Lizard Squad Claims Lenovo DNS Attack
Those pesky reptiles who shut down XBox Live on Christmas Day, were implicated in the Sony breach, and later proved to know next to nothing about securing a PHP form, have been implicated in a Domain Name Server redirection attack on Lenovo.com.
Unfortunately, Lenovo has been the victim of a cyber attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects of the attack. We are responding and have already restored certain functionality to our public facing website.
A DNS attack is nothing like a traditional server breach. It simply means that the attacker has compromised the domain credentials of the website in question and – usually very briefly – can send incoming requests to a server of the attacker’s choosing. This type of attack is also referred to as “pharming,” though in this case what we’re talking about is simple defacement.
For a brief time on 25 February, Lenovo.com resolved a simple webpage featuring images of some scene kid and the song “Breaking Free” from High School Musical. They retitled it @LizardCircle, which is a Twitter handle connected to the group. The metadata of the page described it as “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” You may recall that these are two individuals publicly named as responsible for some of Lizard Squad’s activities.
Scanning their new Twitter feed makes at least one thing clear: this attack was related to the Superfish Scandal. However, the scope of the attack indicates that no actual server data was compromised.
“The Only Underground Market Accepting Paypal”
The group’s Twitter account – the latest in a series of such, as their accounts are routinely deleted from the social network – links to a rather interesting website, Lizardstresser.su. This site was initially so poorly coded that Eric Zhang was able to compromise it in no time flat, dumping the more than 1500 users’ information into a Pastebin.
It has gone through an evolution, and now boasts ownership by “Shenron, LLC.” It claims to be an underground market accepting Paypal:
Previously, it has had other mottoes.
“Shenron” is the name of a character from the popular anime show DragonballZ, a “divine dragon,” or, essentially, God of all lizards. The process of verifying whether an LLC is unnecessarily long in the age of the internet, so Hacked cannot currently confirm whether Shenron, LLC is an actual, legitimate business or not.
If it is, that means a name is attached to it, a real identity, and that will obviously give investigators something to go on; which, of course, makes the notion of this being a legitimate business rather hard to fathom. The purpose of LizardStresser is expressly illegal: they offer DDoS attacks – as well as other low-level anti-social computer services – for money.
Google Vietnam Compromise
The Lenovo attack followed a more prominent attack of two days ago, in which the group redirected Google.com.vn to another hastily made page that claimed responsibility. Perhaps the funniest part of this episode was claiming that Brian Krebs as one of their own. Krebs, as you may have read, has been dealing with the group for some time now.
The group ruminated on its recent “success” via Twitter, wondering what it should do now that it has conquered the world (sarcasm intended).
Featured image by Shutterstock.