The Intruder

The system owners lived in another country while their system was hosted at an IPS in the United Stats. They believed that the hackerr may have been someone in yet a third country based on some login information that they had been able to aquire.

Other that locking them out superuser, he had not seemed to have done anything to disrrupt the normal opeartion of the system. In fact, he seems to have been very quietly present on the system for over a month, based on the earlier activity.

He had obviously achieved superuser access, cleaned up the logfiles to eliminate any trace of his activities, and had apparently installed a root kit and some sort of backdoor.

In other words. This one was a real mess. The hacker was in complete control for an extended period and the system was completely compromised