The former HostGator employee was arrested for installing backdoor on over 2700 servers. San Antonio,Texas resident,Eric Gunnar Gisse was arrested by the police with felony breach of computer security for installing the backdoor in HostGator server.
The backdoor gave the accused remote access to servers from the anywhere and also could access customers private information stored on their websites.
Eric installed the backdoor during his tenure in the company from September 2011 to 15th February, 2012 and disguised it with pcre, a common system file. The investigator wrote in an affidavit ,
Complainant told affiant he searched Hostgator’s computer network and found the unauthorized ‘pcre‘ process installed on 2723 different Hostgator servers within the computer network
How the employee did the work
He transferred the SSH keys ,used for secure connection and also for running services between the computer and the network of the company to the computers,he had access all the time.This helped him to access the HostGator computer using SSH keys.
How the backdoor was detected
The security personnel found that netstat and ps,the tools which allows administrators to enumerate all running applications were modified.They nullified the changes thus stopping the intrusion.