13.06.2026 08:40
In the operation coordinated by the National Intelligence Organization, a credit card network targeting numerous citizens was dismantled. During simultaneous raids in Istanbul and Kocaeli, three suspects were detained, and it was revealed that card information was being tested with automated software, which is why suspicious transaction SMS messages were sent to citizens.
The National Intelligence Organization (MIT) took action following suspicious SMS messages that continued throughout the night. MIT determined that the SMS messages regarding suspicious credit card transaction notifications, which affected numerous citizens, started on the night of June 7 and continued into the early morning hours. It was established that the messages received by citizens contained information about high-value transaction attempts on their credit cards and one-time passwords. After assessing that the incident constituted an organized cyber activity, MIT activated its protocols. Under MIT's coordination, relevant security units swiftly took action, and a multi-faceted process covering the technical, intelligence, financial, and operational dimensions of the incident was initiated.
SIMULTANEOUS RESPONSE TO CYBER THREAT
Upon assessing that the cyber activity targeting financial security could affect large masses, simultaneous coordination was established among relevant institutions. As a result of technical examinations conducted by the SGB (Presidency of Turkey's Financial Crimes Investigation Board) and financial analyses carried out by MASAK (Financial Crimes Investigation Board), it was determined that numerous credit card numbers were being tested with automated software. It was identified that attempts made to verify the validity of card numbers resulted in automatic SMS being sent to cardholders. Intelligence studies conducted by MIT revealed the digital infrastructures and methods used in these activities. Based on the technical and intelligence findings obtained, the identities of the suspects and the infrastructures they used were identified, and the operation process was initiated.
SIMULTANEOUS OPERATION IN ISTANBUL AND KOCAELI
Within the scope of the investigation launched by the Ankara Chief Public Prosecutor's Office, a simultaneous operation was carried out in Istanbul and Kocaeli by teams from the Ankara Provincial Gendarmerie Command Cyber Crime Branch Directorate. As a result of the studies coordinated by MIT, 3 suspects whose identities were identified were taken into custody. In the initial examinations conducted on the digital materials seized during the operation, software deemed to have been used for the bulk testing of credit card information, as well as digital traces and records related to the execution of the activities, were found. Additionally, data sets in which test records for numerous credit cards were systematically classified were identified.
The SGB examined the IP addresses, server logs, and digital traces considered to have been used in the incident, uncovering a significant portion of the technical infrastructure used in the activities. Following the examinations, the systems used by the suspects and their digital connections were deciphered.
It was stated that no financial losses occurred within the scope of the incident, but the method used is one of the methods widely preferred in organized cybercrime activities.