Lenovo’s website hijacked (briefly) by High School Musical-loving hackers

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Lenovo Everyday the internet seems to get weirder.

Lenovo, which has found itself making security headlines over the SSL-busting Superfish debacle, has had its website briefly hijacked by the notorious Lizard Squad hacking gang.

Not only did the hackers control what visitors to Lenovo.com saw, they also made them listen to the teenybop song “Breaking Free” from Disney’s “High School Musical”.

So you can appreciate the true horror of what the hackers did, here is part of the slideshow that was displayed on the Lenovo website (animated gif by the fine fellows at Gizmodo):

Sign up to our free newsletter.
Security news, advice, and tips.

Lenovo animated gif

And here is the musical soundtrack that was playing underneath this madness:

High School Musical: Breaking Free - Disney Channel Sverige

Which, I think you will agree is rather different than what you normally see on lenovo.com:

Normal Lenovo website

If you clicked on the slideshow, you would be taken to the Lizard Squad’s group Twitter account.

HTML source code

Ryan King and Rory Andrew Godfrey have previously had their names linked to other Lizard Squad attacks. For instance, their names match those displayed in another recent hijacking attack instigated by the Lizard Squad gang against Google’s presence in Vietnam earlier this week.

What’s happened here is someone has managed to meddle with Lenovo.com’s DNS entry, pointing it away from Lenovo’s own servers and to a webpage under the control of the mischievous hackers.

DNS (Domain Name System) is the part of the internet which acts like a huge telephone book – turning the human-friendly names that we type into browsers (“lenovo.com”, “grahamcluley.com”, “microsoft.com”) into the computer friendly numeric IP addresses that the internet loves but non-silicon-based lifeforms have no chance of remembering.

Someone has screwed up, and allowed Lenovo’s DNS entry to be messed with by an unauthorised party, redirecting any legitimate traffic it might have been receiving to a third party webpage.

Clearly, that’s not good at all. And hardly what you want to happen when you’re trying hard to reassure the world that you really do care about security and privacy, and know what you’re doing…

And, unfortunately, this website hijacking may not be the last of Lenovo’s troubles. Lizard Squad has been tweeting images of emails apparently sent from public relations staff to Lenovo’s management, about the DNS hijacking.

Email from PR to Lenovo

Which raises the obvious question – what other emails sent to Lenovo might they be reading?

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

2 comments on “Lenovo’s website hijacked (briefly) by High School Musical-loving hackers”

  1. Martin

    I guess that's poetic justice for Lenovo and what goes around, comes around. Perhaps they will now think twice before installing spyware and crapware into their new systems.

    I think this is not the first time Lenovo have had issues of this kind. As I recall, there was an issue with some of their PCs having hardware backdoors in a while back.

    I don't think I or any of my clients will be shopping with them anytime soon.

  2. Coyote

    "What's happened here is someone has managed to meddle with Lenovo.com's DNS entry, pointing it away from Lenovo's own servers and to a webpage under the control of the mischievous hackers."

    Are they really editing the zones (so the DNS RRs) or are they rather poisoning the cache ? Because there's a big difference… and if they are editing the zones, then that registrar has a far serious issue on their hands.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.