Pro-Palestinian group worms inside WhatsApp and antivirus firms
Technology // Web Services
The “KDMS” hacktivist collective apparently bypassed security by guessing the answers for password reset questions to deface and possible corrupt the companies’ sites.
The so-called DNS hack altered Internet directory records that tell computers where to find servers or other computers.
Popular mobile messaging service WhatsApp, along with security firms AVG and Avira, fell victim to this trick, which also recently tripped up the New York Times website.
KDMS, an Anonymous affiliated hacking group, claimed responsibility for the attacks on Twitter, delivering pro-Palestinian propaganda ending in the words "long live Palestine,” the Guardian reports.
All three sites seem to have been undone by an attack on Network Solutions, a domain name registrar and website hosting company. Emails from WhatsApp could have been intercepted, some analysts say.
"It appears that our account used to manage the DNS records registered at Network Solutions has received a fake password-reset request not being initiated by anyone at Avira. Network Solutions appears to have honoured this request and allowed a third party to assume control of our DNS," said Sorin Mustaca of Avira in a statement.
"Network Solutions seems to have let the side down for all three sites," independent security expert Graham Cluley told the Guardian. "Somehow hackers gained access to the DNS records of Network Solutions, possibly through a simple password reset request, and managed to redirect the domain names of the three companies to the hacker's websites."
The actual WhatsApp mobile messaging services seem to be unaffected, but the consequences for AVG and Avira could be more severe, according to Cluley.
"With regard to the antivirus companies, AVG and Avira, there's also the possibility that program updates could have been poisoned if the companies use domain names as part of their update procedures, although there's likely to be a series of checks and verifications to avoid that within the update procedure," Cluley explained to the Guardian.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.