A former employee of Hostgator has been arrested and charged with installing a backdoor that gave him almost unfettered control over more than 2,700 servers belonging to the widely used Web hosting provider.
Eric Gunnar Gisse, 29, of San Antonio, Texas, was charged with felony breach of computer security by the district attorney’s office of Harris County in Texas, according to court documents. He worked as a medium-level administrator from September 2011 until he was terminated on February 15, 2012, according to prosecutors and a company executive. A day after his dismissal, Hostgator officials discovered a backdoor application that allowed Gisse to log in to servers from remote locations, including a computer located at the Hetzner Data Center in Nuremberg, Germany. He took pains to disguise his malware as a widely used Unix administration tool to prevent his superiors from discovering the backdoor process, prosecutors said.
“The process was named ‘pcre’, a common system file, in order to disguise the true purpose of the process which would grant an attacker unauthorized access into Hostgator’s computer network,” a Houston Police Department investigator and the document’s “affiant,” Gordon M. Garrett, wrote in an affidavit. “Complainant told affiant he searched Hostgator’s computer network and found the unauthorized ‘pcre’ process installed on 2723 different Hostgator servers within the computer network.”
Gisse didn’t return a voicemail and e-mail seeking comment for this report. A Court docket shows he is scheduled to be arraigned next month and gives no indication he has entered a plea in the case. He’s being held at the Harris County Jail on $20,000 bond, a spokeswoman at the district attorney’s office said.
The backdoor allowing near-unfettered “root” access to Apache Web server systems was possible because Gisse obtained a Hostgator digital SSH key and transferred it to computers under his control, including one at efnet.pe, Garrett alleged. “The defendant then attempted to penetrate the Hostgator computer network from ‘efnet.pe’ using the Hostgator digital SSH key,” Garrett wrote.