Latest in Hack

Image credit:

Lenovo's website hijacked, apparently by Lizard Squad (update)

106 Shares
Share
Tweet
Share
Save

Sponsored Links

Lenovo's no good, very bad week of security may be getting worse -- Lenovo.com appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad -- all set to the sounds of "Breaking Free" from High School Musical. The HTML code says this "new and improved rebranded" site is featuring Ryan King and Rory Andrew Godfrey -- two people that some internet posters have identified as members of Lizard Squad.

Update: It gets worse -- Lizard Squad's DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo's Superfish removal tool had bricked a customer's Yoga laptop. That may not be the end though, as the group claims it will be combing through the "dump" of captured data soon.

Update 2: Security researcher Brian Krebs reveals that the two people named have actually been working to expose Lizard Squad, and that a hack at a Malaysian domain registrar was the source of the redirect.

[Thanks, Mark]

Not everyone is seeing the replacement page though -- for our staff it only appears over certain connections, but not others -- so it could be a DNS redirect that hasn't hit everywhere. Security researcher Jonathan Zdziarski points out that the DNS entry is now redirecting to a Cloudflare server, which explains what's going on, although it doesn't fix it for anyone still trying to reach the site. We've contacted Lenovo about the situation, but have not received a response yet.

[Image credit: Shutterstock]
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
106 Shares
Share
Tweet
Share
Save

Popular on Engadget

Ericsson will pay over $1 billion to settle US corruption charges

Ericsson will pay over $1 billion to settle US corruption charges

View
Apple's redesigned Mac Pro will be available to order December 10th

Apple's redesigned Mac Pro will be available to order December 10th

View
'Free Guy' trailer shows a video game NPC without chains

'Free Guy' trailer shows a video game NPC without chains

View
Porsche tests a four-motor powertrain for electric SUVs

Porsche tests a four-motor powertrain for electric SUVs

View
'The Boys' season 2 teaser hints at more blood-soaked mayhem

'The Boys' season 2 teaser hints at more blood-soaked mayhem

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr