TCK 243 Entering the Information System: Crime Limit, Defense and Typical Scenarios

Typical scenarios

• Guess → entering social media account password: TCK 243 + 244.
• The former employee still knows the password: TCK 243 as the authorization expires.
• System outside the scope of pen-test: TCK 243 (contract detail is critical).
• Seeing files in Public S3 bucket: commented (Supreme Court is not clear yet).

Frequently asked questions

I entered my wife's Instagram by guessing her password; crime?

Yes, TCK article 243. The reason for committing a crime against the spouse in the divorce; In addition, TCK Article 134 (violation of private life). A trump card in both criminal and divorce proceedings.

I gave permission for pen-test, but the client complained again?

Written contract + scope document is required. If there is no contract, the "permission defence" is weakened. Preliminary agreement + certified pen-tester (OSCP, CEH) recommended.

I noticed that my company server was open and I warned; crime?

"Ethical hacker" attitude; The elements of TCK 243 (conscious + unauthorized) still occur. However, reductions in sentencing and non-prosecution are common. It is safe to work with "Disclosure policy".

Anyone else's email was opened with Forgot password; What is my responsibility?

Accidentally, his comment is not clear. If you use the account (reading content, sending messages) TCK 243 + 244. You must exit immediately and return the password.

I found a vulnerability in the system other than the bug bounty program; what to do?

Do not interfere; Notify the company by email. If the company does not respond, CERT.tr (TR-CERT) notification. Individual disclosure (full disclosure) carries criminal risk.

Relevant legislation

• TCK art.243-245 — Basic articles of cyber crimes.
• TCK art.158/1-f — Qualified fraud (information tool).
• CMK article 134 — Search for digital evidence.
• 5651 SK — Access blocking and content removal.
• Budapest Cybercrime Convention — Türkiye is a party; international cooperation.