Lizard Squad hackers attack Lenovo after Superfish scandal

Hacktivists 'punish' firm for loading adware

Hackers have targeted Lenovo with a website defacement attack believed to be intended to ‘punish' the firm for its use of the Superfish adware.

The attack occurred on Wednesday and forced Lenovo.com to display a slideshow of images while playing Breaking Free from High School Musical.

A Lenovo spokesperson told V3 that the firm is taking action to improve the site's security and "investigating other aspects of the attack".

"Unfortunately, Lenovo has been the victim of a cyber attack. One effect of this was to redirect traffic from the Lenovo website. We are also actively investigating other aspects," said the spokesperson.

"We are responding and have already restored certain functionality to our public-facing website.

"We are actively reviewing our network security and will take appropriate steps to bolster our site and protect the integrity of our users' information and experience.

"We are also working with third parties to address this attack and will provide additional information as it becomes available."

The attack follows Lenovo's use of the Superfish adware on a selected number of laptops.

The problem erupted on the Lenovo forum earlier in February when several customers reported finding Superfish installed on their machines.

Superfish is adware that collects data such as web traffic information using fake, self-signed root certificates and then uses it to push adverts to the user.

The Lizard Squad hacking group is believed to have mounted the attack on Lenovo, although this is yet to be confirmed.

Andrew Hay, director of security research at OpenDNS, said that forensic evidence indicates that the attack did stem from Lizard Squad, highlighting similarities with a previous raid on Google.com.vn.

Hay explained that Lenovo.com and Google.com.vn use the same registrar, Webnic.cc, and both are hosted in Digital Ocean's Netherlands data centre.

He also noted that both raids "used Cloudflare to obfuscate the IP address of the destination server and to balance the traffic load to the website".

Ken Westin, senior security analyst at Tripwire, pointed out that the attack would be in line with Lizard Squad's past behaviour in attacking companies that it believes have acted wrongly.

"As a result of getting its hands caught in the privacy invading cookie jar with the deployment of the Superfish adware which compromised customers' privacy and security, it has made itself an open target for a number of hacking groups which have essentially declared it open season against Lenovo for its questionable practices," he said.

The attack comes just after Lenovo CTO Peter Hortensius promised that the firm will never use Superfish again.