Lizard Squad hacks Lenovo in Superfish revenge attack

Lizard Squad: latest news

(26/02/2015): @janemccallion: Lizard Squad has hacked Lenovo in what appears to be a revenge attack for the Superfish adware scandal. The Domain Name (DNS) hack redirected some, although not all, users trying to access the site to a splash page of Lizard Squad’s own creation. In typical Lizard Squad style, the new page was  designed to confuse visitors, as well as annoy Lenovo, and displayed a slideshow of webcam pictures of kids at their computer, a link to the Lizard Squad Twitter account, and played High School Musical song “Breaking Free”.

More worryingly, the hack also meant Lizard Squad was able to intercept Lenovo’s email for a time, until it was cut off by Cloudflare.

There is one rather odd element to all this, however. According to Engadget, the HTML code named Ryan King and Rory Andrew Godfey as featureing in the so-called “new and improved rebranded” Lenovo site. These two have been identified as members of Lizard Squad by some internet posters, which does raise the question of why they would expose themselves in quite such an audacious way. Sadly, we have no answer for this other than to say the groups behaviour can be somewhat erratic at times, and their bravado is seemingly without limit.

Lenovo reached out to PC Pro, confirming the company had been the victim of a cyber attack, resulting in people being redirected. The company also said it’s “actively investigating other aspects”, although it didn’t elaborate on what they may be.

“We are actively renewing our network security and will take appropriate steps to bolster our site and protect the integrity of our users’ information and experience,” the company added.

What is Lizard Squad?

While they might not be as famous as Anonymous, Lizard Squad have gained a reputation as successful and disruptive hackers over quite a short period of time.

The group came into the public consciousness in mid-August 2014, when it tweeted there was a bomb aboard a plane carrying Sony Online Entertainment’s president and claimed responsibility for a DDoS attack carried out simultaneously on Sony’s PlayStation Network (PSN). However, it had caught the attention of some gamers beforehand with attacks on online multiplayer games League of Legends, Runescape and World of Warcraft over the preceding week.

At the time, the group said it was allied to Isis, stating it has “planted the ISIS flag on Sony’s servers”. However, despite reiterating this claim on a Reddit AMA, it seems the move was to gain notoriety and publicity, rather than having a genuine link to the terrorist group, which had only really started to come into the public eye in June that year.

And then, just like that, they disappeared.

Lizard Squad version 2.0

After about four months of hibernation, Lizard Squad came spluttering back to life with a new Twitter account and some familiar targets.

The first flicker of life in the old reptile was an attack on the servers of online multiplayer game Destiny on 23 November, which lasted a few hours, followed by brief attacks on Xbox Live, PSN and American gaming site Machinima, which took place over the next two weeks.

Their most notorious hack, however, came over Christmas 2014, when the group managed to take down PSN and Xbox Live simultaneously on both 25 and 26 December. The attack, which was roundly criticised as a heartless, scrooge-like move, apparently came to an end only when Kim Dotcom, founder of Mega Upload, Mega, and the New Zealand Internet Party, gave Lizard Squad $300,000 worth of free vouchers for his Mega secure online storage service.

What’s unclear is if the people behind Lizard Squad at the turn of 2015 were the same as those using the name in the summer – the Twitter feed at least seems to have changed in terms of tone and cadence, although there’s no way to confirm either way.

Lizards in captivity

You can’t arrest a lizard

— Lizard Squad (@LizardMafia) January 18, 2015

As usual, the fun and games didn’t last for ever and over the last few weeks of December and first few weeks of January, alleged members of Lizard Squad started to be scooped up by law enforcement agencies in the UK and Finland. Julius Kivimäki, a 17-year-old resident of Helsinki, was arrested shortly after allegedly giving an on-camera interview to Sky News, which was first run on 27 December.

Another alleged member of the group, Vinnie Omari, also gave an interview to Sky News, although he claimed to be a “computer security analyst”. However, police claimed to have matched his voice with that of one of the self proclaimed hackers who gave an interview to BBC Radio 5 Live on Boxing Day, leading to his arrest.

After a little bit of a lul, another arrest was made on 16 January, the BBC reported, this time of an 18-year-old male from Southport, who is also alleged to have connections with Lizard Squad.

However, someone is still running the Lizard Squad Twitter account with seemingly limitless amounts of bravado, although the last tweet was sent on 18 January, so it would seem there are at least a few Lizards still out in the wild.

How is Lizard Squad different from Anonymous?

Lizard Squad, as much as they despise Anonymous, are somewhat similar to the latter group when it first appeared. Now, however, they’re quite different, with Anon having taken on a more political colour over the past few years.

Lizard Squad also has what might be considered a truer cyber criminal element, rather than being hacktivists. The group ran a botnet-for-hire system, LizardStresser, that could be used by others to carry out DDoS attacks – for a fee, of course. In a slight twist of irony, however, LizardStresser, was hacked on 15 January, allegedly exposing the details of all who had paid for its use.

It’s also arguable that accepting payment from Kim Dotcom to end the attacks on PSN and Xbox Live was, in effect, extortion, even if Sony and Microsoft didn’t pay up themselves.

What’s with the Lizard Squad avatar?

Well, the bearded dragon (we know our lizards at PC Pro) is self explanatory. The top, hat monacle and waistcoat are a reference to the meme “Feel Like A Sir”, which was popularised by ill-fated hacking group LulzSec. The pipe and bowtie are an additional spin on the meme.