other forensics expert noticed the Ahtapot trojan in the OdaTV case, nor has determined accurately how those documents showed up on the journalist's computer. However, almost all the reports have concluded that the incriminating files were planted. "We are not guilty," Baris Pehlivan told Andrada Fiscutean via Motherboard. "The files were put into our computers by a virus and by [attackers] entering the OdaTV office secretly. None of us has seen those documents before the prosecutor showed them to us." (OdaTV is the website Pehlivan works for and "has been critical of the government and the Gulen Movement, which was accused by Turkish president Recep Tayyip Erdogan of orchestrating the recent attempted coup.") In regard to the report, senior security consultant at F-Secure, Taneli Kaivola, says, "Yes, [the report] takes an impressive level of conviction to locally attack a computer four times, and remotely attack it seven times [between January 1, 2011, and February 11, 2011], as well as a certain level of technical skill to set up the infrastructure for those attacks, which included document forgery and date and time manipulation."
Actually, democracy, as imposed by the EU, was what brought Turkey to this point. Under Kemal Mustafa Ataturk and his successors, Turkey was a military backed authoritarian regime that kept Islam on a leash. Then, when they wanted to enter the EU, Brussels told them that they had to become as democratic as the EU countries.
Problem w/ that was that while geographically, Turkey may be positioned to be a part of Europe, culturally, the Turks are not European at all: they are Islamic. Their democratic underpinnings are similar to that of their Arab and Iranian neighbors: it shows in their attitudes towards the Armenians and the Kurds. Also, under Erdogan, Turkey has been only too happy to rediscover not just its Ottoman, but also its greater Turkic past - be it Seljuk, Tatar, Khwarezmid, Timuride, Moghul... pasts. Which is fine, but it doesn't lay the groundwork of a democratic Turkey being a pluralistic society the way the EU would desire.
Politically, the whole fustercluck dates back to the end of the first World War. The Ottoman Empire was on the losing side, and ceased to exist after WWI. The European victors carved its territory up along arbitrary lines, without regard for the cultural and even lingual boundaries. Those lines became the modern country borders we know today. Most of the modern Middle-eastern conflicts trace their roots back to this. Iraq, Kuwait, Syria, Israel/Palestine, and Turkey.
Culturally, it would've made a lot more sense to divide the territory up into Turkey, Kurdistan, and Arabia plus maybe a few other small countries, instead of the patchwork it is today.
I'd toss in Israel, since the Jews didn't have a state of their own and were dhimmis in Palestine under everybody before the Brits - be it the sultanates of Egypt or Syria, the Ottomans and so on. And Lebanon, for the sake of the Maronites.
But you are right. Iraq was an artificial country, and the only thing defining it was British occupation. Like Syria and Lebanon w/ French occupation. Instead, a few countries - Turkey, Kurdestan, Azerbaijan, Greater Arabia, Israel/Palestine (in that time, the people who were called Palestinians were the Jews, not the Arabs. Such an arrangement would have prevented the Armenian genocide, as well as the Arab-Israeli wars.
And war hawk Hitlery will see to it !
I know you were trying for a catchy, meme-worthy portmanteau, but all I can see is a half hour Home Shopping Network cooking demo where they're carving turkey with Hitler's cutlery. Replica war hawks on the pommels and everything!
Nothing posted to
The next step is, of course, to dispense with the need for forensic "evidence" on people's computers and do this fully with "intercepted" communications. And here is the real danger of a surveillance-state: They can send anybody, any time to prison for as long as they desire, and there is no possibility to defend yourself unless they screwed up massively (as they did in the case at hand).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
while reading this article, it realized that it could be possible to create filesystem feature which would not encrypt but sign all files when password is provided during mounting, otherwise fs would work in read only mode, this feature could prove that files where created by owner of password and planting evidence like this would be impossible and this would not break any laws, the fs contents are always accessible in read-only mode without password. maybe something like this already exists?
There's plenty of people today that seem to believe that an accusation is proof.
Basically our entire world right now can be traced back to WW1 really. WW1 and WW2, which was directly caused by WW!, completely re-wrote the entirety of the world order.
I've hear that the Soviet Union went to great lengths to divide territory along cultural lines, and failed. Point is, it doesn't matter what identity you have, it matters whether you identify with it. There's a stage in psychological development that's authoritarian, and then after that... a loong time after that, comes the individual, with individual rights and freedoms.
Jesus, oddly, managed to implant the seed of that into the authoritarian systems of his time, which took a thousand years or more to develop. Or maybe it was the Greeks.
Anyway, point is, things like the French Revolution, Western democracy, the individual who can think for him or herself, and is given rights, all born equal, is a massive cultural change, and without it, elections don't really work. Tribes will vote for their authoritarian leaders and so on, religion remains a control freak which keeps grabbing more and more power, and individual freedom of expression is crushed, along with original thinking and invention.
So if you are X and identify as X and are part of group X and are under the control of X's authoritarian power, well you're not modern. It makes no difference whether next door there's another group that's Y and slightly different yet also authoritarian. You're all as "bad" as each other (from a modern viewpoint).
The fact that the two groups are not having their own lands strictly in an, you know, segregated way, is besides the point really. Lots of segregated authoritarian groups living next to each other, trying not to step on each others' toes, can only last so long. Arguably that's what happened to Lebanon.
What makes a person modern is that they can think for themselves outside of their group, and know why individual rights matter. Which is a whole different thing to the Life of Bryan and the famous scene where the crowd blindly repeat everything the Messiah says.
So point is, dividing up territory is meaningless if the people themselves don't identify with their group and are blindly moved by that group. A modern nation contains many many groups, yet they don't fragment along sectarian lines at the first bit of friction, because they are not "white" or "black" or "muslim" or "christian" or "buddhist" or "atheist"... they are citizens first, and the other stuff is secondary.
Until the culture of the middle east moves to modern values and modern minds, they can't be citizens and their lands can't be modern nations in a democratic way.
Thing is, that's true for everyone and it is a historical accident that modernity appeared in some parts of the world first. And the authoritarian way worked ok more or less for thousands of years, so it isn't bad as such. Just, modernity makes certain things possible. But people have to grow to get there.
And the EU telling people to be democratic is, well, just doesn't realise what a huge change that is. If you take the Magna Carta, that started a gradual change over 800 years ago. How many countries today call themselves democratic when they obviously have fairly fascistic dictators? (Not counting the USA :-P )
You have asked a question we would like more people in our industry to ask! My (this is Mark Spencer) last two articles in Digital Forensics Magazine introduced the Anchors in Relative Time analysis technique and included examples of cases in which it was applied. I'm going to try and strike a compromise in my explanation below between my technical articles and the Motherboard article:
What do you do if you need to analyze a Windows computer but already have reason not to trust any of its dates and times? One option is to identify events which have occurred in a particular order regardless of any associated dates and times. Let's take just two types of events (related to file system transactions) into consideration for now. File system transactions in the NTFS $LogFile and $UsnJrnl metafiles increment via Log Sequence Numbers (or LSNs) and Update Sequence Numbers (or USNs), respectively. It does not matter whether someone was manipulating the clock during these transactions or if someone manipulated dates and times in the $MFT (related to files and folders associated with the transactions) after the fact - the LSNs and USNs have still incremented in an orderly fashion.
So where do you go now? You can start identifying "legitimate" and "illegitimate" anchors. Windows startups and shutdowns result in a flurry of activity in the $LogFile and $UsnJrnl metafiles. You could model what those flurries look like on the computer in question and determine, in relative time and regardless of any dates and times, when Windows startups and shutdowns occurred. Once you have established Windows startup and shutdown anchors (which we have done not only on Windows boot volumes but auxiliary volumes as well), you can then start putting the more entertaining stuff into context with them.
Does this basic concept make sense? I only focused on Windows and a couple simple event types here (some others require multiple elements in order to determine an increment), but once you understand the basic concept you can do really powerful things from there. The basic concept is not that complex, but applying it can be a major hassle... in the Odatv case, the hassle was well warranted.
On a side note, there has been enough interest in this case that I'm planning on putting a detailed case study on our website at https://arsenalexperts.com/Cas.... It also happens to be one of the few cases we're able to talk about without restrictions, so I'm motivated to drink enough coffee to get it done.