Erstwhile HostGator Worker Charged with Loading Backdoors onto more than 2,700 Servers
Authorities have arrested 29-yr-old Eric Gunnar Gisse, resident of San Antonio, Texas a man formerly working for HostGator a web-hosting company on charges that he planted a backdoor in order to gain hold over at least 2,700 servers, as per documents in court, published thewhir.com dated April 19, 2013.
Court documents also allege that Gisse was employed to the post of medium-level administrator for a few months between September 2011 and mid-February 2012, when he was sacked.
Soon after the sacking, Gisse's employing company found malevolent programs which were loaded onto systems that let Gisse the suspect access its servers from the remote. The program, which was a backdoor Trojan, remained in the guise of one famous UNIX tool so suspicion could be avoided.
It appears that Gisse used one digital secure shell (SSH) code of HostGator for acquiring primary admission into the servers.
Meanwhile, Gisse did more for hiding his act of hijacking of the HostGator servers. For, after 3 days on 19th February, 2012 following Patrick Pelanne's (COO of HostGator) statement that the backdoor was discovered, investigators also discovered 2 common tools for diagnosing networks that possibly Gisse had reset on the PC-network of the hosting company. Arstechnica.com published this dated April 19, 2013.
Precisely, certain programs such as "netstat" and "ps" -that let admins to describe every network connection and active software, in that order- underwent security breach towards concealment of some operations. The security staff at HostGator was informed so they reacted, detected, and nullified the hacking, according to court affidavits.
Moreover, Gisse the defendant reportedly is under custody in Harris County Prison after signing a $20,000 bond.
He's going to be prosecuted next month (May 2013), while remains not guilty till proved so. The case, meanwhile, indeed underlines that working staff of even the middle order can be risky in that they can expose sensitive data especially those during any web-hosting operation, remark security specialists.
» SPAMfighter News - 25-04-2013