Skip to main content
banner image
venafi logo

What the NGINX Raid Means for Your Web Operations

What the NGINX Raid Means for Your Web Operations

NGINX raid
December 24, 2019 | Guest Blogger: Kim Crawley


Your organization does its best to control its technology as much as possible. You monitor the activities of your employees and contractors. You compile performance metrics and analyze them. If a server experiences downtime, your network admins are right on it. And no one enters your facilities without authorization. But you can’t control your entire supply chain. That’s impossible. And the more third-party vendors you have, the more flexibility and preparedness you’ll need. The controversial new NGINX raid story illustrates this as far as your web operations are concerned.

Russian police raided the Moscow offices of NGINX, a subsidiary of F5 Networks, on December 12th. This is big news in the world of web technology. According to Netcraft’s Web Server Survey, NGINX has been steadily rising in web server market share since about 2009. As of December 2019, NGINX has more market share than their competitors, at 38%. Comparatively, Apache has 24%, and Microsoft has 15%. Having number one market share and even beating Apache is a big deal. Unfortunately, this means that the NGINX raid will likely affect a huge number of companies and their web operations, web apps, websites and machine identities. Events such as this may force you to make changes to your web infrastructure in a very short timeframe.  



How quickly can you swap out compromised machine identities? Gauge your agility. 

It started when Russia’s Rambler Group filed a copyright violation against NGINX, claiming full ownership of NGINX’s web server code. Rambler Group claims that NGINX founder Igor Sysoev developed the NGINX web server platform while working as a system administrator for Rambler Group. Therefore, Rambler Group claims that NGINX’s code is theirs. This reminds me of when Mattel sued MGA Entertainment in 2008. Mattel of course are famous for Barbie dolls. MGA’s Carter Bryant used to work for Mattel as a Barbie designer. Carter Bryant created MGA Entertainment’s Bratz dolls, which became a major competitor to Mattel’s Barbie doll line in the early 2000s. Mattel claimed that Bryant developed Bratz while working for Mattel, and therefore they should own the rights to them. So, Mattel claimed copyright infringement. By 2011, a US federal judge ruled in MGA Entertainment’s favor, saying that Mattel owed MGA $309 million in damages. But the web server business is very different from the doll business, and Russia’s legal system is very different from that of the United States.

When Russian police raided NGINX’s office, cofounders Igor Sysoev and Maxim Konovalov were detained, and computer equipment was seized. According to a 2012 interview with Sysoev, he said he did indeed develop NGINX while working at Rambler. According to a Google Translate translation, he said, “I worked as a system administrator. However, in addition to the direct work of the system administrator, I again began to write programs in my free time. It should be noted that programming was not part of my job responsibilities, but since there was time and traction, the first thing I did was adapt the patch to compress Apache responses... In 2003, they found out about my developments outside of Rambler, and, moreover, nginx began to be used on several sites. The first was the Estonian dating site, which still exists. This, by the way, is the most highly loaded website in Estonia. Then nginx began to be used on and on, where it distributed MP3s.

At the beginning of 2004, Rambler launched the service, and one of my colleagues, Oleg Bunin, asked me to complete request proxying functionality in nginx in order to start fully using it, including on the Rambler photo service. Up to this point, the project was quite academic, I gradually wrote it, but it could never end in anything, that is, it could not be put anywhere in production. In general, it turned out that I urgently completed and proxying. And somewhere in the beginning of 2004, a proxy version appeared, and the service started working on the basis of nginx.

On October 4, 2004, on the anniversary of the launch of the first space satellite, I released the first public version: 0.1.0.”

So, versions of NGINX have been open source since 2004. People don’t usually release code as open source if they want to make money from it. Either way, this legal case should have a significant effect on the web operations of enterprises and businesses of all sizes. 

Which brings the matter to this very crucial point. If your company needs to change your web server platform, can you bulk replace all of your TLS certificates accordingly? Those machine identities are integral to the security of your web operations. If you lose track of any of them, they become lucrative keys for cyber attackers to exploit your very sensitive data. Cyber attackers could impersonate your website or web app on the internet. They could perform man-in-the-middle attacks on the data that’s transmitted between your servers and your users’ endpoints. That’s bad news indeed, and way too much risk for your organization to handle.

Proper machine identity management can not only give your organization much better visibility into your certificates, but it can also help you transfer from one web platform to another when you must do so unexpectedly. And in addition to man-in-the-middle attacks, losing control of your certificates can also lead to website and web app downtime. And downtime leads to a loss of revenue and possible reputational damage for your company.

You can’t control everything that happens in your supply chain. You may need to suddenly switch vendors or platforms. When that happens, you must be prepared. Proper machine identity management makes everything much easier and gives your organization more control.


Related posts


Like this blog? We think you will love this.
attaques de décapage ssl
Featured Blog

En quoi consistent les attaques SSL strip ?

  Un peu d'histoire

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more