A new report from Sorin Mustaca, security expert and product manager with Avira, suggests that one of Avira's properties—along with those of several other companies—was hacked recently by a Palestinian hacker group known as KDMS Team. Though the scope of the hacking was not as pronounced as it might have been, what has taken place is sufficiently worrisome.
Mustaca, who sent a mailed statement discussing the hackings, noted that Avira's websites haven't been attacked, but rather the Network Solutions arm of Avira. Network Solutions is an Internet service provider (ISP), which by itself is distressing, but perhaps not so much as it might have been. Mustaca provided further details about the attack, saying that the method involved in the attack was a DNS hijacking, which in turn had the effect of pointing all of Network Solutions' DNS records to “arbitrary domains.”
The attack took place on the strength of a fake request for a password reset that no one at Avira actually logged. With the password reset, KDMS Team—the team said to be behind the attacks—could then take control of the DNS records. Avira was quick to note that the company's internal networks had not been compromised, and in perhaps a measure to protect against further attacks, the company has shut down external services until the DNS records are back in Avira's control. That's a process that Avira is reportedly working on with the ISP in question, along with recovery of the domain name.
Further reports suggest that it's not just Avira, but also AVG and the WhatsApp messaging service that's also taking some hits here, though in some cases the sites were fixed in fairly rapid fashion. The sites all seem to have been hit in the same way, with the front page taken down and a poorly-spelled message about Palestine put up in its place—the team refers to itself in said message as “Plaestinian Hackers” who are delivering “Tow Messages” about both the shifting geography of Palestine and the overall nature of computer security. Playing in the background is, at last report, the Palestinian National Anthem.
Perhaps the oddest part of KDMS Team's message is the ending that states “Now We Will Quit Hacking.” The odd part is that that seems to be the case; even the Facebook page for KDMS Team appears to be deleted, and the group has largely vanished.
Hacking for the sake of spreading a political message isn't exactly new; the decentralized hacking collective known as Anonymous has been spotted making a host of videos and similar moves regarding several political causes like SOPA, PIPA, and PRISM. A Palestinian hacking group taking on sites for the sake of a pro-Palestine message is a little unusual, but the methods are fairly standard.
Perhaps the whole thing was done as a way to foster discussion. But regardless of its principles, hacking in such a fashion simply isn't right, and may well have done more harm to both the team and its cause than any amount of discussion could have engendered. Hijacking sites and DNS records is not the way to get attention.
Edited by Alisen Downey