{"id":1214156,"date":"2023-08-06T17:50:00","date_gmt":"2023-08-06T21:50:00","guid":{"rendered":"https:\/\/gijn.org\/?p=654000"},"modified":"2023-08-30T11:13:58","modified_gmt":"2023-08-30T15:13:58","slug":"dijital-tehdit-ortamini-arastirmak","status":"publish","type":"post","link":"https:\/\/gijn.org\/tr\/resurs\/putevoditel\/glava\/dijital-tehdit-ortamini-arastirmak\/","title":{"rendered":"Dijital Tehdit Ortam\u0131n\u0131 Ara\u015ft\u0131rmak"},"content":{"rendered":"<p><em>Edit\u00f6r\u00fcn Notu: Bu yaz\u0131 GIJN\u2019in yak\u0131nda yay\u0131nlanacak olan\u00a0<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/gijc2023.org\/\">Gazeteciler i\u00e7in Dijital Tehditleri Ara\u015ft\u0131rma Rehberi<\/a>\u2019nden al\u0131nm\u0131\u015ft\u0131r. <\/em><a href=\"https:\/\/gijn.org\/2023\/07\/28\/dijital-tehditlerin-arastirilmasi-dezenformasyon\/\">Dezenformasyonla<\/a> ilgili birinci b\u00f6l\u00fcm ve <a href=\"https:\/\/gijn.org\/2023\/08\/06\/dijital-tehditlerin-arastirilmasi-dijital-altyapi\/\">Dijital altyap\u0131yla<\/a> ilgili ikinci b\u00f6l\u00fcm yay\u0131nland\u0131. <em>Rehberin tamam\u0131 bu Eyl\u00fcl ay\u0131nda <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/gijc2023.org\/\">K\u00fcresel Ara\u015ft\u0131rmac\u0131 Gazetecilik Konferans\u0131<\/a>\u2019nda yay\u0131nlanacak.<\/em><\/p>\n<p>Dijital g\u00f6zetim art\u0131k her yerde! Sabah telefonunuzu a\u00e7t\u0131\u011f\u0131n\u0131z andan itibaren, kulland\u0131\u011f\u0131n\u0131z uygulamalar, telefonunuzun ba\u011fl\u0131 oldu\u011fu antenler ve yapt\u0131\u011f\u0131n\u0131z aramalar arac\u0131l\u0131\u011f\u0131yla etkinli\u011finiz veri \u00fcretiyor. Bu verilerin \u00e7o\u011fu, kar elde etmek i\u00e7in \u015firketler taraf\u0131ndan veya su\u00e7 ve di\u011fer yasa d\u0131\u015f\u0131 faaliyetleri ara\u015ft\u0131rmak i\u00e7in devlet kurumlar\u0131 taraf\u0131ndan kaydedilir, saklan\u0131r ve i\u015flenir. Bu b\u00f6l\u00fcmde, bir gazeteci olarak kar\u015f\u0131la\u015fabilece\u011finiz yayg\u0131n dijital g\u00f6zetleme bi\u00e7imlerine odaklanaca\u011f\u0131m ve k\u0131saca nas\u0131l ara\u015ft\u0131r\u0131laca\u011f\u0131 ve nas\u0131l kar\u015f\u0131 konulaca\u011f\u0131 hakk\u0131nda detay verece\u011fim.<\/p>\n<p><strong>Dijital G\u00f6zetim Nedir ve Arkas\u0131nda Kim Var?<\/strong><\/p>\n<p>Dijital g\u00f6zetimi daha iyi anlamak i\u00e7in iki bi\u00e7im aras\u0131nda ayr\u0131m yapmak \u00f6nemlidir: Toplu g\u00f6zetim ve hedefli g\u00f6zetim.<\/p>\n<p>Kitlesel g\u00f6zetim, yanl\u0131\u015f yapt\u0131klar\u0131ndan \u015f\u00fcphelenilip \u015f\u00fcphelenilmediklerine bak\u0131lmaks\u0131z\u0131n, n\u00fcfusun b\u00fcy\u00fck bir b\u00f6l\u00fcm\u00fcn\u00fc ayr\u0131m g\u00f6zetmeden izleme s\u00fcrecidir. \u00d6rne\u011fin, bir \u00fclkedeki t\u00fcm telefon g\u00f6r\u00fc\u015fmelerini kaydederek veya bir \u015fehir genelinde konumland\u0131r\u0131lm\u0131\u015f video kameralarda y\u00fcz tan\u0131ma kullan\u0131larak yap\u0131labilir.<\/p>\n<p>Hedefli g\u00f6zetleme, genellikle bir ki\u015finin evindeki casus yaz\u0131l\u0131m veya mikrofonlar gibi \u00f6nemli \u00f6l\u00e7\u00fcde daha m\u00fcdahaleci teknikler kullan\u0131larak belirli ki\u015filerin g\u00f6zetlenmesidir.<\/p>\n<p>Sivil toplumu etkileyen g\u00f6zetimin \u00e7o\u011fu devlet kurumlar\u0131 (tipik olarak kolluk kuvvetleri veya istihbarat servisleri) taraf\u0131ndan yap\u0131l\u0131r ancak genellikle \u00e7ok az d\u00fczenleme veya etik s\u0131n\u0131rla \u00e7al\u0131\u015fan bir g\u00f6zetim end\u00fcstrisi taraf\u0131ndan desteklenir. Devlet g\u00f6zetiminin k\u00f6t\u00fc bir ikizi var: Kurumsal g\u00f6zetim art\u0131k bir\u00e7ok ki\u015finin g\u00f6zetim kapitalizmi dedi\u011fi \u015feyde kar elde etmek i\u00e7in kullan\u0131l\u0131yor. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Surveillance_capitalism\">G\u00f6zetim kapitalizminin<\/a> amac\u0131 \u00f6zel verilerin toplu olarak toplanmas\u0131 yoluyla gelir elde etmektir. Birincil amac\u0131 gazetecileri ve sivil toplumu g\u00f6zetlemek de\u011fil, bu nedenle bizim i\u00e7in temel bir odak noktas\u0131 de\u011fil. Bununla birlikte, \u015firketlerin gazetecilerin hedefli dijital g\u00f6zetimine dahil olabilece\u011fi ve kurumsal g\u00f6zetimin <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/csrc.nist.gov\/glossary\/term\/threat_intelligence\">tehdit istihbarat\u0131<\/a> i\u00e7in kullan\u0131labilece\u011fi kesinlikle bir ger\u00e7ek!<\/p>\n<p>Devlet g\u00f6zetimi genellikle sa\u011fduyulu ve gizlidir. \u0130stihbarat servisleri kapasitelerini a\u00e7\u0131klamamay\u0131 tercih eder ve g\u00f6zetim ve incelemeden ka\u00e7\u0131nmaya \u00e7al\u0131\u015f\u0131r. Ancak g\u00f6zetim sekt\u00f6r\u00fc hakk\u0131nda farkl\u0131 yerlerden bilgi toplamak m\u00fcmk\u00fcn.<\/p>\n<ul>\n<li><strong>Saklanmak isterler ama var olmalar\u0131 gerekir.<\/strong> Bu \u015firketler g\u00f6zetim satarken baz\u0131 a\u00e7\u0131lardan normal kurumsal firmalar gibi de \u00e7al\u0131\u015fmak durumunda kal\u0131yorlar. Bu, bir yerde kay\u0131tl\u0131 bir t\u00fczel ki\u015fili\u011fe sahip olduklar\u0131, \u00e7al\u0131\u015fanlar\u0131 i\u015fe ald\u0131klar\u0131 ve LinkedIn&#8217;de veya ba\u015fka bir yerde i\u015f teklifleri yay\u0131nlad\u0131klar\u0131 ve baz\u0131 durumlarda yat\u0131r\u0131mc\u0131lar\u0131 \u00e7ekmeleri gerekti\u011fi anlam\u0131na gelir. \u015eirketleri izlemek i\u00e7in kullan\u0131lan t\u00fcm geleneksel gazetecilik ara\u00e7lar\u0131 uygulanabilir.<\/li>\n<li><strong>Saklanmak istiyorlar ama kendilerini pazarlamalar\u0131 gerekiyor.