Thousands of Twitter accounts, including high profile ones belonging to users such as Forbes, Amnesty International, the BBC’s North American service, and tennis star Boris Becker were hacked by Erdoğanist Turkish hackers on Wednesday morning following Turkey’s escalating diplomatic conflict with Germany and the Netherlands.
Attacks, which appeared to be simply a form of political vandalism and used the hashtags #Nazialmanya or #Nazihollanda, took over accounts of high-profile CEOs, publishers, government agencies and also some regular Twitter users.
The diplomatic spat between Turkey and the Netherlands spread online on Wednesday when a large number of Twitter accounts, many with no apparent connection to the dispute, were hijacked and replaced with anti-Nazi messages in Turkish.
Hijacked accounts featured tweets with Nazi symbols, a variety of hashtags and the phrase “See you on April 16,” an apparent reference to the date of Turkey’s planned referendum to grant Erdoğan more powers.
The Twitter accounts hijacked included those of the European Parliament and the personal profile of French politician Alain Juppe. They also included the UK Department of Health, along with the profile of Marcelo Claure, the chief executive of U.S. telecoms operator Sprint Corp, which remains hijacked. Other accounts included publishing sites for Reuters Japan, Die Welt and Forbes and several non-profit agencies including Amnesty International and UNICEF USA as well as Duke University.
All the compromised accounts were attacked through their use of a popular third-party analytics service, Twitter Counter. The attackers used the service’s permissions to post a message in Turkish, reading “卐 #NaziGermany👌#NaziNetherlands, a little👋#OTTOMAN SLAP for you, see you on #April16th.” That date is when Turkey is planning to hold a referendum on whether to grant stronger powers to its president Tayyip Erdoğan, and the tweets also linked to a pro-Erdoğan video on YouTube.
The Guardian has reported, a search for the hashtags in the message – #Nazialmanya and #Nazihollanda in the original Turkish – returned thousands of results, indicating widespread success on the part of the hackers. The attackers also changed profile pictures and header images for some more high-profile targets, changing the main image to a Turkish flag and the profile picture to a Turkish-style coat of arms.
Twitter Counter, the company at the heart of the mass breach, is based in Amsterdam. But it may not have been targeted purely for political symbolism: it has been hacked once before, in November 2016, resulting in some accounts including Playstation, The New Yorker and Viacom sending spam tweets.
In a statement, Twitter said that it was “aware of an issue affecting number account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.”
The breach made it on to Twitter proper through the social network’s “third party permissions” process. When users link a service to Twitter, they grant it various permissions to take actions on their behalf. Those actions can range from minor – such as “reading tweets” – to near-complete control of the linked Twitter account, as with the permissions Twitter Counter was granted. If the third-party service is compromised, attackers can use its permissions freely.
Turkish hacker groups had also targeted a large number of Dutch websites after the political fallout between the Netherlands and Turkey over the weekend. Website Rumag was hacked on Monday, according to NU.nl. Pro-Turkish and anti-European texts with a photo of Turkey’s autocratic President Recep Tayyip Erdoğan were posted on the site. After the Turkish text a message was displayed in English.
It read: “Hey Europe, you often talk about democracy, human rights and freedom. But your fear of ‘Great Turkey’ shows your colonialist, racist and fascist crusade mentality and shows your true face.” The message is signed by hacking group Cyber-Warrior Akıncılar.
A large number of websites hosted by Versio were also hacked into. On some sites messages were left signed by several members of Privatehackers.com. On the forum of this Turkish language website, multiple topics were opened since the increased tensions between the Netherlands and Turkey. In these topics claims are made that between 95 and 1,500 Dutch websites were hacked.
Some of the websites were taken over and messages were left. One read: “You Dutch think we will do nothing, but you are wrong. We will never forget what you have done to us,” according to NU.nl. While no direct reference is made to the diplomatic row between the Netherlands and Turkey, the message does seem to refer to it.
Tensions between the Netherlands and Turkey broke out on Saturday when the former blocked two Turkish ministers from speaking at political rallies and President Erdoğan twice referred to the Dutch government as “Nazis.”
Turkey’s relations with Germany, Austria and the Netherlands have been strained over these countries’ refusal to allow Turkish government officials to hold rallies there ahead of the public referendum in Turkey in April.
Turkey will hold a referendum on April 16 on a constitutional reform package that will introduce an executive presidency in the country if approved.
Germany, Austria and the Netherlands have canceled scheduled events to be participated in by Turkish ministers, usually out of security concerns.
A large number of Turkish citizens or people of Turkish origin live in these countries, and Turkish citizens living abroad have the right to vote in elections and referenda.
Turkey is a candidate to join the EU, although the membership negotiations have made little progress over the past decade. The country has become a vital partner in a deal with the EU to curb the passage of migrants and refugees from Turkey into Europe.
March 15, 2017