Linkedin Corporation Hacking - hostgator.com - beware

[skraps]

Social Networking plays a huge role in our everyday lives now. Even for business pros. Using linkedin we can connect to people, head hunt, and also phish for information to cause mischief. I decided to play with my friends over at hostgator some more.



If you go look up people by searching by the company name "Hostgator". There was tons of results. I couldn't view any profiles or see names. Then if I connected with people outside the company I wouldn't be able to see their full names or pictures. Hmmm...



I created a account under the name Brian Johnston, I used one of my email handles that directly associates to me if you google it also. So I really wasn't hiding too much. I said I went to a local college, Lone Star Community College, and I had the position as a Linux Administrator. I also stated that I had held that position for close to a year. I even googled a picture "friendly person with smile"







Now I started trying to connect to people saying we had done business together at hostgator. Next thing you know I had connected with 6 people. I was then able to browse their connections and find more employees.



Now where getting somewhere. I now got a hand full of connections. I know there email addresses by looking at the profile information and there are some with company email addresses listed on the profile. The format is the first letter of first name then last name @ hostgator.com . Now that I know that, even if linkedin doesn't allow me to use "we done business together" we just guess by looking at the profile name and use the basic format, maybe even try both to be sure.



We have a ton of connections by this point.







What more do we need? Phone numbers and addresses! So we haul over to whitepages.com and start looking up the names and general location our profiles show us. By doing that we now have the hostgator.com perl developers home address, and telephone number along with his personal email account on his linkedin profile. We did this with many more also.



Gary Warman - Perl Developer - gwarman@hostgator.com warman.t.gary@gmail.com

(512) 642-3137, 112 Tanglewood Ln, Hutto, TX 78634-5106

whitepages - http://tinypic.com/r/s3oksj/5

linkedin - http://tinypic.com/r/2w7ny1z/5



Kyle Andrews - Linux Security Administrator - kyle.gato@gmail.com kandrews@hostgator.com

2828 Hayes Rd, Houston, TX 77082-6633

Linkedin - http://tinypic.com/r/w19nyg/5



Collin Lavrinc - Shift Lead - clavrinc@hostgator.com

11111 Saathoff Dr, Apt 1007, Cypress, TX 77429-3013



Now what do we need? We need to know how these people communicate through email. The headers and signatures of their emails. So we move to the chat system. I pretended I had a bad connection and got the chat tech to email me so I could see his signature. SS here - http://tinypic.com/r/2qkus82/5 . We could also use the ticket system and keep asking questions and gathering other peoples information also.



What do we do from here? Find a open smtp relay. After finding a smtp relay we can now spoof legitimate looking messages from one employee to another. If you know the company has mailing lists Send messages to the mailing lists. Heres the message I sent to the Hostgator news mailing list.

Quote:Subject: I regret to tell all employees



Dear Employees of Hostgator.com,

I regret to inform you all that we will be shutting down all USA based locations in the next month. I will give anyone in the company the opportunity to relocate to India at their own expense. During the past 12 months we have suffered profit losses that are dramatic and unreal. In the next 2 weeks we will give all employees the option to start purchasing servers, monitors, office chairs and cubicles at discounted prices. There will be no severance packages available. Thank you for sticking through the struggle we have endured over the past 12 years. Everyone please have a happy new year.

I then called and recorded the conversation and that was great too. The employee I talked too actually sounded jittered / shook, like WTF?



http://www.mediafire.com/?4degw4jqhrc5nra



I then talked to a chat tech and by that time they knew the email was obviously a spoof. Heres his response.

Quote:Your Chat ID is: 5200965. Your initial question is::

Welcome to GatorChat!

You are being connected to a representative in our Sales department right now.

For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com.

(9:43:24pm)SystemCustomer has entered chat and is waiting for an agent.

(9:50:11pm)Nathanial H.Welcome to Hostgator live chat, my name is Nathanial, how are you doing today?

(9:50:26pm)AmikHey Nathanial, hows it going?

(9:50:40pm)AmikHad better days myself.

(9:50:41pm)Nathanial H.Doing well thanks for asking Amik

(9:51:03pm)Nathanial H.Well I'd be happy to assist you in any way I can to better your day.

