Forbes’ Twitter profile was briefly compromised on Wednesday morning, thanks to a hack of a third party called Twitter Counter.
A slew of major Twitter feeds started sending out masses of pro-Turkey messages in the last 24 hours. Publications including the BBC, Reuters and Forbes were affected.
Forbes’ had its Twitter profile image changed to a Turkish flag, while tweets were published containing a video of president Recep Erdogan giving a speech at the World Economic Forum, and the hashtags “NaziGermany” and “NaziHolland,” indicating the hackers were highlighting an ongoing feud between Erdogan and EU nations.
But none of those publications were to blame. The hackers, whoever they were, targeted a third-party app called Twitter Counter, which provides Twitter stats and has the ability to control the tweets of customer accounts.
Twitter Counter is now investigating. “We’re aware that our service was hacked and have started an investigation into the matter. We’ve already taken measures to contain such abuse,” it tweeted. The company said it had blocked the ability to control tweets, while Twitter removed the firm’s permissions too.
The Counter warned that another entity could have been targeted, though didn’t provide further explanation:
The Twitter Counter application is blocked on Twitter. If this activity continues, then we strongly believe it’s not just through us.
— TheCounter (@thecounter) March 15, 2017
Forbes has recovered its account, as have the other publications affected.
The tweets came at a time of heightened tension between Turkey and the Dutch government, after the Netherlands prevented two Turkish ministers from appealing to expatriates in the lead-up to a referendum that promises to give president Recep Erdogan greater powers. Turkey subsequently accused the Netherlands of “Nazi” behavior, and today Erdogan said the Dutch were to blame for the massacre of 8,000 muslims in Srebrenica, Bosnia, in 1995.
The feud between Turkey and the Netherlands has spread online in other ways too, said Jens Monrad, senior intelligence analyst at FireEye. “There has been an escalation of politically motivated cyber threats carried out by Turkish individuals and groups. Many of these observed attacks seems to be motivated by Turkish Nationalism and pro Erdogan government support,” Monrad said.
On the 11th of March, just after Turkish foreign minister Mevlut Cavusoglu was barred from flying to Rotterdam, FireEye saw a distributed denial of service (DDoS) attack against Rotterdam The Hague Airport’s website. “The DDoS attack was most likely carried out by a Turkish hacktivist group that appears to be motivated by Turkish nationalism and pro-Islam ideologies,” Monrad added.
Got a tip? Email at TFox-Brewster@forbes.com or firstname.lastname@example.org for PGP mail. Get me on Signal on +447837496820 or email@example.com on Jabber for encrypted chat.