AC
Anasayfa Makaleler Bilişim Suçları

TCK Article 243 Accessing the Information System: Criteria for Defense and Supreme Court of Appeals

TL;DR

TCK m.243: Hukuka aykırı olarak bir bilişim sisteminin tamamına veya bir kısmına giren kişiye 1 yıla kadar hapis. Yetki + kasıt + bulunma süresi ölçüt.

15 Şubat 2026 Bilişim Suçları 3 dk okuma 5 görüntülenme Son güncelleme: 9 Mayıs 2026

TCK Article 243 is the crime of illegally accessing an information system. Main criteria: unauthorized access, intent, length of stay in the system. Access with shared password is considered "lawful"; However, misuse may result in a separate crime.

Elements of the crime

  • Material element: Unauthorized access to the information system (network, account, database, mobile device).
  • Moral element: Intention — knowingly making unlawful access.
  • Result link: Staying in the system; Even entering and leaving once is a crime.

    • Penalty amount

    • Basic: Up to 1 year imprisonment or judicial fine.
    • Copying data from the system: 1-3 years + criminal money.
    • Public institution system (Art.244/2): 1-3 years, separate crime.

    Defense arguments

    • Proof of authority: Providing password, contractual clause (e.g. former employee information has not been renewed), service agreement.
    • No intentionality: URL incorrectly (typo squatting), empty dollar (default credential).
    • Temporary presence: One-click exit (no harm done).
    • Bug bounty program: A certificate of authorization can be submitted.

    What if the old employee still uses his password?

    Yes, it is a crime. It is the company's fault that the password is not canceled when the work is completed, but in terms of crime, the main thing is that the former employee acted "unauthorized". Practical: Password cancellation at the end of work is a contractual obligation.

    Is SQL injection considered?

    Yes. SQL injection is unauthorized access to the IT system; Additionally, m.244/1 (obstructing/disrupting system operation) may be triggered.

    Predictive access via user interface?

    Brute-force / credential stuffing unauthorized access, m.243. Additionally, obstructing the operation of the m.244 system (exceeding the rate limit) is an additional crime.

    Is it a crime to connect to open WiFi?

    Controversial. An unencrypted WiFi network can be interpreted as the owner allowing access; However, entering the router internal panel (admin/admin) is definitely a crime.

    Is the public institution system different?

    Yes — TCK article 244/2: 1-3 years. In addition, if there is a significant penalty under CMK 250, the high criminal court is authorized.

    Relevant legislation

    • TCK art.243 — Entering the information system (1-3 years + criminal money).
    • TCK Article 244 — Preventing/disrupting system operation (1-5 years).
    • TCK art.245 — Bank/credit card fraud (3-6 years).
    • TCK art.158/1-f — Qualified fraud when the information system/bank/credit institution is the tool (3-10 years).
    • CMK article 134 — Computer search, copying, seizure.
    Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case. Durations, rates and application are shaped by jurisprudence; Check the current legislation before applying.

    Kaynaklar ve referanslar

    Kaynaklar

    TCK m.243 Bilişim Sistemine Girme: Savunma ve Yargıtay Ölçütleri içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla