Lenovo website breached, hacker group Lizard Squad claims responsibility

Friday, 27 February 2015 00:00 - - {{hitsCtrl.values.hits}}

People stand under a sign showing the Lenovo company at a computer market in Shanghai – REUTERS Reuters: Chinese computer and smartphone firm Lenovo Group Ltd said its website was hacked on Wednesday, its second security blemish days after the US government advised consumers to remove software called ‘Superfish’ pre-installed on its laptops. Hacking group Lizard Squad claimed credit for the attacks on micro blogging service Twitter. Lenovo said attackers breached the domain name system associated with Lenovo and redirected visitors to lenovo.com to another address, while also intercepting internal company emails. Lizard Squad posted an email exchange between Lenovo employees discussing Superfish. The software was at the centre of public uproar in the United States last week when security researchers said they found it allowed hackers to impersonate banking websites and steal users’ credit card information. In a statement issued in the United States on Wednesday night, Lenovo, the world’s biggest maker of personal computers, said it had restored its site to normal operations after several hours. “We regret any inconvenience that our users may have if they are not able to access parts of our site at this time,” the company said. “We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information.” Lizard Squad has taken credit for several high-profile outages, including attacks that took down Sony Corp’s PlayStation Network and Microsoft Corp’s Xbox Live network last month. Members of the group have not been identified. Starting 4 p.m. ET (2100 GMT) on Wednesday, visitors to the Lenovo website saw a slideshow of young people looking into webcams and the song ‘Breaking Free’ from the movie ‘High School Musical’ playing in the background, according to technology publication The Verge, which first reported the breach. Although consumer data was not likely compromised by the Lizard Squad attack, the breach was the second security-related black eye for Lenovo in a matter of days. The US Department of Homeland Security said in an alert last Friday that the Superfish program, which came pre-installed on nearly a dozen Lenovo laptop models, makes users vulnerable to a type of cyber attack known as ‘SSL spoofing’, in which remote attackers can read encrypted web traffic, redirect traffic from official websites to spoofs, and perform other attacks. Lenovo has since released software to remove Superfish while pledging to never install it on future shipments.

Former McAfee President leaves Intel to run ForeScout

Reuters: Mike DeCesare, a senior executive with Intel Corp’s security group, has left the company and taken a job running privately held cybersecurity firm ForeScout. DeCesare, who was named co-president of Intel’s McAfee security subsidiary in July 2011, told Reuters via email that he left Intel last month and has been hired as chief executive of Campbell, California-based network security firm ForeScout. He was one of only a handful of executives from McAfee who still remained at Intel. In February 2011, Intel bought McAfee for $ 7.2 billion (4.65 billion pounds). In September of last year, it hired Cisco Systems Inc executive Chris Young and named him head of its security group.