<\/strong> G\u00f6zetim sat\u0131c\u0131lar\u0131 ve kolluk kuvvetleri, \u00a0<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.issworldtraining.com\/\">ISS World<\/a> ya da <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.milipol.com\/\">Milipol<\/a> gibi d\u00fcnya genelinde her y\u0131l bir d\u00fczine g\u00f6zetim s\u00f6zle\u015fmesi i\u00e7in bir araya geliyor. Bu etkinliklerin \u00e7o\u011fu gazeteciler i\u00e7in olduk\u00e7a k\u0131s\u0131tl\u0131 olsa da, bazen halka a\u00e7\u0131k \u015firketler, sponsorlar ve konu\u015fmalar listesi, \u00fcr\u00fcnler ve \u015firketler hakk\u0131nda ilgin\u00e7 bilgiler sa\u011flar. \u00d6rnek olarak, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.nsogroup.com\/\">NSO Group<\/a>, Haziran 2023&#8217;te Prag&#8217;da d\u00fczenlenen <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.issworldtraining.com\/iss_europe\/sponsors.html\">ISS World Europe<\/a>&#8216;un ana sponsoru. \u0130srail Savunma Bakanl\u0131\u011f\u0131&#8217;n\u0131n <a rel=\"noopener\" target=\"_blank\" href=\"http:\/\/www.sibat.mod.gov.il\/Industries\/directory\/Pages\/default.aspx\">Savunma Bakanl\u0131\u011f\u0131\u00a0 ve HLS Dizini<\/a> gibi baz\u0131 \u00fclkeler taraf\u0131ndan tutulan g\u00f6zetleme \u00fcr\u00fcnleri bro\u015f\u00fcrleri veya savunma sanayi kataloglar\u0131 bulmak genellikle m\u00fcmk\u00fcnd\u00fcr. \u00c7o\u011fu durumda, &#8220;casus yaz\u0131l\u0131m&#8221; yerine &#8220;uzaktan veri \u00e7\u0131karma&#8221; gibi \u00f6rtmece ifadelerle g\u00f6zetleme bi\u00e7imi a\u00e7\u0131k\u00e7a a\u00e7\u0131klanmaz.<\/li>\n<li><strong>Saklanmak isterler ama ka\u00e7malar\u0131 gerekir<\/strong>. Herhangi bir dijital g\u00f6zetim bi\u00e7imi, genellikle \u00e7evrim i\u00e7i iz b\u0131rakan bir dijital altyap\u0131 gerektirir. (<a href=\"https:\/\/gijn.org\/2023\/08\/06\/dijital-tehditlerin-arastirilmasi-dijital-altyapi\/\">Dijital altyap\u0131<\/a> \u00fczerinden izleme ile ilgili ayr\u0131 b\u00f6l\u00fcm\u00fcm\u00fcze bak\u0131n.)<\/li>\n<\/ul>\n<p><strong>Devlet G\u00f6zetiminin Farkl\u0131 Bi\u00e7imleri<\/strong><\/p>\n<p>Geli\u015fen ve karma\u015f\u0131k dijital g\u00f6zetim ortam\u0131, sekt\u00f6r\u00fcn tam ve kesin bir resmini \u00e7izmeyi zorla\u015ft\u0131rabilir. Ancak devletlerin sivil toplumu izlemek i\u00e7in kulland\u0131\u011f\u0131 ana dijital g\u00f6zetim bi\u00e7imlerini anlamak \u00f6nemlidir.<\/p>\n<p><strong>Telefon A\u011f\u0131 \u0130zleme<\/strong><\/p>\n<p>Telefon a\u011f\u0131 izleme, muhtemelen dijital g\u00f6zetimin en eski ve en me\u015fru bi\u00e7imlerinden biridir. Hemen hemen t\u00fcm \u00fclkelerde, polis soru\u015fturmalar\u0131 i\u00e7in standart telefon g\u00f6r\u00fc\u015fmelerini ve SMS&#8217;leri dinleyen bir sistem mevcuttur. Bu t\u00fcr sistemler, \u00e7e\u015fitli derecelerde g\u00f6zetim ile istihbarat servisleri taraf\u0131ndan da yayg\u0131n olarak kullan\u0131lmaktad\u0131r.<br \/>\nTasar\u0131mlar\u0131 gere\u011fi cep telefonlar\u0131n\u0131n ileti\u015fim kurmak i\u00e7in yak\u0131ndaki baz istasyonlar\u0131yla etkile\u015fime girmesi gerekti\u011finden, cep telefonlar\u0131n\u0131n geli\u015fimi bu yetenekleri geni\u015fletmi\u015ftir. Bu, yabanc\u0131lar\u0131n herhangi bir zamanda bir cep telefonunun konumunu co\u011frafi olarak belirlemesine olanak tan\u0131r. Bu co\u011frafi konum, farkl\u0131 hassasiyet derecelerinde mevcuttur. Temel fakt\u00f6rler, sistemin yaln\u0131zca telefonun ba\u011fl\u0131 oldu\u011fu en son baz istasyonunu kontrol edip etmedi\u011fini (baz istasyonlar\u0131n\u0131n yo\u011funlu\u011funa ba\u011fl\u0131 olarak birka\u00e7 y\u00fcz metre ile birka\u00e7 y\u00fcz kilometre aras\u0131nda bir konum verir) veya birden fazla h\u00fccre kulesi kullanarak sinyali \u00fc\u00e7genleyerek aktif co\u011frafi konum belirleme yap\u0131yorsa (burada bir konumun birka\u00e7 metreye kadar yeri belirlenebilir).<\/p>\n<p>Cep telefonlar\u0131, sinyali en \u00fcst d\u00fczeye \u00e7\u0131karmak i\u00e7in en yak\u0131n baz istasyonuna ba\u011flanacak \u015fekilde tasarlanm\u0131\u015ft\u0131r. B\u00f6ylece, yak\u0131ndaki cihazlar\u0131n ileti\u015fimini ele ge\u00e7irebilen ta\u015f\u0131nabilir h\u00fccre kuleleri olu\u015fturmak m\u00fcmk\u00fcnd\u00fcr. Bu ara\u00e7lara <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/IMSI-catcher\">IMSI Catchers<\/a> (veya bazen, halk dilinde Stingrays, e\u015fanlaml\u0131 olarak en iyi bilinen IMSI Catcher \u00fcr\u00fcnlerinden birini kullanarak) ad\u0131 verilir ve bir\u00e7ok \u00fclkede kolluk kuvvetleri taraf\u0131ndan kullan\u0131labilir. Daha yeni mobil protokoller bu sald\u0131r\u0131lar\u0131 zorla\u015ft\u0131rd\u0131. Bug\u00fcn izinsiz giri\u015f d\u00fczeyi, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.eff.org\/wp\/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks\">donan\u0131ma ve yap\u0131land\u0131rmaya ba\u011fl\u0131d\u0131r.<\/a> Basit sistemler yaln\u0131zca bir alandaki cep telefonlar\u0131n\u0131 tan\u0131mlayabilirken, daha karma\u015f\u0131k sistemler bu telefonlardan gelen veri ileti\u015fimini dinleyebilir ve de\u011fi\u015ftirebilir.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/gijn.org\/wp-content\/uploads\/2023\/04\/DeepinScreenshot_select-area_20230305203132.png\" alt=\"digital threats landscape Stingray device\" width=\"401\" height=\"228\" \/><\/p>\n<p>Uluslararas\u0131 telefon a\u011f\u0131, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Signalling_System_No._7#cite_note-TBIJ_20201216-29\">Signaling System No. 7 (SS7)<\/a> adl\u0131 eski bir protokole dayanmaktad\u0131r ve k\u0131smen telefon \u015firketlerinin kendi a\u011flar\u0131n\u0131n g\u00fcvenli\u011fine yat\u0131r\u0131m yapmalar\u0131 i\u00e7in \u00e7ok az te\u015fvik olmas\u0131 nedeniyle ciddi g\u00fcvenlik sorunlar\u0131 oldu\u011fu bilinmektedir. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, baz\u0131 g\u00f6zetleme \u015firketlerinin (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/citizenlab.ca\/2020\/12\/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles\/\">Circles<\/a> gibi) SS7 operat\u00f6rleri olarak kaydolmas\u0131na (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/technology\/2022\/02\/01\/nso-pegasus-bags-of-cash-fbi\/\">veya mevcut operat\u00f6rlere a\u011f eri\u015fimlerini kullanmalar\u0131 i\u00e7in \u00f6deme yapmas\u0131na<\/a>) ve bu eri\u015fimi d\u00fcnyan\u0131n her yerindeki cep telefonlar\u0131n\u0131 uzaktan izlemek i\u00e7in kullanmas\u0131na izin verdi. Bu t\u00fcr bir g\u00f6zetleme, 2018&#8217;de Dubai h\u00fck\u00fcmdar\u0131 olan babas\u0131 \u015eeyh Muhammed&#8217;den ka\u00e7maya \u00e7al\u0131\u015fan <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.thebureauinvestigates.com\/stories\/2020-12-16\/spy-companies-using-channel-islands-to-track-phones-around-the-world\">Prenses Latifa el-Maktum<\/a>&#8216;u izlemek i\u00e7in kullan\u0131ld\u0131.<\/p>\n<p>Meta verilerin (arayan numaras\u0131, al\u0131c\u0131 numaras\u0131 ve araman\u0131n saati gibi) verilerin kendisinden daha ilgin\u00e7 ve analiz edilmesinin daha kolay olabilece\u011fini belirtmekte fayda var. Bu veriler genellikle polisin daha az g\u00f6zetimi alt\u0131ndad\u0131r ve polislerin <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.youtube.com\/watch?v=BwGsr3SzCZc\">birlikte \u00e7al\u0131\u015fan<\/a> insan a\u011flar\u0131n\u0131 belirlemesine olanak sa\u011flayabilir.<\/p>\n<p><strong>\u0130nternet A\u011flar\u0131n\u0131n \u0130zlenmesi<\/strong><\/p>\n<p>2011&#8217;de Muammer Kaddafi&#8217;nin saltanat\u0131n\u0131n sona erdi\u011fi Libya i\u00e7 sava\u015f\u0131 s\u0131ras\u0131nda, k\u00fc\u00e7\u00fck bir aktivist grubu, Frans\u0131z \u015firketi Amesys (daha sonra Nexa Technologies olarak yeniden adland\u0131r\u0131ld\u0131) taraf\u0131ndan kurulan sistemlerle donat\u0131lm\u0131\u015f gizli bir h\u00fck\u00fcmet g\u00f6zetleme merkezi ke\u015ffetti. Bu sistemler<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wired.com\/2012\/05\/ff-libya\/\"> Libya&#8217;n\u0131n \u0130nternet&#8217;inden ge\u00e7en t\u00fcm verileri izleyip kaydedebiliyor, e-postalar\u0131, sohbeti, IP \u00fczerinden sesli (VoIP) aramalar\u0131 ve tarama ge\u00e7mi\u015fini ay\u0131klayabiliyordu.<\/a> \u00c7o\u011fu durumda, bu g\u00f6zetleme sistemlerinden elde edilen veriler aktivistleri tutuklamak, sorgulamak ve bazen i\u015fkence etmek i\u00e7in kullan\u0131ld\u0131.<\/p>\n<p>\u0130nternet genelinde g\u00f6zetim, \u00fclkeler taraf\u0131ndan vatanda\u015flar\u0131n faaliyetlerini izlemek i\u00e7in kullan\u0131lan d\u00fczenli bir ara\u00e7 haline geldi. Snowden if\u015faatlar\u0131, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/XKeyscore\">XKEYSCORE<\/a> gibi gizli programlar\u0131n devletin bu verilerdeki ayr\u0131nt\u0131lar\u0131 aramas\u0131na izin vermesiyle ABD&#8217;nin \u0130nternet izleme yeteneklerine ilk bak\u0131\u015f\u0131 sa\u011flad\u0131. Bu t\u00fcr ara\u00e7lar, b\u00fcy\u00fck \u00f6l\u00e7\u00fcde Kuzey Amerika, Avrupa ve \u0130srail&#8217;de geli\u015ftirilen teknolojiler sayesinde daha k\u00fc\u00e7\u00fck b\u00fct\u00e7eli \u00fclkeler i\u00e7in daha yayg\u0131n bir \u015fekilde kullan\u0131labilir hale geldi. \u00d6rne\u011fin, 2021&#8217;de Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.amnesty.org\/en\/documents\/afr65\/3577\/2021\/en\/\">\u0130srailli Verint \u015firketinin G\u00fcney Sudan&#8217;a a\u011f izleme ekipman\u0131 satt\u0131\u011f\u0131n\u0131 g\u00f6sterdi<\/a> ve bu kal\u0131c\u0131 g\u00f6zetimin aktivistler \u00fczerindeki cayd\u0131r\u0131c\u0131 etkisini belgeledi.<\/p>\n<p><strong>Kimlik Av\u0131 ve Casus Yaz\u0131l\u0131m Sald\u0131r\u0131lar\u0131<\/strong><\/p>\n<p>Artan \u015fifreleme kullan\u0131m\u0131yla birlikte, bir\u00e7ok eyalet kimlik av\u0131 veya casus yaz\u0131l\u0131m sald\u0131r\u0131lar\u0131 yoluyla u\u00e7 cihazlara veya hesaplara y\u00f6nelik sald\u0131r\u0131lara y\u00f6neliyor. Kimlik av\u0131, sald\u0131rganlar\u0131n hedeflenen ki\u015fiyi k\u00f6t\u00fc ama\u00e7l\u0131 bir dosyay\u0131 (\u00e7o\u011funlukla casus yaz\u0131l\u0131m i\u00e7erir) a\u00e7mas\u0131 i\u00e7in kand\u0131rmak veya kullan\u0131c\u0131 bilgilerini ve parolalar\u0131n\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 bir web sitesine girmeleri i\u00e7in kand\u0131rmak amac\u0131yla mesajlar veya e-postalar g\u00f6nderdi\u011fi bir sosyal m\u00fchendislik bi\u00e7imidir. Casus yaz\u0131l\u0131mlar, cihaz etkinli\u011fini gizlice izleyen ve veri toplayan k\u00f6t\u00fc ama\u00e7l\u0131 programlard\u0131r.<\/p>\n<p>Bu sald\u0131r\u0131lar i\u00e7in ara\u00e7lar ve beceriler, baz\u0131 durumlarda casus yaz\u0131l\u0131m geli\u015ftiricileri kiralamak i\u00e7in zaman ve kaynak harcayan devletler taraf\u0131ndan geli\u015ftirilir. Ancak bir\u00e7ok \u00fclke ticari casus yaz\u0131l\u0131m end\u00fcstrisine g\u00fcvenmeyi daha kolay bulmaktad\u0131r. Tarihsel olarak, bu end\u00fcstri Avrupa&#8217;da <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/FinFisher\">FinFisher<\/a> ve <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Hacking_Team\">Hacking Team<\/a> gibi \u015firketlerle ve ard\u0131ndan \u0130srail&#8217;de NSO Group ve <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2022\/12\/08\/us\/politics\/spyware-nso-pegasus-paragon.html\">Paragon<\/a>. gibi \u015firketlerle ortaya \u00e7\u0131kt\u0131. Bu end\u00fcstrinin sa\u011flad\u0131\u011f\u0131 g\u00f6zetleme, son 15 y\u0131lda belgelendi ve y\u00fczlerce gazeteci ve aktivistin hedef al\u0131nmas\u0131n\u0131 i\u00e7eriyordu. Casus yaz\u0131l\u0131m end\u00fcstrisi genellikle NSO Group&#8217;un Pegasus&#8217;u gibi, geli\u015ftirici taraf\u0131ndan bilinmeyen yaz\u0131l\u0131mlardaki g\u00fcvenlik a\u00e7\u0131klar\u0131ndan (genellikle s\u0131f\u0131r g\u00fcn g\u00fcvenlik a\u00e7\u0131klar\u0131 olarak adland\u0131r\u0131l\u0131r) yararlanarak bir ak\u0131ll\u0131 telefonu tehlikeye atabilen geli\u015fmi\u015f ara\u00e7lar sa\u011flar. Pegasus ilk y\u0131llar\u0131nda, kurbanlara SMS ile g\u00f6nderilen ve bir kez t\u0131kland\u0131\u011f\u0131nda telefonu sessizce tehlikeye atan ba\u011flant\u0131lar yoluyla bir cihaza bula\u015ft\u0131.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/gijn.org\/wp-content\/uploads\/2023\/04\/pasted-image-0-771x354.png\" alt=\"digital threats landscape Pegasus spyware links\" \/><\/p>\n<p><em>A\u011fustos 2016&#8217;da BAE merkezli insan haklar\u0131 savunucusu Ahmed Mansoor&#8217;u hedef alan Pegasus casus yaz\u0131l\u0131m g\u00f6m\u00fcl\u00fc ba\u011flant\u0131lar\u0131. Resim: Ekran G\u00f6r\u00fcnt\u00fcs\u00fc, Citizen Lab<\/em><\/p>\n<p>2018-19 gibi NSO Group&#8217;un s\u0131f\u0131r t\u0131klama a\u00e7\u0131klar\u0131 olarak bilinen kullan\u0131c\u0131yla herhangi bir etkile\u015fim olmadan yap\u0131lan sald\u0131r\u0131lara ge\u00e7ti\u011fi bildirildi. Ba\u015fka bir deyi\u015fle, bir kullan\u0131c\u0131n\u0131n telefonuna, k\u00f6t\u00fc ama\u00e7l\u0131 bir ba\u011flant\u0131ya t\u0131klamasa bile sessizce vir\u00fcs bula\u015fabilir. Bu t\u00fcr sald\u0131r\u0131lar, uygulamalardaki (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2019\/10\/29\/whatsapp-spyware-nso-group\/\">2019&#8217;daki WhatsApp gibi<\/a>) g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131r veya bir hedefin taray\u0131c\u0131lar\u0131n\u0131 ve uygulamalar\u0131n\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 web sitelerine y\u00f6nlendiren <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.amnesty.org\/en\/latest\/research\/2020\/06\/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools\/\">a\u011f enjeksiyonunu<\/a> kullan\u0131r.<\/p>\n<p>Bu sald\u0131r\u0131lar teknik olarak geli\u015fmi\u015f olsa ve man\u015fetlere \u00e7\u0131ksa da gazetecileri ve aktivistleri hedef alan casus yaz\u0131l\u0131m ve kimlik av\u0131 sald\u0131r\u0131lar\u0131n\u0131n \u00e7o\u011fu daha az karma\u015f\u0131kt\u0131r. Kariyerimde g\u00f6rd\u00fc\u011f\u00fcm sald\u0131r\u0131lar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011fu, kimlik av\u0131n\u0131n \u00e7e\u015fitleri gibi daha basit bi\u00e7imler al\u0131yor. Klasik bir sald\u0131r\u0131, kullan\u0131c\u0131y\u0131 oturum a\u00e7ma bilgilerini ve parolalar\u0131n\u0131 sa\u011flamas\u0131 i\u00e7in kand\u0131rmak amac\u0131yla \u00e7evrim i\u00e7i platformlar\u0131 (Google veya Yahoo gibi) taklit eden e-postalar g\u00f6ndermektir. Bir di\u011feri ise sohbet uygulamalar\u0131na dosya ve hatta uygulama g\u00f6ndererek kurban\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 dosyalar\u0131 a\u00e7mas\u0131n\u0131 veya y\u00fcklemesini sa\u011flamaya \u00e7al\u0131\u015fmakt\u0131r.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/gijn.org\/wp-content\/uploads\/2023\/04\/Screen-Shot-2023-04-13-at-2.19.13-PM-2-771x643.png\" alt=\"digital threat landscape phishing malware\" \/><\/p>\n<p><em>Bir kurban\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 bir uygulama y\u00fcklemesi i\u00e7in kand\u0131rmaya \u00e7al\u0131\u015fan bir kimlik av\u0131 sald\u0131rgan\u0131. Resim: Ekran G\u00f6r\u00fcnt\u00fcleri, Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc<\/em><\/p>\n<p>Sivil toplumu hedef alan sald\u0131r\u0131lar\u0131n \u00e7o\u011fu, \u015fifreleri veya di\u011fer de\u011ferli bilgileri teslim etme gibi bir eylemde bulunmaya ikna etme motivasyonu i\u00e7indedir. Hedefi manip\u00fcle etmeyi i\u00e7eren bir sosyal m\u00fchendisli\u011fe dayanmakta. Bu, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.hrw.org\/news\/2022\/12\/05\/iran-state-backed-hacking-activists-journalists-politicians\">mevcut g\u00fcvenilir kurulu\u015flar\u0131n kimli\u011fine b\u00fcr\u00fcnerek<\/a> veya hatta <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/medium.com\/amnesty-insights\/beyond-fake-news-an-investigation-into-the-murky-world-of-fake-campaigns-f4af8118844b\">sahte STK&#8217;lar olu\u015fturarak<\/a> yap\u0131labilir. Kimlik sahtekarl\u0131\u011f\u0131 ad\u0131 verilen bir teknik, k\u00f6t\u00fc ba\u011flant\u0131lar\u0131 tan\u0131d\u0131k e-posta adresleri gibi gizler. T\u00fcm bu sald\u0131r\u0131lar, teknik olarak Pegasus&#8217;tan \u00e7ok daha az karma\u015f\u0131k olsa da ger\u00e7ekle\u015ftirmesi \u00e7ok daha ucuz ve genellikle sivil topluma kar\u015f\u0131 b\u00fcy\u00fck \u00f6l\u00e7\u00fcde etkili.<\/p>\n<p><strong>Adli T\u0131p Ara\u00e7lar\u0131<\/strong><\/p>\n<div style=\"width: 244px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/gijn.org\/wp-content\/uploads\/2023\/04\/pasted-image-0-2.png\" alt=\"digital threats landscape Cellebrite device\" width=\"234\" height=\"416\" \/><p class=\"wp-caption-text\">Cellebrite UFED cihaz\u0131, kolluk kuvvetleri taraf\u0131ndan kullan\u0131lan en yayg\u0131n adli t\u0131p ara\u00e7lar\u0131ndan biridir. Resim: Wikipedia, Creative Commons<\/p><\/div>\n<p>Gazeteciler veya aktivistler tutukland\u0131\u011f\u0131nda, yetkililer genellikle adli bili\u015fim ara\u00e7lar\u0131n\u0131 kullanarak veri elde etmek i\u00e7in cihazlara el koyar. Bu ara\u00e7lar bazen yetkililer taraf\u0131ndan kurum i\u00e7inde geli\u015ftirilebilse de, genellikle <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cellebrite.com\/en\/home\/\">Cellebrite<\/a> ya da <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.magnetforensics.com\/\">Magnet Forensics <\/a>gibi dijital adli t\u0131p \u015firketlerinden edinilir.