China's Lenovo becomes victim of cyber-attack

Image source, Reuters
Image caption,
Lenovo said it was "actively reviewing" its network security

Chinese computer maker Lenovo has become the victim of a cyber-attack following a warning by the US government about software called Superfish.

The Superfish adware program - which offered shopping tips - was shipped on some of the company's notebook devices.

A hacking group called Lizard Squad claimed responsibility for the Wednesday attack via Twitter.

The group has taken credit for several other attacks, including one on Sony.

"One effect of this attack was to redirect traffic from the Lenovo website," Lenovo said in a statement. "We are also actively investigating other aspects.

"We are responding and have already restored certain functionality to our public-facing website."

The firm also said it was "actively reviewing" its network security and would take steps "to protect the integrity of our users' information and experience".

Last week, the computer-making giant said it was offering customers a tool to help them remove the pre-installed software after experts warned that it was a security risk.

The firm then said it had disabled the software because of customer complaints.

Image source, Getty Images
Image caption,
One security researcher said the hackers altered DNS records to redirect traffic

In a later statement, however, the company said it was aware of security risks about the software and was focused on fixing it.

Superfish was designed to help users find products by visually analysing images on the web to find the cheapest ones.

According to one security expert, the hackers managed to hijack the Domain Name Servers (DNS), which convert the web addresses users type into the IP addresses used by the internet.

Cybersecurity blogger Brian Krebs wrote that they were able to do so after gaining access to Lenovo's domain name registrar Webnic.

Citing two hackers who he said had been working to expose Lizard Squad, he wrote that the attackers exploited a vulnerability within Webnic to discreetly gain access to its network and then alter the DNS records to divert traffic to where they wanted it to go.

On Twitter, Lizard Squad also released what it said were emails stolen from Lenovo employees and codes used to transfer web domains to other registrars.

Webnic's site was inaccessible but a company representative acknowledged the outage and told Mr Krebs: "We're still in the investigation stage."

On Tuesday, Lizard Squad claimed to have carried out a similar attack on Google's Vietnamese domain, which is also registered with Webnic.