Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / CIO Issues / Lizard Squad Hacks Lenovo Web Site
Lizard Squad Hacks Ailing Lenovo's Web Site
Lizard Squad Hacks Ailing Lenovo's Web Site
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Lenovo’s Web site was hacked on Wednesday, giving the PC giant’s security team another black eye before it has even healed from the Superfish fiasco. The Lizard Squad claimed responsibility for the attacks via its Twitter account.

The hacker posted an e-mail exchange between Lenovo employees discussing Superfish, according to a Reuters report. Then the group followed up with another threat on Twitter: “We’ll comb the Lenovo dump for more interesting things later.”

Beyond the e-mail exchanges, the Lizard Squad also hijacked Lenovo’s content and replaced it with a slideshow of young people peering into webcams and the song “Breaking Free” from the movie “High School Musical” playing in the background, The Verge reported.

Lenovo Regrets the ‘Inconvenience’

Lenovo, the world’s largest PC maker, has been criticized for shipping laptops pre-installed with a virus-like software that puts customers in the line of hacker fire. Since June, Lenovo customers have been reporting a program called Superfish, software that automatically displays advertisements in the name of helping consumers find products online.

The problem is more serious than first thought. Last Friday, Facebook's Threat Infrastructure team issued an analysis of the adware, which concluded that “the new root CA (certificate authority) undermines the security of Web browsers and operating systems, putting people at risk."

After that, security researcher Filippo Valsorda called Superfish adware “catastrophic," saying that's “the only way all this mess could have been worse” because the Superfish proxy, which uses a Komodia content inspection engine, can be made to allow self-signed certificates without warnings. That opens the door to man-in-the middle attacks.

"We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," the company said in a published statement. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information."

Blind to Risks

We caught up with Ken Westin, a security analyst at advanced threat protection firm Tripwire, to get his thoughts on the attack. He told us the lesson of the Superfish debacle is this: something that seemed like a good idea at the time to one group can have devastating consequences for a company as a whole.

“The deployment of Superfish compromised Lenovo customers’ privacy and security, and now hacking groups have essentially declared it open season against Lenovo. This whole event demonstrates what happens when businesses fail to take security and privacy into consideration, especially when adding new features that can invade customer privacy and weaken system security,” Westin said.

“Unfortunately, those responsible for security and privacy are often not part of the decision-making process, or are even aware these tools are deployed, so organizations may leave themselves blind to these risks," he added.

Tell Us What You Think


Posted: 2015-03-30 @ 1:36pm PT
Are those responsible for security and privacy now part of the decision-making process for product launches?

Posted: 2015-03-11 @ 1:01am PT
OMG! that's a very big slap to lenovo; u guys are just too careless, that's it.

Posted: 2015-02-26 @ 10:30am PT
And you're surprised that something coming out of China may pose a risk? Can we all say dead animals and people from them using poisons in foods and toothpastes? For heaven's sake, buy AMERICAN.

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.