Lizard Squad is out for more tomfoolery and this time, the computer technology company Lenovo got to be on the receiving end. Just recently, the hacker group defaced the firm's website, redirecting users to a page that displays a slideshow of photos bearing bored stiff teenagers who are said to be members of the crew responsible for the mischief.
As pictures of Ryan King and Rory Andrew Godfrey (members of the squad as identified by Brian Krebs from Krebs Security) were splashed one by one on the page, the song "Breaking Free" from "High School Musical" played in the background. Clicking the slideshow brought users to Lizard Squad's Twitter account. Although the group did not tweet anything that suggested their credit to the attack, the group did warn its followers to "expect more lizard mischief soon." They declared its murky plan mere hours before the Lenovo website was hacked.
It is said that Lizard Squad performed a DNS hijack, which translates a human-readable web address into a machine-readable IP address. According to OpenDNS director of security research Andrew Hay, it is the same line of attack used on Google Vietnam, which was knocked off the Web recently as well.
"Two defacements in a single week is normally nothing, but two extremely high-profile defacements from the same registrar in the same week is a definite trend," Hay told The Guardian. "We may see more redirections of domains that were registered with Webnic.cc in the coming days."
Before the hacking incident, Lenovo was already in the middle of a big mess after it was discovered to have been secretly pre-installing an adware called Superfish on the laptops it sends out to the market so as to make off with private data from users and plasters its own adverts to search pages. Lizard Squad shared screenshots of emails believed to be straight from Lenovo's email addresses, one of which involves the hot controversy.
"We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users' information and experience," Lenovo said in a statement as it acknowledged the incident. "We are also working proactively with 3rd parties to address this attack and we will provide additional information as it becomes available."
