After Spyware Fiasco, Critics Hijack Lenovo.Com Email and Web Servers

Following revelations that Lenovo preinstalled insecure software on consumer laptops, attackers commandeered the company's Lenovo.com domain name, which allowed them to intercept the Lenovo’s e-mail and impersonate its Web pages.

To pull off this stunt, someone compromised a Lenovo account at domain registrar Web Commerce Communications, and changed the IP address that gets called up when people type Lenovo.com into their Web browsers or e-mail applications.

People trying to navigate to the legitimate Lenovo servers were redirected to a stand-in site that was controlled by the attackers. Marc Rogers, principal security researcher at content delivery network CloudFlare, said the new IP address pointed to a site hosted behind his company's name servers.

"We took control as soon as we found out (minutes after it happened) and are now working with Lenovo to restore service," Rogers said. "All we saw was the domain come in to us, at which point we took immediate action to protect them and their service."

The attackers posted an image through the LizardCircle Twitter account, displaying an e-mail sent by an outside PR person to several people inside Lenovo's PR department.

Lenovo officials later issued a statement that read:

Unfortunately, Lenovo has been the victim of a cyberattack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public facing website.

We regret any inconvenience that our users may have if they are not able to access parts of our site at this time. We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information and experience.

We are also working proactively with 3rd parties to address this attack and we will provide additional information as it becomes available.

People who visited the site during the incident saw a slideshow featuring a woman with dark hair sitting in what appeared to be a bedroom. When clicked, the images led to a Twitter account that sharply criticized Lenovo for preloading some of its computers with targeted advertising software that completely broke encrypted connections to websites. The software, provided by a company called Superfish, provided bad guys with an inexpensive and easy way to spoof Bank of America, Google, or any other website on the Internet without detection.