Hackers Lizard Squad hijacked the Malaysian registrar Webnic.cc in order to gain attack both Google’s Vietnam domain and Lenovo.com.
According to security blogger Brian Krebs, Webnic.cc serves 600,000 other domains. As a result of the control, on Monday Google.com.vn briefly redirected visitors to a page that read, “Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas).” The message also included a link to the group’s Twitter page and its Lizard Stresser online attacks-for-hire service.
The group also took credit for hacking Lenovo.com. According to a report in The Verge, the HTML source code for Lenovo.com was changed to read, “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” Both men were part of the hacker collective known as Hack The Planet.
King and Godfrey told Krebs that Lizard Squad used a command injection vulnerability in Webnic.cc to upload a rootkit to give them persistent access to that system.
Andrew Hay, director of security research at OpenDNS,confirmed that Lizard Squad was using Digital Ocean’s Netherlands data centre for hosting. “Two defacements in a single week is normally nothing, but two extremely high-profile defacements from the same registrar in the same week is a definite trend. We may see more redirections of domains that were registered with Webnic.cc in the coming days,” he said.
Ken Westin, senior security analyst at Tripwire, said: “The recent hack and website defacement of the Lenovo website adds another black eye to an already suffering brand. As a result of getting their hands caught in the privacy invading cookie jar with the deployment of the Superfish adware which compromised their customers’ privacy and security, they have made themselves open targets for a number of hacking groups who have essentially declared it open season against Lenovo for their questionable practices.”