Linkedin Corporation Hacking

[skraps]

Social Networking plays a huge role in our everyday lives now. Even for business pros. Using linkedin we can connect to people, head hunt, and also phish for information to cause mischief. I decided to play with my friends over at hostgator some more.

If you go look up people by searching by the company name "Hostgator". There was tons of results. I couldn't view any profiles or see names. Then if I connected with people outside the company I wouldn't be able to see their full names or pictures. Hmmm...

I created a account under the name Brian Johnston, I used one of my email handles that directly associates to me if you google it also. So I really wasn't hiding too much. I said I went to a local college, Lone Star Community College, and I had the position as a Linux Administrator. I also stated that I had held that position for close to a year. I even googled a picture "friendly person with smile"

Now I started trying to connect to people saying we had done business together at hostgator. Next thing you know I had connected with 6 people. I was then able to browse their connections and find more employees.

Now where getting somewhere. I now got a hand full of connections. I know there email addresses by looking at the profile information and there are some with company email addresses listed on the profile. The format is the first letter of first name then last name @ hostgator.com . Now that I know that, even if linkedin doesn't allow me to use "we done business together" we just guess by looking at the profile name and use the basic format, maybe even try both to be sure.

We have a ton of connections by this point.

What more do we need? Phone numbers and addresses! So we haul over to whitepages.com and start looking up the names and general location our profiles show us. By doing that we now have the hostgator.com perl developers home address, and telephone number along with his personal email account on his linkedin profile. We did this with many more also.

Gary Warman - Perl Developer - gwarman@hostgator.com warman.t.gary@gmail.com

(512) 642-3137, 112 Tanglewood Ln, Hutto, TX 78634-5106

whitepages - http://tinypic.com/r/s3oksj/5

linkedin - http://tinypic.com/r/2w7ny1z/5

Kyle Andrews - Linux Security Administrator - kyle.gato@gmail.com kandrews@hostgator.com

2828 Hayes Rd, Houston, TX 77082-6633

Linkedin - http://tinypic.com/r/w19nyg/5

Collin Lavrinc - Shift Lead - clavrinc@hostgator.com

11111 Saathoff Dr, Apt 1007, Cypress, TX 77429-3013

Now what do we need? We need to know how these people communicate through email. The headers and signatures of their emails. So we move to the chat system. I pretended I had a bad connection and got the chat tech to email me so I could see his signature. SS here - http://tinypic.com/r/2qkus82/5 . We could also use the ticket system and keep asking questions and gathering other peoples information also.

What do we do from here? Find a open smtp relay. After finding a smtp relay we can now spoof legitimate looking messages from one employee to another. If you know the company has mailing lists ;) Send messages to the mailing lists. Heres the message I sent to the Hostgator news mailing list.

Subject: I regret to tell all employees

Dear Employees of Hostgator.com,

I regret to inform you all that we will be shutting down all USA based locations in the next month. I will give anyone in the company the opportunity to relocate to India at their own expense. During the past 12 months we have suffered profit losses that are dramatic and unreal. In the next 2 weeks we will give all employees the option to start purchasing servers, monitors, office chairs and cubicles at discounted prices. There will be no severance packages available. Thank you for sticking through the struggle we have endured over the past 12 years. Everyone please have a happy new year.

I then called and recorded the conversation and that was great too. The employee I talked too actually sounded jittered / shook, like WTF?

http://www.mediafire.com/?4degw4jqhrc5nra

I then talked to a chat tech and by that time they knew the email was obviously a spoof. Heres his response.

Your Chat ID is: 5200965. Your initial question is::

Welcome to GatorChat!

You are being connected to a representative in our Sales department right now.

For immediate answers to your questions, check out our knowledge base and video tutorials at http://support.hostgator.com.

(9:43:24pm)SystemCustomer has entered chat and is waiting for an agent.

(9:50:11pm)Nathanial H.Welcome to Hostgator live chat, my name is Nathanial, how are you doing today?

(9:50:26pm)AmikHey Nathanial, hows it going?

(9:50:40pm)AmikHad better days myself.

(9:50:41pm)Nathanial H.Doing well thanks for asking Amik :)

(9:51:03pm)Nathanial H.Well I'd be happy to assist you in any way I can to better your day.

(9:51:22pm)AmikI need to setup account from Bangledesh

(9:51:51pm)AmikI have to use proxy to get to hostgator.com

(9:52:23pm)AmikWill that ever end? Why I have to use proxy?

(9:53:25pm)Nathanial H.That might be a problem with the ISP not being able to connect, have you had this investigated in the past?

(9:54:01pm)AmikHostgators said they investigate me

(9:55:14pm)AmikWhen Hostgators come to Bangledesh?

