As Dutch voters head to the polls on Wednesday, a swath of high-profile Twitter accounts have been hacked, with the attackers posting content supporting Turkish President Recep Tayyip Erdogan in his feud with Germany and the Netherlands.
Turkish-language hashtags reading “NaziGermany” and “NaziHolland” appeared on the verified Twitter accounts of German newspaper Die Welt, Forbes Magazine, BBC North America and Reuters Japan. Also targeted were the Twitter accounts of the European Parliament, French politicians like Alain Juppé, and Sprint Corp.’s Chief Executive Officer and President Marcelo Claure, among others.
“We are aware of an issue affecting a number of account holders this morning,” said Twitter company spokeswoman Kaori Saito. “We quickly located the source which was limited to a third party app. We removed its permissions immediately. No additional accounts are impacted.”
An Amsterdam-based startup said it’s investigating if it’s the source of the postings. Twitter Counter, a marketing tool that allows people and companies to track their popularity on Twitter, said it’s now blocking people from postings through its system while it studies the issue. The company says it has more than 2 million users and tracks more than 350 million Twitter accounts.
“Our app has been used. It’s pending further investigation,” said Twitter Counter CEO Omer Ginor. “We are aware of the situation and have started an investigation into the matter.”
Twitter shares have declined 6 percent so far this year.
“Individual hacks like this one, in isolation, are unlikely to have much impact on Twitter,” said Cyrus Mewawalla, managing director at CM Research. “But the sheer volume of these kind of events will have a damaging impact. Twitter and other social media sites are on the verge of a regulatory backlash that could ultimately impact their business model.”
Twitter Counter, founded in 2008, reported an attack in November in which accounts from Sony Corp., Viacom Inc., Microsoft Corp. and others were compromised and posting spam messages. Twitter Counter apologized and said it had fixed the problem.
Ginor said the company had reached “95 percent certainty” that it had fixed the problem after being hacked in November. The company couldn’t be sure a hacker was “still lurking in the shadows, just waiting for the opportunity.”
The incidents show the indirect ways hackers can take over a company’s Twitter feed. Twitter Counter is one of many companies that plug into Twitter to provide marketing and analytics tools for people, businesses and other groups. Companies including Time Inc., Netflix Inc., Chevron Corp. and YouTube use Twitter Counter, according to its website.
“With the current political conflict between The Netherlands and Turkey, we have observed an increase in takeovers of high profile social media accounts,” said Jens Monrad, senior intelligence analyst at cybersecurity company FireEye Inc.
The attack comes just a day after German Chancellor Angela Merkel’s government increased the pressure on social networks, including Facebook Inc. and Twitter, to curb the spread of fake news and malicious posts, weighing fines of up to 50 million euros ($53 million) for companies that fail to delete illegal content in a timely manner. Her government is taking malicious posts on social media increasingly seriously ahead of the Sept. 24 election in Europe’s biggest economy.
The tweets Wednesday included a swastika and described the attack as a “little Ottoman slap.” “See you on April 16,” they read, referring to the date of Turkey’s referendum to grant more powers to Erdogan, and finish with: “What did I write? Learn Turkish.”
A four-minute video attached to the tweets begins with an Erdogan speech in which he says: “If we’re going to die, let’s die like men.” It then features scenes from various Erdogan speeches, starting with his showdown with then-Israeli President Shimon Peres in Davos in 2009, as a campaign song chanting his name, “Recep Tayyip Erdogan,” plays in the background.
BBC North America has since tweeted that it “temporarily lost control” of its account, but normal service has resumed. Some of the tweets have been deleted.
“Attackers always look for the weakest link of the chain,” said Matt Suiche, founder of United Arab Emirates-based cyber-security startup Comae Technologies. “Third party platforms are perfect targets. It makes lots of sense.”
(c) 2017, Bloomberg · Nour Al Ali, Benjamin Harvey, Adam Satariano