The Dictionary Attack

The intern typed [about:downloads] into the address bar because he didn’t know any other way to open the downloads page inside a tab in Firefox. He did not want to view the downloads list in a new window, which was how Firefox showed them by default. This was because he had quite a selective nature to his personality when working in the digital realm, and some of those habits even penetrated into his life [away-from-keyboard]. The just-downloaded file was named [rockyou], had a [txt] extension, and occupied about 130MB of disk space. Now, everything was set for his adventure for the day. Then he busied himself with some minor tasks. He replied to a few emails, and rectified several minor issues in development infrastructure, also freeing up disk space on a server scheduled to run an integration. He could have easily automated the latter-most, but he did not dare leaving any script that invoked [rm] with [rf] as arguments to be executed automatically and occasionally on that server.

It was almost six in the evening; he usually left at six. Today, he wasn’t in a hurry. The new tab in [XShell] opened an SSH session to a VM running RHEL. While it’s [passwd] file contained multiple users with [nologin] as their default shell, a single user account was configured to be able to be logged in via SSH. The [authorized_keys] file under [/home/<user>/.ssh/] contained only one public key, of which the corresponding private key resided only at a single location. He anticipated doing what he was just going to do ever since he got to know about the implementation of [moodle] at his university. The [Python] script he was about to execute was perfect in every imaginable way as he saw it, except it did not leverage concurrency to increase efficiency. He typed in the command to execute the script followed by [bg] and [disown] to send the process to background and detach it from current [tty] session. Finally, he logged out of the [VM]. The script would run through night and day, and if his math was correct, reach end of execution by day after tomorrow. And, he would have the credentials of a couple accounts he wasn’t supposed to have access. It was nothing but youthful curiosity that drove him; he was not yet aware of the consequences that were to follow.

Next day the youth came to work as usual, three more solid months still left before he would complete his internship. He had no plans to remain in the company though. The startup craze had swept over him. It was just before noon when his [IP phone] rang. The display told it was his reporting manager; he answered without hesitation. The call lasted only a few minutes; fewer words did the youth spoke. He knew by then trouble was to come his way. The script from yesterday had triggered an anomaly detector surveilling traffic originating from inside the corporate network. It was a pity he did not encrypt and tunnel the traffic, anyway, it was too late now. The youth tried to relax but could not. Thoughts about what to come dominated his mind–an end or a beginning only time could reveal.