CYBERSPACE — When you have 140 characters available to pimp your ride, keeping your message simple and direct is essential. Twitter users who want to share web links frequently use URL shorteners in order to stay within the character limit and still have room to make a quick point. Alas, the popularity of the Web 2.0 technology has not gone unnoticed by people with less than honorable intent. Recently users of the hipper than thou Twitter.com service have been plagued by an assortment of nefarious hack and viral attacks, with the latest striking at the very heart of the medium’s brevity.

According to ComputerWorld.com, 2.2 million Twitter users found themselves non-consensually exposed to Orange County Register blogger Kevin Saban’s column, thanks to a hack assault on Cli.gs, a TinyURL.com and bit.ly shortening service competitor.

When Saban noticed an enormous upswing in the number of hits his blog was receiving, he contacted Pierre Far, the creator of Cligs, which Saban has used to shorten URLs in his Twitter messages.

Cligs acknowledged the hack on Monday, observing that it had exploited a vulnerability in its editing function.

“I’ve identified the hole and disabled all cligs editing for now and I’m restoring the URLs back to their original destination states,” Far assured in a blog post of his own. “However, the most recent backup is from early May, and so we may have lost all URLs created since then. My daily backups with my host were turned off for some reason, which is another story.”

Far has identified the attacker’s IP address as originating from Canada.

“Our first thought was that it was a spam campaign, that the hack would redirect to a porn site perhaps,” senior technology consultant for Sophos, Graham Cluley, admitted. “But it seems that [Saban] was entirely innocent. Very bizarre.”

Since there appears to be no profit motive to the hack, Cluley thinks that it may not have been carried out properly. “Maybe there was a mistake on the part of the hackers,” he suggested. “Maybe they just got the URL wrong and meant to direct users to a different site.”

Although cli.gs is not one of the more popular URL shortening services, it managed to affect millions of Twitter users. Had a similar assault been directed toward more popular services – and the destination been packed with malware – the results would likely have been even more devastating. Cluley recommends that users install browser add-ons that allow them to view the full URL of any abbreviated domain in order to make sure links lead where they should.

“With short URLs,” he explained, “you don’t know where you’re going until you get there. We recommend that you use an add-on which expands the URLs. You get a preview – that’s not 100-percent protection, of course, because legitimate sites can be infected as well – but they’re better than nothing.”