This article is more than 1 year old
Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails
Emo-takeover better not be a viral marketing stunt to win our hearts
Updated Lenovo's domain name lenovo.com appears to have fallen victim to cyber-mischief-makers Lizard Squad.
In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the background, too, and the title of the page points to the squad's Twitter feed.
Current 'website' of Lenovo (http://t.co/Shm6vcKyd0) pic.twitter.com/jpblhX8cGT
— Mischa R. van Geelen (@rickgeex) February 25, 2015
There is no suggestion the teen pictured perpetrated the domain grab. It's probably best not to open the page on a computer you care about, just in case the site has been booby-trapped with malicious code.
The domain's nameserver settings were suspiciously updated today to point at DNS servers belonging to web hosting biz CloudFlare. Here in the office, lenovo.com now resolves to an IP address in CloudFlare's network:
104.27.188.198
This suggests some shenanigans with the keys to Lenovo's domain name, rather than a full-scale corporate compromise. It's likely someone has hijacked the domain's account to point it at a CloudFlare-hosted web server, rather than Lenovo's legit servers.
$ whois lenovo.com Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC Domain Name: LENOVO.COM Name Server: BOYD.NS.CLOUDFLARE.COM Name Server: MELISSA.NS.CLOUDFLARE.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 25-feb-2015 Creation Date: 06-sep-2002 Expiration Date: 06-sep-2016
Lenovo has yet to respond to a request for comment. Since the squad appears to have control over the lenovo.com DNS, it also seems to be receiving email sent to the biz. In other words, emails sent to an @lenovo.com address in the past few minutes may end up in the hands of the hijackers.
And the squad is already flashing around what looks like seized messages:
Superfish removal bricks some devices? Great work Lenovo pic.twitter.com/phXiBS3KzO
— Lizard Squad (@LizardCircle) February 25, 2015
Just last week the Chinese PC slinger sparked online uproar following the discovery of adware called Superfish deliberately bundled on its cheap laptops. The finding prompted security alerts by the US government, and a class-action lawsuit.
At this point it's unclear whether the Lizard Squad attack was retribution for the Superfish scandal, or simply a good old-fashioned moment of internet lulz. ®
Updated at 2230 UTC
It appears Lenovo has managed to claw back control of its domain, and is now pointing it at a legit server behind the IP address 64.26.251.145. CloudFlare security researcher Marc Rogers just tweeted:
To all asking: Lenovo was NOT a CF customer their domain was hijacked & transferred to us. We are working with them to restore service.
— Marc Rogers (@marcwrogers) February 25, 2015
Finally, it's feared Lenovo's domain registrar, Webnic.cc, was compromised by attackers to accomplish today's DNS hijacking. Webnic.cc is down at time of writing.