Hacker cracks TinyURL rival, redirects millions of Twitter users

'Single point of failure' in Cligs short URL service shunts 2.2 million addresses to blogger

A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today.

After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than 2.2 million Web addresses were redirected to Kevin Saban's blog, which appears on the Orange County Register's Web site. Noticing a dramatic upswing in traffic, Saban -- who uses Cligs in his Twitter messages to shorten URLs -- contacted Pierre Far, the creator of Cligs.

"Quite curious," was how Graham Cluley, a senior technology consultant with security company Sophos, put it. "Our first thought was that it was a spam campaign, that the hack would redirect [users] to a porn site perhaps, but it seems that [Saban] was entirely innocent. Very bizarre."

Cluley's take was fueled by the assumption that the vast majority of criminal activity on the Internet is based on the profit motive, and here there didn't seem to be one. "Maybe this was a mistake on the part of the hackers," he said. "Maybe they just got the [shortened] URL wrong, and meant to direct users to a different site."

That site, he said, could have been a malware-infected address where exploits lay in wait. Or to a spam destination, since spammers have used shortened URLs

Cligs currently doesn't register in the top five shortening services used on Twitter, according to Tweetmeme, which ranks bit.ly and TinyURL in the No. 1 and No. 2 spots, so the hack could have been significantly worse if it had happened on one of those services.

Cluley's point: "There was one single point of failure here," he said. "They only had to hack one thing, the Cligs service, to affect millions of URLs."

Early yesterday, Cligs acknowledged the hack, which had exploited a vulnerability in its editing function. "I've identified the hole and disabled all cligs editing for now and I'm restoring the URLs back to their original destination states," said Far, Cligs' creator, in a blog post. "However, the most recent backup is from early May, and so we may have lost all URLs created since then. My daily backups with my host were turned off for some reason, which is another story."

Far said that the attacker's IP address resolved to a Canadian address.

Cluley, meanwhile, recommended that users install add-ons to their browsers that expand shortened links to see the actual, underlying destination. "With short URLs, you don't know where you're going until you get there," he said. "We recommend that you use an add-on which expands the URLs. You get a preview -- they're not 100% protection, of course, because legitimate sites can be infected as well -- but they're better than nothing."

Twitter, by far the biggest micro-blogging site and user of short URLs, should be doing more to keep users safe, Cluley said. "There's an option to expand the link view when you search Twitter," he said. "Why don't they offer that in the regular stream?"

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags hackerstinyurltwitter

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?