WhatsApp website attacked by hackers, goes offline


WhatsAppHot on the heels of the defacement of the AVG anti-virus website, comes news that they’re not the only victims of pro-Palestinian hackers today.

It appears that the homepage of WhatsApp, the tremendously popular free messaging app, was also defaced.

Earlier today, the WhatsApp website displayed a pro-Palestinian message from the hackers under the title “You Got Pwned” and looked like this:

WhatsApp website

The message is identical to the one which appeared on AVG’s website earlier today.

As with the AVG hack, the group claiming responsibility for the defacement is the KDMS team, who appear to have a pro-Palestinian agenda.

It’s possible that the hackers managed to change the website’s DNS records, redirecting anyone who attempted to visit www.whatsapp.com to a different IP address.

Presently users are finding it hard to reach the WhatsApp website - presumably because the company has taken it offline while they attempt to get a handle on this mess.

Sadly, it’s not the only security headache for WhatsApp today. Security researchers have claimed that there are serious weaknesses in WhatApp’s encryption which could make it possible for unauthorised parties to eavesdrop on your messages.

Let’s hope that the cause for the WhatsApp and AVG website hacks is discovered quickly, and the problem is resolved.

See also: AVG and Avira anti-virus websites attacked by pro-Palestinian hackers

Network SolutionsIt is now becoming clear that the WhatsApp servers (and indeed those which run the AVG and Avira websites) were not broken into by hackers, but that instead the companies were the victims of DNS hijacking.

DNS records work like a telephone book, converting human-readable website names like whatsapp.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered whatsapp.com into your browser you were instead taken to a website that wasn’t under WhatsApp’s control.

The question now is how did the hackers manage to change the DNS records for whatsapp.com, avg.com and avira.com?

Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of the sites’ DNS records?

Or was Network Solutions - which manages the DNS records for these companies - tricked into changing the passwords, and as a result allowed the hackers to gain access to the DNS entries?

Tags: , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , ,

4 Responses

  1. Andy

    October 8, 2013 at 4:15 pm #

    This isn’t a defacement, it’s a
    redirection to another site. A defacement would mean that the
    legitimate code on the site had been altered.

    • Graham Cluley in reply to Andy.

      October 8, 2013 at 4:32 pm #

      Thanks Andy. It certainly looks that way. I’ve updated the article.

      • Pastor Dinah Ncube in reply to Graham Cluley.

        October 9, 2013 at 6:08 am #

        I have not been able to open my WhatsAp for two days. Each time I try to open there is a notice that says “This Version is too old, upgrade now”. And of-course I can’t upgrade. ( http error 503 /500 Service unavailable) Thanks for the info pray it will be resolved soon.

  2. Kudzanai Tafa

    October 9, 2013 at 5:36 am #

    How many days for whatsapp to be well.any one with the other address that i can use to get whatsapp

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.