UPDATED 14:27 EDT / FEBRUARY 26 2015

Lenovo.com hijack raises Lizard Squad’s cybercriminal cred slightly

lizardsquadAt approximately 4pm EST yesterday the Lenovo.com website took a turn for the strange: visitors were treated to a video slideshow of a random teens set to the tune of “Breaking Free” from High School Musical. All this courtesy of infamous Internet mayhem group Lizard Squad.

Until recently, Lizard Squad appeared to be a poor-man’s-LulzSec: taunted gaming networks from the shadows, used distributed denial of service (DDoS) attacks that a non-technical attacker could easily just purchase, re-purposed source-code to open a  DDoS-for-hire-website, engaged in a spat with security researcher Brain Krebs, and generally made a nuisance of themselves.

Lizard Squad’s “upgrade” in technical skills now includes domain name service hijacking, which is certainly more technical than a DDoS attack.

According to a tweeted screenshot of Lenovo.com’s DNS records the apparent defacement occurred because of a domain record hijack.

In this type of attack, an attacker injects fake domain name records between a website and visitors so that people are redirected where the attacker wants them to go. As a result, it’s obvious that the attackers of Lenovo’s website did not “break into” the site, only redirected information flowing from and to the site externally.

This is also likely why most of the apparent communications captured by Lizard Squad appear to be customer service related.

The slow cybercriminal growth of Lizard Squad

 

This event comes after Lizard Squad’s last foray of Internet mayhem, claiming credit for hijacking the front page of Google Vietnam. These acts of web page vandalism appear to be moving the group away from being a simple mayhem squad, and into the realm of effecting more vandalism similar to LulzSec.

Last year, Lizard Squad seemed content to stick to distributed denial of service (DDoS) attacks against gaming networks. This included a massive Christmas Day siege of Xbox Live and PlayStation Network, but the group did not appear to have the technical capability to break into and deface websites or spoof and redirect DNS queries.

Lizard Squad has shown a growing interest in every segment of underground and hacker culture including openly selling DDoS-for-hire with the Lizardstresser.su website. A website which the group appears to be attempting to change into a Silk Road-style black market called Shenron.

To date, Lizard Squad’s technical (or hacker) expertise has not been very sophisticated. In fact, security researcher Brain Krebs has in the past posted scathing examinations of the Lizard Squad’s apparent incompetence, such as in January when the Lizardstresser site was hacked and its customer database leaked.

This recent foray into more complex DNS hijacks and vandalism seems to be an outgrowth by Lizard Squad that expands their cybercriminal tool belt.

Of course, those tools have simply changed from the cyber-equivalent of throwing rocks and playing loud music to drown everyone out (DDoS) to a different type of cyber-vandalism similar to defacing a billboard.

Image credit: Lizard Squad avatar from Twitter @LizardCircle

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU