Cligs short url service hacked, millions redirected

Filed Under: Social networks, Spam, Twitter

Cligs logo
URL shortening services like TinyURL, bit.ly and is.gd have increasingly become part of many computer users' everyday lives in the last year or so, with the surge in popularity of micro-blogging websites like Twitter.

The services allow you to shorten a long url like

http://sophosnews.files.wordpress.com/2009/06/cligs-spam.jpggc/g/2009/02/18/neat-add-on-twitter/

to something much snappier like

http://tinyurl.com/c27gqd.

That's important if you need to make your point in 140 characters or less.

On Sunday, one such URL shortening service, Cligs, was hacked redirecting millions of cli.gs links to a story about Twitter hashtags by blogger Kevin Sablan of the Orange County Register (hosted at freedomblogging.com).

Sablan noticed the unexpected rise in traffic on Monday morning, and responded to a message from a redirected internet user:

Blogger Kevin Sablan comments on his blog about his unexpected traffic

Subsequently, Sablan (who is not believed to have been involved in the hack) blogged about the experience of having 2.2 million links temporarily pointing at his blog post.

Cligs was recently ranked as the fourth most popular URL shortening service on Twitter. Although its popularity is dwarfed by the likes of bit.ly and tinyurl it is still being used by a substantial number of people - so you can imagine the disruption that can be caused if links no longer go where they were intended.

A statement on the Cligs website suggests that a security vulnerability in its edit functionality allowed a malicious hacker to change the destination of millions of shortened urls.

Statement from Cligs about hack

Cligs's disaster recovery plan is hampered somewhat by the admission that it hasn't been getting daily backups since early May. Whoops.

It's clear, though, that this hack could have been much worse. It's not yet apparent what the intentions were of the hackers, but they could have just as easily redirected millions of shortened urls to a website hosting malware. That's one of the reasons why it can be helpful to run a plug-in that will expand shortened urls before you click on them.

As an aside, we frequently see spammers abusing shortened url services to try and make life harder for anti-spam filters trying to determine if a link is going somewhere unsavoury.

Here's an example of a spam campaign we saw today which uses a Cligs shortened url to try to sell bulk-mailing software:

Spam email using Cligs shortened url

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.