Lenovo.com Website Hacked by Lizard Squad in Retaliation to ‘SuperFish’ Adware
Lenovo.com, the website for the worlds fastest-growing PC maker among the world’s top vendors, was defaced earlier today by the infamous hacker gang, Lizard Squad.
At the time of writing this article, Lenovo.com is currently down for maintenance following the defacement. The defacement page directed users to a slideshow of images of a teenager making various faces in various poses, while “Breaking Free,” a song from the High School Musical movie automatically played in the background.
Lizard Squad appears to be behind the attack, as during the defacement, Lenovo’s website homepage title appeared as “@LizardCircle,” instead of Lenovo’s site tagline.
The hack appears to be in retaliation to Lenovo’s most recent revelation of the SuperFish malware incident, where Lenovo pre-installed malware on computers to help surveil and crack encrypted connections routing through the computer.
Earlier this month is was revealed that Lenovo had pre-installed adware dubbed, SuperFish, on tens of millions of computers that compromised the machines encryption certificates to quietly inject more ads into the Google search.
Too add to Lizard Squad speculation, within the source code of the webpage, the squad wrote: “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.”
Rory Andrew Godfrey and Ryan King are two members of the Lizard Squad who had previously been identified and arrested on behalf of charges related to the Squad’s prior attacks. Speculators believe it may be an imposter trying to reveal the identity of Lizard Squad members, but the official Lizard Squad twitter account confirmed the attack shortly after.
Monday the Lizard Squad hacked and defaced Google Vietnam, the search engine for Vietnamese users. Earlier today on Twitter, while confirming the Lenovo website hack, the group wrote:
So we’ve done Google Vietnam and Lenovo, what’s next?
— Lizard Squad (@LizardCircle) February 25, 2015
It appears the Squad did not initially announce their actions on Twitter, only before they compromised the email accounts of several Lenovo employee’s. Before they announced they were the culprit of the Lenovo hack, they posted screenshots of Lenovo personnel emails:
Superfish removal bricks some devices? Great work Lenovo pic.twitter.com/phXiBS3KzO
— Lizard Squad (@LizardCircle) February 25, 2015
Shortly after, Lizard Squad claimed to have a Lenovo dump, and will comb through the details later and release anything interesting to the public.
The SuperFish adware raised serious security concerns, as the company moved to break web security protocols, and if the company unlocked a single password-protected certificate, they would be able to completely bypass the machine’s web encryption.
Shortly after news broke on the SuperFish adware, Lenovo released a free SuperFish removal tool. The simple executable program will automatically scan the computer for the adware and remove the directories and root certificate automatically, only requiring a simple restart to rid the machine of SuperFish.
What Lizard Squad obtained during their time of attack currently remains unknown.