Employee at a major webhost is found to have provided himself backdoor access to 2,700 servers

Hostgator

Well this is a little disconcerting, to say the least. An employee, now ex-employee, of the web hosting company Hostgator has been arrested and formally charged for installing a backdoor Trojan on web hosting servers. His infected software was able to access more than 2,700 servers used by Hostgator.

The District Attorney’s office of Harris County in Texas charged one Eric Gunnar Gisse with a felony breach of computer security. Apparently he worked for the company as a mid-level administrator from September 2011 up until he was fired on February 15, 2012. Shortly after his absence, various Hostgator officials found a backdoor Trojan installed on company servers. The malicious software allowed Gisse to log in to the Hostgator server from remote locations, whereupon he could obtain sensitive data and information. One of the remote computers was located at the Hetzner Data Center in Nuremberg, Germany.

His malware was cleverly disguised as a Unix admin tool called ‘pcre’.

Hostgator COO Patrick Pelanne says that fortunately the company was able to recognize the malware the very same week that Gisse was terminated. In an interview with Ars Technica, Pelanne said, “he did not access customer content. We caught it well before he had any chance to do any of that.”

Apparently Gisse took even more countermeasures to hide his malicious software. Hostgators security investigators discovered that two network diagnostic tools had been tampered with in order to hide certain activities.

One of the main reasons Gisse was discovered is because employee workstations at Hostgator are set up to take screenshots in one minute intervals automatically. This allows officials to monitor what employees are doing at all times.

This should be a cautionary tale for all. In this case, an employee was able to gain access to more than 2,700 servers. It’s unclear what Gisse had planned for nefarious deeds, but there’s obviously quite a bit he could have accomplished with unhindered access to that many host servers.

If you’d like to read a little more on the story be sure to visit the source link below.

[via Ars Technica]

Related Posts