This has not been Lenovo's finest hour. First, security experts found that Lenovo was shipping Superfish adware, which turned out to have malware potential. Then, the company completely mishandled the news about it, simultaneously declaring it to be both a security concern and not one. Spoiler alert: Superfish was a major security foul-up. Now, the Lenovo website has been hacked.
The site's Domain Name System (DNS) record was cracked at about 4PM Eastern time. As of 6:30 PM Eastern time, the site was still down, but it's coming back as the DNS records are restored. If you go to Lenovo.com now you may still find, instead of computers to buy, a slide-show of several young people while the song "Breaking Free" from High School Musical plays in the background.
While Lenovo must be enraged by their mutilated Website, the hacked page itself didn't carry any hostile payload.
The real Lenovo site, which is supported by CloudFlare, a Content Delivery Network (CDN) and DNS service company, appears to have been untouched. Instead the Lizard Squad, or people acting under their name, seems to have first hijacked the lenovo.com Web address, then redirected it to a server under their control. It's this server, which belongs to a small business in Scottsdale Arizona, that's actually been hacked.
There are also rumors that the Lizard Squad has hacked Lenovo e-mail as well. My network analysis tools give me reason to believe that what users are actually seeing is e-mail foul-ups caused by the company's DNS MX (Mailbox) records being out of sync with Lenovo's hacked DNS A primary IPv4 address.
Lizard Squad, after attacking the Xbox Live and the PlayStation Network (PSN) services during the December holidays, have been relatively quiet lately. Before this, their latest attack, on February 23, was a similar redirect assault on Google Vietnam.
- Merry Xm#@! Lizard Squad took down Xbox and Playstation networks
- Lenovo admits security issues with Superfish, releases removal tool
- Lenovo says Superfish not a 'security concern', own advisory marks it highly severe
- Researchers: Lenovo laptops ship with adware that hijacks HTTPS connections
- How to remove Superfish adware from your laptop