As reported by numerous media outlets, “hackers apparently sympathetic to the Turkish government posted Twitter messages Wednesday on hundreds of public accounts deriding Germany and the Netherlands as Nazis, opening a new front in an escalating war of words between Turkey and its European allies.”
As noted in the Washington Post report, “it was not clear who was responsible for the tweets, which were posted on the accounts of Amnesty International, UNICEF and the BBC, among others. But the messages suggested backing for Turkish views — echoing recent rhetoric by Turkish President Recep Tayyip Erdogan.”
This attack demonstrates that hacktivists and attackers see Twitter as a primary method of getting a political or ideological statement into the wider press. By attacking popular accounts to spread Turkish threats and anti-Dutch propaganda, the hacker (or hacking group) immediately gains a large amount of exposure that they otherwise would not be able to achieve.
It is impossible to say at this point who is behind the attack, though we cannot rule out the Turkish government. Numerous government spy agencies have used cyberattacks and cyber espionage as a primary tool in gathering intelligence and spreading propaganda.
Some reports indicate that the popular accounts were hacked through an app which among other things, counts the number of Twitter followers. Adding third party apps to any system makes that system less secure. Best practices in cybersecurity require us to constantly consider the entire cyber infrastructure and all the connections to our secure space. No one is a digital island. We are only as secure as the least secure part of a network.
Twitter is most secure when third party apps are not connected to Twitter and when two-factor authentication is turned on. The most secure accounts do not allow access to anyone but the owner, and require a one-time text code to be sent to the owner’s cell phone to log in.