10.05.2025 10:30
The National Intelligence Organization caught 7 foreign suspects red-handed while setting up a fake base station. The detained suspects were arrested. Following numerous complaints from citizens, an investigation was initiated, which led to the operation. It was determined that the suspects were sending messages to users requesting payment by connecting their mobile phones to the fake stations.
As a result of the operation carried out by the National Intelligence Organization (MIT) in collaboration with the Istanbul Chief Public Prosecutor's Office and the Istanbul Police Department, a cyber espionage network targeting citizens' personal and financial data by impersonating corporate identities through a fake base station they established was dismantled.
MIT initiated a technical investigation following complaints that they received fake SMS messages from numerous citizens who are subscribers of GSM operators. MIT examined messages that appeared to be sent by public institutions and corporate companies and reached significant findings. In the operation, 7 foreign nationals were caught red-handed and taken into custody. The 7 foreign suspects were arrested by the court they were brought before.
THEY CONNECT MOBILE PHONES TO FAKE STATIONS AND SEND MESSAGES
According to TRT News, it was assessed that the incident was carried out using the fake base station method. As a result of the investigations, it was determined that a fake base station was established through devices identified as originating from China. It was found that mobile phones were connected to these fake stations, and fake messages demanding payment were sent to users, acting as if they were a GSM operator.
CITIZENS IN METROPOLITAN CITIES WERE TARGETED
In the ongoing investigations, a total of 7 individuals who received instructions from a person codenamed "Boss" and operated in three different groups within the same network were identified. It was determined that these individuals targeted a wide user base in Istanbul, as well as in Izmir, Bursa, and Yalova, using different devices with rented vehicles.
USER INFORMATION WAS TRANSFERRED TO A SERVER BASED IN CHINA
It was determined that the communication data and user information collected with the devices they brought were transferred to a server based in China. The suspects later used this data in targeted phishing attacks through a foreign-origin application, and it was found that some users shared their credit card information and made payments.
A CHINESE NATIONAL COMPANY OWNER WAS ALSO CAPTURED
As a result of the intense surveillance conducted by MIT's field elements and technical teams, as well as the Istanbul Chief Public Prosecutor's Office and the Istanbul Police Department, the identities of the suspects were identified and placed under close observation. In a joint operation, the suspects were caught red-handed in the rented vehicles. It was determined that the technical devices of the network were supplied from a Chinese national company owner who sells electronic materials in Istanbul. This individual was also captured and taken into custody.
It was learned that the foreign nationals entered Turkey in March 2025 and tried to conceal their identities by obtaining a GSM line in the name of a different citizen shortly after. A comprehensive investigation was initiated through customs and border crossing records regarding how the devices used were smuggled into the country. While the fake base station devices and digital materials seized in the operation were subjected to criminal examination, the investigation into all connections of the suspects continues in multiple dimensions.