Top Stories


    Feb 27, 2015

    Hackers target Lenovo website and e-mail


    CHINESE computer and smartphone firm Lenovo Group said its website was hacked on Wednesday, its second security blemish just days after the United States government advised consumers to remove software called "Superfish" pre-installed on its laptops.

    Hacking group Lizard Squad claimed credit for the attacks on microblogging service Twitter. Lenovo said the attackers breached the domain name system associated with Lenovo and redirected visitors to to another address, while also intercepting internal company e-mail.

    Lizard Squad posted an e-mail exchange between Lenovo employees discussing Superfish. The software was at the centre of a public uproar in the US last week, when security researchers said they found that it allowed hackers to impersonate banking websites and steal users' credit card information.

    In a statement issued in the US on Wednesday night, Lenovo, the world's biggest maker of personal computers, said it restored normal operations on its site after several hours.

    "We regret any inconvenience that our users may have if they are not able to access parts of our site at this time," the company said. "We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information."

    Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony's PlayStation Network and Microsoft's Xbox Live network in December. Members of the group have not been identified.

    Starting at 9pm GMT (5am Singapore time) on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song Breaking Free from the movie High School Musical playing in the background, according to technology publication The Verge, which first reported the breach.

    Although consumer data was not likely to have been compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days.

    The US Department of Homeland Security said in an alert last week that the Superfish program, which came pre-installed on nearly a dozen Lenovo laptop models, makes users vulnerable to a type of cyber attack known as "SSL spoofing", in which remote attackers can read encrypted Web traffic, redirect traffic from official websites to spoofs, and perform other attacks.

    Lenovo has since released software to remove Superfish, while pledging never to install it for future shipments.