You are here

Lenovo website breached, hacker group Lizard Squad claims responsibility

Thursday, February 26, 2015 - 10:11

[BEIJING] China's Lenovo Group Ltd website was hacked, the company said on Wednesday, days after the US government advised Lenovo customers to remove a pre-installed virus-like software, "Superfish", on laptops that makes the devices more vulnerable to attacks.

Hacking group Lizard Squad claimed to be behind the attacks, according to its Twitter page.

Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp's PlayStation Network and Microsoft Corp's Xbox Live network last month. Members of the group have not been identified. "The domain name service server hosting Lenovo's website was hacked. We do not have any further information at this time to share. We'll update as soon as possible," Lenovo said in a statement to Reuters.

San Francisco-based security firm CloudFlare said hackers transferred the domain to CloudFlare in order to point it to a defacement site. "As soon as we at CloudFlare noticed, we seized the account and worked with Lenovo to restore service while they worked to recover their domain," Marc Rogers, Principal Security Researcher at CloudFlare, said in an email to Reuters.

Starting 4 pm ET (2100 GMT) on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song "Breaking Free" playing in the background, according to The Verge, which first reported the breach. "We're breaking free! Soarin', flyin', there's not a star in heaven that we can't reach!," Lizard Squad posted on its Twitter page, quoting the song from the movie "High School Musical". The hackers also posted a couple of screenshots of an email between Lenovo employees regarding the "Superfish" software.

The Department of Homeland Security said in an alert on Friday that the "Superfish" programme makes users vulnerable to a type of cyberattack known as SSL spoofing, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

Mr Rogers also said CloudFlare was able to restore service before Lenovo recovered the domain, suggesting that the outage was probably "quite small".

However, Lenovo's website was inaccessible at 7.54 pm ET (0054 GMT). A message said the site was unavailable due to system maintenance.

REUTERS