Skip To Content
Breaking News

Twitter Accounts Hacked With Nazi-Themed Messages Amid Turkey Feud

A large number of Twitter accounts were hijacked and replaced with anti-Nazi messages in Turkish in a bizarre spinoff from a diplomatic spat between Turkey, the Netherlands and Germany.

The attacks, using the hashtags #Nazialmanya (NaziGermany) or #Nazihollanda (NaziHolland), took over accounts of high-profile CEOs, publishers, government agencies, politicians and also some ordinary Twitter users.

Turkish President Tayyip Erdogan has accused the German and Dutch governments of Nazi-style tactics, drawing protests from both countries, after Turkish government ministers were barred from addressing political rallies there to boost his support among expatriate Turks.

The account hijackings took place as the Dutch began voting on Wednesday in a parliamentary election that is seen as a test of anti-establishment and anti-immigrant sentiment.

“Politically motivated cyber attacks in general thrive on making as large a media impact as possible and therefore it is expected to see these attacks whenever a political conflict escalates,” FireEye cyber security analyst Jens Monrad said.

The hacked accounts featured tweets with Nazi symbols, a variety of hashtags and the phrase “See you on April 16,” the date of a planned referendum in Turkey on extending Erdogan’s presidential powers.

Among them were the accounts of the European Parliament and the personal profile of French conservative politician Alain Juppe.

They also included the UK Department of Health and BBC North America, along with the profile of Marcelo Claure, the chief executive of U.S. telecoms operator Sprint Corp.

Other accounts included publishing sites for Die Welt, Forbes and Reuters Japan and several non-profit agencies including Amnesty International and UNICEF USA, as well as Duke University in the United States.

The hijacked profiles were recovered, some more quickly than others. BBC North America tweeted: “Hi everyone – we temporarily lost control of this account, but normal service has resumed.”


A Twitter spokesman said it was aware of the latest account takeovers and had begun to investigate.

“We quickly located the source which was limited to a third party app. We removed its permissions immediately,” a Twitter statement said. It added that no additional accounts are affected.

At least some of the hijacked tweets appear to have been delivered via Twitter Counter, a Netherlands-based Twitter audience analytics company. Twitter Counter Chief Executive Omer Ginor acknowledged via email that the service had been hacked.

“Preliminary findings are that our app, (along) with others, was used this morning to send Erdogan-supporting and anti-Dutch messages on behalf of our users,” Ginor said. He added: “We’ve already taken measures to contain such abuse,” including suspending the posting of tweets via the Twitter Connect app.

The firm provides statistics to some 2 million Twitter users who link their profiles into the Twitter Connect app to track audience responses to their tweets. This connection appears to have been exploited in the attacks.

Twitter Counter also was the target of a hack attack in mid-November that led some Twitter accounts linked to the company’s app to spew out spam tweets, including those of soccer star Lionel Messi and gaming sites Sony Playstation and Microsoft Xbox.

Ginor said the connections between the November attacks and the current ones were circumstantial, but there were similarities.

“Both attacks (had) similar effects and seemingly (the) same country of origin, as the November attackers were indeed operating from Turkey and the actions taken were benefiting Turkish properties and people,” the Twitter Counter exec said.


Last Saturday, denial of service attacks staged by a Turkish hacking group hit the websites of Rotterdam airport and anti-Islam firebrand Geert Wilders, whose Freedom Party is vying to form to form the biggest party in the Dutch parliament.

A Turkish group known as Aslan Neferler Tim (Lion Soldiers Team) claimed responsibility.

The same group appears to have been responsible for temporary outages in August and September last year of the sites of Austrian institutions including the Vienna airport, the national parliament and Central Bank.

Those attacks occurred in the midst of a diplomatic row that followed Austria’s calls for European Union accession talks with Turkey to be dropped.

Analyst Monrad said cyber attacks have become a technically easy and increasingly common means of political score-settling.

“Ultimately, this trend will only get worse,” he said. “Cyber threats don’t move backward. If anything, the barrier to entry only becomes lower over time.”—Reuters

I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning, nonprofit journalism during this critical time.

Now more than ever, American Jews need independent news they can trust, with reporting driven by truth, not ideology. We serve you, not any ideological agenda.

At a time when other newsrooms are closing or cutting back, the Forward has removed its paywall and invested additional resources to report on the ground from Israel and around the U.S. on the impact of the war, rising antisemitism and the protests on college campuses.

Readers like you make it all possible. Support our work by becoming a Forward Member and connect with our journalism and your community.

Make a gift of any size and become a Forward member today. You’ll support our mission to tell the American Jewish story fully and fairly. 

— Rachel Fishman Feddersen, Publisher and CEO

Join our mission to tell the Jewish story fully and fairly.

Republish This Story

Please read before republishing

We’re happy to make this story available to republish for free, unless it originated with JTA, Haaretz or another publication (as indicated on the article) and as long as you follow our guidelines. You must credit the Forward, retain our pixel and preserve our canonical link in Google search.  See our full guidelines for more information, and this guide for detail about canonical URLs.

To republish, copy the HTML by clicking on the yellow button to the right; it includes our tracking pixel, all paragraph styles and hyperlinks, the author byline and credit to the Forward. It does not include images; to avoid copyright violations, you must add them manually, following our guidelines. Please email us at [email protected], subject line “republish,” with any questions or to let us know what stories you’re picking up.

We don't support Internet Explorer

Please use Chrome, Safari, Firefox, or Edge to view this site.