A former Hostgator employee has been charged with felony breach of computer security for allegedly installing a backdoor that granted nearly unimpeded access to more than 2,700 servers owned and operated by the popular web hosting company.
Prosecutors say 29-year-old Eric Gunnar Gisse, of San Antonio, Texas, worked at the hosting firm from September 2011 through February 15, 2012 as a medium-level administrator. The day after his departure, Hostgator discovered a backdoor application that let Gisse log into servers remotely.
The hack was possible due to the fact that Gisse was able to obtain a Hostgator digital SSH key which he was then able to transfer to other systems.
Officials with the hosting company say he went to great lengths to keep the backdoor under wraps, disguising it as a common Unix admin tool. Houston Police Department investigator Gordon M. Garrett said in an affidavit that the process was named ‘pcre’ which is a common system file. The file was ultimately discovered on 2,723 Hostgator servers, the affidavit notes.
Although officials seem confident that Gisse is responsible for the hack, there’s no evidence that he ever used it to gain unauthorized access remotely. Hostgator COO Patrick Pelanne said the company caught it well before he had a chance to access customer content with it.
Court documents show that Gisse is scheduled to be arraigned next month although it’s unclear if he has entered a plea. The district attorney’s office said he is being held on $20,000 bond at the Harris County Jail.