Lizard Squad claim attack on Lenovo days after Superfish

Lizard Squad has claimed responsibility for an attack on Lenovo’s website just a week after the company was accused of shipping laptops with the vulnerable adware Superfish installed.

The hackers seemingly replaced the manufacturer’s website with images of an unidentified youth, displayed with a song from the Disney film High School Musical playing in the background.

Taking to a new Twitter account that has only been active a matter of days, the Lizards also posted emails alleged to be from Lenovo, leading some to speculate that the mail system had been compromised.

Whilst some have seen the attack as retaliation for the Superfish bug, it is also possible that Lizard Squad are jumping on the event merely to promote their own hacking services.

The attack comes some days after a redirection from Google Vietnam’s site led visitors to a message reading: "Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)."

Antichrist, sp3c, Komodo and Ryan have all been identified as members of Lizard Squad in the past, whilst Brian Krebs is a security blogger whose site was disrupted for several days by the hacking group.

Many sites have reported that Godfrey and Ryan King, whose names were both found in the source code of Lenovo’s hacked site, have been publicly identified as members of Lizard Squad in the past. CBR could find no record to attest to this.

Both people have been connected to the former hacking group Hack The Planet, according to Krebs, an outfit that Lizard Squad member Julius Kivimaki, who goes by the aliases "zeekill" and "ryan", was also said to have been involved with.

"However, both King (a.k.a "Starfall") and Godfrey ("KMS") have been quite publicly working to undermine and expose the group for months," Krebs wrote on his blog.

Various reports have attributed the attack to a hijacking of the domain name system (DNS), which connects readable URLs to real IP addresses, and if corrupted could send users to other, potentially malicious, websites.