Lenovo’s website hijacked (briefly) by High School Musical-loving hackers

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

LenovoEveryday the internet seems to get weirder.

Lenovo, which has found itself making security headlines over the SSL-busting Superfish debacle, has had its website briefly hijacked by the notorious Lizard Squad hacking gang.

Not only did the hackers control what visitors to Lenovo.com saw, they also made them listen to the teenybop song “Breaking Free” from Disney’s “High School Musical”.

So you can appreciate the true horror of what the hackers did, here is part of the slideshow that was displayed on the Lenovo website (animated gif by the fine fellows at Gizmodo):

Lenovo animated gif

And here is the musical soundtrack that was playing underneath this madness:

High School Musical: Breaking Free - Disney Channel Sverige

Which, I think you will agree is rather different than what you normally see on lenovo.com:

Normal Lenovo website

If you clicked on the slideshow, you would be taken to the Lizard Squad’s group Twitter account.

HTML source code

Ryan King and Rory Andrew Godfrey have previously had their names linked to other Lizard Squad attacks. For instance, their names match those displayed in another recent hijacking attack instigated by the Lizard Squad gang against Google’s presence in Vietnam earlier this week.

What’s happened here is someone has managed to meddle with Lenovo.com’s DNS entry, pointing it away from Lenovo’s own servers and to a webpage under the control of the mischievous hackers.

Sign up to our free newsletter.
Security news, advice, and tips.

DNS (Domain Name System) is the part of the internet which acts like a huge telephone book – turning the human-friendly names that we type into browsers (“lenovo.com”, “grahamcluley.com”, “microsoft.com”) into the computer friendly numeric IP addresses that the internet loves but non-silicon-based lifeforms have no chance of remembering.

Someone has screwed up, and allowed Lenovo’s DNS entry to be messed with by an unauthorised party, redirecting any legitimate traffic it might have been receiving to a third party webpage.

Clearly, that’s not good at all. And hardly what you want to happen when you’re trying hard to reassure the world that you really do care about security and privacy, and know what you’re doing…

And, unfortunately, this website hijacking may not be the last of Lenovo’s troubles. Lizard Squad has been tweeting images of emails apparently sent from public relations staff to Lenovo’s management, about the DNS hijacking.

Email from PR to Lenovo

Which raises the obvious question – what other emails sent to Lenovo might they be reading?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “Lenovo’s website hijacked (briefly) by High School Musical-loving hackers”

  1. Martin

    I guess that's poetic justice for Lenovo and what goes around, comes around. Perhaps they will now think twice before installing spyware and crapware into their new systems.

    I think this is not the first time Lenovo have had issues of this kind. As I recall, there was an issue with some of their PCs having hardware backdoors in a while back.

    I don't think I or any of my clients will be shopping with them anytime soon.

  2. Coyote

    "What's happened here is someone has managed to meddle with Lenovo.com's DNS entry, pointing it away from Lenovo's own servers and to a webpage under the control of the mischievous hackers."

    Are they really editing the zones (so the DNS RRs) or are they rather poisoning the cache ? Because there's a big difference… and if they are editing the zones, then that registrar has a far serious issue on their hands.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.