At approximately 4pm EST yesterday the Lenovo.com website took a turn for the strange: visitors were treated to a video slideshow of a random teens set to the tune of “Breaking Free” from High School Musical. All this courtesy of infamous Internet mayhem group Lizard Squad.

Until recently, Lizard Squad appeared to be a poor-man’s-LulzSec: taunted gaming networks from the shadows, used distributed denial of service (DDoS) attacks that a non-technical attacker could easily just purchase, re-purposed source-code to open a  DDoS-for-hire-website, engaged in a spat with security researcher Brain Krebs, and generally made a nuisance of themselves.

Lizard Squad’s “upgrade” in technical skills now includes domain name service hijacking, which is certainly more technical than a DDoS attack.

According to a tweeted screenshot of Lenovo.com’s DNS records the apparent defacement occurred because of a domain record hijack.

There’s your problem, @lenovo. pic.twitter.com/H4uIstGnoe

— Jonathan Zdziarski (@JZdziarski) February 25, 2015

In this type of attack, an attacker injects fake domain name records between a website and visitors so that people are redirected where the attacker wants them to go. As a result, it’s obvious that the attackers of Lenovo’s website did not “break into” the site, only redirected information flowing from and to the site externally.

This is also likely why most of the apparent communications captured by Lizard Squad appear to be customer service related.

The slow cybercriminal growth of Lizard Squad

This event comes after Lizard Squad’s last foray of Internet mayhem, claiming credit for hijacking the front page of Google Vietnam. These acts of web page vandalism appear to be moving the group away from being a simple mayhem squad, and into the realm of effecting more vandalism similar to LulzSec.

Last year, Lizard Squad seemed content to stick to distributed denial of service (DDoS) attacks against gaming networks. This included a massive Christmas Day siege of Xbox Live and PlayStation Network, but the group did not appear to have the technical capability to break into and deface websites or spoof and redirect DNS queries.

Lizard Squad has shown a growing interest in every segment of underground and hacker culture including openly selling DDoS-for-hire with the Lizardstresser.su website. A website which the group appears to be attempting to change into a Silk Road-style black market called Shenron.

To date, Lizard Squad’s technical (or hacker) expertise has not been very sophisticated. In fact, security researcher Brain Krebs has in the past posted scathing examinations of the Lizard Squad’s apparent incompetence, such as in January when the Lizardstresser site was hacked and its customer database leaked.

This recent foray into more complex DNS hijacks and vandalism seems to be an outgrowth by Lizard Squad that expands their cybercriminal tool belt.

Of course, those tools have simply changed from the cyber-equivalent of throwing rocks and playing loud music to drown everyone out (DDoS) to a different type of cyber-vandalism similar to defacing a billboard.

Image credit: Lizard Squad avatar from Twitter @LizardCircle