The Channel logo


By | Shaun Nichols 25th February 2015 21:59

Oh No, Lenovo! Lizard Squad on the attack, flashes swiped emails

Emo-takeover better not be a viral marketing stunt to win our hearts

Updated Lenovo's domain name appears to have fallen victim to cyber-mischief-makers Lizard Squad.

In the past few minutes, the computer giant's website has been updated to display a slideshow of webcam photos of a bored-looking youth instead of its normal wares. There's some God awful slushy pop music playing in the background, too, and the title of the page points to the squad's Twitter feed.

There is no suggestion the teen pictured perpetrated the domain grab. It's probably best not to open the page on a computer you care about, just in case the site has been booby-trapped with malicious code.

The domain's nameserver settings were suspiciously updated today to point at DNS servers belonging to web hosting biz CloudFlare. Here in the office, now resolves to an IP address in CloudFlare's network:

This suggests some shenanigans with the keys to Lenovo's domain name, rather than a full-scale corporate compromise. It's likely someone has hijacked the domain's account to point it at a CloudFlare-hosted web server, rather than Lenovo's legit servers.

$ whois

   Domain Name: LENOVO.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 25-feb-2015
   Creation Date: 06-sep-2002
   Expiration Date: 06-sep-2016

Lenovo has yet to respond to a request for comment. Since the squad appears to have control over the DNS, it also seems to be receiving email sent to the biz. In other words, emails sent to an address in the past few minutes may end up in the hands of the hijackers.

And the squad is already flashing around what looks like seized messages:

Just last week the Chinese PC slinger sparked online uproar following the discovery of adware called Superfish deliberately bundled on its cheap laptops. The finding prompted security alerts by the US government, and a class-action lawsuit.

At this point it's unclear whether the Lizard Squad attack was retribution for the Superfish scandal, or simply a good old-fashioned moment of internet lulz. ®

Updated at 2230 UTC

It appears Lenovo has managed to claw back control of its domain, and is now pointing it at a legit server behind the IP address CloudFlare security researcher Marc Rogers just tweeted:

Finally, it's feared Lenovo's domain registrar,, was compromised by attackers to accomplish today's DNS hijacking. is down at time of writing.

comment icon Read 21 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe