By Eric Auchard
FRANKFURT (Reuters) - A diplomatic spat between Turkey, the Netherlands and Germany spread online on Wednesday when a large number of Twitter accounts were hijacked and replaced with anti-Nazi messages in Turkish.
The attacks, using the hashtags #Nazialmanya (NaziGermany) or #Nazihollanda (NaziHolland), took over accounts of high-profile CEOs, publishers, government agencies, politicians and also some ordinary Twitter users.
Turkish President Tayyip Erdogan has accused the German and Dutch governments of Nazi-style tactics, drawing protests from both countries, after Turkish government ministers were barred from addressing political rallies there to boost his support among expatriate Turks.
The account hijackings took place as the Dutch began voting on Wednesday in a parliamentary election that is seen as a test of anti-establishment and anti-immigrant sentiment.
"Politically motivated cyber attacks in general thrive on making as large a media impact as possible and therefore it is expected to see these attacks whenever a political conflict escalates," FireEye cyber security analyst Jens Monrad said.
The hacked accounts featured tweets with Nazi symbols, a variety of hashtags and the phrase "See you on April 16", the date of a planned referendum in Turkey on extending Erdogan's presidential powers.
Among them were the accounts of the European Parliament and the personal profile of French conservative politician Alain Juppe.
They also included the UK Department of Health and BBC North America, along with the profile of Marcelo Claure, the chief executive of U.S. telecoms operator Sprint Corp.
Other accounts included publishing sites for Die Welt, Forbes and Reuters Japan and several non-profit agencies including Amnesty International and UNICEF USA, as well as Duke University in the United States.
The hijacked profiles were recovered, some more quickly than others. BBC North America tweeted: "Hi everyone - we temporarily lost control of this account, but normal service has resumed".
A Twitter spokesman said it was aware of the latest account takeovers and had begun to investigate.
"We quickly located the source which was limited to a third party app. We removed its permissions immediately," a Twitter statement said. It added that no additional accounts are affected.
At least some of the hijacked tweets appear to have been delivered via Twitter Counter, a Netherlands-based Twitter audience analytics company. Twitter Counter Chief Executive Omer Ginor acknowledged via email that the service had been hacked.
"Preliminary findings are that our app, (along) with others, was used this morning to send Erdogan-supporting and anti-Dutch messages on behalf of our users," Ginor said. He added: "We've already taken measures to contain such abuse," including suspending the posting of tweets via the Twitter Connect app.
The firm provides statistics to some 2 million Twitter users who link their profiles into the Twitter Connect app to track audience responses to their tweets. This connection appears to have been exploited in the attacks.
Twitter Counter also was the target of a hack attack in mid-November that led some Twitter accounts linked to the company's app to spew out spam tweets, including those of soccer star Lionel Messi and gaming sites Sony Playstation and Microsoft Xbox.
Ginor said the connections between the November attacks and the current ones were circumstantial, but there were similarities.
"Both attacks (had) similar effects and seemingly (the) same country of origin, as the November attackers were indeed operating from Turkey and the actions taken were benefiting Turkish properties and people," the Twitter Counter exec said.
CYBER PROTEST STUNTS
Last Saturday, denial of service attacks staged by a Turkish hacking group hit the websites of Rotterdam airport and anti-Islam firebrand Geert Wilders, whose Freedom Party is vying to form to form the biggest party in the Dutch parliament.
A Turkish group known as Aslan Neferler Tim (Lion Soldiers Team) claimed responsibility.
The same group appears to have been responsible for temporary outages in August and September last year of the sites of Austrian institutions including the Vienna airport, the national parliament and Central Bank.
Those attacks occurred in the midst of a diplomatic row that followed Austria's calls for European Union accession talks with Turkey to be dropped.
Analyst Monrad said cyber attacks have become a technically easy and increasingly common means of political score-settling.
"Ultimately, this trend will only get worse," he said. "Cyber threats don't move backward. If anything, the barrier to entry only becomes lower over time".
(Additional reporting by Jeremy Wagstaff in Singapore and Subrat Patnaik in Bangalore; Editing by Mark Trevelyan)