Latest in Hack

Image credit:

Lenovo's website hijacked, apparently by Lizard Squad (update)

106 Shares
Share
Tweet
Share
Save

Sponsored Links

Lenovo's no good, very bad week of security may be getting worse -- Lenovo.com appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad -- all set to the sounds of "Breaking Free" from High School Musical. The HTML code says this "new and improved rebranded" site is featuring Ryan King and Rory Andrew Godfrey -- two people that some internet posters have identified as members of Lizard Squad.

Update: It gets worse -- Lizard Squad's DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo's Superfish removal tool had bricked a customer's Yoga laptop. That may not be the end though, as the group claims it will be combing through the "dump" of captured data soon.

Update 2: Security researcher Brian Krebs reveals that the two people named have actually been working to expose Lizard Squad, and that a hack at a Malaysian domain registrar was the source of the redirect.

[Thanks, Mark]

Not everyone is seeing the replacement page though -- for our staff it only appears over certain connections, but not others -- so it could be a DNS redirect that hasn't hit everywhere. Security researcher Jonathan Zdziarski points out that the DNS entry is now redirecting to a Cloudflare server, which explains what's going on, although it doesn't fix it for anyone still trying to reach the site. We've contacted Lenovo about the situation, but have not received a response yet.

[Image credit: Shutterstock]
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
106 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best games for PS4

The best games for PS4

View
Moving the largest high-performance lens ever built

Moving the largest high-performance lens ever built

View
Snap's 'Project Voldemort' dossier detailed Facebook's copycat moves

Snap's 'Project Voldemort' dossier detailed Facebook's copycat moves

View
Samsung will start selling the Galaxy Fold in the US on September 27th

Samsung will start selling the Galaxy Fold in the US on September 27th

View
How to buy a soundbar in 2019

How to buy a soundbar in 2019

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr