Thousands of Twitter accounts compromised by Turkish hackers to broadcast 'Nazi' tweets

Finger of blame pointed at Twitter app Twitter Counter

Turkish hackers, taking their lead from the example set by Turkey's President Erdogan, have compromised numerous Twitter accounts in order to send messages accusing Germany and the Netherlands of being run by Nazis.

Accounts belonging to Amnesty International, UNICEF USA and security blogger Graham Cluley, among others, were compromised in order to send the abusive messages.

The attacks are almost certainly connected to the barring of the Turkish foreign minister Mevlut Cavusoglu from flying to the Netherlands, and the prevention of Turkey's family minister, Fatma Betul Sayan Kaya, from speaking to Turkish supporters of President Recep Tayyip Erdogan at a rally in Rotterdam.

After his ministers were barred, Erdogan cut diplomatic ties with the Dutch government and promised retaliation, branding Holland a "Nazi remnant".

A week earlier he had accused the German government of "Nazi practices" over it's banning of rallies in the country intended to show support for his increasingly authoritarian government, which has closed media organisations that don't support his government, arrested thousands of academics, journalists and opposition party supporters, as well as sacking thousands of teachers and tens of thousands of civil servants.

It has also imposed bans on the use of virtual private networks, the anonymised web browser Tor, YouTube, and social networks including Twitter and Facebook.

The referendum in Turkey would drastically extend Erdogan's power in Turkey, and enable him to stay in power until 2029.

The hacked Twitter accounts were used to broadcast messages in Turkish with the hashtags #Nazialmanya and #Nazihollanda.

The attackers appear to have taken a scattergun approach to their targets as most have no obvious relation to the incidents. They include the UK Department of Health and BBC North America, as well as the official account of Marcelo Claure, CEO of telecoms firm Sprint Corp.

Cluley believes the attack vector used was a third-party app called Twitter Counter.

"Twitter Counter requests read *and* write access to your Twitter account, in order to do its jiggery pokery counting your Twitter followers," he wrote on his blog.

"I gave Twitter Counter access to my account in October 2014, and that clearly was a decision I now regret. Quite why it would need write access, unless it is planning its own self-promotion, I can't say.

"The fact that a third-party app was used means that the hackers didn't have my Twitter password... It also meant, however, that they didn't have to try to bypass Twitter's Login Verification feature in order to tweet from mine and thousands of other Twitter users' accounts."

If you have been affected, Cluley suggests deleting the offending tweets and revoking the app's access to your Twitter account.