Twitter app pwned by pro-Turkey hackers: Users' accounts sling 'Nazi' slurs

A hack against the Counter third-party Twitter app was used to push propaganda messages containing swastikas through numerous high profile accounts on Wednesday.

The propaganda messages (screenshot below) labelled both Germany and the Netherlands as "Nazis" over the two European nations' recent dealings with Turkey. Both countries have denied permission for Turkish ministers to speak about a forthcoming Turkish referendum on presidential powers at local rallies of Turkish expatriates.

Twitter Counter – a third-party app which licenses the Twitter name – admitted that a breach to its service was likely behind the trolling incident.

"We're aware that our service was hacked and have started an investigation into the matter. We've already taken measures to contain such abuse," it said, before adding. "Assuming this abuse is indeed done using our system, we’ve blocked all ability to post tweets and changed our Twitter app key."

Turkish trolling tweet

The timing of the abusive messages – echoing the sentiment of Turkish President Recep Tayyip Erdogan, who said of the Dutch rally crackdown "Nazism is still widespread in the West" – comes on the day of the general election in the Netherlands.

Victims of purloined access to their account include infosec pundit Graham Cluley, Germany football club Borussia Dortmund and numerous others.

Twitter Counter sought to further reassure users by saying that it does not store users’ Twitter account credentials (passwords) nor credit card information. The service, which boasts millions of users, offers an overview and graph of Twitter stats.

The incident raises wider questions about third-party apps and Twitter accounts. Users would be wise to go to Settings/Apps and review the ability of third-party apps to access their account. Users can easily delete those they either no longer use or don't recognise with just a couple of mouse clicks.

Jens Monrad, senior intelligence analyst at FireEye, said the Twitter Counter incident is part of an upsurge of Turkish nationalist hacktivism and/or trolling, mostly directed against Dutch targets.

"On the 11th of March, Shortly after the Dutch authorities prevented [Turkish] foreign minister Mevlut Cavusoglu from flying to Rotterdam, we observed disruption attacks carried out against Rotterdam The Hauge Airport's website. The DDoS attack was most likely carried out by a Turkish hacktivist group that appears to be motivated by Turkish nationalism.

"There were several other disruption and web-defacement attacks carried out after the news broke about the prevention of Mevlut Cavusoglu's travel to Rotterdam, including an attack against the website owned by Dutch [right-wing] politician, Geert Wilders, as well as several enterprises in the Netherlands were targeted." ®