Hot on the heels of the defacement of the AVG anti-virus website, comes news that they’re not the only victims of pro-Palestinian hackers today.
It appears that the homepage of WhatsApp, the tremendously popular free messaging app, was also defaced.
Earlier today, the WhatsApp website displayed a pro-Palestinian message from the hackers under the title “You Got Pwned” and looked like this:
The message is identical to the one which appeared on AVG’s website earlier today.
As with the AVG hack, the group claiming responsibility for the defacement is the KDMS team, who appear to have a pro-Palestinian agenda.
It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.whatsapp.com to a different IP address.
Presently users are finding it hard to reach the WhatsApp website - presumably because the company has taken it offline while they attempt to get a handle on this mess.
Sadly, it’s not the only security headache for WhatsApp today. Security researchers have claimed that there are serious weaknesses in WhatApp’s encryption which could make it possible for unauthorised parties to eavesdrop on your messages.
Let’s hope that the cause for the WhatsApp and AVG website hacks is discovered quickly, and the problem is resolved.
It is now becoming clear that the WhatsApp servers (and indeed those which run the AVG and Avira websites) were not broken into by hackers, but that instead the companies were the victims of DNS hijacking.
DNS records work like a telephone book, converting human-readable website names like whatsapp.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered whatsapp.com into your browser you were instead taken to a website that wasn’t under WhatsApp’s control.
The question now is how did the hackers manage to change the DNS records for whatsapp.com, avg.com and avira.com?
Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of the sites’ DNS records?
Or was Network Solutions - which manages the DNS records for these companies - tricked into changing the passwords, and as a result allowed the hackers to gain access to the DNS entries?