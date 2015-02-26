(Updates Lenovo statement, adds details)
By Devika Krishna Kumar and Gerry Shih
Feb 25 Chinese computer and smartphone firm
Lenovo Group Ltd said its website was hacked on
Wednesday, its second security blemish days after the U.S.
government advised consumers to remove software called
"Superfish" pre-installed on its laptops.
Hacking group Lizard Squad claimed credit for the attacks on
microblogging service Twitter. Lenovo said attackers breached
the domain name system associated with Lenovo and redirected
visitors to lenovo.com to another address, while also
intercepting internal company emails.
Lizard Squad posted an email exchange between Lenovo
employees discussing Superfish. The software was at the centre
of public uproar in the United States last week when security
researchers said they found it allowed hackers to impersonate
banking websites and steal users' credit card
information.
In a statement issued in the United States on Wednesday
night, Lenovo, the world's biggest maker of personal computers,
said it had restored its site to normal operations after several
hours.
"We regret any inconvenience that our users may have if they
are not able to access parts of our site at this time," the
company said. "We are actively reviewing our network security
and will take appropriate steps to bolster our site and to
protect the integrity of our users' information."
Lizard Squad has taken credit for several high-profile
outages, including attacks that took down Sony Corp's
PlayStation Network and Microsoft Corp's Xbox Live
network last month. Members of the group have not been
identified.
Starting 4 p.m. ET (2100 GMT) on Wednesday, visitors to the
Lenovo website saw a slideshow of young people looking into
webcams and the song "Breaking Free" from the movie "High School
Musical" playing in the background, according to technology
publication The Verge, which first reported the breach. (bit.ly/1ERn9aO)
Although consumer data was not likely compromised by the
Lizard Squad attack, the breach was the second security-related
black eye for Lenovo in a matter of days.
The U.S. Department of Homeland Security said in an alert
last Friday that the Superfish program, which came pre-installed
on nearly a dozen Lenovo laptop models, makes users vulnerable
to a type of cyberattack known as "SSL spoofing", in which
remote attackers can read encrypted web traffic, redirect
traffic from official websites to spoofs, and perform other
attacks.
Lenovo has since released software to remove Superfish while
pledging to never install it on future shipments.
(By Devika Krishna Kumar in Bangaluru and Gerry Shih in
Beijing; Additional reporting by Rohit T. K. in Bengaluru;
Editing by Ken Wills and Kenneth Maxwell)