Skip to main content

Cyberattacks reveal Turkey’s weaknesses

Computer servers in Turkey have been the targets of a major cyberattack for the past two weeks.

Turkish media outlets report that more than 400,000 websites registered under Turkey’s Internet country top-level domain ".tr" are experiencing problems. Since Dec. 14, the computer servers of government agencies and private entities, including the country’s three largest Internet service providers, have suffered systematic cyberattacks. Most Turkish banks and their credit card terminals could not perform any transactions on Dec. 25, and as of Dec. 29 the virtual onslaught was continuing.

According to the Ankara-based Network Information Center, which administers the registry of sites under the “.tr” domain, the cyberattacks against Turkey are of the distributed denial of service (DDoS) kind. In a DDoS scenario, hackers take over multiple computers remotely, send continuous requests to overwhelm the targeted server and deny it the ability to fulfill its duty — be it providing news stories, banking services or video-streaming.

The DDoS attacks have had a noticeable effect on Turkey’s Internet speed. According to Akamai Technologies, one of the world’s leading content delivery network companies, Turkey’s average Internet connection speed was 6.2 megabits per second (Mbps) in the third quarter of 2015. While that figure pales in comparison to world leaders South Korea's and Sweden’s 20.5 Mbps and 17.4 Mbps, respectively, three Turkish technology experts told Al-Monitor that their country’s average connection speed has fallen well below 6.2 Mbps since Dec. 14. One expert who spoke to Al-Monitor on condition of anonymity stated that the attacks, which reached 220 gigabits per second, were “unique” and “unprecedented” in Turkey’s history.

As for whodunit, the international network of hackers known as Anonymous and the Russian government stand out. After Islamic State militants struck Paris on Nov. 13, Anonymous began confronting the extremist group and its supporters on the World Wide Web. In a video posted on Dec. 23, the hackers’ cooperative also issued threats against Turkey. The group claimed that "Turkey is supporting Daesh [IS] by buying oil from them and hospitalizing their fighters. We won't accept that [Turkish President Recep Tayyip] Erdogan will help [IS] any longer.” The video further warned Turkey: “If you don’t stop supporting [IS], we will continue attacking your Internet, your root DNS [Domain Name System], your banks and take your government sites down. After the root DNS, we will start to hit your airports, military assets and private state connections. We will destroy your critical banking infrastructure.”

In many respects, the cyberattacks against Turkey have been following that pattern.

Turkish newspapers such as Hurriyet and US media outlets such as Mic news argue that Anonymous may have been “duped” by Russian allegations that the Turkish government buys oil from IS.

Of course, Russia is already a suspect. Moscow showcased its capabilities in the virtual world during the 2007 confrontation with Estonia, the 2008 war with Georgia and the invasion of Ukraine in 2014-15. Past successes in cyberwar and the ongoing confrontation between Moscow and Ankara after a Turkish F-16 downed a Russian Su-24 on the Turkish-Syrian border on Nov. 24 make the Russian side a plausible suspect.

Fusun Sarp Nebil, one of Turkey’s leading telecommunications experts who has written and commented extensively on the issue, told Al-Monitor, “It is highly probably that the attacks originate from Russia because they look like an ‘attrition operation.’” Nebil added, “Because the assault usually takes place during business hours, the likely culprits are government functionaries from another country that are in the same time zone as Turkey.”

But Nebil also warned us to look beyond Turkey’s ongoing cyber headaches and focus on its structural weaknesses. “Turkey has not carried out any major investments in fiber optic cables for the past five years.” She gave an illuminating example to make her case. “Portugal’s total area is 100,000 square kilometer [38,600 square miles] and the total length of its fiber optic cables is 545,000 kilometers [338,000 miles]. Turkey, however, with nearly eight times the area of Portugal, should have had over 4.5 million kilometers of fiber optic cable, yet it currently only has 250,000 kilometers. That figure was already 150,000 kilometers in 2005.” Nebil said that because of exorbitant rates that local municipalities and the central administration charge for construction, licensing and permits, and because Turkey’s main telecommunications provider Turk Telekom still functions as a monopoly, domestic and international investors are not interested in developing the infrastructure.

Ongoing woes with the Internet are reminiscent of the major blackout that Turkey suffered March 31, when 80% of the country did not have electricity for over 10 hours. Although the national grid operator TEIAS subsequently announced that the cause of the blackout was “surge in load [from] hydro production in the eastern part of Turkey,” foreign news outlets speculated whether Turkey was the victim of a successful cyberattack. The March 31 blackout may have been an unfortunate accident, but Turkey’s current problems with the Internet prove that its government and private sector have to devise better ways to respond to cyberthreats.

More from Barin Kayaoglu