This Wednesday morning, several hundred (or even thousand) Twitter users were woken up to witness that their accounts hijacked by intruders to spread pro-Turkish messages. Those hijacked also include high-profile and verified users such as Duke University, Forbes, Starbucks America, and UNICEF among others. It is currently unclear how many accounts have been affected by this activity.
The hackers — identity unknown — posted a Turkish message containing swastikas as well as Nazi hashtags from all hijacked accounts. The tweets sent out by them started out with a swastika symbol, followed by hashtags #Nazialmanya and #Nazihollanda (which means #NaziGermany and #NaziHolland). It then includes a note reading: “a little#OTTOMAN SLAP for you, see you on #April16th.”
The date in the tweets refers to the day when Turkey is holding a referendum to make constitutional changes to grant more power to their President. This change will potentially allow him to command more control and remain in the office through 2029, reports The Verge. The social media campaign by these hackers also included a pro-Erdoğan video as well. It also involved changing the profile or cover picture of some of these hijacked accounts to the Turkish flag, in order to show support for the nation.
The tweets were based off the ongoing diplomatic feud between Turkey and two European countries – Netherlands and Germany. This online protest stems from the fact that Turkish ministers were barred from speaking out at rallies carried out by Turks in Netherlands. And this decision of the Dutch government led the Turkish President Tayyip Erdogan called them out for “behaving like Nazis.” And it seems the same was reflected in the massive outburst of tweets.
— Alex Hern (@alexhern) March 15, 2017
Now, Twitter has acknowledged the account hijacking and the surprising peak they might’ve witnessed on their tweet dashboard. But, it was not the micro-blogging platform that was compromised by the hackers. Instead, it has been noted and now also confirmed that the outburst of pro-Turkish tweets happened due to a sudden breach at third-party analytics company Twitter Counter. With regards to the same, a Twitter spokesperson has released the following statement:
We are aware of an issue affecting a number of account holders this morning. Our teams are working at pace and taking direct action on this issue. We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.
The said third-party Twitter solutions company is based out of Amsterdam and provides user analytics for engagement, visitors, and followers. And to use the said service, you’re required to grant it permission to access your Twitter account — which also provides the platform with the ability to send tweets and change profile pictures. However, you need not worry about your Twitter credentials like username and password as they aren’t stored with Twitter Counter.
We’re aware that our service was hacked and have started an investigation into the matter.We’ve already taken measures to contain such abuse
— TheCounter (@thecounter) March 15, 2017
While Twitter has already cut access to the said third-party application on their end, we would still recommend readers to navigate to their settings window on the micro-blogging platform and revoke access to Twitter Counter to avoid further damage. And this shows us the glum state of cyber security, which makes it oh-so-simple for hackers to just spread violence across the interwebs.