(9:56:14pm)Nathanial H.It's possible we could open a Hostgator Bangledesh however I'm not aware of any plans at the moment for this.

(9:57:04pm)Amikokie

(9:57:57pm)Nathanial H.What is your IP address before connecting with a proxy?

(9:58:34pm)Amik59.152.127.45

(9:58:45pm)Nathanial H.Thank you, May I please have the email address associated with your Hostgator account?

(9:59:41pm)AmikNo hostgator account, I want to buy one

(10:00:48pm)Nathanial H.Alright, have you ever sent us traceroute data to have that connection issue tested?

(10:01:39pm)AmikWhat is traceroute? I need not trace my route. I am home in bangeldesh

(10:03:48pm)Nathanial H.Information on how to take and send one to us is located here, http://support.hostgator.com/articles/specialized-help/how-can-i-send-a-traceroute-to-hostgator This will scan your route to Hostgator to see where you are losing connection.

(10:04:27pm)AmikI never come to hostgator. I stay in bangledesh

(10:04:48pm)AmikI no walk on barcode

(10:06:20pm)Nathanial H.This does not require you to come to Hostgator.

(10:06:54pm)Amikthen why scan my route? My route is from work to home.

(10:07:51pm)AmikI have to go, need to find bangeldesh host

Conclusion - If I wanted to harm their network and support system I really could have. Imagine spoofing emails to all the employees, scheduling work to multiple servers, multiple accounts, this would have been horrible. Accounts could have been lost, data damaged, had the employees turn on each other. This could have been really, really bad. Is hosting with Hostgator a good thing? Maybe pay a little for for better companies. Some times cheaper is not better. Cpanel hosts are insecure and cheap see http://neworder.box.sk/content.php/577-Cpanel-Boycott-Can-you-really-trust-your-cpanel-host . Also check out the forum thread if not included on the end of this post for the data that was phished.

Also check out my other articles on hostgator.

http://neworder.box.sk/showthread.php/41228-Hidden-Internet-Monopoly-and-Internet-Blue-Collar-Thug-Gang-pt1

http://neworder.box.sk/showthread.php/41237-From-Prey-to-Predator

http://neworder.box.sk/showthread.php/41238-Predator-pt-2-Rackspace-com

Here is all the data phished from this company. Not saying I'm much better, especially because my living conditions. Hostgator is a multi-million dollar corporation. Comon guys. If HG could afford spending millions on 3rd party ipv4 addresses then they could have easily gave their employees raises. I really believe they used this to hide money this year, passing it to their hosting buddies instead of giving it back to their employees, in training and raises. The ones that make it happen for them.

Phished data - http://www.mediafire.com/?50m34130cp65nuo

http://i42.tinypic.com/20far1g.png

http://i41.tinypic.com/10nx5xw.png

http://i41.tinypic.com/k1evs.png

http://i44.tinypic.com/296btav.png

http://i44.tinypic.com/2w7ny1z.png

http://i42.tinypic.com/ehdhz6.png

http://i39.tinypic.com/30asv81.png

[skraps]

Internal Company Responses -

Mr ?? -

i sent you a response on linkedin, however i would like to add that when i accepted your linkedin request, i was hoping to get to know more people at the company. you know, my coworkers.

still though, nicely played. and thanks for not being a total dick about it. you could've raised some serious hell. you definitely got the attention of the company. knowing how they operate I'll bet they will have a new set of changes to prevent this from being a problem.

thanks for the entertainment

My Response -

I don't know. The hotel(comfort inn) I using was a honey pot. I really don't think it was a coincidence that all the routers either had a smtp server set as a open relay or where forwarded to a open relay. Brent accused me of "email bombing" the company awhile back. I think this was a way to get evidence of that attack someone made.

They were expecting me to go nutso and email bomb the whole company. After sending that email the chat tech response time doubled. Instead of being 13-10 person wait. When logging in I was about 25, so I figured each office was having a meeting.

One thought was to start writing emails to each employee telling them they had the rest of the night off paid don't ask no questions. If I waited I was going to try to get my past tickets from HR. Send the HR lady on a secrete mission to get the files prepared and emailed off with a promise of a bonus to not tell anyone, not even "Brent" because people inside the company monitor his communications. I decided to just do the closing out email to the mailing list. Maybe scheduling some fscks on random servers.

Thanks.

Mr. ?? -

nicely played.

Mr. ??? -

I don't really talk to anyone at Hostgator. I understand you are upset with the company but try not to expose regular employees' names out there because looks like their names are associated with the things you've gone through with the company and it could damage their future in case they quit Hostgator and try to get a job elsewhere. They are just regular guys like you and me who tries to pay their bills.

