Lenovo’s main corporate website compromised in apparent revenge for Superfish adware
Chinese PC maker Lenovo has suffered an embarrassing hack of its main corporate website, in what appears to be retaliation for the sneaky adware known as Superfish.
The breach was apparently carried out by the Lizard Squad and redirected visitors to the Lenovo.com website to another address. The attack also apparently intercepted internal company emails.
The Lizard Squad claimed it was behind the attack on its Twitter feed, and hinted that the attack was in apparently revenge for Lenovo’s inclusion of the Superfish adware on its PCs and laptops.
Earlier in the month, it had been revealed that Lenovo had pre-installed Superfish, an advertising program on some Lenovo laptops. The Chinese PC maker Lenovo had begun to bundle Superfish ad software with some of its laptops in September of last year, using it to alter users’ search results. It said it removed the software from its products in January due to user complaints over the intrusiveness of the tool.
Earlier this week, the US Government warned the general public to remove Superfish because it said it introduces a security vulnerability.
In retaliation, The Lizard Squad compromised the Lenovo.com domain name system. Instead of the corporate website, users were redirected to a webpage containing a slideshow of webcam images set to a pop song. Clicking on the images redirects to the Twitter account @LizardCircle.
The HTML code meanwhile says this “new and improved rebranded” site is featuring Ryan King and Rory Andrew Godfrey. These two people have reportedly been previously identified as members of Lizard Squad.
But the real worry for Lenovo will come from the claim that the hackers managed to intercept internal company emails. Indeed, Lizard Squad posted an email exchange between Lenovo employees discussing Superfish.
“We’ll comb the Lenovo dump for more interesting things later,” the hackers ominously claimed on their Twitter feed.
Lenovo meanwhile has said it has restored its site to normal operations after several hours.
“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” the company was quoted as saying by Reuters. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”
The Lizard Squad has left a trail of destruction in its wake recently. Earlier this month, it claimed responsibility after the Xbox Live gaming system suffered an outage apparently caused by a distributed denial of service (DDoS) attack.
This was the second time that Lizard Squad had targeted Microsoft’s gaming platform, as it had also previously downed Xbox Live and Sony’s PlayStation Network (PSN) over Christmas, which disrupted millions of online gamers throughout the Christmas period. After that attack, a couple of its members were arrested.
Lizard Squad came to prominence in 2014 after taking down the online presences of numerous gaming companies, including Blizzard, Activision, and Sony.
It also carried out a bomb threat against a Sony executive in August 2014. The “LizardSquad” twitter feed, which had claimed responsibility for the attack, then began posting comments related to Iraq’s ISIS and the “Islamic State”. He tweeted that there might be “explosives” on board a plane carrying a Sony executive. The flight from Dallas to San Francisco was diverted to Phoenix, Arizona
Are you a security guru? Try our quiz!