Lenovo Site Hacked in Aftermath of Superfish Scandal

Things went from bad to worse for under-fire PC maker Lenovo on Wednesday after its main site was hacked and defaced by attackers claiming to hail from Lizard Squad.

The Lenovo.com site displayed a slideshow of emo-like teenagers to the soundtrack of ‘Breaking Free’ from High School Musical at around 9pm GMT, before reverting back to normal shortly after, according to reports.

Those same reports claimed the source code for the hacked page referenced Ryan King and Rory Andrew Godfrey – who’ve both been linked to Lizard Squad.

It’s believed that the attackers perpetrated a DNS hijack – pointing the Lenovo site to a different server for a short time.

There may be more embarrassment to come for the Chinese PC giant too. One of several Lizard Squad Twitter accounts last night posted: “We'll comb the Lenovo dump for more interesting things later.”

The attack came just days after it emerged that Lenovo had pre-installed adware on a number of laptop models.

The Superfish software was designed to improve the shopping experience for customers by serving ads for products similar but cheaper than those the user searches for.

However, it does this via fake, self-signed root certificates – which could allow hackers to launch MITM attacks against users without their knowledge.

Ken Westin, senior security analyst at Tripwire, argued that the hack shows what can happen as a result of companies failing their customers on privacy issues.

“The problem is that many times those responsible for security and privacy are not part of the decision-making process, or are even aware these tools are deployed, so organizations may leave themselves blind to these risks when a department like marketing makes these types of decisions in vacuum,” he added.

“But as we can see with the Superfish debacle, something that may have seemed like a good idea at the time to one group can have devastating consequences for a company as a whole."

What’s Hot on Infosecurity Magazine?