Chinese PC giant Lenovo suffered a major cyber attack on Wednesday. A well-known hacking group called the Lizard Squad later claimed responsibility for the attack via Twitter.
Around 4 PM ET yesterday, visitors to the Lenovo website were treated to a slideshow, accompanied by the song “Breaking Free” from High School Musical. The site reverted to its normal a few minutes later, although in some instances, the song continued to play in the background. Moreover, the hacked version has reappeared for a few minutes at a time as cached versions work through the system. By 5:30 PM ET, the site seemed to be functioning normally..
Of note, the source code for the hacked page identified it as “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey,” both of whom have been identified as Lizard Squad members.
Statement from Lenovo
“One effect of this attack was to redirect traffic from the Lenovo website,” according to a Lenovo statement. “We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public-facing website.”
The company also noted it was “actively reviewing” its network security and would do whatever was necessary “to protect the integrity of our users’ information and experience.”
How hackers broke into Lenovo’s system
One security expert suggested that the hackers managed to hijack Lenovo’s Domain Name Servers (DNS), which converts the web addresses users type into the IP addresses used by the internet.
Cybersecurity consultant Brian Krebs believes that they were able to do so by getting access to Lenovo’s domain name registrar Webnic.
Krebs cited inside sources when he wrote that the attackers exploited a vulnerability in Webnic to access to its network and then alter the DNS records to divert traffic.
Lizard Squad also published on Twitter what it claimed were emails stolen from Lenovo employees and codes for transferring web domains to other registrars.
Recent Superfish incident
Lenovo was already embroiled in a PR nightmare after news broke last week that it had pre-installed adware called Superfish onto its devices that could be compromised by hackers. The firm announced it was offering customers a tool to remove the dangerous software after experts warned of the security risk.
The company eventually said it was disabling the software due to customer complaints.