Fast company logo
SUBSCRIBE
|
FastCo Works
advertisement

The hack was reminiscent of the recent SolarWinds attack, the worst U.S. government cybersecurity breach in history.

Hackers put a back door in a code library that powers 79% of websites

[Photo: rawpixel; Victor Freitas/Unsplash]

BY Mark Sullivan1 minute read

On Sunday some malicious actors tried to install a back door into the PHP code library, a server-side programming language that powers 79% of sites on the internet, including Facebook and Wikipedia.

The attack recalled one of the worst government hacks in history, on SolarWinds, the IT management software used by many government agencies and large U.S. companies. The SolarWinds attackers—widely thought to be employed by Russia’s Foreign Intelligence Service—planted malware in the SolarWinds system that sends out updates to end users.

As in the SolarWinds attack, the PHP hackers targeted the code base of a widely used library so that the changes they made would impact instances of the software run by end users. The hackers attempted to install a back door that would have allowed them to remotely execute changes to the PHP code after it was put into use by websites. Since they might have activated malware, the hackers may have been able to take control of websites, freeze them, or take them offline.

The PHP exploit was first reported by the BleepingComputer blog.

advertisement

The hackers made two additions to the PHP Git repository on Sunday. The attackers signed the first addition using the name of the PHP library’s creator, Rasmus Lerdorf, and the second was made using the name of well-known PHP maintainer Nikita Popov, likely to avoid suspicion. They also tried to disguise the major change to the code base they proposed as something trivial by labeling the additions “Fix Typo.”

The work of the hackers was discovered and reversed during a standard review process on Sunday. Still, this was no trivial event. Popov said in an email to the PHP developer community that Sunday’s incident was likely the result of the git.php.net server being compromised, rather than just a single Git account.

The PHP maintainers have now decided to migrate the official PHP source code library over to GitHub. “We have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” Popov explains in the email.

Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the early-rate deadline, May 3.
PluggedIn Newsletter logo
Sign up for our weekly tech digest.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Privacy Policy

ABOUT THE AUTHOR

Mark Sullivan is a senior writer at Fast Company, covering emerging tech, AI, and tech policy. Before coming to Fast Company in January 2016, Sullivan wrote for VentureBeat, Light Reading, CNET, Wired, and PCWorld More

Explore Topics

advertisement
Tech
News
Co.Design
Work Life