<\/p>\n<p>Cellebrite gibi adli t\u0131p \u015firketleri \u00fcr\u00fcnlerini <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.haaretz.com\/israel-news\/tech-news\/2021-08-17\/ty-article\/.premium\/israeli-phone-hacking-firm-cellebrite-says-has-chosen-to-halt-sales-to-bangladesh\/0000017f-dc8b-d856-a37f-fdcb1b430000\">Bangladesh<\/a>,\u00a0<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.haaretz.com\/israel-news\/2020-08-18\/ty-article\/.premium\/whats-israeli-phone-hacking-firm-cellebrite-doing-in-sanctioned-belarus\/0000017f-e198-d75c-a7ff-fd9dff0b0000\">Belarus<\/a> ve <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ibtimes.co.in\/myanmar-possesses-powerful-surveillance-tools-can-extract-deleted-phone-data-more-details-837601\">Myanmar<\/a>&#8216;daki otoriter h\u00fck\u00fcmetlere satmakla ele\u015ftirildi.<\/p>\n<p>Bu ara\u00e7lar\u0131n etkinli\u011fi, telefonun ya\u015f\u0131 ve g\u00fcvenli\u011fi, polisin kulland\u0131\u011f\u0131 ara\u00e7lar\u0131n fiyat\u0131 ve karma\u015f\u0131kl\u0131\u011f\u0131 gibi bir\u00e7ok fakt\u00f6re ba\u011fl\u0131d\u0131r. \u00d6rne\u011fin 2015-16&#8217;da, FBI liderli\u011findeki ABD h\u00fck\u00fcmetinin Apple&#8217;\u0131 iPhone&#8217;lar\u0131n\u0131n \u015fifrelemesini zay\u0131flatmaya zorlamaya \u00e7al\u0131\u015ft\u0131\u011f\u0131 bir <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/FBI%E2%80%93Apple_encryption_dispute\">yasal dava etraf\u0131nda \u00f6nemli bir tart\u0131\u015fma ya\u015fand\u0131.<\/a> Bu, FBI&#8217;\u0131n toplu silahl\u0131 sald\u0131r\u0131 zanl\u0131s\u0131na ait bir telefondan veri \u00e7\u0131karamamas\u0131n\u0131n ard\u0131ndan geldi. Uzun bir hukuk m\u00fccadelesinden sonra FBI, cihazdaki bir g\u00fcvenlik sorununu kullanarak verileri \u00e7\u0131karabilen \u00fc\u00e7\u00fcnc\u00fc taraf bir \u015firket buldu\u011fu i\u00e7in talebini geri \u00e7ekti. Bunun gibi vakalar, kolluk kuvvetlerinin sahip oldu\u011fu yeteneklere ilgin\u00e7 bir bak\u0131\u015f sa\u011flar. Ancak \u00e7o\u011fu durumda yetkililerin yasal veya fiziksel tehditler kullanarak bir kullan\u0131c\u0131y\u0131 bir cihaza eri\u015fim izni vermeye zorlayaca\u011f\u0131 unutulmamal\u0131d\u0131r. \u00d6rne\u011fin, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.thelocal.fr\/20221109\/france-criticised-for-forcing-suspects-to-unlock-phones\/\">Fransa&#8217;da polise cep telefonu \u015fifresi vermeyi reddetmek ceza gerektiren bir su\u00e7tur.<\/a><\/p>\n<p><strong>A\u00e7\u0131k Kaynak Platformlar\u0131<br \/>\n<\/strong><br \/>\nSon olarak daha yeni bir g\u00f6zetleme t\u00fcr\u00fc ise; a\u00e7\u0131k kaynak zekas\u0131 ve web zekas\u0131 platformlar\u0131ndan gelir. Bu platformlar, halka a\u00e7\u0131k web sitelerinden ve sosyal a\u011flardan \u00e7evrim i\u00e7i veriler toplar. Bir ki\u015finin faaliyetinin haritas\u0131n\u0131 \u00e7\u0131karmak i\u00e7in her \u015feyi merkezi veritabanlar\u0131nda d\u00fczenlerler. Verilerin ba\u015flang\u0131\u00e7ta halka a\u00e7\u0131k oldu\u011fu g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda bu nispeten zarars\u0131z g\u00f6r\u00fcnse de, veriler genellikle telekom\u00fcnikasyon sa\u011flay\u0131c\u0131lar\u0131ndan gelen telefon aramalar\u0131 veya ak\u0131ll\u0131 telefon uygulamalar\u0131nda gizlenmi\u015f izleyiciler taraf\u0131ndan elde edilen co\u011frafi konum verileri gibi \u00f6zel bilgilerle zenginle\u015ftirilir. Bu, kullan\u0131c\u0131lar\u0131n bir bireyin etkinli\u011fini tam olarak izlemesine olanak tan\u0131r.<\/p>\n<p><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/about.fb.com\/wp-content\/uploads\/2022\/12\/Threat-Report-on-the-Surveillance-for-Hire-Industry.pdf\">Meta&#8217;n\u0131n Aral\u0131k 2022 g\u00f6zetim end\u00fcstrisi raporu<\/a> ve <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/forbiddenstories.org\/story-killers\/osint-s2t-unlocking-cyberspace-journalists-activists\/\">Forbidden Stories konsorsiyumunun<\/a> yak\u0131n tarihli raporlar\u0131, bu end\u00fcstrinin b\u00fcy\u00fcd\u00fc\u011f\u00fcn\u00fc g\u00f6steriyor. \u00d6rne\u011fin <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.semana.com\/nacion\/articulo\/espionaje-del-ejercito-nacional-las-carpetas-secretas-investigacion-semana\/667616\">Kolombiya&#8217;dan gelen son a\u00e7\u0131klamalar<\/a>, bu ara\u00e7lar\u0131n gazetecileri ve sivil toplumu hedef almak i\u00e7in k\u00f6t\u00fcye kullan\u0131labilece\u011fini a\u00e7\u0131k\u00e7a g\u00f6steriyor.<\/p>\n<p><strong>Dijital G\u00fcvenlik \u0130pu\u00e7lar\u0131 ve Ara\u00e7lar\u0131<br \/>\n<\/strong><br \/>\nKorkun\u00e7 dijital g\u00f6zetim ortam\u0131na ili\u015fkin bu k\u0131lavuzu okuduktan sonra, bir g\u00fcvensizlik duygusuyla ba\u015f ba\u015fa kalabilir ve dijital g\u00fcvenli\u011fin kaybedilmi\u015f bir sava\u015f oldu\u011funu d\u00fc\u015f\u00fcnebilirsiniz. Ama durum \u00f6yle de\u011fil!<\/p>\n<p>Kendini i\u015fine adam\u0131\u015f ve iyi kaynaklara sahip bir d\u00fc\u015fmana kar\u015f\u0131 uzun s\u00fcre g\u00fcvende kalmak zor olsa bile, dijital g\u00fcvenli\u011finizi \u00f6nemli \u00f6l\u00e7\u00fcde geli\u015ftirmek i\u00e7in kullanabilece\u011finiz bir\u00e7ok ara\u00e7 ve atabilece\u011finiz ad\u0131mlar vard\u0131r. Ve her zaman tamamen g\u00fcvende olman\u0131za gerek yok sadece sizi izlemek isteyen insanlar\u0131n g\u00f6zetimine kar\u015f\u0131 koyacak kadar g\u00fcvende olman\u0131z gerekiyor.<\/p>\n<p>Kapsaml\u0131 bir dijital g\u00fcvenlik k\u0131lavuzu bu b\u00f6l\u00fcm\u00fcn kapsam\u0131 d\u0131\u015f\u0131nda ancak profesyonel bir gazeteci olarak bilmeniz gereken \u00f6nemli y\u00f6ntemleri ve ara\u00e7lar\u0131 vurgulamak i\u00e7in bu son b\u00f6l\u00fcmde yer verece\u011fim.