Employee at a major webhost is found to have provided himself backdoor access to 2,700 servers

Hostgator

Well this is a little disconcerting, to say the least. An employee, now ex-employee, of the web hosting company Hostgator has been arrested and formally charged for installing a backdoor Trojan on web hosting servers. His infected software was able to access more than 2,700 servers used by Hostgator.

The District Attorney’s office of Harris County in Texas charged one Eric Gunnar Gisse with a felony breach of computer security. Apparently he worked for the company as a mid-level administrator from September 2011 up until he was fired on February 15, 2012. Shortly after his absence, various Hostgator officials found a backdoor Trojan installed on company servers. The malicious software allowed Gisse to log in to the Hostgator server from remote locations, whereupon he could obtain sensitive data and information. One of the remote computers was located at the Hetzner Data Center in Nuremberg, Germany.

His malware was cleverly disguised as a Unix admin tool called ‘pcre’.

Hostgator COO Patrick Pelanne says that fortunately the company was able to recognize the malware the very same week that Gisse was terminated. In an interview with Ars Technica, Pelanne said, “he did not access customer content. We caught it well before he had any chance to do any of that.”

Apparently Gisse took even more countermeasures to hide his malicious software. Hostgators security investigators discovered that two network diagnostic tools had been tampered with in order to hide certain activities.

One of the main reasons Gisse was discovered is because employee workstations at Hostgator are set up to take screenshots in one minute intervals automatically. This allows officials to monitor what employees are doing at all times.

This should be a cautionary tale for all. In this case, an employee was able to gain access to more than 2,700 servers. It’s unclear what Gisse had planned for nefarious deeds, but there’s obviously quite a bit he could have accomplished with unhindered access to that many host servers.

If you’d like to read a little more on the story be sure to visit the source link below.

[via Ars Technica]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

3 comments

  1. hostgator coupon code, Hostgator discount, Hostgator Off, new hostgator Coupon code

    We have read through the right information here. Absolutely price tag social bookmarking for returning to. I’m wondering the amount effort you place to create these types of fantastic beneficial website.

  2. AFPhy6

    Whew… this is a good story to see in many ways.

    I will confess that there is one huge concern about linux (and open source in general) that I have – that is that some trusted smartiepants will figure a way to include a backdoor into the kernal that other eyeballs will fail to recognize as a threat. With increasing participation by “foreign nationals” in the open source process, I see that as an increasing risk.