Fake Diplomas, Fake E-Signatures, and a Scandal in the Wake of Earthquakes: Inside Turkey’s Fraud Network Infiltrating e-Government Systems

An organized fraud network accused of producing fake university diplomas using forged electronic signatures (e-signatures) is now under investigation for exploiting the identities of victims of Turkey’s devastating February 6, 2023 earthquakes. The group is alleged to have altered student records of deceased or injured graduates from Gazi University to create fraudulent graduation certificates, even uploading them into the official e-Government (e-Devlet) and YÖK (Council of Higher Education) systems.

The scope of the scandal, revealed through an indictment by the Ankara Chief Public Prosecutor’s Office, suggests over 400 individuals may have obtained fake diplomas in fields such as law, civil engineering, and teaching, with their credentials deceptively appearing valid in government databases.

How the Investigation Began

The criminal investigation began with a formal complaint by A.M., the head of Gazi University’s Student Affairs Office. On August 19, 2024, A.M. alerted prosecutors after noticing unauthorized access and unusual authorization changes within the university’s information systems. Despite the system being protected by two-factor authentication, investigators discovered that the attackers had used a forged ID to cancel A.M.’s existing e-signature and issue a new one, allowing them to bypass security controls.

E-Signature Forgery and Identity Theft

According to Ankara’s Cybercrime Unit, suspect M.U.S. fabricated an identity using A.M.’s credentials, enabling the revocation and reissuance of a digital signature without the victim’s knowledge. This e-signature was then used to manipulate official university records, granting access to internal databases such as the Öğrenci Bilgi Sistemi (OBS) and YÖKSİS — the national higher education database.

Exploiting Earthquake Victims’ Identities

An alarming aspect of the investigation revealed that student records belonging to individuals who died or were injured during the February 6 earthquakes were altered. Cybercrime experts found evidence that records were manipulated from IP addresses located outside the university, replacing legitimate student data with that of unregistered individuals.

After uploading these forged records to YÖKSİS, the attackers deleted traces from internal OBS systems, making the forgeries harder to detect.

Fake Degrees Issued Across Disciplines

Initial findings identified:

• 4 fake law degrees

• 1 fake technical education diploma

• 1 fake computer engineering diploma

These were not just internal fabrications—they appeared as officially registered diplomas within Turkey’s national education system, accessible via e-Government platforms used by public institutions and employers.

Ongoing Legal Proceedings

To date, two indictments have been filed, and a third investigation is ongoing. The Ankara Public Prosecutor’s Office and the Cybercrime Unit continue to unravel what appears to be one of Turkey’s most extensive diploma fraud scandals, revealing how gaps in digital infrastructure and identity verification were exploited to compromise state-level databases.