Lenovo's website hijacked, apparently by Lizard Squad (update)

Sponsored Links

Richard Lawler
February 25, 2015 4:29 PM
In this article: hack, lenovo, lenovo.com, lizardsquad
Lenovo's website hijacked, apparently by Lizard Squad (update)

Lenovo's no good, very bad week of security may be getting worse -- Lenovo.com appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad -- all set to the sounds of "Breaking Free" from High School Musical. The HTML code says this "new and improved rebranded" site is featuring Ryan King and Rory Andrew Godfrey -- two people that some internet posters have identified as members of Lizard Squad.

Update: It gets worse -- Lizard Squad's DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo's Superfish removal tool had bricked a customer's Yoga laptop. That may not be the end though, as the group claims it will be combing through the "dump" of captured data soon.

Update 2: Security researcher Brian Krebs reveals that the two people named have actually been working to expose Lizard Squad, and that a hack at a Malaysian domain registrar was the source of the redirect.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

[Thanks, Mark]

Not everyone is seeing the replacement page though -- for our staff it only appears over certain connections, but not others -- so it could be a DNS redirect that hasn't hit everywhere. Security researcher Jonathan Zdziarski points out that the DNS entry is now redirecting to a Cloudflare server, which explains what's going on, although it doesn't fix it for anyone still trying to reach the site. We've contacted Lenovo about the situation, but have not received a response yet.

[Image credit: Shutterstock]
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
Lenovo's website hijacked, apparently by Lizard Squad (update)