Lenovo Web Site Hacked as Retribution for Superfish Scandal

The embarrassment isn’t over for Lenovo: the web site for the world’s biggest PC maker was taken offline by a malicious hacker group as retribution for the bundling of the Superfish malware on its PCs. The site was down for much of Wednesday but appears to be operational again as of this writing.

“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” a Lenovo statement reads. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.”

Lenovo’s site was taken down by Lizard Squad, the hacker group that most infamously took down Microsoft’s Xbox Live and Sony’s PlayStation Network over the 2014 holidays. Last week, the group attacked the official web site for the country of Vietnam as well.

During this week’s attack, Lenovo’s web site displayed a photo slideshow while playing the Disney song “Breaking Free.” If you clicked on an image, you were taken to Lizard Squad’s page on Twitter. And the source code for the compromised home page cryptically declared, “The new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” Those two individuals have been identified as possible members of the secretive group.

Lizard Squad didn’t offer much in the way of Twitter-based commentary for this attack, which is a little unusual.

“So we’ve done Google, Vietnam and Lenovo, what’s next?” one tweet asks. “We’ll comb the Lenovo dump for more interesting things later.”

And it is possible that Lizard Squad has done more than just hack Lenovo’s web site: One of the group’s tweets appears to show an internal Lenovo email message alerting others to the hack. But Lenovo says the group simply used a DNS attack to redirect web site visitors to another address and “intercept” internal email. It’s not clear if customer data has been compromised, though that is unlikely.

Whatever the extent of the damage, Lenovo can add it to the spectacular PR blunder of last week, when it fumbled its response to the Superfish revelations. Since then, the US Computer Emergency Response Team (CERT), part of the Department of Homeland Security, issued its own warning about the Superfish malware that Lenovo preinstalled on its PCs.

“A machine with Superfish installed will be vulnerable to SSL spoofing attacks without a warning from the browser,” the warning notes. “Users should uninstall Superfish … and remove affected root CA certificates.”

If you are using an affected Lenovo PC—I have a list of models in Superfish Drama Winds Down, But the Damage is Done—you should use Lenovo’s automatic removal tool to uninstall the malware and, as important, remove the root certificates.