The Beginning

Today I decided to create an online journal. Not sure who this is for, given that I am not a particularly interesting person, nor why I am doing this, especially since I have had no free time this past few weeks, but I reckoned it would help me keep sane, something to do besides my job. I've been living in Gabboth for about 3 years now but I feel like I hardly explored it. I mostly commute from my apartment to my job, work for 12 hours, and then commute back. It would be all rather mundane and monotonous if it wasn't for the fact that my job loves to have a meltdown every other week and throw my life into complete disarray. For some context, I've been working with a company, Dream, whose focused on data recovery, but not the normal data recovery; they've been interested in the data wipe from a couple decades ago, well before my time. Specifically they want to create a system to automate the process of data recovery for companies who lost something during that event. The subject matter is pretty cool and I honestly wouldn't mind doing this job except for the fact that everything is on some obnoxious deadline to get delivered. Arbitrary dates are pulled out from no where and that's just the deadlines we need to make. I know we need to deliver something to our customers, but it just feels like there's something I'm missing. I dunno, I'm probably ranting about this and its probably a bit incoherent, sorry about that.

I guess I can talk a little bit about what I actually do aside from the overview. I tend to work a lot closer to the security side of the software. Taking a quick step back, the data wipe technically wasn't really a data wipe, rather, it was that some company at the time was storing like 90% of all data on the web. The story goes that there was a disgruntled principle engineer who was plotting to go scorched earth on the whole system. I'm not really sure why, but regardless of his motives he was efficient, and patient. He began planning this attack a couple years in advance. Creating back doors in inconspicuous locations, hiding under a mountain of code, which was obviously signed off because no one had time to look into a 3 page code review under the massive time crunches they were in. Eventually when everything was set up, he triggered the single command to the database and suddenly, all the data was locked up behind whatever malware he injected into the system. All queries to the database only returned a link to his manifest. I haven't really read it before, but it goes into the ethics of the company and basically was a some unhinged call to destroy the world order. He was subsequently arrested and mysteriously died later that week. As for the data, attempts to recover the data from backups were proved to be unsuccessful, and they were also accounted for in this attack. All the data was encrypted, but not under a single key, rather there was a plethora of keys used, so that even if you found one, you never were able to recover it all. Estimates of the key count are at 5 billion, and oddly enough were forcefully written into bit and locations of the server hard drives. The strange part is why write the keys in with the encrypted data if his plan was to go scorched earth. Perhaps for the second reason, which was that a number of data entries were injected with malware, not dumb entries like dates or names, but rather in binaries and data objects stored internally. That way when you did decrypt it on your end, you would basically end up with just more malware on your main system. What was odd was that some of the malware was your typical disk encryption schemes, but others were more esoteric and odd. Like the one they found recently where it would play the audio of a man reciting some dead language, or another one which simply described a curse that we befall on the user. Some weird things. Which plays back into my job.

Finally getting back to my job, my main goal is not necessarily to find this lost data, but rather once I am presented with a key and some cipher text, to safely decrypt and extract the data. Notably, they want to automate this process so that other companies can buy our software and use it to get their own data. But in parallel we are still providing support for decryption, which has frankly been frustrating because we are now doing two jobs for the price of one. But I can't complain. I at least have a job.