There was no single "hack" of the central MERNIS server in the traditional sense. Instead, the breach was the result of supply chain vulnerabilities.
Do not extract blindly. Use the -t flag to test the archive integrity first, or list contents without extracting.
To list contents:
tar -tzf mernis.tar.gz
To extract safely:
tar -xzf mernis.tar.gz
For the average citizen, the consequences were alarming: mernis.tar.gz
Sophisticated attackers use the file as a deceptive tool, not just a payload.
Use the same Linux commands within WSL. For native Windows, search for the file using PowerShell: There was no single "hack" of the central
Get-ChildItem -Path C:\ -Name mernis.tar.gz -Recurse -ErrorAction SilentlyContinue
Remove-Item -Path "C:\full\path\to\mernis.tar.gz" -Force
The file mernis.tar.gz was a standard Gzip compressed tar archive. When unpacked, it typically revealed raw data files, often in CSV (Comma Separated Values) or SQL format.
From 2020 onward, periodic listings on darknet markets (e.g., "Turkish Citizen Database 2023") have featured screenshots of a tarball containing MERNIS-derived data. The constant reuse of the same filename suggests either multiple copies of an older leak or an attempt by different sellers to brand their stolen goods with a recognizable label. To extract safely: tar -xzf mernis
The infamy of this filename stems from several high-profile incidents: