A special team of officers from the Police Department Cyber Crimes Bureau identified 31,000 previously unknown ByLock users, among whom are employees of important public agencies. The new list will soon be submitted to the Ankara Prosecutor's Office for a formal indictment. ByLock was first heard of publicly after last year's bloody coup attempt. The encrypted messaging app was exclusively used by the Gülenist Terror Group (FETÖ) long before the putsch bid, blamed on its infiltrators in the military, was carried out last year on July 15, investigators say. ByLock was popular among FETÖ members between 2013 and 2015.
After 2015, the cult turned to Eagle IM, which offers "256-bit end-to-end AES encryption," according to the app's description on its Google Play Store page. FETÖ leader, Fetullah Gülen, used to send out instructions through the ByLock messaging app.
"All members must make calls through ByLock, those who use regular phone communication would betray the mission," Gülen reportedly told FETÖ members, one indictment prepared against the users stated. Teams of IT experts now work to decipher 1 million messages between members of the terrorist group.
It was reported earlier this month that IT officials were able to decode 18 million messages so far. However, the remaining 1 million messages reportedly contain "critical" orders or instructions to the group's followers by FETÖ's senior figures.
ByLock was discovered during criminal inquiries into the terrorist group whose criminal activities have been under the spotlight since two coup attempts in 2013. The National Intelligence Organization (MİT) uncovered the messaging app apparently programmed - or modified for exclusive use of the group's members - by someone linked to FETÖ.
According to recent media reports, police intelligence staff linked to the terrorist group were behind the app. The FETÖ-linked staff working in the intelligence department of the police department were the "architects" of the app, or rather its modification to serve the purposes of the group. A group of intelligence officers are accused of controlling the private app used to deliver Gülen's messages to his followers, as well as to instruct the group's members on how to carry out plots against anti-Gülenists.
Investigations show that 95 out of the first 100 people who downloaded and installed the app were personnel of police intelligence and the other five people were employees of the Scientific and Technological Research Council of Turkey (TÜBİTAK). TÜBİTAK was the target of mass infiltration by FETÖ in the past, and it is believed that the original developers of the application are linked to this state-run institution.
The ByLock investigation was expanded after the coup attempt and thousands of people accused of using the messaging app for communicating Gülen's messages to subordinates and for pro-terrorism propaganda have been detained or arrested.
Servers of the app deployed in Lithuania were brought to Turkey where teams from the intelligence service work to decode. Prosecutors launched investigations and thousands, ranging from shopkeepers to high-ranking generals and bureaucrats, housewives and prominent businesspeople, were detained for exchanging messages via ByLock for acts of terror.
Most of the defendants claim they "accidentally" downloaded the app and never used it, while others claim they did not use it for FETÖ messages. However, the messages, including those urging FETÖ members to help the coup plotters who killed 249 people in last year's coup, point out that the app was one of the most employed means of communication in the secretive group.
The terrorist group, which posed as the religious "Hizmet" (Service) Movement for decades, had moved to seize power in multiple coup attempts over the past four years when the government moved to curb its widespread clout in Turkey. Since then, a string of investigations disclosed that Gülenists were involved in a wide array of crimes, ranging from money laundering to orchestrating sham trials to imprison critics and conspiring against anyone opposing FETÖ. ByLock was first offered in English and later rolled out a Turkish language update to help provide accessibility to FETÖ members in Turkey. After the update, the app was called "Turquoise."
Before the coup attempt on July 15, 2016, ByLock was removed from Google Play Store, as well as Apple's store, however, its services were open for access.
The recently uncovered list of around 31,000 users and their 1.5 million encrypted messages will be used for a new indictment, it is believed.