Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lizard Squad Claims Attack On Lenovo Days After Superfish

Posted by Soulskill on from the some-publicity-is-bad-publicity dept.

Amanda Parker writes with news that hacker group Lizard Squad has claimed responsibility for a defacement of Lenovo's website. This follows last week's revelations that Lenovo installed Superfish adware on consumer laptops, which included a self-signed certificate authority that could have allowed man-in-the-middle attacks. The hackers seemingly replaced the manufacturer's website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background. Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised. While some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.

36 comments

  1. juvenile vandalism by iggymanz · · Score: 5, Insightful

    this is no more noteworthy or significant than vandalizing a billboard

    1. Re:juvenile vandalism by Viol8 · · Score: 3, Insightful

      Quite. Its just the middle class wannabe version of a graffiti tag, with about the same amount of talent required and having the same level of intellectual gravitas.

    2. Re:juvenile vandalism by MobSwatter · · Score: 1

      I'm just wondering when they are going to create a terrorist classification for a type of data packet. Pretty sure it will be an open ended description.

    3. Re:juvenile vandalism by Nexus+Unplugged · · Score: 1

      While normally correct, this attack is more noteworthy when combined with the news of Superfish. This was a DNS hijack, which means the attackers would have been able to point *.lenovo.com at the server of their choosing. While I don't believe Superfish was actually running its requests through a subdomain of lenovo.com, this particular type of simple "vandalism" could have just as easily been used to take advantage of Superfish's automatic MITM and intercepted all manner of sensitive data.

    4. Re:juvenile vandalism by Anonymous Coward · · Score: 0

      Sir Timothy John "Tim" Berners-Lee, OM, KBE, FRS, FREng, FRSA, DFBCS (born 8 June 1955),[1] also known as TimBL, is an English computer scientist, best known as the inventor of the World Wide Web. He made a proposal for an information management system in March 1989, and he implemented the first successful communication between a Hypertext Transfer Protocol (HTTP) client and server via the Internet sometime around mid-November of that same year.

    5. Re:juvenile vandalism by Anonymous Coward · · Score: 0

      Their DNS was hijacked and records were updated to point to a cloud server. This would enable them to capture all email for *.lenovo.com

  2. "Could have allowed"? by gnasher719 · · Score: 5, Informative

    As far as I understand it, this didn't just allow hackers to create a man-in-the-middle attack. Your Lenovo computer with the hardware would actively perform a man-in-the-middle attack against the user to analyse any encrypted traffic to https websites. For example when you enter a credit card number on the website of a reputable company using https, the adware could read what you posted.

    This is plainly unforgivable.

    1. Re:"Could have allowed"? by nightsky30 · · Score: 1

      Does Lenovo install superfish on their corporate systems too?

    2. Re:"Could have allowed"? by LduN · · Score: 1

      only a bad corporation wouldn't wipe and install with their Windows MAK media image

    3. Re:"Could have allowed"? by fisted · · Score: 1

      Yeah. Or a small business.

      --
      CLI paste? paste.pr0.tips!
  3. "defacement of Lenovo's website" by Anonymous Coward · · Score: 0

    Wow, incredible display of h4xx0ring skillz.

    1. Re: "defacement of Lenovo's website" by Anonymous Coward · · Score: 1, Funny

      I won't believe it until someone creates a GUI in Visual Basic to track the IP address.

    2. Re:"defacement of Lenovo's website" by Anonymous Coward · · Score: 0

      Yeah, except no web server compromise, just DNS redirection by going after the registrar....
       

  4. Superfish "bug" ?!?! by Bugler412 · · Score: 3, Insightful

    Since when is a willfully installed piece of adware/spyware a "bug"? Using that term is someone's attempt to pass this off as a coding error when it was actually willfully installed by the OEM in their OS image.

    1. Re:Superfish "bug" ?!?! by krakelohm · · Score: 4, Funny

      I would guess they are using bug in the verb sense, to "conceal a miniature microphone in (a room or telephone) in order to monitor or record someone's conversations.".

      --
      You are all a bunch of idots.
  5. People don't do this anymore? by DeadlyFoez · · Score: 1

    Every machine that I buy, I always start off by wiping the OS and doing a fresh install. Is that not common practice? I've never met anyone with a lenovo for their at home use, always dell's or hp's. And anyone that I've met that did have a lenovo used it just for business. Don't business's hire competent IT guys? Anyone who knows anything knows that the easiest way to get rid of the garbage is just to reload the OS.

    1. Re:People don't do this anymore? by wed128 · · Score: 3, Insightful

      Don't business's hire competent IT guys?

      In my experience? Yes they do. they also hire a bunch of incompetent ones. its a crap shoot.

    2. Re:People don't do this anymore? by damn_registrars · · Score: 1

      I've never met anyone with a lenovo for their at home use, always dell's or hp's.

      Well, some people really love to embrace mediocrity.

      And anyone that I've met that did have a lenovo used it just for business.

      The business Lenovo systems - ThinkPad laptops and ThinkStation workstations - were not part of this as Lenovo never installed superfish on any of them. This only applied to their mediocre consumer-level units that were sold as Lenovos with other model names.

      Just another reason why I only buy ThinkPads for my own use. Home, work, etc; I won't buy anything else. Lenovo knows better than to risk that golden goose.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    3. Re: People don't do this anymore? by Anonymous Coward · · Score: 0

      The fact that it was not onstalled in the "business line" machines indicates that they KNEW it was crooked before they did it. They just hoped the sheeple...er I mean consumers wouldn't notice.

    4. Re: People don't do this anymore? by Anonymous Coward · · Score: 0

      My father and I both own lenovo computers for personal use. We have had no problems with them at all. I did wipe and reinstall windows due to a driver issue but other than that both machines work without any issues. So bollocks to you and your hp/dell masturbation.

    5. Re: People don't do this anymore? by damn_registrars · · Score: 2

      The fact that it was not onstalled in the "business line" machines indicates that they KNEW it was crooked before they did it. They just hoped the sheeple...er I mean consumers wouldn't notice.

      That is one way to look at it. A competing hypothesis is that the business line systems are more profitable in general, while the consumer lines are subsidized by the software that they install on them before shipping. Hence the consumer level ones were being consistently filled up with an ever-increasing load of crapware to make them more (if only marginally) profitable. Whether there was ever any ethics considered by the company is not clear.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    6. Re:People don't do this anymore? by Anonymous Coward · · Score: 0

      Lenovo has two lines of machines. The Thinkpad line for business, and the single-letter line for consumers. AFIAK, the Thinkpad line did not have the software present.

      It should be SOP to image off what is on a machine, format [1] it and reload from media, but this seems to be something often forgotten, and a lot of users would be overwhelmed by doing this, which is why Gerk Squad and other places make so much money with "system optimizations" [2].

      [1]: Boot a live CD, use blkdiscard for SSD, dd if=/dev/zero of=whatever for a HDD.

      [2]: I have cleaned up messes done by "consultants" before. One of the more epic fails was a "game machine optimization" that would burn through 1-2 gigs of data every five minutes. This machine was owned by a party living in a rural area (where bandwidth was very limited) who got this machine (and the fouling up by a "consultant" place) as a gift.

      After yanking off a localhost program that proxied all traffic through a suspect program, and used Web extensions to force all browsers to use the proxy (I'm guessing it MITM-ed keys, but didn't check), uninstalling stuff and using autoruns, and a manual firewall config to clean off the stuff that was remaining, I got the machine into a usable state. Of course, said machine came with no media, just a recovery partition that didn't allow for media creation (I ended up booting Clonezilla and moving it off anyway), so I ended up getting media for it (straight from MS) and reinstalling it from scratch anyway (using the OEM key on the case.)

      Moral of the story... assume that machines come pre-hosed, so image off the stuff on it, and reinstall from known good media. Windows past Vista is extremely good at fetching needed drivers, so the days of making sure one had a driver CD for the box are pretty much over.

    7. Re:People don't do this anymore? by petermgreen · · Score: 1

      It should be SOP to image off what is on a machine, format [1] it and reload from media

      It doesn't help that at various times MS and their OEMS have made this a PITA with many machines not shipping with "clean" windows media, some keys only working with some media, keys printed on the machine that required a phonecall to activate and so-on. At one point they were even threatening companies who used their vlk media/keys to reimage machines running under OEM licenses though they later backed down on that and introduced "reimage rights".

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  6. Sadly, this does not prevent firmware attacks by WorldWarPi · · Score: 1

    This does not prevent firmware attacks such as in BIOS or the firmware on your HDD, or DVD or even battery firmware on laptops.

  7. So THAT is what that was by damn_registrars · · Score: 1

    I was trying to load a lenovo forum on the superfish situation yesterday and was puzzled why it was just showing me G-rated pictures of teenagers staring at cameras. I figured something had gone amiss with the code running the forum, or something was weird with my browser that moment. I then found the information I wanted elsewhere.

    In other words, this wasn't a very impressive hack.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  8. Slashdot: ENABLE SSL by Anonymous Coward · · Score: 0

    For the security of your users, ENABLE SSL, and use SPDY. Slashdotters should keep asking for this...
    On topic: IMO, you should stop giving attention to these kids.

    1. Re:Slashdot: ENABLE SSL by Anonymous Coward · · Score: 0

      But if they give them attention they become more legitimate, and the more they become legitimate there more we need news on them apparently. CNN and the likes love doing this.

    2. Re:Slashdot: ENABLE SSL by Anonymous Coward · · Score: 0

      I thought Slashdot has SSL enabled for paying subscribers.

  9. we need a new word by slashmydots · · Score: 2

    Oh crap, hactivism doesn't cover it anymore because they're also advertising their services. Time to cram more words in. They're Hactivismvertising.

    1. Re:we need a new word by Marginal+Coward · · Score: 2

      They're Hactivismvertising.

      Good point. I think you're well on your way to coining a new word.

      I'm not sure what their message is other than advertising. But assuming they're projecting their point of view, are they saying?:

      1) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad.
      2) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is good.
      or maybe even:
      3) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad unless we happen to be the ones doing it.

    2. Re:we need a new word by Anonymous Coward · · Score: 0

      Cut it to hackvertising. It's not an ism in this sense and that can be considered replaced by the "ize" in advertise.

  10. so wrong by Anonymous Coward · · Score: 0

    Their DNS was hijacked and they and their clients don't perform TLS with certificate pinning, so mail got redirected to the Lizard Squad chosen server.... Their mail infrastructure was not attacked, so don't expect SONY style DOXin'

    The summary is way wrong. No time to read the articles, sorry.

  11. dem haxxorz by Anonymous Coward · · Score: 0

    r in ur laptopz

  12. WHY? by Anonymous Coward · · Score: 0

    Why do these articles always call crap like this adware? This program deliberately disables SSL protection so the authors can profit at the expense of the uninformed user. Call it what it is TROJAN MALWARE! If the authors object, tell them to look up the definition (Example from Wiktionary: Software which has been designed to operate in a malicious, undesirable manner).

  13. action that is not good by toko+pasutri · · Score: 1

    every act of destruction in any form is not really good, all there must be consequences, if they want to be responsible it better. Toko pasutri