<\/p>\n<p><strong>Aletler<br \/>\n<\/strong><br \/>\n<strong>U\u00e7tan uca \u015fifreli sohbet uygulamalar\u0131n\u0131 kullan\u0131n.<\/strong> U\u00e7tan uca \u015fifreleme, kullan\u0131c\u0131lar aras\u0131nda verileri y\u00f6neten sunucunun, de\u011fi\u015f toku\u015f edilen verilerin i\u00e7eri\u011fini g\u00f6rememesi anlam\u0131na gelir. Bu kritiktir \u00e7\u00fcnk\u00fc \u015fifreleme do\u011fru \u015fekilde yap\u0131ld\u0131\u011f\u0131 s\u00fcrece uygulaman\u0131n arkas\u0131ndaki \u015firkete veya ki\u015filere g\u00fcvenmek zorunda de\u011filsiniz demektir. En \u00fcnl\u00fc ve en sayg\u0131n u\u00e7tan uca \u015fifreli sohbet uygulamas\u0131 <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/signal.org\/en\/\">Signal<\/a>&#8216;dir. Ancak, dosya aktar\u0131m\u0131 (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/send.tresorit.com\/\">Tresorit<\/a> gibi) ve hatta payla\u015f\u0131lan belgeler (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cryptpad.fr\/\">CryptPad<\/a> gibi) dahil olmak \u00fczere u\u00e7tan uca \u015fifreleme ile daha fazla uygulama geli\u015ftirilmektedir. Signal gibi sohbet uygulamalar\u0131nda hassas konu\u015fmalar\u0131n ge\u00e7mi\u015fini telefonunuzda tutmamak i\u00e7in kaybolan mesajlar\u0131 etkinle\u015ftirdi\u011finizden emin olun.<\/p>\n<p><strong>Telefonunuzu olabildi\u011fince g\u00fcvenli hale getirin.<\/strong> Hala yap\u0131lacak \u00e7ok i\u015f olsa da ak\u0131ll\u0131 telefonlar\u0131n g\u00fcvenli\u011fi geli\u015fmeye devam ediyor. Cihazlar\u0131n\u0131z\u0131 g\u00fcvende tutmak i\u00e7in baz\u0131 basit ad\u0131mlar\u0131 takip edebilirsiniz. Android kullan\u0131yorsan\u0131z, \u00fcreticinizden d\u00fczenli olarak g\u00fcvenlik y\u00fckseltmeleri alan bir telefon kulland\u0131\u011f\u0131n\u0131zdan ve sistemi ve kulland\u0131\u011f\u0131n\u0131z uygulamalar\u0131 g\u00fcncelledi\u011finizden emin olun. (Teknik odakl\u0131ysan\u0131z, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/grapheneos.org\/\">GrapheneOS<\/a>&#8216;a ge\u00e7meyi d\u00fc\u015f\u00fcn\u00fcn.) iPhone kullan\u0131c\u0131lar\u0131 i\u00e7in, telefonunuzu en son yaz\u0131l\u0131ma y\u00fckseltti\u011finizden emin olun. Geli\u015fmi\u015f casus yaz\u0131l\u0131m riskiyle kar\u015f\u0131 kar\u015f\u0131yaysan\u0131z, Citizen Lab&#8217;in k\u0131sa bir s\u00fcre \u00f6nce buldu\u011fu, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/techcrunch.com\/2023\/04\/18\/apple-lockdown-mode-iphone-nso-pegasus\/?guccounter=1&amp;guce_referrer=aHR0cHM6Ly90LmNvLw&amp;guce_referrer_sig=AQAAAKQVRqYckjH6bncTrkUjSmptF0TQ8xkxlM3IxQ2TuYEOelG4-4KHANOM-hfJcFGq3uoZvRgYKJ2-pg3Og61kRvOWoKfM37GErwGTaIzm-bZP-28KzVzw0gYUOuHB2fIxX_UJdYBaQLhB7Dkv__F7v6E1sron692rE6_ps_4gXeJ1\">NSO Group&#8217;tan s\u0131f\u0131r g\u00fcn a\u00e7\u0131klar\u0131ndan yararlanma sald\u0131r\u0131s\u0131n\u0131 engellemeye yard\u0131mc\u0131 olabilecek<\/a> Apple&#8217;\u0131n <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/support.apple.com\/en-us\/HT212650\">Kilitleme Modunu<\/a> etkinle\u015ftirdi\u011finizden emin olun. Her iki durumda da y\u00fckledi\u011finiz uygulama say\u0131s\u0131n\u0131 s\u0131n\u0131rlamaya \u00e7al\u0131\u015f\u0131n ve ki\u015fisel ve i\u015f telefonlar\u0131n\u0131 ayr\u0131 tutmaya \u00e7al\u0131\u015f\u0131n.<\/p>\n<p><strong>\u0130ki fakt\u00f6rl\u00fc kimlik do\u011frulama kullan\u0131n.<\/strong> \u0130ki fakt\u00f6rl\u00fc kimlik do\u011frulama (2FA), ek bilgiler girmenizi gerektirir. SMS ile g\u00f6nderilen bir kod (m\u00fckemmel de\u011fil ama hi\u00e7 yoktan iyidir), telefonunuzdaki <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/freeotp.github.io\/\">FreeOTP<\/a> gibi bir uygulama taraf\u0131ndan olu\u015fturulan bir kod (sa\u011flamd\u0131r) veya hatta bir donan\u0131m anahtar\u0131 taraf\u0131ndan otomatik olarak olu\u015fturulan bir say\u0131 olabilir. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.yubico.com\/\">Yubikey<\/a> (ki bu olduk\u00e7a g\u00fcvenlidir). 2FA, kimlik av\u0131 sald\u0131r\u0131lar\u0131na kar\u015f\u0131 en g\u00fc\u00e7l\u00fc ara\u00e7lardan biridir ve t\u00fcm hassas hesaplarda etkinle\u015ftirilmesini \u015fiddetle tavsiye ederim. Halihaz\u0131rda kimlik av\u0131 sald\u0131r\u0131lar\u0131n\u0131n hedefi olduysan\u0131z, donan\u0131m anahtarlar\u0131n\u0131 kullanmak i\u00e7in biraz zaman ve para yat\u0131rman\u0131z\u0131 \u00f6neririm. G\u00fcvenlik anahtarlar\u0131 veya U2F anahtarlar\u0131 olarak da bilinen bunlar, genellikle bir USB ba\u011flant\u0131 noktas\u0131na s\u0131\u011fan k\u00fc\u00e7\u00fck donan\u0131m par\u00e7alar\u0131d\u0131r ve hesaplar\u0131n\u0131z\u0131 neredeyse k\u0131r\u0131lmaz hale getirebilirler.<\/p>\n<p><strong>Y\u00f6ntemler<\/strong><\/p>\n<p><strong>Kar\u015f\u0131la\u015ft\u0131\u011f\u0131n\u0131z tehditleri de\u011ferlendirin.<\/strong> Her \u015feye kar\u015f\u0131 korunman\u0131za gerek yok, sadece sizi etkileyebilecek tehditlere kar\u015f\u0131. Yapt\u0131\u011f\u0131n\u0131z i\u015fi ve kar\u015f\u0131la\u015fabilece\u011finiz dijital g\u00f6zetim t\u00fcr\u00fcn\u00fc d\u00fc\u015f\u00fcn\u00fcn. Halihaz\u0131rda neyle kar\u015f\u0131 kar\u015f\u0131ya oldu\u011funuzu d\u00fc\u015f\u00fcn\u00fcn, ayn\u0131 i\u015fi yapan insanlara dan\u0131\u015f\u0131n ve bir senaryo listesi yaz\u0131n. Ard\u0131ndan, her durum i\u00e7in g\u00fcvenli\u011finizi nas\u0131l iyile\u015ftirebilece\u011finizi d\u00fc\u015f\u00fcn\u00fcn. (<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.frontlinedefenders.org\/en\/workbook-security\">Frontline Defenders Workbook on Security<\/a> bu s\u00fcreci anlaman\u0131za yard\u0131mc\u0131 olabilir.) Bir haber merkezinde veya gazeteciler a\u011f\u0131n\u0131n par\u00e7as\u0131 olarak \u00e7al\u0131\u015f\u0131yorsan\u0131z, herkesi bu s\u00fcre\u00e7ten ge\u00e7meye te\u015fvik edin. Dijital g\u00fcvenlik bir ekip i\u015fidir.