skraps Posted January 10, 2012 Share Posted January 10, 2012 Social Networking plays a huge role in our everyday lives now. Even for business pros. Using linkedin we can connect to people, head hunt, and also phish for information to cause mischief. I decided to play with my friends over at hostgator some more. If you go look up people by searching by the company name "Hostgator". There was tons of results. I couldn't view any profiles or see names. Then if I connected with people outside the company I wouldn't be able to see their full names or pictures. Hmmm... I created a account under the name Brian Johnston, I used one of my email handles that directly associates to me if you google it also. So I really wasn't hiding too much. I said I went to a local college, Lone Star Community College, and I had the position as a Linux Administrator. I also stated that I had held that position for close to a year. I even googled a picture "friendly person with smile" Now I started trying to connect to people saying we had done business together at hostgator. Next thing you know I had connected with 6 people. I was then able to browse their connections and find more employees. Now where getting somewhere. I now got a hand full of connections. I know there email addresses by looking at the profile information and there are some with company email addresses listed on the profile. The format is the first letter of first name then last name @ hostgator.com . Now that I know that, even if linkedin doesn't allow me to use "we done business together" we just guess by looking at the profile name and use the basic format, maybe even try both to be sure. We have a ton of connections by this point. What more do we need? Phone numbers and addresses! So we haul over to whitepages.com and start looking up the names and general location our profiles show us. By doing that we now have the hostgator.com perl developers home address, and telephone number along with his personal email account on his linkedin profile. We did this with many more also. Gary Warman - Perl Developer - firstname.lastname@example.org email@example.com (512) 642-3137, 112 Tanglewood Ln, Hutto, TX 78634-5106 whitepages - http://tinypic.com/r/s3oksj/5 linkedin - http://tinypic.com/r/2w7ny1z/5 Kyle Andrews - Linux Security Administrator - firstname.lastname@example.org email@example.com 2828 Hayes Rd, Houston, TX 77082-6633 Linkedin - http://tinypic.com/r/w19nyg/5 Collin Lavrinc - Shift Lead - firstname.lastname@example.org 11111 Saathoff Dr, Apt 1007, Cypress, TX 77429-3013 Now what do we need? We need to know how these people communicate through email. The headers and signatures of their emails. So we move to the chat system. I pretended I had a bad connection and got the chat tech to email me so I could see his signature. SS here - http://tinypic.com/r/2qkus82/5 . We could also use the ticket system and keep asking questions and gathering other peoples information also. What do we do from here? Find a open smtp relay. After finding a smtp relay we can now spoof legitimate looking messages from one employee to another. If you know the company has mailing lists ;) Send messages to the mailing lists. Heres the message I sent to the Hostgator news mailing list. Subject: I regret to tell all employees Dear Employees of Hostgator.com, I regret to inform you all that we will be shutting down all USA based locations in the next month. I will give anyone in the company the opportunity to relocate to India at their own expense. During the past 12 months we have suffered profit losses that are dramatic and unreal. In the next 2 weeks we will give all employees the option to start purchasing servers, monitors, office chairs and cubicles at discounted prices. There will be no severance packages available. Thank you for sticking through the struggle we have endured over the past 12 years. Everyone please have a happy new year. I then called and recorded the conversation and that was great too. The employee I talked too actually sounded jittered / shook, like WTF? http://www.mediafire.com/?4degw4jqhrc5nra I then talked to a chat tech and by that time they knew the email was obviously a spoof. Heres his response. Your Chat ID is: 5200965. Your initial question is:: Welcome to GatorChat! You are being connected to a representative in our Sales department right now. For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com. (9:43:24pm)SystemCustomer has entered chat and is waiting for an agent. (9:50:11pm)Nathanial H.Welcome to Hostgator live chat, my name is Nathanial, how are you doing today? (9:50:26pm)AmikHey Nathanial, hows it going? (9:50:40pm)AmikHad better days myself. (9:50:41pm)Nathanial H.Doing well thanks for asking Amik :) (9:51:03pm)Nathanial H.Well I'd be happy to assist you in any way I can to better your day. (9:51:22pm)AmikI need to setup account from Bangledesh (9:51:51pm)AmikI have to use proxy to get to hostgator.com (9:52:23pm)AmikWill that ever end? Why I have to use proxy? (9:53:25pm)Nathanial H.That might be a problem with the ISP not being able to connect, have you had this investigated in the past? (9:54:01pm)AmikHostgators said they investigate me (9:55:14pm)AmikWhen Hostgators come to Bangledesh? (9:56:14pm)Nathanial H.It's possible we could open a Hostgator Bangledesh however I'm not aware of any plans at the moment for this. (9:57:04pm)Amikokie (9:57:57pm)Nathanial H.What is your IP address before connecting with a proxy? (9:58:34pm)Amik126.96.36.199 (9:58:45pm)Nathanial H.Thank you, May I please have the email address associated with your Hostgator account? (9:59:41pm)AmikNo hostgator account, I want to buy one (10:00:48pm)Nathanial H.Alright, have you ever sent us traceroute data to have that connection issue tested? (10:01:39pm)AmikWhat is traceroute? I need not trace my route. I am home in bangeldesh (10:03:48pm)Nathanial H.Information on how to take and send one to us is located here, http://support.hostgator.com/articles/specialized-help/how-can-i-send-a-traceroute-to-hostgator This will scan your route to Hostgator to see where you are losing connection. (10:04:27pm)AmikI never come to hostgator. I stay in bangledesh (10:04:48pm)AmikI no walk on barcode (10:06:20pm)Nathanial H.This does not require you to come to Hostgator. (10:06:54pm)Amikthen why scan my route? My route is from work to home. (10:07:51pm)AmikI have to go, need to find bangeldesh host Conclusion - If I wanted to harm their network and support system I really could have. Imagine spoofing emails to all the employees, scheduling work to multiple servers, multiple accounts, this would have been horrible. Accounts could have been lost, data damaged, had the employees turn on each other. This could have been really, really bad. Is hosting with Hostgator a good thing? Maybe pay a little for for better companies. Some times cheaper is not better. Cpanel hosts are insecure and cheap see http://neworder.box.sk/content.php/577-Cpanel-Boycott-Can-you-really-trust-your-cpanel-host . Also check out the forum thread if not included on the end of this post for the data that was phished. Also check out my other articles on hostgator. http://neworder.box.sk/showthread.php/41228-Hidden-Internet-Monopoly-and-Internet-Blue-Collar-Thug-Gang-pt1 http://neworder.box.sk/showthread.php/41237-From-Prey-to-Predator http://neworder.box.sk/showthread.php/41238-Predator-pt-2-Rackspace-com Here is all the data phished from this company. Not saying I'm much better, especially because my living conditions. Hostgator is a multi-million dollar corporation. Comon guys. If HG could afford spending millions on 3rd party ipv4 addresses then they could have easily gave their employees raises. I really believe they used this to hide money this year, passing it to their hosting buddies instead of giving it back to their employees, in training and raises. The ones that make it happen for them. Phished data - http://www.mediafire.com/?50m34130cp65nuo http://i42.tinypic.com/20far1g.png http://i41.tinypic.com/10nx5xw.png http://i41.tinypic.com/k1evs.png http://i44.tinypic.com/296btav.png http://i44.tinypic.com/2w7ny1z.png http://i42.tinypic.com/ehdhz6.png http://i39.tinypic.com/30asv81.png Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.