Former HostGator employee arrested for installing backdoor on over 2700 servers


host gator imageThe former HostGator employee was arrested for installing backdoor on over 2700 servers. San Antonio,Texas resident,Eric Gunnar Gisse was arrested by the police with felony breach of computer security   for installing the backdoor in HostGator server.

The backdoor gave the accused remote access to servers from the anywhere and also could access customers private information stored on their websites.

Eric installed the backdoor during his tenure in the company from September 2011 to 15th February, 2012 and disguised it with pcre, a common system file. The investigator wrote in an affidavit ,

Complainant told affiant he searched Hostgator’s computer network and found the unauthorized ‘pcre‘ process installed on 2723 different Hostgator servers within the computer network

 

How the employee did the work

He transferred the SSH keys ,used for secure connection and also for running services  between the computer and the network  of the company to the computers,he had  access all the time.This helped him to access the HostGator computer using SSH keys.

How the backdoor was detected

The security personnel found that netstat and ps,the tools which allows administrators to enumerate all running applications were modified.They nullified the changes thus stopping the intrusion.

Source ArsTechnica

Advertisements