Lizard Squad Claims Attack On Lenovo Days After Superfish

Amanda Parker writes with news that hacker group Lizard Squad has claimed responsibility for a defacement of Lenovo's website. This follows last week's revelations that Lenovo installed Superfish adware on consumer laptops, which included a self-signed certificate authority that could have allowed man-in-the-middle attacks. The hackers seemingly replaced the manufacturer's website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background. Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised. While some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.

juvenile vandalism

[iggymanz]

this is no more noteworthy or significant than vandalizing a billboard

Re:juvenile vandalism

[Viol8]

Quite. Its just the middle class wannabe version of a graffiti tag, with about the same amount of talent required and having the same level of intellectual gravitas.

"Could have allowed"?

[gnasher719]

As far as I understand it, this didn't just allow hackers to create a man-in-the-middle attack. Your Lenovo computer with the hardware would actively perform a man-in-the-middle attack against the user to analyse any encrypted traffic to https websites. For example when you enter a credit card number on the website of a reputable company using https, the adware could read what you posted.

This is plainly unforgivable.

Superfish "bug" ?!?!

[Bugler412]

Since when is a willfully installed piece of adware/spyware a "bug"? Using that term is someone's attempt to pass this off as a coding error when it was actually willfully installed by the OEM in their OS image.

Re:Superfish "bug" ?!?!

[krakelohm]

I would guess they are using bug in the verb sense, to "conceal a miniature microphone in (a room or telephone) in order to monitor or record someone's conversations.".

Re:People don't do this anymore?

[wed128]

Don't business's hire competent IT guys?

In my experience? Yes they do. they also hire a bunch of incompetent ones. its a crap shoot.

we need a new word

[slashmydots]

Oh crap, hactivism doesn't cover it anymore because they're also advertising their services. Time to cram more words in. They're Hactivismvertising.

Re:we need a new word

[Marginal+Coward]

They're Hactivismvertising.

Good point. I think you're well on your way to coining a new word.

I'm not sure what their message is other than advertising. But assuming they're projecting their point of view, are they saying?:

1) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad.
2) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is good.
or maybe even:
3) Doing things on other peoples' systems that they didn't authorize and wouldn't authorize is bad unless we happen to be the ones doing it.

Re: People don't do this anymore?

[damn_registrars]

The fact that it was not onstalled in the "business line" machines indicates that they KNEW it was crooked before they did it. They just hoped the sheeple...er I mean consumers wouldn't notice.

That is one way to look at it. A competing hypothesis is that the business line systems are more profitable in general, while the consumer lines are subsidized by the software that they install on them before shipping. Hence the consumer level ones were being consistently filled up with an ever-increasing load of crapware to make them more (if only marginally) profitable. Whether there was ever any ethics considered by the company is not clear.