Lenovo woes continue with DNS hack

26 Feb 2015

Following the Superfish scandal that has engulfed Lenovo in recent days, the Chinese computer maker’s website was temporarily compromised.

Lizard Squad, as usual, claimed credit for the attack, which saw visitors to Lenovo’s homepage greeted with a slideshow and criticism of its involvement with Superfish.

Last week it emerged that adware was pre-installed on Lenovo computers via Superfish software. It didn’t go down well when the news came out, with its existence on Lenovo machines leaving consumers open to potential man-in-the-middle attacks.

Superfish essentially tracked users’ browsing activities, allowing it to place additional ads on the sites frequented most.

“Unfortunately, Lenovo has been the victim of a cyber attack,” said the company in a statement on The Wall Street Journal.

Lenovo acting

“One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects of the attack. We are responding and have already restored certain functionality to our public facing website.”

Hackers seem to have found a way to take control of the DNS and redirect traffic to an account at CloudFlare, a security company in San Francisco, which has now been shut down. CloudFare actually works to protect companies from such attacks, but Lenovo isn’t one of its customers.

“It appears their registrar account was compromised and DNS was pointed to us,” said CloudFlare CEO Matthew Prince to eWEEK. “As soon as we were made aware we locked the associated account and reached out to Lenovo to assist them with regaining control of their domain.”

A Twitter account claiming to be attributed to hacking group Lizard Squad also claims further action is on the way.

“It appears their registrar account was compromised and DNS was pointed to us,” Prince told eWEEK. “As soon as we were made aware we locked the associated account and reached out to Lenovo to assist them with regaining control of their domain.” – See more at: http://www.eweek.com/security/lenovo.com-hacked-but-soon-restored-after-intervention-by-cloudflare.html#sthash.A4Giwfma.dpuf
CloudFlare is a well-known cloud security vendor that offers Distributed Denial of Service protection for its customers. Lenovo however is not a CloudFlare customer, according to CloudFlare CEO Matthew Prince.

 

“It appears their registrar account was compromised and DNS was pointed to us,” Prince told eWEEK. “As soon as we were made aware we locked the associated account and reached out to Lenovo to assist them with regaining control of their domain.” – See more at: http://www.eweek.com/security/lenovo.com-hacked-but-soon-restored-after-intervention-by-cloudflare.html#sthash.A4Giwfma.dpuf

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com