Site hacked after adware blunder
Updated: 2015-02-27 07:10
By Bloomberg(China Daily USA)
|
|||||||||
Lenovo Group Ltd's website was hijacked and users were redirected less than a week after the company was criticized for pre-installing advertising software on consumer laptops that exposed users to hacking.
The company said it had restored some functionality to the site after customers reported a breach in which they saw videos of young people looking into Web cameras, with the song Breaking Free from the movie High School Musical playing in the background.
Some employee e-mails were also leaked by a hacking group called the Lizard Squad, according to postings on Twitter. The group has previously targeted Sony Corp's online PlayStation video-game network.
The hackers apparently took over Lenovo's site by altering the records with the domain-name registrar used by the company, according to Matthew Prince, co-founder and chief executive officer of CloudFlare Inc, a San Francisco-based security company.
Last week, Lenovo apologized to customers and pushed out fixes to remove software made by a company called Superfish that Lenovo pre-installed on many consumer devices.
"This may be another small hit to brand image for Lenovo," said Dan Baker, an analyst at Morningstar Inc in Hong Kong. "It looks like the hackers were unhappy with the Superfish episode and did this as payback."
The attackers used a free CloudFlare account to disguise their origins, Prince said, and then redirected traffic from lenovo.com to CloudFlare's network. CloudFlare disabled the account used by the attackers, Prince said.
"One effect of this attack was to redirect traffic from the Lenovo website," Lenovo said in an e-mailed statement. "We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public-facing website."
The Beijing-based company said it was reviewing network security and would take steps to bolster the site and protect user data.
The world's largest maker of personal computers faced criticism from cybersecurity specialists regarding Superfish's ability to monitor Web behavior and suggest advertisements based on images that a user might be viewing. The technology essentially broke the encryption between Web browsers and banking, e-commerce and other sites that handle sensitive information, potentially exposing machines to hacking.
The hack of lenovo.com was corrected in about an hour, said Andrew Hay, director of security research at OpenDNS, a San Francisco-based security company. Based on publicly accessible information, the attack involved altering the records of Lenovo's domain-name registrar, which is Web Commerce Communications Ltd, located in Kuala Lumpur.
"The major walking-away point is all those domains you registered years ago. It's time to go back and look at the settings," Hay said.
An attack against a company's domain-name registrar is not an attack directly against the company itself. It is a circuitous way to hijack a company's Web traffic by telling Internet servers to go to a different address than the company's homepage.
A Lenovo Group Ltd outlet in Qingdao, Shandong province. The Beijing-based company said it was reviewing network security and would take appropriate steps to protect user data after the hacking of its website. |
(China Daily USA 02/27/2015 page17)
- Inside a Taobao village
- Testing mettle: Students appear for art college exam
- Top 10 best-selling SUVs in Chinese mainland in 2014
- The eighth nine days: wild geese are flying back
- China's biggest Akhal-Teke horse base
- Chengdu citizens visit Du Fu Thatched Cottage to mark Human Day
- Tencent gifts red envelopes to employees
- Throwing coins to please God of Wealth
Most Viewed
Editor's Picks
Spring Festival trends reflect a changing China |
Patent applications lead the world |
BC lures Chinese tourists |
Festival Special: Apps that make holiday shopping easier |
Alibaba places China smartphone business bet with $590m Meizu deal |
China, US vow to deepen military relations |
Today's Top News
China, US work to make Xi's visit successful
Challenges loom as meetings approach
Chinese smartphone company seeks more gains in US
Obama blames immigration woes on Republicans
New fighter jet ready for PLA
Why China's youth is getting the needle
Most Chinese forced to return home were living abroad illegally
US State Dept calls for cyber security boost
US Weekly
Geared to go |
The place to be |