A failed coup attempt in Turkey, which began during the evening of July 15, was apparently coordinated using the WhatsApp mobile messaging service, according to reports from Turkish media. And among the apparent plotters was a Turkish Army colonel who was considered an expert in cyber-operations. Ahmet Zeki Gerehan, a Turkish infantry officer, was head of the operation and intelligence department at the Turkish Army War College and co-author of a number of articles on cyber-warfare.
According to video reports, officers involved in the coup gave moment-by-moment status reports in a WhatsApp group chat entitled “We are a country of peace” (“yurta suhl b iziz”), as the faction moved to shut down the bridge over the Bosporus connecting the Istanbul region to the rest of Turkey and conceal their operations from official communications channels.
Darbecilerin WhatsApp görüşmeleri deşifre edildi pic.twitter.com/9ShCgbm3nf
— ÇAPAMAG (@CAPAMAG) July 16, 2016
Gerehan was highly aware of how effective using technology like WhatsApp could be against a centralized command-and-control system. One of the papers he co-authored was presented in 2015 with one of his students at the Turkish Army War College during the Journal of National Security and Military Science’s International Leadership Symposium entitled Security and the Environment of Future Military Operations. Speaking of the hybrid nature of conflicts in the 21st Century, he wrote, “Cyber Warfare might be the decisive factor in future wars.” In another paper, he and his co-authors noted, “The power of social networks, during elections, street incidents in repressive regimes or during natural disasters, has proved its ability to change traditional one-way media, from news agency to people.”
But even as the coup planners were using encrypted consumer-grade communications as part of their operational security, they failed to take into account that Internet messaging would be used against them. While some social media channels were slowed by apparent network bandwidth throttling early in the coup attempt, Turkish President Recep Tayyip Erdoğan was able to use Apple’s FaceTime video chat app to reach at least two television stations and call for citizens to take to the streets to counter the coup attempt. Erdoğan’s message also reached mosques, which used their public address systems normally used for calls to prayer to rally supporters and get them out onto the streets to confront the units involved in the coup.
The coup attempt, which reportedly was rushed because of fears that information about its planning had leaked, began with the seizure of Turkish state broadcaster TRT and the cable network CNN Turk. But there was no move against a number of other broadcasters, and social media remained active.
As the information security and operational security expert known as “The Grugq” noted in a post to Medium, the plotters largely failed because they neglected to take the potential of social media into account. And their failure to capture Erdoğan before he reached television broadcasters via FaceTime from his plane gave the government the opportunity to rally resistance. Compared to two successful coups in Thailand that The Grugq witnessed firsthand—where the military shut down communications (in one case by cutting power to the entire city of Bangkok)—the Turkish coup plotters made a fundamental error in their cyber plans.
And that was despite the fact that one of their number had almost literally written the book on how to manage cyber-operations to shape the battlefield.
“Simply taking over the TV stations is not enough,” The Grugq wrote. “The Internet is a more powerful means of communication than TV, and it is more resilient — especially with a sophisticated population. The Turks are experienced at handling attempts to cut their access to social media, and the putsch never even took over the ISPs.”