16 Jun 2009
Popular short URL service hacked and millions redirected
Cligs service suffers from hack attack
IT security and control firm Sophos is advising computer users
to be wary of shortened URLs and to consider running a plug-in that
will expand links before clicking on them. The warning follows news
that Cligs, recently ranked as the fourth most popular URL
shortening service on Twitter, has been hacked and on Sunday was
redirecting millions of cli.gs links to a story about Twitter
hashtags by blogger Kevin Sablan of the Orange County Register.
Sophos experts note that URL shortening services like TinyURL,
bit.ly and is.gd have increasingly become part of many computer
users' everyday lives with the surge in popularity of
micro-blogging websites like Twitter.
Sablan noticed the unexpected rise in traffic on Monday morning
and has subsequently blogged about the experience of having 2.2
million links temporarily pointing to his blog post. A statement on
the Cligs website suggests that a security vulnerability in its
edit functionality allowed a malicious hacker to change the
destination of millions of shortened URLs. The company also
admitted that it hasn't been getting daily backups since early
May.
"While Cligs is nowhere near as popular as the likes of TinyURL,
it is still used by a substantial number of people, so you can
imagine the disruption that can be caused if links no longer go
where they are supposed to," said Graham
Cluley, senior technology consultant at Sophos. "These services
are becoming indispensable with more and more people using Twitter
and needing to make their point in 140 characters or less, but this
is not the first time we have seen spammers and hackers abusing
these systems. While it's not clear what the intentions of the
fraudsters were in this case, they could have easily redirected
millions of shortened URLS to a website hosting malware. While
these services should be making their systems as secure as
possible, similar incidents are likely to happen again, and so it's
important that computer users don't automatically trust links on
websites like Twitter."
Über Sophos
Mehr als 100 Millionen Anwender in 150 Ländern verlassen sich auf Sophos als den besten Schutz vor komplexen IT-Bedrohungen und Datenverlust. Sophos bietet dafür Security- and Data-Protection-Lösungen an, die einfach zu verwalten, zu installieren und einzusetzen sind und dabei die branchenweit niedrigste Total Cost of Ownership bieten. Sophos bietet preisgekrönte Verschlüsselungs- und Endpoint-Security-Produkte, darüber hinaus Lösungen für Web- und E-Mail-Sicherheit sowie Network Access Control (NAC). Das Angebot wird von einem weltweiten Netzwerk eigener Analysezentren, den SophosLabs, unterstützt. Mit mehr als 20 Jahren Erfahrung gehört Sophos laut den Top-Analystenhäusern zu den führenden Unternehmen für IT-Sicherheit und Datenschutz und hat zahlreiche Branchenauszeichnungen erhalten.
Sophos hat seinen Hauptsitz in Boston, USA, und Oxford, Großbritannien. In Deutschland ist das Unternehmen in Wiesbaden und in Österreich sowie der Schweiz je an einem Standort vertreten. Weitere Informationen unter: www.sophos.de.