​Lenovo website DNS record hijacked

Lenovo's Superfish debacle seems to have drawn the ire of the Lizard Squad hackers.

This has not been Lenovo's finest hour. First, security experts found that Lenovo was shipping Superfish adware, which turned out to have malware potential. Then, the company completely mishandled the news about it, simultaneously declaring it to be both a security concern and not one. Spoiler alert: Superfish was a major security foul-up. Now, the Lenovo website has been hacked.

lenovohackednew-thumb.jpg
Lenovo's Website domain records have been hijacked. -- sjvn

The site's Domain Name System (DNS) record was cracked at about 4PM Eastern time. As of 6:30 PM Eastern time, the site was still down, but it's coming back as the DNS records are restored. If you go to Lenovo.com now you may still find, instead of computers to buy, a slide-show of several young people while the song "Breaking Free" from High School Musical plays in the background.

The hacked front-page HTML shows that the images are coming from the Imgur Website. This slide-show is being powered by the JavaScript SlideJS script. If you click on the images, you're sent to the Lizard Squad Twitter account. There you'll a few comments about Lenovo, including one that claims that the Lenovo's Superfish removal tool bricks some Lenovo laptops.

While Lenovo must be enraged by their mutilated Website, the hacked page itself didn't carry any hostile payload.

The real Lenovo site, which is supported by CloudFlare, a Content Delivery Network (CDN) and DNS service company, appears to have been untouched. Instead the Lizard Squad, or people acting under their name, seems to have first hijacked the lenovo.com Web address, then redirected it to a server under their control. It's this server, which belongs to a small business in Scottsdale Arizona, that's actually been hacked.

There are also rumors that the Lizard Squad has hacked Lenovo e-mail as well. My network analysis tools give me reason to believe that what users are actually seeing is e-mail foul-ups caused by the company's DNS MX (Mailbox) records being out of sync with Lenovo's hacked DNS A primary IPv4 address.

Lizard Squad, after attacking the Xbox Live and the PlayStation Network (PSN) services during the December holidays, have been relatively quiet lately. Before this, their latest attack, on February 23, was a similar redirect assault on Google Vietnam.

Related Stories: