According to Selahattin Günday’s piece published in Al Jazeera Türk, information pertaining to ByLock, an application used by members of the Gülen network for internal communication between 2014 and 2016 following the 17-25 December corruption scandal, is of key importance in the ongoing investigation. The application can play an important role in exposing network members, particularly in the broader community. Under the direction of the Ankara Chief Public Prosecutor’s Office, which is leading the main investigation, Turkey’s National Intelligence Organization (MIT) and the General Directorate of Security prepared a technical report on ByLock.
Over 200 thousand users, more than 17 million messages
According to the report, the number of ByLock application users exceeds 200 thousand, and 17,169,632 messages were stored on the application database. The report indicated that a significant number of these messages had been deciphered and also listed the application’s technical specifications.
The application’s purpose is enabling online communication through a strong encryption system. The application is designed such that each individual message is coded with a different cryptographic key before being sent.
According to the report, the investigation was not able to uncover references or contact information for previous employers of the individual who developed ByLock and made it available for public use. Uncertainty remains about his background in the sector. Payments related to the operations and transactions (lease of the server and IP) were done through “anonymous means” (Paysera). According to the report, the developer of ByLock did not intend to increase the number of users or generate commercial value through the product.
Identifications of Turkish in ByLock
As mentioned earlier, the ByLock application was released through a rented server in Lithuania.
According to the report, the application’s source code contains a number of “Turkish” expressions. The large majority usernames, group names, and solved passwords consist of Turkish expressions.
Almost all of the content in the decrypted messages in ByLock is in Turkish.
The report noted that nearly all of the Google searches about ByLock were done by users in Turkey. As of the date ByLock access was blocked for Turkish IP addresses, there was a large increase in Google searches pertaining to the application.
“Password design” on the screen
The report also explained ByLock’s encryption system. Following the password step, the user designs a code by producing “random hand movements” across the screen. Consequently, a powerful cryptographic code, unique to each user, can be obtained.
The report also emphasized that the users are not asked to provide any personal information (phone number, license number, e-mail address, etc.) while creating their accounts.
“Program suitable for cell-based organization”
For two users to communicate in ByLock, both sides must add usernames/codes that are generally provided face-to-face or through an intermediary (via messenger, existing ByLock user, etc.).
The report highlights that this system is suitable for cell-based organization.
“Forensic measures” in ByLock
The report also characterizes the built-in capabilities to ensure that messages sent over ByLock are automatically deleted after a certain period of time as constituting “forensic measures.” It points out that even in the case that users forgot to delete sensitive information, the system was designed to take necessary precautions. The report states, “ByLock is determined to have been designed to prevent access to the application’s contact list and messages in the event of the device’s confiscation through a forensic operation.”
The report noted that the encrypted database storage of the application’s server and communications data was a security precaution designed to ensure secure communication and prevent user identification.
Translated by Oya Aktaş