50m identities leaked; Pentagon's $198K bug bounty; Telstra's data day deluge

Hackers have reportedly released onto the internet a database containing what appears to be the personal information of almost 50 million Turkish citizens.

With the World Bank Group placing the total population of Turkey in 2014 at 75.93 million, the database — if legitimate — would cover about 65% of the Turkish population.

According to the Associated Press, the leaked database contains personal information including addresses, birthdates, parents’ names and national ID numbers, and, as such, could put people at risk of identity theft or fraud.

As The Guardian explains, Turkey’s national ID system is used in several government services including taxation, voting, education, social security, health care and military recruitment.

AP said it partially verified the authenticity of the database by checking 10 non-public Turkish ID numbers against the names in the database, with eight returning a match.

Wired reported that the leaked data seems to be from 2008, and that Turkey’s government has said that the data had actually been leaked earlier in 2010. However, Wired notes that critics argue that the data hasn’t been posted online in a decrypted form until now.

Wired quoted Isik Mater, a Turkish privacy activist and president of Alternative Informatics Association, as saying: “It doesn’t matter if the data is from 2008 because I still have the same name, same last name, same home address and obviously the same national ID number so it means that the leak data is up to date for me and for lots of other people, which makes the leak very, very serious.”

Pentagon offers $198K in bug bounty program

Registrations are now open for the US Department of Defense’s (DoD’s) ‘Hack the Pentagon’ bug bounty pilot program, which the department says is designed to identify and resolve security vulnerabilities within DoD websites.

Individual rewards for participants will be drawn from a total bounty pool of US$150,000 (about AU$198,000). The pilot program will begin on 18 April and end by 12 May, lasting a little over three weeks.

The pilot program is notable because, as the DoD points out, it is the first cyber bug bounty program in the history of the US federal government. The department previously stated that the pilot will be the first in a series of programs designed to test and find vulnerabilities in its applications, websites and networks.

The program will target several DoD public websites. The department said the websites involved will be identified to participants later down the line.

“Critical, mission-facing computer systems will not be involved in the program,” a statement from the DoD read.

The program is only open to US persons, the DoD said. On top of that, successful participants who submit qualifying vulnerability reports will “undergo a basic criminal background screening to ensure taxpayer dollars are spent wisely”.

“Screening details will be communicated in advance to participants, and participants will have the ability to opt out of any screening, but will forgo bounty compensation,” the DoD said.

2686 terabytes in a day

Telstra mobile customers downloaded a total of 2686 terabytes of data on ‘Free Data Day’ this weekend, an event held to apologise for a recent service disruption, the telco said.

In a blog post, the company’s Mike Wright said that on Free Data Day, “customers downloaded the most amount of data ever on our mobile network” in a 24-/25-hour period. (Despite the name, Free Data Day actually lasted for 25 hours in those states where daylight savings ended on that day.)

The figure of 2686 terabytes represents 46% more data than what was downloaded on the previous Free Data Day, held in February.

Wright, who is group managing director of networks in Telstra Operations, said that the company’s mobile network “performed strongly” on Free Data Day.

However, Fairfax reckoned that Free Data Day was so busy that Telstra had to apologise to customers as well as throttle speeds to ensure coverage in some areas.

“To ensure fair access for everyone, we have managed the network traffic and in some areas this may have meant slightly slower speeds for a period,” Fairfax quoted a Telstra spokesperson as saying. “We have only done this in areas where we have experienced extremely high congestion.”

Wright said on the Telstra blog: “Overall, the majority of customers continued to experience a reliable level of service, and we look forward to continuing to provide this well into the future.”

Image courtesy Richard Patterson under CC