(9:51:22pm)AmikI need to setup account from Bangledesh

(9:51:51pm)AmikI have to use proxy to get to hostgator.com

(9:52:23pm)AmikWill that ever end? Why I have to use proxy?

(9:53:25pm)Nathanial H.That might be a problem with the ISP not being able to connect, have you had this investigated in the past?

(9:54:01pm)AmikHostgators said they investigate me

(9:55:14pm)AmikWhen Hostgators come to Bangledesh?

(9:56:14pm)Nathanial H.It's possible we could open a Hostgator Bangledesh however I'm not aware of any plans at the moment for this.

(9:57:04pm)Amikokie

(9:57:57pm)Nathanial H.What is your IP address before connecting with a proxy?

(9:58:34pm)Amik59.152.127.45

(9:58:45pm)Nathanial H.Thank you, May I please have the email address associated with your Hostgator account?

(9:59:41pm)AmikNo hostgator account, I want to buy one

(10:00:48pm)Nathanial H.Alright, have you ever sent us traceroute data to have that connection issue tested?

(10:01:39pm)AmikWhat is traceroute? I need not trace my route. I am home in bangeldesh

(10:03:48pm)Nathanial H.Information on how to take and send one to us is located here, http://support.hostgator.com/articles/sp...-hostgator This will scan your route to Hostgator to see where you are losing connection.

(10:04:27pm)AmikI never come to hostgator. I stay in bangledesh

(10:04:48pm)AmikI no walk on barcode

(10:06:20pm)Nathanial H.This does not require you to come to Hostgator.

(10:06:54pm)Amikthen why scan my route? My route is from work to home.

(10:07:51pm)AmikI have to go, need to find bangeldesh host

Conclusion - If I wanted to harm their network and support system I really could have. Imagine spoofing emails to all the employees, scheduling work to multiple servers, multiple accounts, this would have been horrible. Accounts could have been lost, data damaged, had the employees turn on each other. This could have been really, really bad. Is hosting with Hostgator a good thing? Maybe pay a little for for better companies. Some times cheaper is not better. Cpanel hosts are insecure and cheap see http://neworder.box.sk/content.php/577-C...panel-host . Also check out the forum thread if not included on the end of this post for the data that was phished.



Also check out my other articles on hostgator.

http://neworder.box.sk/showthread.php/41...g-Gang-pt1



http://neworder.box.sk/showthread.php/41...o-Predator



http://neworder.box.sk/showthread.php/41...kspace-com




Here is all the data phished from this company. Not saying I'm much better, especially because my living conditions. Hostgator is a multi-million dollar corporation. Comon guys. If HG could afford spending millions on 3rd party ipv4 addresses then they could have easily gave their employees raises. I really believe they used this to hide money this year, passing it to their hosting buddies instead of giving it back to their employees, in training and raises. The ones that make it happen for them.

Phished data - http://www.mediafire.com/?50m34130cp65nuo

http://i42.tinypic.com/20far1g.png

http://i41.tinypic.com/10nx5xw.png

http://i41.tinypic.com/k1evs.png

http://i44.tinypic.com/296btav.png

http://i44.tinypic.com/2w7ny1z.png

http://i42.tinypic.com/ehdhz6.png

http://i39.tinypic.com/30asv81.png

[skraps]

Internal Company Responses -
Mr ?? -

Quote:i sent you a response on linkedin, however i would like to add that when i accepted your linkedin request, i was hoping to get to know more people at the company. you know, my coworkers.
still though, nicely played. and thanks for not being a total dick about it. you could've raised some serious hell. you definitely got the attention of the company. knowing how they operate I'll bet they will have a new set of changes to prevent this from being a problem.

thanks for the entertainment

My Response -
I don't know. The hotel(comfort inn) I using was a honey pot. I really don't think it was a coincidence that all the routers either had a smtp server set as a open relay or where forwarded to a open relay. Brent accused me of "email bombing" the company awhile back. I think this was a way to get evidence of that attack someone made.

They were expecting me to go nutso and email bomb the whole company. After sending that email the chat tech response time doubled. Instead of being 13-10 person wait. When logging in I was about 25, so I figured each office was having a meeting.

One thought was to start writing emails to each employee telling them they had the rest of the night off paid don't ask no questions. If I waited I was going to try to get my past tickets from HR. Send the HR lady on a secrete mission to get the files prepared and emailed off with a promise of a bonus to not tell anyone, not even "Brent" because people inside the company monitor his communications. I decided to just do the closing out email to the mailing list. Maybe scheduling some fscks on random servers.

Thanks.
Mr. ?? -

Quote:nicely played.

Mr. ??? -

Quote:I don't really talk to anyone at Hostgator. I understand you are upset with the company but try not to expose regular employees' names out there because looks like their names are associated with the things you've gone through with the company and it could damage their future in case they quit Hostgator and try to get a job elsewhere. They are just regular guys like you and me who tries to pay their bills.

Thanks

My Thoughts -
The company didn't care too much when I tried getting a job else where.

[skraps]

Quote:The company didn't care too much when I tried getting a job else where.

If you only knew everything that has happened.

Matthew Harris - Linux Security Supervisor


His Personal Description:
Matthew Harris is an communist anarchist and advocate for human rights who believes in absolute freedom and currently works as a Linux System Administrator.

personal website: http://antiamerican.org


Possible Addresses:
1801 E Palm Valley Blvd, Apt 1836
Round Rock, TX 78664-9484
or
4360 County Road 123
Round Rock, TX 78664-9769

Steven Crothers - Technical Landscape Owner at Secure-24.com

Eastpointe michigan
steven.crothers@gmail.com also AIM
phone: 5863351529
birthday: 22 years old, June 26, 1989
Possible Relatives:Duff M Crothers, Judith Ann Crothers, Michael Kenneth Crothers Sr, Shawn K Crothers, William F Crothers

Additional Info:
Possibly moonlighting and freelancing outside of company on the side.

http://www.webhostingtalk.com/showthread...n+crothers

How we got the full birthdate -

Quote:On 01/08/12 10:11 PM, Steven Crothers wrote:
--------------------
I'm actually 22, I'm interested in seeing the article.

On 01/08/12 10:00 PM, Brian Johnston wrote:
--------------------
I'm writing a article about the different types of admins of each generation and I need to know what generation I need to place you in. We have different generation categories etc. It's for a blog on hosting and hosting professionals. Nothing obscene.


On 01/08/12 9:55 PM, Steven Crothers wrote:
--------------------
That's a strange question, why do you ask?

On 01/08/12 9:38 PM, Brian Johnston wrote:
--------------------
Hey are you like 28 years old?

Sam Fosters Reply to everything - Very professional

Quote:You weren't even at HG for 2 months. Fuck off with all this nonsense.

One past employees statement of hostgator -

Quote:Even though Hostgator is ran like shit in my opinion, the people are generally fun good people I believe.

Steven Crothers Response to this -

Quote:Also, nobody cares about Hostgator. You should try some larger corporations. In my opinion grabbing some actual RedHat employees, Microsoft, or even Intel would work out much better.

Just saying, it would be an easier story to spin/sell to the public.

I'm really not trying to sell this to the public. Or I would have not publicly posted it. Hostgator is one of the larger hosting companies in the USA.

Steven Crothers -

Quote:That's pretty interesting and all, but I don't see how its useful/impressive. My contact info including way more than what you have is freely available.

It's how I earn side money.

If you want to be really impressive, you should do a three degrees of separation project using IT professionals.

Most Professional Response award goes to Shaun St. John - Linux Administrator / Transfer Administrator at Hostgator.com of Houston Tx aikman1890@yahoo.com

Quote:Your a f*cking moron and I hope you get caught. Just leave Hostgator Alone already and move on. You are not accomplishing anything at all by doing this.

[MikeAdler10]

hostgator is a host which is really bad i have ever experienced, I think hostgator must be closed and they should have to hangover their clients to another server hosting companies.

[skraps]

That still doesn't help anything Mike Adler. Hostgator.com poses under 3 different company names that I know of and probably a lot more. Splitting the accounts between other hosting providers that they choose is not a viable solution. The customers need to make a choice of their own.