WhatsApp has become the latest victim of politically-driven website hackings. The messaging service’s site was taken over earlier today by the KDMS Team, who put up a pro-Palestinian message on the site as well as claiming no amount of security can stop them.
— John Doe (@JohnDoeRu) October 8, 2013
What’s interesting about this attack is how simple it was to take over WhatsApp’s site. It appears that the KDMS Team changed the Domain Name Service (DNS) records for WhatsApp’s site to redirect to another page. It appears that no security breach was actually implemented, instead relying on DNS spoofing to hijack the site’s address. DNS servers basically work to translate written web addresses to IP addresses, which are much harder to memorize and search.
WhatsApp isn’t alone when it comes to having their DNS spoofed. Earlier this year, the New York Times and Twitter both had their home pages hijacked via similar means. The Syrian Electronic Army hacker group claimed responsibility for the attacks.
Domain registrars, who control DNS servers, will have to increase security measures if they want to stop this type of attack from happening in the future. At the moment, it’s too easy for someone to impersonate and steal a domain name.