Chinese computer major Lenovo Group Ltd said its website was hacked on Wednesday, two days after the US government advised consumers to remove “Superfish” that came pre-installed on its laptops.
Hacking group Lizard Squad, that had earlier taken down Sony PlayStation and Microsoft Xbox, has claimed credit for the attacks on its Twitter account. Lenovo confirmed the attack saying the hackers breached the domain name system and redirected visitors to another fake address, and also intercepted company e-mails.
Lizard Squad has posted an email about Superfish-related communication between Lenovo employees. In fact, the Superfish was at the centre of public uproar in the United States last week when security firm Errata revealed that it was vulnerable add-on that allowed hackers to impersonate banking websites and steal users’ credit card information.
Lenovo, the world’s biggest PC maker, said it had restored its site to normalcy after several hours. “We regret any inconvenience that our users may have if they are not able to access parts of our site at this time… We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”
The U.S. Department of Homeland Security said in an alert last week that the Superfish program, which came pre-installed on latest dozen or so Lenovo laptop models, makes users vulnerable to cyberattacks called “SSL spoofing”.
“SSL spoofing” allows remote attackers to read encrypted web traffic, redirect traffic from official websites to spoofs, and also perform other attacks. The Superfish had made Lenovo laptops vulnerable, though the world’s largest PC maker reacted immediately by issuing software to remove the vulnerable add-on from its laptops. It has also pledged never to install it on future shipments.
Chinese hackers, apparently proteges of government cyber-hacking efforts, are known to have gleaned information of many mobile and laptop users in their servers and xiaomi is one such mobile phone maker that has collected user information and passed it on to ervers n Beijing last year creating uproar in Taiwan and India.
However, government agencies snooping around mobile phone users and laptop users for information is not new. Europe-based Gemalto SIM maker alleged that US spy agency NSA and UK agency GCHQ had attempted to intercept its e-mails and software in 2011 unsuccessfully.
Lizard Squad, which claims to be independent, has taken credit openly for the high-profile hacking attempt on Lenovo for several hour of outage. It had taken down Sony Corp’s PlayStation Network and Microsoft Corp’s Xbox Live network last month. It is not known whether they were pro-NSA or taken up the task on their own.
The compromised Lenovo website showed on Wednesday from 4 p.m. ET (2100 GMT) onwards a slideshow of young people looking into webcams with the song “Breaking Free” from the movie “High School Musical” playing in the backdrop, reported The Verge.
Lenovo, however, said no consumer data was compromised by the Lizard Squad attack and that the breach was the second security-related issue for Lenovo in a week.