Anti-virus software providers AVG and Avira, as well as instant-messaging app maker WhatsApp, today (Oct. 8) fell victim to Palestinian nationalist hackers who redirected users to their own Web page via a subtle method known as DNS (Domain Name System) hijacking.
The hacks come from an ill-defined organization known as the KDMS Team, who also claim association with Anonymous Palestine. KDMS has no apparent desire to spread malware or gather user information, but rather wants to leverage high-profile websites to spread a nationalistic (if poorly spelled) missive.
"We are here to deliver tow [sic] messages," KDMS declared on the hacked websites. The group claims that Palestinian land has been stolen by Zionists, and that the Palestinians wish to live peacefully following the release of all Palestinian prisoners from Israeli jails.
"We want peace" and "Long live Palestine" follow, as do a Palestinian flag and map illustrating the shrinking Palestinian territory between 1946 and 2000 (historians will note that Israel, which now possesses most formerly Palestinian land, came into existence in 1948).
AVG, the anti-virus arm of Czech security company Grisoft, has already cleaned up its website and returned its functionality to normal. If your inner subversive is dying to see what KDMS has accomplished, the site for German anti-virus firm Avira remains in their hands at the time of writing.
The website for popular mobile messaging service WhatsApp was also affected and, as of this writing, still plays the Palestinian national anthem. There is no evidence that the WhatsApp app itself has been compromised.
Aside from the inherent irony of security websites falling prey to malefactors, the KDMS hack is interesting in that it is using DNS hijacking to redirect users, rather than modifying existing content on its victim sites.
DNS hijacking is a practice used by hackers, phishers and, occasionally, Internet service providers. The process fools Internet browsers into connecting to one site when it means to connect to another.
An ISP might do this in order to route users back to its own search engine; KDMS has done it to redirect users to its oddly translated message.
The reason why these three companies have found themselves in Palestinian crosshairs is because their DNS entries are maintained by Network Solutions, a major domain-name registry.
According to a report from Softpedia, Network Solutions replied to a fake password-reset request, granting KDMS all the tools they needed to hijack the companies' websites without resorting to sophisticated hacking techniques.
In the meantime, AVG is back to normal, and Avira and WhatsApp should follow suit soon enough. If you visited any of the hijacked websites, you have nothing to worry about (save for a MIDI of the Palestinian national anthem getting stuck in your head).
If you use services with password-reset options, consider using two-step authentication to prevent a situation like this one.