Lizard Squad Claims Attack On Lenovo Days After Superfish

Amanda Parker writes with news that hacker group Lizard Squad has claimed responsibility for a defacement of Lenovo's website. This follows last week's revelations that Lenovo installed Superfish adware on consumer laptops, which included a self-signed certificate authority that could have allowed man-in-the-middle attacks. The hackers seemingly replaced the manufacturer's website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background. Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised. While some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.

juvenile vandalism

[iggymanz]

this is no more noteworthy or significant than vandalizing a billboard

Re:juvenile vandalism

[Viol8]

Quite. Its just the middle class wannabe version of a graffiti tag, with about the same amount of talent required and having the same level of intellectual gravitas.

Re:

[MobSwatter]

I'm just wondering when they are going to create a terrorist classification for a type of data packet. Pretty sure it will be an open ended description.

Re:

[Nexus Unplugged]

While normally correct, this attack is more noteworthy when combined with the news of Superfish. This was a DNS hijack, which means the attackers would have been able to point *.lenovo.com at the server of their choosing. While I don't believe Superfish was actually running its requests through a subdomain of lenovo.com, this particular type of simple "vandalism" could have just as easily been used to take advantage of Superfish's automatic MITM and intercepted all manner of sensitive data.

"Could have allowed"?

[gnasher719]

As far as I understand it, this didn't just allow hackers to create a man-in-the-middle attack. Your Lenovo computer with the hardware would actively perform a man-in-the-middle attack against the user to analyse any encrypted traffic to https websites. For example when you enter a credit card number on the website of a reputable company using https, the adware could read what you posted.

This is plainly unforgivable.

Re:

[nightsky30]

Does Lenovo install superfish on their corporate systems too?

Re:

[LduN]

only a bad corporation wouldn't wipe and install with their Windows MAK media image

Re:

[fisted]

Yeah. Or a small business.

Re: "defacement of Lenovo's website"

[Anonymous Coward]

I won't believe it until someone creates a GUI in Visual Basic to track the IP address.

Superfish "bug" ?!?!

[Bugler412]

Since when is a willfully installed piece of adware/spyware a "bug"? Using that term is someone's attempt to pass this off as a coding error when it was actually willfully installed by the OEM in their OS image.

Re:Superfish "bug" ?!?!

[krakelohm]

I would guess they are using bug in the verb sense, to "conceal a miniature microphone in (a room or telephone) in order to monitor or record someone's conversations.".

People don't do this anymore?

[DeadlyFoez]

Every machine that I buy, I always start off by wiping the OS and doing a fresh install. Is that not common practice? I've never met anyone with a lenovo for their at home use, always dell's or hp's. And anyone that I've met that did have a lenovo used it just for business. Don't business's hire competent IT guys? Anyone who knows anything knows that the easiest way to get rid of the garbage is just to reload the OS.

Sadly, this does not prevent firmware attacks

[WorldWarPi]

This does not prevent firmware attacks such as in BIOS or the firmware on your HDD, or DVD or even battery firmware on laptops.

Re:People don't do this anymore?

[wed128]

Don't business's hire competent IT guys?

In my experience? Yes they do. they also hire a bunch of incompetent ones. its a crap shoot.

Re:

[damn_registrars]

I've never met anyone with a lenovo for their at home use, always dell's or hp's.

Well, some people really love to embrace mediocrity.

And anyone that I've met that did have a lenovo used it just for business.

The business Lenovo systems - ThinkPad laptops and ThinkStation workstations - were not part of this as Lenovo never installed superfish on any of them. This only applied to their mediocre consumer-level units that were sold as Lenovos with other model names.

Just another reason why I only buy ThinkPads for my own use. Home, work, etc; I won't buy anything else. Lenovo knows better than to risk that golden goose.

Re:

[damn_registrars]

The fact that it was not onstalled in the "business line" machines indicates that they KNEW it was crooked before they did it. They just hoped the sheeple...er I mean consumers wouldn't notice.

That is one way to look at it. A competing hypothesis is that the business line systems are more profitable in general, while the consumer lines are subsidized by the software that they install on them before shipping. Hence the consumer level ones were being consistently filled up with an ever-increasing load of crapware to make them more (if only marginally) profitable. Whether there was ever any ethics considered by the company is not clear.

Re:

[petermgreen]

It should be SOP to image off what is on a machine, format [1] it and reload from media

It doesn't help that at various times MS and their OEMS have made this a PITA with many machines not shipping with "clean" windows media, some keys only working with some media, keys printed on the machine that required a phonecall to activate and so-on. At one point they were even threatening companies who used their vlk media/keys to reimage machines running under OEM licenses though they later backed down on that and introduced "reimage rights".

So THAT is what that was

[damn_registrars]

I was trying to load a lenovo forum on the superfish situation yesterday and was puzzled why it was just showing me G-rated pictures of teenagers staring at cameras. I figured something had gone amiss with the code running the forum, or something was weird with my browser that moment. I then found the information I wanted elsewhere.

In other words, this wasn't a very impressive hack.

we need a new word

[slashmydots]

Oh crap, hactivism doesn't cover it anymore because they're also advertising their services. Time to cram more words in. They're Hactivismvertising.

Re:

[Marginal Coward]

They're Hactivismvertising.

Good point. I think you're well on your way to coining a new word.

I'm not sure what their message is other than advertising. But assuming they're projecting their point of view, are they saying?:

1) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad.
2) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is good.
or maybe even:
3) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad unl

action that is not good

[toko pasutri]

every act of destruction in any form is not really good, all there must be consequences, if they want to be responsible it better. Toko pasutri [tokopasutri1.com]