Security

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Emo-takeover better not be a viral marketing stunt to win our hearts

Updated Lenovo's domain name lenovo.com appears to have fallen victim to cyber-mischief-makers Lizard Squad.

In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the background, too, and the title of the page points to the squad's Twitter feed.

There is no suggestion the teen pictured perpetrated the domain grab. It's probably best not to open the page on a computer you care about, just in case the site has been booby-trapped with malicious code.

The domain's nameserver settings were suspiciously updated today to point at DNS servers belonging to web hosting biz CloudFlare. Here in the office, lenovo.com now resolves to an IP address in CloudFlare's network:

104.27.188.198

This suggests some shenanigans with the keys to Lenovo's domain name, rather than a full-scale corporate compromise. It's likely someone has hijacked the domain's account to point it at a CloudFlare-hosted web server, rather than Lenovo's legit servers.

$ whois lenovo.com

   Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC
   Domain Name: LENOVO.COM
   Name Server: BOYD.NS.CLOUDFLARE.COM
   Name Server: MELISSA.NS.CLOUDFLARE.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 25-feb-2015
   Creation Date: 06-sep-2002
   Expiration Date: 06-sep-2016

Lenovo has yet to respond to a request for comment. Since the squad appears to have control over the lenovo.com DNS, it also seems to be receiving email sent to the biz. In other words, emails sent to an @lenovo.com address in the past few minutes may end up in the hands of the hijackers.

And the squad is already flashing around what looks like seized messages:

Just last week the Chinese PC slinger sparked online uproar following the discovery of adware called Superfish deliberately bundled on its cheap laptops. The finding prompted security alerts by the US government, and a class-action lawsuit.

At this point it's unclear whether the Lizard Squad attack was retribution for the Superfish scandal, or simply a good old-fashioned moment of internet lulz. ®

Updated at 2230 UTC

It appears Lenovo has managed to claw back control of its domain, and is now pointing it at a legit server behind the IP address 64.26.251.145. CloudFlare security researcher Marc Rogers just tweeted:

Finally, it's feared Lenovo's domain registrar, Webnic.cc, was compromised by attackers to accomplish today's DNS hijacking. Webnic.cc is down at time of writing.

Sponsored: Customer Identity and Access Management