Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Emo-takeover better not be a viral marketing stunt to win our hearts

Updated Lenovo's domain name lenovo.com appears to have fallen victim to cyber-mischief-makers Lizard Squad.

In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the background, too, and the title of the page points to the squad's Twitter feed.

There is no suggestion the teen pictured perpetrated the domain grab. It's probably best not to open the page on a computer you care about, just in case the site has been booby-trapped with malicious code.

The domain's nameserver settings were suspiciously updated today to point at DNS servers belonging to web hosting biz CloudFlare. Here in the office, lenovo.com now resolves to an IP address in CloudFlare's network:

104.27.188.198

This suggests some shenanigans with the keys to Lenovo's domain name, rather than a full-scale corporate compromise. It's likely someone has hijacked the domain's account to point it at a CloudFlare-hosted web server, rather than Lenovo's legit servers.

$ whois lenovo.com

   Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
   Domain Name: LENOVO.COM
   Name Server: BOYD.NS.CLOUDFLARE.COM
   Name Server: MELISSA.NS.CLOUDFLARE.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 25-feb-2015
   Creation Date: 06-sep-2002
   Expiration Date: 06-sep-2016

Lenovo has yet to respond to a request for comment. Since the squad appears to have control over the lenovo.com DNS, it also seems to be receiving email sent to the biz. In other words, emails sent to an @lenovo.com address in the past few minutes may end up in the hands of the hijackers.

And the squad is already flashing around what looks like seized messages:

Just last week the Chinese PC slinger sparked online uproar following the discovery of adware called Superfish deliberately bundled on its cheap laptops. The finding prompted security alerts by the US government, and a class-action lawsuit.

At this point it's unclear whether the Lizard Squad attack was retribution for the Superfish scandal, or simply a good old-fashioned moment of internet lulz. ®

Updated at 2230 UTC

It appears Lenovo has managed to claw back control of its domain, and is now pointing it at a legit server behind the IP address 64.26.251.145. CloudFlare security researcher Marc Rogers just tweeted:

Finally, it's feared Lenovo's domain registrar, Webnic.cc, was compromised by attackers to accomplish today's DNS hijacking. Webnic.cc is down at time of writing.

Similar topics

TIP US OFF

Send us news


Other stories you might like