“As young as I was, I imagined all sorts of suggestive visions, clearly invisible through a nun’s habit, while she was administering the punishment. It quickly became a recurring erotic dream for weeks afterwards. Whoa! Of course, I led everyone to believe that it was an enjoyable experience. As I recall, every one of the lads took a turn at getting caught so they could have the same treatment. Odd, no one admitted to the stinging pain so as to entice the next victim.
“To this day whenever I do the rent-a-female thing, I still request they start off wearing the Nun’s…..”
Jacob blinked repeatedly and held up his hand as he said, “Alright, I get the picture! You want justice done and something more than junior high discipline with a ruler! How about we focus on the possibilities of rootkits being deposited on your servers, shall we? We can always stroll down memory lane at the pub later.”
John C shrugged then agreed, “Okay. Where do we start? As memory serves, rootkits install themselves at a very low level so that they can lie to you when you ask if they are there. They intercept requests from programs and offer up answers to make you think everything is running correctly. I like the way some of them simply tell you that there are no files in a directory and that the directory isn’t there either.
“These things are nasty, but if they are using rootkit cloaking techniques to hide executable code that then acts like a thinking cyber ninja being with financial accounting skills, how are we supposed to detect it?”
Jacob held up a bootable USB drive and clarified, “I want to do a random sampling of the servers, bring them down, and reboot them with this as the bootable partition. After that, I want to run an inventory of the files with the known good file sizes and hunt for any new directories that aren’t part of your institution’s standard install.
“I then have another program on here that will read down to the byte and sector level of the disk drives, from start to finish, the open, deleted, and written-to sectors so we can have a complete picture of what was on these server drives. I’ll take all of those results and run an analysis on them.”
John C flatly stated, “You’re daft, lad. You don’t have that much processing power with you to do that in our lifetimes.”
Jacob smiled and agreed, “Correct, I don’t have that much processing power with me. But I do in my home offices. The reason is that with ten server’s worth of information we should statistically be able to capture enough of the program to do some useful forensics and maybe even recreate this beastie. May I begin?”
“Jacob, let me alert operations that we will be re-booting servers and to hold the alarms on the ones we are working with. If you think our security people were anal about their jobs, you won’t want to cross with the after-hour’s operations team.
“It was worse before the halon fire suppressors were removed. Those mad-men would hit the halon discharge button and THEN go see if it was a fire they were dealing with. I once staggered out of here unable to breathe from the gas. Thank the maker that the halon has been removed! Now it’s just the fire sprinkler systems to deal with, but frankly I am not in the mood to be soaked again, so let me call them.”
Jacob stared in astonishment at John C then added, “I can hardly wait for the pub stories after these other events in your life that you have recounted to me, my friend. When the hostess asks if we are a party of two, I will be inclined to say that we are more of a riot than a party.”
John C just smiled, winked knowingly, and stated, “Let me make that call.”
Click Follow to receive emails when this author adds content on Bublish