Life Diary – The Security Farce (Part II)

So the story continues. If you don’t get the hang of it, you’d want to read the first part here.

Our college’s computer lab was an interesting place. If you would step in, you would feel as if you are in a graveyard of computers. Intel Pentium II processors with 63.5 MB or RAM (the remaining 0.5 MB was taken by the graphics chip) could at the most run Borland C++ compilers. I was fine with it. We (my gang of 2-3 friends) had fixed a corner and we used to spend hours coding, because that was the only way we could work together. This was 2007; laptops were expensive then. I remember we wrote our first linear equation graph plotter in C.

One day, I enter the lab after a prolonged weekend, and see ten students staring at one computer screen.

“Why are you all not using other computers?”, I asked, seeing the chaos.

“They are not working”, someone replied. A senior faculty came upto me to defend: “They are infected by a virus and the maintenance guys are not coming since their contract isn’t renewed.”

This popup used to flash on every PC in the network.

Even our PC was infected. I tried things but it would restart as soon as I open a command prompt. Some popup used to open frequently with strange language. A quick internet search revealed it was an effect of Brontok malware.

I needed to fix it. So I came home, prepared a bootable Windows 98 disk, loaded the DOS-based F-Prot antivirus over it and booted the PC from the disk. It took some hours but the malware was cleaned. We were happy, and our HOD asked us to clean the entire lab which we happily did. Soon I became the antivirus guy. Understanding the inner workings of malware became my new passion. I forgot C++ and got into Windows OS, Registry, File System, Processes, etc.

My new found passion and feat spread in the circle. In Orkut we couldn’t “update a status” so my “fans” were relatively less. But it might have caught the attention of Sunny Vaghela. We used to talk on Gtalk but till now it was just a formality.

Tonight when he messaged it was something else. (p.s. I am simplifying content but I have all chat records if you are interested).

“Hi Kaushal”

“Hello”

“I heard that you have a good control over viruses/malware”

“Hmm… I think so”

“Actually, I am conducting a workshop on Viruses and Security at [a leading engineering college] on [a very recent day]”.

I thought he would invite me as a speaker. But what he told next was shocking.

“Now everything is planned but I don’t know about viruses. I know all about web security though”.

Yes, he didn’t even know what CSRF meant until I told him a few days back. Again I have the chat records so you have to trust me on this.

“Can you teach me? I will come at L.D. (my college) tomorrow morning.”

I believe in sharing knowledge. So I agreed.

He was there the next day. An expensive laptop along with a Reliance Datacard (again it was very pricey in those days) impressed me. I was showing him how to make a simple virus that reboots the PC at startup.I was also typing things into a notepad so that he could do it himself.

Meanwhile, he got a call and I used the time to play with the laptop. A keylogger was running in the background!

“Sunny, I typed all this instructions for you. But now I am deleting them”, I said to him.

“Why?”

“Because you don’t need the file. The keylogger in your laptop has recorded everything”.

“What… keylogger? How did you know about it?”

“Dude, I may not be a web security expert but I am a pro at malware”, I announced proudly.

He gave me ten reasons for the keylogger, none of which were acceptable. I had seen the side of him that I shouldn’t have. I had thought of helping him so that I could build a new relationship but faltered on the first step.

Now I started taking more interest in the activities Sunny was doing. Was he a fraud or was my mind just imagining things?

Whatever it was, I wasn’t going to trust him now. But later I discovered even more information. I’ll have to write that in a new blog post.

 

12 thoughts on “Life Diary – The Security Farce (Part II)

  1. Finally, I can read what I just heard… waiting for the next post with the same sort of “up front” comments and all that jazz!!!

  2. Hey Kushal, got a link to this blog from FB. Nice post. Ran across your resume; its good to see you’re heading a startup and pursuing a path of your choice.

    1. Thanks Bigyan. Good to talk to you after years. What are you upto these days? I don’t find your blog anywhere…

Leave a Reply

Your email address will not be published. Required fields are marked *