Yeah, I've noticed the injected video my ISP, Turkcell Superonline. Only works with sites with no HTTPS/HTTP->HTTPS redirection since they can't proxy sites with SSL.

Interestingly, I don't get the Erdogan's message on my cell. My friends tried calling me last night to hear the message, they don't hear it when they call me either. Could be related to me using my networks -paid- call ring tone customising app.

Back in 2013 the Turkish CA (TURKTRUST) enabled phishers to spoof Google. Given the current situation, finding someone who tries to mess up the certificates should not be a surprise.

> https://security.googleblog.com/2013/01/enhancing-digital-ce...

> https://www.wired.com/2013/01/google-fraudulent-certificate/

Some time ago Wikipedia has been banned in Turkey because the government didn't like a couple of pages about its involvement in the Syria civil war. (I don't have references handy but you can find easily with Google)

In the past couple of weeks I noticed the a number of ISPs (for sure Turkcell for mobile and Türk Telekom for land lines) started injecting a wrong certificate, I guess to MITM the communication.

The certificate is of course wrong (it is both untrusted and the domain name is wrong) so the browser will notice this and block the access, but I'm surprised that I haven't seen any discussion about this online

Nobody would burn a CA just so they can inject some ads into Google. They'll be able to do it for 24hrs max before somebody notices (less if it's a google site, because chrome reports rogue certificates to google)

Was there any evidence that any phishing went on with that certificate?