Has TechCrunch been hacked?

Filed Under: Phishing, Vulnerability

The old technews.techcrunch.com websiteWell, perhaps not.. but certainly, something very strange is going on.

Back in June 2008, technology uber-blog TechCrunch announced its own news aggregator service called "TechNews" which had more than a passing similarity to Reddit.

TechCrunch announced that the system was currently on one of its test servers.

Whatever happened next to TechNews is lost in the mists of time.. all I know for sure is that it didn't set the world on fire.

So, what happens if you visit technews.techcrunch.com today? Here's what you see:

This is what you see if you visit technews.techcrunch.com

And yes, that really is technews.techcrunch.com that I have visited. Check the url in the browser's location bar if you don't believe me.

Close-up of what you see if you visit technews.techcrunch.com

Black Oak Asset Management claims to be a legitimate firm based in Cartersville, Georgia. To all intents and purposes the website looks legitimate, the links work and there's no obvious indication that the page has been set up for the purposes of phishing.

So, the weird thing about it is that it's on a subdomain at techcrunch.com (in fact, it's at two subdomains, because it's also at primaries.techcrunch.com).

Has TechCrunch's test server been hacked? Or has there been a goof-up involving DNS and IP addresses that means anyone visiting those TechCrunch domains now ends up on an asset management website.

It's really most peculiar, and maybe the problem will get fixed soon by TechCrunch's IT team. But in the meantime, it's a timely reminder for all companies managing web servers to keep a close eye on their old domains, just in case one of them starts to offer webpages that shouldn't be there.

This isn't the first time that TechCrunch has had problems with its websites, of course. In September 2010 we reported how TechCrunch Europe was serving up malicious code to web visitors.

Update: The issue now seems to have been fixed, presumably by someone at TechCrunch's end. Good job!

Further update: Vineet from TechCrunch has been in touch, with an explanation of what went wrong. Here it is..

Hi Graham,

Thanks for pointing out the subdomain issues on TechCrunch this morning. TC was not hacked :)

In the past, we had our own test server on this IP (hosted at MediaTemple) for those subdomains (technews, primaries and so on). We have long stopped using MT as our hosting provider. It seems that the IP is now used by someone else, Black Oak in this case. I believe this is what happened since the subdomains have existed for a long time and no one likely noticed the change of IP ownership.

I have deleted the DNS mappings for the subdomains in question.

Let me know if you have any questions.

thanks,
Vineet

Mystery solved. Nice one Vineet!

, , , , ,

You might like

9 Responses to Has TechCrunch been hacked?

  1. Mark L · 1017 days ago

    primaries.techcrunch.com also connects to this site. That is the first item when you search on Google.

  2. wwwpixime · 1017 days ago

    looks like MediaTemple is the block owner for 70.32.92.201 but DNS for both is handled by WordPress.com. Any thoughts?

    • WordPress? Perhaps a screw-up due to today's web blackout protest against the SOPA/PIPA antipiracy legistlation in the United States? WordPress is one of the sites participating.

      • TechCrunch, like Naked Security, uses WordPress VIP for its infrastructure.

        I doubt that the SOPA/PIPA blackouts are the cause of this glitch however.

  3. Kate · 1017 days ago

    Can't do a realtime whois lookup for this domain (too many connections, apparently) but the domain was registered in March 2009. DNS foul-up, I suspect.

  4. wwwpixime · 1017 days ago

    technews.techcrunch.com no longer resolves! someone fixed the DNS misconfig!

  5. ZeroOne · 1017 days ago

    Good find mate.

  6. Miguel C · 1017 days ago

    I blame SOPA.

  7. DNS screw up. Happens all the time. It happened to me once and I ended up with phenomenal traffic on a dead website ip address

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.