Lenovo’s website hijacked, apparently by Lizard Squad

Posted on

Lenovo’s no good, very bad week of security may be getting worse — Lenovo.com appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad — all set to the sounds of “Breaking Free” from High School Musical. The HTML code says this “new and improved rebranded” site is featuring Ryan King and Rory Andrew Godfrey — two people that some internet posters have identified as members of Lizard Squad.

Update: It gets worse — Lizard Squad’s DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo’s Superfish removal tool had bricked a customer’s Yoga laptop. That may not be the end though, as the group claims it will be combing through the “dump” of captured data soon.

Lenovo's website hijacked by Lizard Squad
Lenovo’s website hijacked by Lizard Squad

[Thanks, Mark]

Not everyone is seeing the replacement page though — for our staff it only appears over certain connections, but not others — so it could be a DNS redirect that hasn’t hit everywhere. Security researcher Jonathan Zdziarski points out that the DNS entry is now redirecting to a Cloudflare server, which explains what’s going on, although it doesn’t fix it for anyone still trying to reach the site. We’ve contacted Lenovo about the situation, but have not received a response yet.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s