Hundreds, if not thousands, of Twitter users, many of them high-profile, were hacked Tuesday by someone who appeared to support Turkey in its diplomatic row with the Netherlands.
Their accounts displayed a Swastika — reversed to face to the right — as well as the Turkish flag and hashtags to the Nazialmanya and Nazihollanda accounts, which displayed comments on the attack.
The following message in Turkish, translated into English through Google Translate, also was posted on affected accounts: “Now Old Turkey Nothing You Have Set Adjust Absolute Wheel Will Earn Traitors Crime Freaks Needed YES le Verecek Elbet.”
The hackers included a reference to April 16, when Turkey will hold a referendum to give President Recep Erdogan more power, and a link to a Youtube video presenting clips of speeches by Turkish President Recep Erdogan, accompanied by a poem that appears to be threatening.
Among the victims are Nike Spain, Duke University, Starbucks Argentina, the European Parliament, the BBC, Amnesty International and a number of high-profile people, including singer Justin Bieber.
Twitter Leaps Into Action
Twitter Support on Wednesday reported that it had addressed the issue.
We identified an issue affecting a small number of users. Source was a 3rd party app and it has been resolved. No action needed by users.
— Twitter Support (@Support) March 15, 2017
Twitter had “moved the apps permissions to Twitter accounts globally,” noted Willis McDonald, senior threat manager at Core Security.
Its response was “appropriate, given the number of accounts affected and also that the attack had to do with a third-party app and not Twitter itself,” he told TechNewsWorld.
How the Hack Happened
The hack appears to have exploited a zero-day vulnerability in Twitter Counter, a third party app available on Google Play and the Apple App Store, said Robert Capps, VP of business development at NuData Security.
Twitter Counter, which lets users graph their Twitter stats, apparently has more than 180 million users.
Its website has been shut down temporarily, “for maintenance.”
“If Twitter were a country, it would be the 12th largest in the world,” Capps told TechNewsWorld.
Its more than 100 million users, and its capacity as a real-time source of information, “make it an attractive and vulnerable target for account takeovers,” he said, because it gives bad actors “access to the audiences of celebrities and brands with thousands of followers.”
Gangsters or Governments?
It’s likely that the attackers were operating in support of Turkey, Core Security’s McDonald suggested, but they probably were “a nationalist group and not state-sponsored attackers.”
The hack “only caused minor damage to the public image of the victim accounts,” he said, and the damage to Twitter’s image is “minimal, since [it] was due to a third-party app.”
However, “the damage to Twitter Counter is [worse] since their app’s permissions have been removed from Twitter, which essentially puts them out of business until they can resolve the issue,” McDonald said.
Twitter Counter users can remove the app from their devices and change their account credentials, and since Twitter has removed the app’s permissions, he noted, victims “only need to remove the offending tweets to remediate their accounts.”