X

Lenovo website hijacked just days after Superfish scandal

The cyberattack may be linked to software found preloaded on the PC maker's laptops that left them vulnerable to malware.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Lenovo's website was taken down by hackers apparently unhappy with the company's involvement with preloaded adware.

Lenovo's security headaches continued Wednesday as the PC maker's website fell victim to a cyberattack, just days after the PC maker apologized for preloading software on some of its PCs that leaves them vulnerable to malware attacks.

Instead of the typical introduction to the company's products, the website displayed a message Wednesday afternoon indicating the site was down for maintenance. Users attempting to visit the site earlier in the afternoon were treated to a slideshow that led to a Twitter account criticizing Lenovo for its involvement with the adware Superfish.

Lenovo did not immediately respond to a request for comment but confirmed the security breach in a statement to the Wall Street Journal.

"Unfortunately, Lenovo has been the victim of a cyber attack," the company said. "One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects of the attack. We are responding and have already restored certain functionality to our public facing website."

Hacking group Lizard Squad claimed responsibility for the hack on a Twitter account allegedly associated with the group. Lizard Squad, a loose collective reportedly composed of hackers based out of the United Kingdom and Eastern Europe, also was linked to a series of outages that plagued the PlayStation Network and other games last year.

While it was first thought that Lenovo's servers had been subverted, it now appears that attackers took control of the site's domain registrar and redirected its traffic to a free account at CloudFlare, a San Francisco-based security company. CloudFlare told Bloomberg that it disabled the account used by the attackers.

The incident occurred less than a week after the Chinese PC maker found itself in hot water following revelations that many of its PCs include a software program called Superfish Visual Discovery. Considered either adware or spyware, Superfish tracks your Web searches and browsing activity to place additional ads on the sites you visit. The software also installs its own root certificate that leaves affected PCs more vulnerable to malware attacks.

Lenovo has apologized for the problem and has begun work to resolve it. "We messed up badly," Peter Hortensius, Lenovo's chief technology officer, said last week.

Lenovo's security headache morphed into a legal one last week when a lawsuit filed in federal court charged both Lenovo and Superfish with violating wiretap laws and trespassing on personal property, Ars Technica reported Monday. In another case, a legal firm has launched a class action investigation over potential claims against Lenovo's actions.