80% of websites were almost hacked by a hacker

By using words properly, one of the worst disasters that could have happened in the digital sector was avoided.

Indeed, during the week, it was discovered that a cybercriminal had managed to break into the source code of what appeared to be a future version of PHP. The idea of the cybercriminal was to insert a backdoor into the code to be able to access the contents of the sites covered by the software. Fortunately, this small feat that could have had great consequences was detected at the right time, which then saves a large part of the websites that could have been vulnerable.

This article will also interest you: The Doctissimo website, in the crosshairs of the CNIL for violating the European data protection regulation

Indeed, it should be remembered that 80% of websites operating on the Web use the programming language PHP.

As for the cybercriminal on his side, as if to taunt his ex-future victims this time, he signed his action with the names of 2 developers well known for the language. "The clerks were discovered as part of a routine review of the code. It was pretty obvious that both changes were malicious, and they were immediately cancelled," said Nikita Popov, one of the developers whose identity was spoofed.

It was last Sunday that the changes to the new version of PHP were discovered by the program's security team. During the day, specialists can update the lines of code that have been added to the source code.

To camouflage his action, the cybercriminal after sold an act of correction of typo in the source code. An action so well executed that one would have thought it was the work of fairly reputable developers of the PHP language.

According to other information provided by the security team, the hacker managed to corrupt the server managed by the organization in charge of the PHP language.

If the server has been corrupted. However, the programmer's account was not affected. The 8.1 version of PHP, which is currently under development, will be available to them by the end of 2021. The cybercriminal would have liked to take advantage of this provision. In the event that the backdoor that had tried to be inserted into the new version had not been discovered in time, many users would still have downloaded it through the update believing that everything was safe. As the hacker could then have taken control of 80% of the websites. With the consequences that could have ensued we can say then that we were able to escape beautiful.

For the time being, investigations are continuing to identify the cyber criminals behind this attempt.

In addition, the company specializing in security breach buybacks, Zerodium is in any way singled off in the face of this attempt. Indeed, in order to be able to use the backdoor if the update had actually been deployed with the cybercriminal's changes, the cybercriminal's password was "Zerodium". Obviously this can be a mere coincidence or a farce. However, the distrust is still real on the company side. Indeed the latter has a bad reputation, especially since it is used to buying security vulnerabilities and then using them as it pleases. On Twitter, Zerodium's boss, Chaouki Bekrar, sought to clear his company by ruling out any misunderstanding and potential involvement in the case: "Obviously, we have nothing to do with it. Presumably, the researchers who found this bug tried to sell it to several organizations, but no one wanted to buy this, so they exposed it voluntarily for fun.

Now access an unlimited number of passwords:

Check out our hacking software