Thanks

My Thoughts -

The company didn't care too much when I tried getting a job else where.

[skraps]

The company didn't care too much when I tried getting a job else where.

If you only knew everything that has happened.

[skraps]

Matthew Harris - Linux Security Supervisor

His Personal Description:

Matthew Harris is an communist anarchist and advocate for human rights who believes in absolute freedom and currently works as a Linux System Administrator.

personal website: http://antiamerican.org

Possible Addresses:

1801 E Palm Valley Blvd, Apt 1836

Round Rock, TX 78664-9484

or

4360 County Road 123

Round Rock, TX 78664-9769

[skraps]

Steven Crothers - Technical Landscape Owner at Secure-24.com

Eastpointe michigan

steven.crothers@gmail.com also AIM

phone: 5863351529

birthday: 22 years old, June 26, 1989

Possible Relatives:Duff M Crothers, Judith Ann Crothers, Michael Kenneth Crothers Sr, Shawn K Crothers, William F Crothers

Additional Info:

Possibly moonlighting and freelancing outside of company on the side.

http://www.webhostingtalk.com/showthread.php?t=1099558&highlight=steven+crothers

How we got the full birthdate -

On 01/08/12 10:11 PM, Steven Crothers wrote:

--------------------

I'm actually 22, I'm interested in seeing the article.

On 01/08/12 10:00 PM, Brian Johnston wrote:

--------------------

I'm writing a article about the different types of admins of each generation and I need to know what generation I need to place you in. We have different generation categories etc. It's for a blog on hosting and hosting professionals. Nothing obscene.

On 01/08/12 9:55 PM, Steven Crothers wrote:

--------------------

That's a strange question, why do you ask?

On 01/08/12 9:38 PM, Brian Johnston wrote:

--------------------

Hey are you like 28 years old?

[skraps]

Sam Fosters Reply to everything - Very professional

You weren't even at HG for 2 months. F*ck off with all this nonsense.

[skraps]

One past employees statement of hostgator -

Even though Hostgator is ran like shit in my opinion, the people are generally fun good people I believe.

Steven Crothers Response to this -

Also, nobody cares about Hostgator. You should try some larger corporations. In my opinion grabbing some actual RedHat employees, Microsoft, or even Intel would work out much better.

Just saying, it would be an easier story to spin/sell to the public.

I'm really not trying to sell this to the public. Or I would have not publicly posted it. Hostgator is one of the larger hosting companies in the USA.

Steven Crothers -

That's pretty interesting and all, but I don't see how its useful/impressive. My contact info including way more than what you have is freely available.

It's how I earn side money.

If you want to be really impressive, you should do a three degrees of separation project using IT professionals.

[skraps]

Most Professional Response award goes to Shaun St. John - Linux Administrator / Transfer Administrator at Hostgator.com of Houston Tx aikman1890@yahoo.com

Your a f*cking moron and I hope you get caught. Just leave Hostgator Alone already and move on. You are not accomplishing anything at all by doing this.

[digip]

Someone talking to themself again? Edited January 10, 2012 by digip

[Infiltrator]

Umm, very interesting find! If you wanted you could've done some real damage.

[skraps]

I talk to myself often, "thinking outloud"

[skraps]

Sometimes it makes it easier to understand things when I read it outloud

[digip]

Sometimes it makes it easier to understand things when I read it outloud

Well, I am just curious, because you have posted similar posts with the same info, on multiple sites/forums and just wondering what kind of response you were phishing,er, looking for in replies.

Maybe some aspirin will take that headache away? Here's two on the house ;)

[skraps]

Well, I am just curious, because you have posted similar posts with the same info, on multiple sites/forums and just wondering what kind of response you were phishing,er, looking for in replies.

Maybe some aspirin will take that headache away? Here's two on the house

I started posting it on multiple sites because earlier neworder had a database error and was down for close to a half hour, Some of the people involved at neworder are from Houston, so I thought maybe that was damage control, I emailed Brent and told him

Subject:It's only going up on 100 more forums now‏

Body: nt

Then about 10-15 minutes later the site was back up. Theres a lot more to this and than meets the eye.

, and if you knew some of the stuff that has happened and what happened earlier today you would understand. I can't really talk about it. But I'm in some frikkin trouble. Asprin doesn't help these headaches, it makes them worse. I know why the headaches are happening. I just can't do much about them right now. Because of my current living situation and the money these people have it leaves me really vulnerable.

I would love for a investigation to be done, but because I have been screwing with so many corporations lately, and they know what I say is true, I'm a small sacrifice compared to these companies in America.