<\/p>\n<p><strong>Her zaman g\u00fcvende olam\u0131yorsan\u0131z, b\u00f6l\u00fcmlere ay\u0131r\u0131n.<\/strong> Baz\u0131 durumlarda, yapt\u0131\u011f\u0131n\u0131z i\u015f i\u00e7in cihazlar\u0131n\u0131z\u0131 veya hesaplar\u0131n\u0131z\u0131 yeterince g\u00fcvenli hale getiremeyebilirsiniz. Bu durumda, b\u00f6l\u00fcmlere ay\u0131rmay\u0131 d\u00fc\u015f\u00fcn\u00fcn. \u00d6rne\u011fin, farkl\u0131 bir i\u015f ve ki\u015fisel telefon ya da farkl\u0131 projeler i\u00e7in farkl\u0131 e-posta hesaplar\u0131 kullan\u0131n. \u00c7ok hassas bir soru\u015fturma \u00fczerinde \u00e7al\u0131\u015f\u0131yorsan\u0131z, buna ayr\u0131lm\u0131\u015f cihazlara ve hesaplara sahip olmay\u0131 d\u00fc\u015f\u00fcn\u00fcn. Sans\u00fcre ve g\u00f6zetlemeye kar\u015f\u0131 koruma sa\u011flamak i\u00e7in tasarlanm\u0131\u015f <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/tails.boum.org\/\">Tails gibi ayr\u0131 bir i\u015fletim sistemi de<\/a> kullanabilirsiniz. Son derece hassas veriler veya dosyalarla \u00e7al\u0131\u015f\u0131yorsan\u0131z, hava bo\u015fluklu bir bilgisayar kullanabilirsiniz. Bu, Wifi veya Bluetooth gibi dijital a\u011flara ba\u011flanamayan bir cihazd\u0131r ve bu nedenle k\u0131r\u0131lmas\u0131 inan\u0131lmaz derecede zordur.<\/p>\n<p><strong>Dijital g\u00fcvenli\u011fi anlay\u0131n ve ne zaman destek alaca\u011f\u0131n\u0131z\u0131 bilin.<\/strong> Bir gazeteci olarak hedefiniz dijital g\u00fcvenlik uzman\u0131 olmak de\u011fil, ancak bu b\u00f6l\u00fcmde \u00f6zetlenenler gibi temel bilgilere sahip olmal\u0131s\u0131n\u0131z ve ne zaman uzman tavsiyesi alman\u0131z gerekti\u011fini bilmelisiniz. Yapabiliyorsan\u0131z, g\u00fcvendi\u011finiz ve bir sorunla veya yeni bir tehditle kar\u015f\u0131la\u015ft\u0131\u011f\u0131n\u0131zda size yard\u0131mc\u0131 olabilecek teknoloji uzmanlar\u0131ndan olu\u015fan bir a\u011f geli\u015ftirin. Normalde yapt\u0131\u011f\u0131n\u0131z i\u015ften daha y\u00fcksek profilli bir ara\u015ft\u0131rmaya ve habercili\u011fe gidiyorsan\u0131z m\u00fcmk\u00fcn oldu\u011funca \u00e7ok \u015fey tahmin etti\u011finizden emin olun. Reaktif olmaktansa proaktif olmak her zaman daha iyidir.<\/p>\n<p>Electronic Frontier Foundation&#8217;\u0131n bir portal\u0131 olan <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/ssd.eff.org\/\">Surveillance Self-Defense<\/a>&#8216;de veya Frontline Defenders&#8217; <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/securityinabox.org\/en\/\">Security in a Box web<\/a> sitesinde harika dijital g\u00fcvenlik kaynaklar\u0131 bulabilirsiniz. GIJN&#8217;de ayr\u0131ca bu konuda <a href=\"https:\/\/gijn.org\/digital-security\/\">faydal\u0131 kaynaklar<\/a> var. Bir gazeteci olarak dijital g\u00fcvenlik deste\u011fine ihtiyac\u0131n\u0131z varsa, <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.accessnow.org\/help\/\">Access Now dijital g\u00fcvenlik<\/a> yard\u0131m hatt\u0131 ile de ileti\u015fime ge\u00e7ebilirsiniz.<\/p>\n<p><strong>Durum \u00e7al\u0131\u015fmalar\u0131<br \/>\n<\/strong><br \/>\n<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.theguardian.com\/world\/video\/2013\/jun\/09\/nsa-whistleblower-edward-snowden-interview-video\">Snowden Vahiyleri.<\/a> K\u00fcresel dikkati ABD Ulusal G\u00fcvenlik Te\u015fkilat\u0131&#8217;n\u0131n (NSA) yayg\u0131n casuslu\u011funa \u00e7ekerek g\u00f6zetim ortam\u0131n\u0131 tamamen de\u011fi\u015ftiren Snowden if\u015faatlar\u0131ndan bahsetmeden dijital g\u00f6zetim hakk\u0131nda konu\u015fmak zor. Vahiyler ola\u011fan\u00fcst\u00fc geni\u015f ve ara\u015ft\u0131rmalar bir y\u0131ldan fazla s\u00fcrd\u00fc. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.lawfareblog.com\/snowden-revelations\">Snowden&#8217;\u0131n if\u015faatlar\u0131n\u0131n Lawfare \u00f6zetini<\/a> ve The Intercept&#8217;in <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/theintercept.com\/collections\/snowden-archive\/\">Snowden ar\u015fivlerini<\/a> okuman\u0131z\u0131 tavsiye ederim. Ba\u011flam a\u00e7\u0131s\u0131ndan, Laura Poitras&#8217;\u0131n \u00f6d\u00fcll\u00fc <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Citizenfour\">Citizenfour belgeseli de<\/a> de\u011ferlidir.<\/p>\n<p><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/investigates\/special-report\/usa-spying-raven\/\"><strong>Raven Projesi.<\/strong> <\/a>Ocak 2019&#8217;da Reuters, Birle\u015fik Arap Emirlikleri&#8217;nin \u00fclkenin sald\u0131rgan dijital casusluk yeteneklerini geli\u015ftirmek i\u00e7in eski NSA \u00e7al\u0131\u015fanlar\u0131n\u0131 i\u015fe ald\u0131\u011f\u0131n\u0131 ortaya \u00e7\u0131kard\u0131. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/investigates\/special-report\/usa-spying-karma\/\">Bu ara\u00e7lar daha sonra devlet ba\u015fkanlar\u0131n\u0131 ve insan haklar\u0131 aktivistlerini hedef almak i\u00e7in kullan\u0131ld\u0131.<\/a><\/p>\n<p><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/forbiddenstories.org\/case\/the-pegasus-project\/\"><strong>Pegasus Projesi.<\/strong> <\/a>Temmuz 2021&#8217;de, Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc&#8217;n\u00fcn G\u00fcvenlik Laboratuvar\u0131 ile teknik ortak olarak Forbidden Stories taraf\u0131ndan koordine edilen bir gazeteciler konsorsiyumu, NSO Group&#8217;un Pegasus casus yaz\u0131l\u0131m\u0131n\u0131n sa\u011flad\u0131\u011f\u0131 suistimalleri ortaya \u00e7\u0131kard\u0131. Ara\u015ft\u0131rma, Suudi Arabistan, Fas, Macaristan, Hindistan ve Meksika da dahil olmak \u00fczere 11 \u00fclkedeki NSO m\u00fc\u015fterileri taraf\u0131ndan g\u00f6zetlenmek \u00fczere se\u00e7ilen 50.000 telefon numaras\u0131n\u0131n bir listesiyle ortaya \u00e7\u0131kt\u0131.<\/p>\n<p><strong><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.thebureauinvestigates.com\/stories\/2022-11-05\/inside-the-global-hack-for-hire-industry\">Global Hack-for-Hire End\u00fcstrisinin \u0130\u00e7inde<\/a>.<\/strong> 2022&#8217;de Birle\u015fik Krall\u0131k merkezli Ara\u015ft\u0131rmac\u0131 Gazetecilik B\u00fcrosu ve Sunday Times, Hindistan&#8217;da b\u00fcy\u00fcyen kiral\u0131k hacker end\u00fcstrisinin merkezindeki insanlarla tan\u0131\u015fmak i\u00e7in k\u0131l\u0131k de\u011fi\u015ftirdi. Bu hikaye, bir zamanlar yaln\u0131zca devletlerin eri\u015febildi\u011fi bilgisayar korsanl\u0131\u011f\u0131 ara\u00e7lar\u0131n\u0131n nas\u0131l \u00f6zel akt\u00f6rler taraf\u0131ndan eri\u015filebilir hale geldi\u011fine dair fikir veriyor.<\/p>\n<p><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/forbiddenstories.org\/case\/story-killers\/\"><strong>Hikaye Katilleri.<\/strong> <\/a>Bu y\u0131l\u0131n ba\u015flar\u0131nda Forbidden Stories konsorsiyumu, kiral\u0131k dezenformasyon end\u00fcstrisini ara\u015ft\u0131ran bir dizi olan Story Killers&#8217;\u0131 yay\u0131nlad\u0131. Do\u011frudan dijital g\u00f6zetleme te\u015fkil etmese bile, genellikle aras\u0131nda \u00f6rt\u00fc\u015fme vard\u0131r.<\/p>\n<p><strong>Ek Kaynaklar<\/strong><\/p>\n<p><a href=\"https:\/\/gijn.org\/2023\/07\/28\/dijital-tehditlerin-arastirilmasi-dezenformasyon\/\">Dijital Tehditlerin Ara\u015ft\u0131r\u0131lmas\u0131: Dezenformasyon<\/a><\/p>\n<p><a href=\"https:\/\/gijn.org\/2023\/08\/06\/dijital-tehditlerin-arastirilmasi-dijital-altyapi\/\">Dijital Tehditlerin Ara\u015ft\u0131r\u0131lmas\u0131: Dijital Altyap\u0131<\/a><\/p>\n<p><a href=\"https:\/\/gijn.org\/2021\/10\/13\/tips-from-the-pegasus-project\/\">Pegasus Projesi&#8217;nden \u0130pu\u00e7lar\u0131: Y\u0131rt\u0131c\u0131 Casus Yaz\u0131l\u0131mlar\u0131 Ara\u015ft\u0131rmak<\/a><\/p>\n<p><i><a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/randhome.io\/\"><strong><img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"https:\/\/gijn.org\/wp-content\/uploads\/2023\/04\/Screen-Shot-2023-04-10-at-3.23.26-PM-2.png\" alt=\"Etienne &quot;Tek&quot; Maynier\" width=\"110\" height=\"166\" \/>Etienne \u201cTek\u201d Maynier<\/strong><\/a><\/i>, Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc G\u00fcvenlik Laboratuvar\u0131\u2019nda g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131d\u0131r. Sivil topluma y\u00f6nelik dijital sald\u0131r\u0131lar\u0131 2016\u2019dan beri ara\u015ft\u0131r\u0131yor ve kimlik av\u0131, casus yaz\u0131l\u0131m ve dezenformasyon kampanyalar\u0131 \u00fczerine bir\u00e7ok ara\u015ft\u0131rma yay\u0131nlad\u0131. Kendisine\u00a0<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/randhome.io\/\">web sitesinden<\/a>\u00a0ya da\u00a0<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/todon.eu\/@tek\">Mastodon<\/a>\u2018dan ula\u015fabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>GIJN&#8217;nin siber ve dijital tehditleri ara\u015ft\u0131rma k\u0131lavuzunun \u00fc\u00e7\u00fcnc\u00fc b\u00f6l\u00fcm\u00fc, dijital tehdit ortam\u0131n\u0131 kapsar ve gazetecinin ara\u015ft\u0131rmas\u0131n\u0131 ve kaynaklar\u0131n\u0131 g\u00f6zetleme ve di\u011fer \u00e7evrim i\u00e7i sald\u0131r\u0131lardan korumak i\u00e7in ara\u00e7lar ve kaynaklar sunar.<\/p>\n","protected":false},"author":3031167,"featured_media":1193363,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_price":"","_stock":"","_tribe_ticket_header":"","_tribe_default_ticket_provider":"","_tribe_ticket_capacity":"0","_ticket_start_date":"","_ticket_end_date":"","_tribe_ticket_show_description":"","_tribe_ticket_show_not_going":false,"_tribe_ticket_use_global_stock":"","_tribe_ticket_global_stock_level":"","_global_stock_mode":"","_global_stock_cap":"","_tribe_rsvp_for_event":"","_tribe_ticket_going_count":"","_tribe_ticket_not_going_count":"","_tribe_tickets_list":"[]","_tribe_ticket_has_attendee_info_fields":false,"republication-tracker-tool-hide-widget":true,"footnotes":"","_tec_slr_enabled":"","_tec_slr_layout":""},"categories":[23176],"tags":[22507],"gijn_topic":[18846],"series":[],"gijn_language":[],"gijn_region":[18832],"class_list":["post-1214156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-glava","tag-citizen-lab-ru","gijn_topic-sovety-i-instrumenty","gijn_region-afrika"],"acf":[],"ticketed":false,"_links":{"self":[{"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/posts\/1214156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/users\/3031167"}],"replies":[{"embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/comments?post=1214156"}],"version-history":[{"count":2,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/posts\/1214156\/revisions"}],"predecessor-version":[{"id":1221710,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/posts\/1214156\/revisions\/1221710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/media\/1193363"}],"wp:attachment":[{"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/media?parent=1214156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/categories?post=1214156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/tags?post=1214156"},{"taxonomy":"gijn_topic","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/gijn_topic?post=1214156"},{"taxonomy":"series","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/series?post=1214156"},{"taxonomy":"gijn_language","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/gijn_language?post=1214156"},{"taxonomy":"gijn_region","embeddable":true,"href":"https:\/\/gijn.org\/tr\/wp-json\/wp\/v2\/gijn_region?post=1214156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}