Some employee e-mails were also leaked by a hacking group called Lizard Squad, according to postings on Twitter
Washington: Lenovo Group Ltd’s website was hijacked and users were redirected, less than a week after the company was criticized for pre-installing advertising software on consumer laptops that exposed users to hacking.
Instead of seeing the Lenovo home page selling personal computers (PCs), some visitors to the Beijing-based company’s website saw video of young people looking into Web cameras, with the song “Breaking Free" from the movie “High School Musical" playing in the background, according to security companies that monitored the breach. Some employee e-mails were also leaked by a hacking group called the Lizard Squad, according to postings on Twitter. The group has previously targeted Sony Corp.’s online PlayStation video-game network.
The hackers apparently hijacked Lenovo’s site by altering the records with the domain-name registrar used by the company, according to Matthew Prince, co-founder and chief executive officer of CloudFlare Inc., a San Francisco security company. The attackers had used a free CloudFlare account to disguise their origins, Prince said, and then redirected traffic from lenovo.com to CloudFlare’s network. CloudFlare disabled the account used by the attackers, Prince said. Representatives of Lenovo didn’t return calls and e-mails seeking comment.
Last week Lenovo apologized to customers and pushed out fixes to remove software, made by a company called Superfish, that Lenovo pre-installed on many consumer PCs. Lenovo, the world’s largest PC maker, was responding to a deluge of criticism from cyber-security specialists regarding Superfish’s ability to monitor Web behaviour and suggest advertisements based on images that a user might be viewing. The technology essentially broke the encryption between Web browsers and banking, e-commerce and other sites that handle sensitive information, potentially exposing machines to hacking.
The hack of lenovo.com was corrected in about an hour, said Andrew Hay, director of security research at OpenDNS, a San Francisco-based security company. Based on publicly accessible information, the attack involved altering the records of Lenovo’s domain-name registrar, which is Web Commerce Communications Ltd, located in Kuala Lumpur. Web Commerce Communications didn’t immediately respond to messages.
“The major walking-away point is all those domains you registered years ago, it’s time to go back and look at the settings," Hay said.
An attack against a company’s domain-name registrar isn’t an attack directly against the company itself. It’s a circuitous way to hijack a company’s website traffic by telling Internet servers to go to a different address than the company’s homepage. Domain-name registrars manage that routing information for companies, and they have been hacked in the past by attackers stealing employees’ passwords and accessing administrative accounts.
Twitter Inc. was able to deflect a similar attack in 2013 that sidelined visitors to the New York Times and Google Inc. by using a simple tool called a registry lock that prevents hackers from making such changes. The cost for the registry lock is as little as $50 a year. Bloomberg