High Profile Twitter Accounts Hacked By Pro Turkish Supporters

Thousands of Twitter accounts have been hacked and then defaced with anti Dutch messages and Nazi symbols, by attackers supportive of controversial Turkish President Tayyip Erdoğan.

The hacked Twitter accounts include some notable names, including the BBC North America, Forbes, Amnesty International, the European Parliament, and Reuters Japan, as well as numerious high profile individuals such as tennis star Boris Becker, and security expert Graham Cluely.

The hack comes amid an escalating diplomatic conflict between the Netherlands and Turkey, over Holland’s decision to prevent Turkish government ministers from addressing Turkish expats living in the Netherland about the upcoming Turkish referendum.

Nazi Spam

The hackers defaced the Twitter accounts with hashtags (in Turkish) that read “NaziGermany” and “NaziHolland.”

The tweets included a swastika and described the attack as a “little Ottoman slap.” The Tweet also said “See you on April 16,” they read, referring to the date of Turkey’s referendum to grant more powers to President Erdogan.

A four-minute video of an Erdogan speech was also attached to the tweets.

It seems that the attackers were able to hack the compromised accounts because they used a use of a popular third-party analytics service, namely Twitter Counter, which is based in the Netherlands.

Twitter Counter is one of a number of companies that plug into Twitter to provide marketing and analytics tools for people and businesses, and its clients include companies such as Time, Netflix, and YouTube.

Twitter Counter chief executive, Omer Ginor, told the Guardian newspaper that “we are aware of the situation and have started an investigation into the matter”.

“Before any definite findings,” Ginor continued, “we’ve already taken measures to contain such abuse of our users’ accounts, assuming it is indeed done using our system – both blocking all ability to post tweets using our system and changing our Twitter app key.”

But it worth noting that this is not the first time that Twitter Counter has been hacked. Last November it was hacked and a number of accounts including Playstation, The New Yorker and Viacom sent out spam tweets.

Security Take

Security guru Graham Cluely apologised to his readers for the Nazi spam from his Twitter account, but explained he only found out about it after he stepped off a plane in Kuwait City and switched on his phone,

“My heart sank when I checked my Twitter timeline, as kindly preserved by the media,” he explained.

He said that he had given Twitter Counter access to his account back in October 2014 in order for him to count his followers, but said it “clearly was a decision I now regret.”

“The fact that a third-party app was used means that the hackers didn’t have my Twitter password. Phew!,” he wrote. “It also meant, however, that they didn’t have to try to bypass Twitter’s Login Verification feature in order to tweet from mine and thousands of other Twitter users’ accounts.”

Cluley advised affected users to go delete the offending Tweet and then revoke the offending third-party app’s access to their Twitter account.

“Now, if you’ll excuse me, I have to board another plane,” finished Cluley. “I’d really appreciate it if the internet behaved itself while I’m offline.”

Quiz: Are you a security pro?