Lenovo.com Hacked, but Soon Restored After Intervention by CloudFlare

Notorious hacking group Lizard Squad allegedly is behind the attack which hacked the Domain Name Service records for the Lenovo.com Web site.

Lenovo Hack 2

The primary website for Lenovo was briefly redirected in the afternoon of Feb. 25, due to what appears to be a hack of the Domain Name Service (DNS) records for the lenovo.com Website. Lenovo did not respond to a request for comment from eWEEK before this story went live.

The precise time of the DNS hack is not currently known, though visitors to the Lenovo.com site seem to have experienced the re-direction from approximately 4 PM ET until 4:30 PM ET. An analysis by eWEEK at 5:30 ET still showed some availability issues when trying to reach the site.

Before the site was fully restored, attackers were able to change the site's name to @LizardCircle, which is a Twitter account associated with the Lizard Squad hacking group. Lizard Squad has been connected to attacks against Microsoft's Xbox Live and Sony's Playstation Network in December.

The attackers also changed the description of the Lenovo site to, "the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey." Those two individuals are both thought to be associated with the Lizard Squad as well.

A DNS lookup of the lenovo.com domain by eWEEK at 5:20 PM EST showed that the hacked site title and description was still in place as well as a new entry for who controls the netblock where lenovo.com is hosted. CloudFlare is identified in the lookup as being the netblock owner for lenovo.com as of February 25, running on a Linux based nginx Web server.

CloudFlare is a well-known cloud security vendor that offers Distributed Denial of Service protection for its customers. Lenovo however is not a CloudFlare customer, according to CloudFlare CEO Matthew Prince.

"It appears their registrar account was compromised and DNS was pointed to us," Prince told eWEEK. "As soon as we were made aware we locked the associated account and reached out to Lenovo to assist them with regaining control of their domain."

Lenovo has been under intense criticism over the past week after it was learned that Lenovo had been pre-installing adware called Superfish on some of the PCs that it shipped from October to December 2014. Lenovo contended that Superfish was an innocuous application that was provided only to enhance the user experience.

Superfish however was found to violate best practices of Web Secure Sockets Layer/Transport Layer Security by creating its own root certificate authority, which could have potentially enabled a man-in-the-middle attack. Lenovo initially denied that Superfish posed any security risk, but it had to quickly back track and admit it had made a mistake because Superfish was in fact a security risk.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.