14 DAY TRIAL // The Palestinian hacker group KDSM Team has defaced the main website of AVG Technologies, avg.com. It’s uncertain if the incident is a result of a breach of AVG’s systems or if it’s another case of DNS hijacking.
At the time of writing, the site is restored. However, security expert Graham Cluley has captured a screenshot of the defacement page.
“We are here to deliver two messages. First one: we want to tell you that there is a land called Palestine on the earth. This land has been stolen by Zionist. Do you know it? Palestinian people has the right to live in peace. Deserve to liberate their land and release all prisoners from Israeli jails. We want peace. Long live Palestine,” the hackers wrote on the defaced site.
They added, “Second message: There Is No Full Security. We Can Catch You! Hacked by KDMS team. Now We Will Quit Hacking.”
Interestingly, the part about “we will quit hacking” appears to be true since the group has deleted its Facebook page.
It’s uncertain how the hackers pulled this off. We’ve reached out to AVG in hopes that they can provide some clarifications. This article will be updated in case we hear from them, or if they publish a statement.
KDMS Team is the same group that claimed to have hacked LeaseWeb over the weekend. The hackers say they’ve stolen data from the web hosting company’s systems, but they haven’t provided any evidence to back their allegations.
LeaseWeb representatives said the attack was the result of a DNS hijack. It’s possible that a DNS poisoning attack is behind the AVG website defacement as well, but we’ll probably find out for sure once AVG comes forward with a statement.
Update. Experts have confirmed that this is a case of DNS hijacking. It appears that avg.com is not the only domain affected. Avira and WhatsApp websites have also been defaced in the same manner.
The visitors of these sites see the real site or the defacement page depending on what DNS they're using.
Also, the hackers have clarified that their Facebook page was actually deleted by Facebook.
Update 2. All of the impacted domains are registered through Network Solutions. It's possible that the hackers breached the systems of Network Solutions.
Kaspersky's Aleks Gostev says Avira's email is also affected. We can confirm this since the emails we've attempted to send to Avira have bounced back.
Update 3. Avira has provided a statement to Softpedia and confirmed that Network Solutions has been compromised by the attackers.
AVG has also issued a statement on the incident:
"AVG can confirm today that it has had a select number of online properties defaced as a result of our domain name system (DNS) registrar being compromised. A number of other companies appear to have been faced with the similar issue.
The situation is being further monitored and assessed closely. Customers are our priority, the DNS records have been corrected and AVG is working hard to resume normal service levels to its customer base and continue to protect our customers and their privacy.”