Backdoor in the computer system of the hosting company Hetzner

Posted: June 7, 2013 in IT Security News
Tags: ,

BackdoorHetzner technicians discovered a backdoor in one of our computer system.

Information security experts recommend that users change their password immediately.

Evening of June 6 German hosting company Hetzner has sent a letter to its customers with a notice of the incident safety. The notification host representatives reported that information security experts found a backdoor into one of the internal monitoring systems (Nagios).

“What started the investigation revealed that the administration interface for dedicated servers (Robot) was also compromised. Available on our current information suggests that part of our customer database has been copied from the outside, “ – says the letter.

According to the letter, malware has penetrated into the company network through a hole in the monitoring system Nagios, and infected processes running Apache web-server and sshd (terminal), while not changing the binaries themselves, which allowed the breach to be unnoticed for so long. According to the technicians, none of them had not previously come across.

The aforementioned backdoor was not detected by security systems and, apparently, this pattern of malicious code found for the first time. The company reported some technical details that backdoor stored exclusively in RAM, directly penetrating into the Apache processes and sshd. Backdoor does not change and does not record any binary files on the disk and does not restart the services.

Presumably been compromised customer database containing SHA256 passwords. Financial information is practically not affected, were stored in the database only the last three digits, expiration date and card type.

Users are encouraged to immediately change the passwords. In addition, information security experts are investigating and update the web-page FAQ.

“Technical Hetzner engineers continuously work on the localization of the existing security holes, as well as on the prevention of the emergence of new, to provide the greatest possible security of our systems and infrastructure. Data security is very important to us. To further accelerate investigating, we turned to the appropriate law enforcement authorities, “ – said in the letter.

To assess what happened was hired a private security company that helps local administrators to understand what happened, and completely clean out the network from all copies of malware.

Hetzner Online is a professional supplier of web hosting services and most experienced operator of data centers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s