Lizard Squad hacks Lenovo website and steals emails following Superfish controversy
Lenovo has confirmed its website and email servers have been hacked with hacking group Lizard Squad claiming responsibility and leaking some internal emails.
Lizard Squad, the hacking group behind attacks on Sony Play Station Network and Microsoft's Xbox Live at the end of 2014, has claimed responsibility for briefly hacking the Lenovo.com website and redirecting visitors to another webpage which showed webcam videos of young people with the song Breaking Free from the film High School Musical playing in the background.
The attack, which took place late on Wednesday, 25 February, was resolved after about an hour.
However more worrying for Lenovo will be the apparent access to internal company emails the hacking group has displayed on Twitter.
Following the breach, a Twitter account associated with the group published screenshots of two internal emails, one from a PR company highlighting an online report about the breach and a second referring to the Superfish controversy which was revealed just last week.
Lenovo said it had restored "certain functionality" following the attack:
"One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public-facing website," the company said in a statement to Bloomberg.
However the hacking group has threatened that it will continue to sift through data it has stolen from Lenovo "for more interesting things":
More attacks coming?
Lizard Squad was able to carry out the attack on Lenovo by altering the records of the company's domain name registrar which is Webnic.cc, located in Kuala Lumpur. This type of attack is a circuitous way of taking a website offline, by telling the servers to redirect visitors looking for Lenovo.com to go to a different address.
Earlier this week the group also claimed responsibility for attacking Google's Vietnam portal and according to Andrew Hay, director of security research at OpenDNS, that attack used the same registrar meaning more attacks could be on the way:
"Two defacements in a single week is normally nothing, but two extremely high-profile defacements from the same registrar in the same week is a definite trend. We may see more redirections of domains that were registered with Webnic.cc in the coming days."
The Webnic.cc website is currently offline and speaking to Brian Krebs, two hackers who have been working publicly to undermine Lizard Squad in recent weeks - Ryan King and Rory Andrew Godfrey - said the hackers had used a "command injection vulnerability" in Webnic.cc to upload a rootkit which would allow them continuous access to the company's server.
However King and Godfrey say the rootkit has now been removed, suggesting Lizard Squad no longer has the ability to hijack domains registered with Webinc.cc.
In both cases the hackers used free accounts at DDoS-protection company CloudFlare to hide their identity and location before redirecting traffic to CloudFlare's network. The accounts were subsequently shut down.
Reaction to Superfish
The attack on Lenovo appears to be a reaction to the spying controversy that cropped up last week, which related to a piece of third-party software which was pre-installed on some Lenovo laptops that turned out to monitor what were supposed to be encrypted online communications.
Lenovo finally apologised to customers having initially played down the significance of the piece of software which made customers's laptops highly susceptible to hackers.
Ken Westin, senior security analyst at Tripwire says this controversy has made the Chinese company a target for attacks such as this:
"The recent hack and website defacement of the Lenovo website adds another black eye to an already suffering brand. As a result of getting their hands caught in the privacy invading cookie jar with the deployment of the Superfish adware which compromised their customers' privacy and security, they have made themselves open targets for a number of hacking groups who have essentially declared it open season against Lenovo for their questionable practices."
Adding that few will have sympathy for the Chinese company: "Unfortunately as a result of their actions their brand reputation has taken a significant hit and as a result very few are sympathetic to Lenovo's website compromise, many feeling they brought it on themselves."
© Copyright IBTimes 2024. All rights reserved.