Police apprehended 29-year-old Eric Gunnar Gisse of San Antonio, Texas and charged him with rooting 2,700 servers of his former employer, Hostgator. Gisse, a medium-level administrator, is believed to have installed the Trojan with the intent of remotely accessing all the rooted servers at will.
Prosecutors with the district attorneyâ€™s office of Harris County in Texas accused Gisse of felony breach of computer security. Hostgator COO Patrick Pelanne told ArsTechnica that company officials came across the backdoor-type software immediately after the Gisseâ€™s dismissal. They discovered that Gisse had access to sensitive information directly from customersâ€™ websites, but they found no evidence he used it. “He did not access customer content,” Pelanne told Ars. “We caught it well before he had any chance to do any of that.”
Apparently Gisse went to great lengths to camouflage the backdoor (he named pcre) as a UNIX administration tool to hide it from his colleagues and supervisors. He also modified two network diagnostic tools ps andÂ netstat used by admins to list all running applications and network connections.
Gisse attempted to penetrate the Apache Web server systems with the help of a Hostgator digital SSH key he managed to transfer to one of the systems he was in charge of while he was working for Hostgator, sometime between September 2011 and February 2012. Then he used that system to access the Hostgator network, but there was no evidence that he reached any customer data.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.