Lenovo's website hijacked (briefly) by High School Musical-loving hackers

LenovoEveryday the internet seems to get weirder.

Lenovo, which has found itself making security headlines over the SSL-busting Superfish debacle, has had its website briefly hijacked by the notorious Lizard Squad hacking gang.

Not only did the hackers control what visitors to Lenovo.com saw, they also made them listen to the teenybop song "Breaking Free" from Disney's "High School Musical".

So you can appreciate the true horror of what the hackers did, here is part of the slideshow that was displayed on the Lenovo website (animated gif by the fine fellows at Gizmodo):

Lenovo animated gif

And here is the musical soundtrack that was playing underneath this madness:

Which, I think you will agree is rather different than what you normally see on lenovo.com:

Normal Lenovo website

If you clicked on the slideshow, you would be taken to the Lizard Squad's group Twitter account.

HTML source code

Ryan King and Rory Andrew Godfrey have previously had their names linked to other Lizard Squad attacks. For instance, their names match those displayed in another recent hijacking attack instigated by the Lizard Squad gang against Google's presence in Vietnam earlier this week.

What's happened here is someone has managed to meddle with Lenovo.com's DNS entry, pointing it away from Lenovo's own servers and to a webpage under the control of the mischievous hackers.

DNS (Domain Name System) is the part of the internet which acts like a huge telephone book - turning the human-friendly names that we type into browsers ("lenovo.com", "grahamcluley.com", "microsoft.com") into the computer friendly numeric IP addresses that the internet loves but non-silicon-based lifeforms have no chance of remembering.

Someone has screwed up, and allowed Lenovo's DNS entry to be messed with by an unauthorised party, redirecting any legitimate traffic it might have been receiving to a third party webpage.

Clearly, that's not good at all. And hardly what you want to happen when you're trying hard to reassure the world that you really do care about security and privacy, and know what you're doing...

And, unfortunately, this website hijacking may not be the last of Lenovo's troubles. Lizard Squad has been tweeting images of emails apparently sent from public relations staff to Lenovo's management, about the DNS hijacking.

Email from PR to Lenovo

Which raises the obvious question - what other emails sent to Lenovo might they be reading?

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

2 Responses

  1. Martin

    February 26, 2015 at 12:10 pm #

    I guess that's poetic justice for Lenovo and what goes around, comes around. Perhaps they will now think twice before installing spyware and crapware into their new systems.

    I think this is not the first time Lenovo have had issues of this kind. As I recall, there was an issue with some of their PCs having hardware backdoors in a while back.

    I don't think I or any of my clients will be shopping with them anytime soon.

  2. Coyote

    March 1, 2015 at 5:47 pm #

    "What's happened here is someone has managed to meddle with Lenovo.com's DNS entry, pointing it away from Lenovo's own servers and to a webpage under the control of the mischievous hackers."

    Are they really editing the zones (so the DNS RRs) or are they rather poisoning the cache ? Because there's a big difference… and if they are editing the zones, then that registrar has a far serious issue on their hands.

Leave a Reply