I'm really not looking for a response, from you guys. You can hate it or love it. I can honestly say I have close to zero friends and I'm happy with that. I can say I have a lot of frenimies.

[skraps]

Well it was hell to read through the wall of text you just wrote, and check out all the links and everything but I have to say you did a very good job of documenting the "attack".

I would like to see a follow up on their security in the next few months, see if anything has changed yet I doubt it will despite what some employee's think.

As a side note, I wonder what are the legal limits that you could extend this attack to? Or has it passed that threshold already?

Morfir. http://www.cyber-crime-defense.com/Email_Spoofing.html (virginia) I guess it is a serious crime as much humor the email was. So I will probably get my ass handed to me. I think that will be on a federal level though, in NC I do not believe has those laws in place as of yet, keywords "I do not believe". The worst it did was get a few peoples feathers in a ruffle. "OMG were closing down!!" lol, I wish I could have seen some faces ("WTF is this?")

I think it was a trap. Instead of swinging right, I swung left and bunny hopped around when they all wanted me to do h@x0r damage so the emails I posted from Brent would be true ( https://www.facebook.com/pages/Hostgator-Boycott/241571442581576 )

[skraps]

Brent Oxley claimed I email bombed and DDOS'd their network.

[skraps]

For the most part these people are not pissed about the email, they are pissed about everything I have wrote and information I posted.

[digip]

So did Hostgator fire you and you are seeking revenge, or what is the angle here. Your Linkedin says you work at Hostgator. Your sites are hosted n GoDaddy and some personal VPS. I see you write exploits, do some phone theft site(nto sure if its legit, or some other thing you are doing with it), some of your pastebin stuff looks weird/shady, like you do blackhat work for people who hire(Dr Jeff??) to spam cialis? not sure what all that is about, and some other things I have been reading, but for the most part, you seem kind of lost and scattered. (By the way, did you get arrested for property damage, tresspassing??)

Are you trying to make archives of things all over the web with repetition posts? Is there a point behind these posts? Just trying to get an understanding of who you are, what you are about, and what you are trying to convey with the various posts towards all things hostgator, cpanel boycotting, etc.

via http://www.bustedmugshots.com/north-carolina/greensboro/jackie-craig-sparks/11703032

Edited January 10, 2012 by digip

[Blak3]

Woah nice find, you certainly played with this a lot of time :)

[skraps]

Thats an old picture, I don't look much better now lol. http://neworder.box.sk/showthread.php/41220-personal-help thats the whole trespassing story.

Are you trying to make archives of things all over the web with repetition posts? Is there a point behind these posts? Just trying to get an understanding of who you are, what you are about, and what you are trying to convey with the various posts towards all things hostgator, cpanel boycotting, etc.

It all boils down to what happened here http://neworder.box.sk/showthread.php/41228-Hidden-Internet-Monopoly-and-Internet-Blue-Collar-Thug-Gang-pt1 in january

[skraps]

I hadn't taken a bath in like 3-4 days , I was really tired. I'm a homeless bum. What was done to me on January 22 and then what was done after that changed my life forever. The angle is I want to see HG taken down for what happened. I want them investigated, audited, phone records processed, with the right warrants everything I say can be proved.

Edited January 10, 2012 by skraps

[skraps]

If you only knew everything that has happened you would understand but you don't.

[skraps]

Why would Brent offer to bribe me , then when refusing the bribe , threaten multiple times with legal recourse

[skraps]

like you do blackhat work for people who hire(Dr Cooper) to spam cialis

This guy I refused to build a site that was going to sell cialis prescriptions without doing any kind of fraud checking. Basicly go on a site answer 5 questions, pay 20 bucks and you goto wal greens and get your boner pills. He also wanted me to make cat instructional videos to make cats smarter, buy the cat video and play it for your cat and it will make your cat smarter. I thought all were bad ideas and refused to work for the guy. I integrated a wordpress blog into his original design that I couldn't get access to to install.

Of course its scattered your looking at 6+ months of stuff. There was a lot of weird stuff that was happening.

Dr Jeff????

[skraps]

Dr. Hooper has had contact with HG because he mentioned things that only people that worked there would know and mentioned them. I've had nearly a whole community and past employer and more screwing with me and it has been really rough, I've been screaming for help this whole time and no one will help. Theres a lot going on here and that has happened in the past 6-7 months. I can't go to the shelters, I can't go to the IRC, no one believes me.

I have zero friends, even most of the people I associate with out here are just freinemies. This same harassment started in houston with HG, followed me to SA, then started here in July-August. If I just leave here it will just start again at the next place. I'm tired of running, these people should run, not me.

Phonesnake is just a website , giving the people the idea to keep track of their serial numbers in-case a theft occurs.