Chinese company Lenovo reported its website was hacked on Wednesday. This comes after the US Department of Homeland Security issued an alert on Friday stating that Superfish software installed on Lenovo computers leaves systems vulnerable to SSL spoofing cyberattacks which allow criminals to redirect traffic from official websites and read encrypted web traffic.
The company said attackers breached the domain name system, redirected visitors to lenovo.com to another address, and also intercepted internal company emails. At 1:53 pm ET on Wednesday the group posted a Lenovo email on Twitter discussing the removal of the Superfish software bricked some Lenovo devices.
On Wednesday at about 4pm ET visitors to the Lenovo.com site were greeted with a slideshow using music from High School Musical. By 4:17 pm the site was back to normal except the song continued to play in the background. An hour later the site appeared to be back under control by Lenovo.
In an instant message to Forbes from Lizard Squad spokesperson going by the name of King Ryan said, “‘We hijacked the DNS [Domain Name System], pointed it at CloudFlare [a content delivery network], but i didn’t keep any logs, so Kentucky police cant arrest me. [sic]’” He also claimed he had access to Lenovo infrastructure that he’d gained through a stolen password, but Forbes could not confirm that. ‘I’m reading their email right now,’ he added. It would seem more likely the attackers have been able to use their compromise of the DNS servers serving Lenovo.com to redirect email to their own systems, according to security experts speaking to [Forbes] over Twitter.”
According to the Verge, the source code of the site during the hack identified the page as “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” Both of these people have been previously identified as members of the Lizard Squad.
The company released a statement late Wednesday saying that site was restored. “We regret any inconvenience that our users may have if they are not able to access parts of our site at this time. We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information and experience,” said the release. “We are also working proactively with 3rd parties to address this attack and we will provide additional information as it becomes available.”
After public criticism of the company for installing the Superfish encryption-breaking adware on its computers, this hack will do nothing to restore consumer confidence. With China getting even more invested in censorship and “cyber-sovereignty” it begs the question whether tech goods coming from China will continue to be welcomed outside its borders.
On Thursday China removed Cisco and many other US based companies from its list of approved government service providers. Last month, the Chinese government announced restrictions on technology providers requiring them to release source code and also took some VPN services offline.
European companies are already experiencing negative effects from these restrictions. The European Chamber of Commerce reported a 15 percent increase in companies saying Chinese regulations were hindering business.