This article is more than 1 year old

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Emo-takeover better not be a viral marketing stunt to win our hearts

Updated Lenovo's domain name appears to have fallen victim to cyber-mischief-makers Lizard Squad.

In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the background, too, and the title of the page points to the squad's Twitter feed.

There is no suggestion the teen pictured perpetrated the domain grab. It's probably best not to open the page on a computer you care about, just in case the site has been booby-trapped with malicious code.

The domain's nameserver settings were suspiciously updated today to point at DNS servers belonging to web hosting biz CloudFlare. Here in the office, now resolves to an IP address in CloudFlare's network:

This suggests some shenanigans with the keys to Lenovo's domain name, rather than a full-scale corporate compromise. It's likely someone has hijacked the domain's account to point it at a CloudFlare-hosted web server, rather than Lenovo's legit servers.

$ whois

   Domain Name: LENOVO.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 25-feb-2015
   Creation Date: 06-sep-2002
   Expiration Date: 06-sep-2016

Lenovo has yet to respond to a request for comment. Since the squad appears to have control over the DNS, it also seems to be receiving email sent to the biz. In other words, emails sent to an address in the past few minutes may end up in the hands of the hijackers.

And the squad is already flashing around what looks like seized messages:

Just last week the Chinese PC slinger sparked online uproar following the discovery of adware called Superfish deliberately bundled on its cheap laptops. The finding prompted security alerts by the US government, and a class-action lawsuit.

At this point it's unclear whether the Lizard Squad attack was retribution for the Superfish scandal, or simply a good old-fashioned moment of internet lulz. ®

Updated at 2230 UTC

It appears Lenovo has managed to claw back control of its domain, and is now pointing it at a legit server behind the IP address CloudFlare security researcher Marc Rogers just tweeted:

Finally, it's feared Lenovo's domain registrar,, was compromised by attackers to accomplish today's DNS hijacking. is down at time of writing.

More about


Send us news

Other stories you might like