21.04.2026 11:15
The National Intelligence Organization (MIT) arrested 11 suspects in an operation targeting a cybercrime network aimed at the information systems of public institutions and the personal data of citizens. The operation was carried out in 9 provinces centered in Ankara, and the technical infrastructure of the network was largely deciphered.
The National Intelligence Organization (MIT) arrested 11 suspects in an operation targeting a cybercrime network that aimed at the information systems of public institutions and the personal data of citizens.
According to information obtained from security sources, as a result of the joint efforts of the Cyber Security Directorate, the General Command of Gendarmerie, and the Financial Crimes Investigation Board, coordinated by MIT, 11 of the 12 suspects detained in cybercrime operations carried out in 9 provinces centered in Ankara were arrested, while 1 suspect was released under judicial control.
ONE OF THE ARRESTED IS A KEY NAME OF THE ORGANIZATION
Among those arrested was a key figure who established and managed the technical infrastructure of the network.
In the technical examinations conducted within the scope of the investigation, the digital infrastructure through which the organization operated via servers connected both domestically and internationally was largely deciphered.
In this context, approximately 40 different systems, through which citizens' personal data could be queried unlawfully, were shut down. A significant amount of data and user records were obtained during the forensic examination of the seized servers and data storage systems.
The source codes of the systems, user databases, and "log" records of all users who accessed the system were seized. Advanced technical analysis studies are ongoing on these materials.
While efforts to individually decipher the identities of system users continue, operations targeting these individuals have been planned.
DATA SALES WITH A "FRANCHISE" MODEL
It was determined that A.B., who was captured in Mardin and identified as the leader of the organization, marketed the system he established to third parties using a "franchise model" and sold systems where personal data could be queried to anyone, including terrorist organizations, for a fee.
It was found that A.B. expanded this system through a franchise model for a monthly fee and established a network of more than 30 franchises.
As a result of the examination of the "log" records of the seized systems, it was determined that foreign individuals and terrorist organizations actively used this data.
It was also reflected in the investigation file that A.B. made statements to the individuals he sold to, claiming that "state institutions would never catch him and he could not be detected."
THE ORGANIZATION LEADER BECAME A TURNCOAT
With A.B., identified as the leader of the organization, becoming a turncoat, all technical infrastructure and operations used in illegal cyber activities were revealed in detail. New evidence was also obtained in this context. Analyses conducted on the seized digital materials found a significant amount of personal data.
Findings were detailed regarding the data, which is under examination for its areas of use, being shared with different criminal elements, primarily terrorist organizations and fraud networks.
177 MILLION LIRA MONEY TRAFFIC DECRYPTED
In the financial analyses conducted within the scope of the investigation, it was reached that the total money volume of the suspects was approximately 177 million lira.
It was determined that the members of the arrested cybercrime network used offline cryptocurrency wallets, referred to as "cold wallets," to avoid leaving traces in financial transactions.
It was learned that significant financial movements were recorded, and efforts to seize criminal proceeds and expand financial tracking activities were ongoing. It was stated that the investigation is being conducted in a multifaceted manner, and new operations against new suspects may arise based on the new findings obtained.
Security sources emphasized that a strong coordination and synergy have been established among all relevant institutions under the coordination of MIT, and that MIT will not allow such structures to operate, and that all users who access the systems and are connected to these structures will be identified and included in judicial processes, and operations will continue with determination.