Unbeliebeable: High profile Twitter accounts hijacked by Turkish activists

News by Max Metzger

What does Justin Bieber's Japanese account, The UK Department of Health and Seabrooks crisps have to do with nascent tensions between The Netherlands and Turkey? They all used Twitter Counter.

Several high profile Twitter accounts, including Justin Bieber's, have been hijacked by Turkish nationalist political activists. The hack caught a bizarre assortment of thousands of high profile accounts in its assault including the likes of Forbes magazine, Amnesty International, Starbucks Argentina, Seabrook Crisps, the UK Department of Health and Justin Bieber's Japanese account.

The accounts let loose a volley of political statements in Turkish lashing out at #nazihollanda, or ‘Nazi Holland' in Turkish, referencing recent political tensions between Turkey and Holland.

Both countries are currently in the midst of tense political elections. Turkey is currently holding a referendum which would grant new powers to President Recep Tayyip Erdogan, who is already considered by many to be an authoritarian.

Holland is currently facing an election which could see the elevation of far right nationalist and anti-Turkish politicians elevated to positions of power within the Dutch government.

Though these two moments might otherwise be seen as separate, various highly publicised events have supercharged tensions between the two countries. The Netherlands has a significant Turkish population some of which have been the targets of rhetoric by increasingly popular far right political forces in the country.

To make matters worse, a video of a protest by Erdogan supporters aggressively shut down by Dutch police is seen by many as emblematic of alleged Dutch antipathy towards Turkey. A refusal to let Fatma Betül Sayan Kaya, the Turkish family and social policy minister, and Turkey's Foreign minister Mevlut Cavusoglu into Holland on 11 March, preventing them from addressing a pro-Erdogan rally in Rotterdam, has done little to help.

Cavusoglu's ban was an igniting moment for political cyber-action. FireEye watched Turkish hacktivist groups carry out disruption attacks against Rotterdam airport's website. Several other attacks against Dutch targets, including the website of far right politician, Geert Wilders, followed soon after.

Jens Monrad, senior intelligence analyst at FireEye, told SC Media UK that these kinds of attacks are all about attention: “Politically motivated cyber-attacks in general thrive on making as large a media impact as possible and therefore it is expected to see these attacks whenever a political conflict escalates.”

“Ultimately, this trend will only get worse”, added Monrad, “If anything, the barrier to entry only becomes lower over time. Politically motivated cyber-attacks such as those targeting social media will only become more effective as we become more reliant on these technologies."

Twitter reacted to the issue in a statement from its @Support account.

The wide assault did not apparently result from individual hacks on the accounts themselves but one single hack on third party app Twitter Counter, which provides tools and analytics for the platform. The company confirmed the event to Techcrunch  saying that it had stemmed the tide of tweets by issuing a complete block on the service's ability to tweet. It added that it does not store Twitter account credentials nor credit card information.

“Users should be wary as to which services they allow access to write to their Twitter accounts,” said Javvad Malik, security advocate at AlienVault, “It can be all too easy to allow permissions and subsequently forget that they were ever granted. The specific danger that third parties present is that even if users have secured their account properly and enabled two-step authentication, it offers no protection.”

Mark James, security specialist at ESET told SC that,“One of the problems with these types of ‘hacks' is the perception of who has actually been hacked. In this case, our first impression is Twitter but in fact a third party tool was compromised that has the ability or permission to post to Twitter on your behalf.”

James added that, to secure your Twitter account, head to the “profile and settings” page. Within that page, click on ‘Apps' to view those services which have access to your account.  There is an option to ‘revoke access', if you feel in danger of something similar happening to you.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews