Skip to main content
The Somaiya Files • Chapter 1

The Anomaly

Pages 1-30

The Anomaly

I first noticed something wrong on a Wednesday.

It was 7:47 AM according to the attendance system. I know this because I was frantically checking whether my tap had registered—running late again, convinced I had missed the cutoff.

But the system showed something strange: I had tapped in at 7:31 AM.

Sixteen minutes before I actually arrived.

The Normal Explanation

The obvious answer: system glitch. Timestamp error. Some database hiccup that assigned the wrong time to my entry.

This happens. Technology is imperfect. I should have shrugged it off and been grateful for the accidental gift of punctuality.

But something about the record bothered me.

The tap time was not random. It was not midnight or some obvious error value. It was 7:31—a perfectly plausible arrival time. The kind of time I wished I had arrived.

It was the kind of error that looked intentional.

The Computer Science Instinct

I am a third-year computer science student. Not brilliant, but trained to notice patterns.

And this pattern did not fit a random glitch.

I started observing more carefully. Over the next week, I documented every attendance record I could access—my own, my friends, public systems.

What I found:

  • 3 more instances of impossible timestamps (students recorded before they arrived)
  • 2 instances of duplicate entries (same student, same time, different gate)
  • 1 instance of a record for a student who had not been on campus that day

Each anomaly was subtle. Each could be explained individually. But together, they suggested something else.

Someone was modifying attendance records.

Why This Mattered

Attendance at Somaiya is not just administrative overhead. It determines:

  • Whether you can sit for exams
  • Your eligibility for placements
  • Your official record for four years
  • In some cases, your visa applications for higher studies

A compromised attendance system meant someone could grant or deny these things at will. They could make a student appear compliant or delinquent. They could control outcomes.

The stakes were not small.

The First Investigation

I started simple: database logs.

The attendance system stores records in a standard MySQL database. I knew this because I had done a summer project with a professor who had access to the schema.

Getting to those logs myself was... technically not allowed. But college networks are porous when you know where to look, and I needed to understand what I was seeing.

What I found in the logs was terrifying.

Records were being modified after creation. The original entry would show one time, then an UPDATE query would change it within hours. The queries came from an internal IP address, but one that was not assigned to any known terminal.

Someone inside the campus network was systematically altering records. And they were covering their tracks.

The Ghost Terminal

I traced the IP address. It belonged to a range that should not have active devices—an old subnet allocated during the last network expansion but never fully deployed.

But something was running there. Pinging it returned responses. A machine existed where no machine should be.

I tried to find it physically. The subnet suggested a location in the basement of the engineering building, a server room I had never been to.

The door was locked. The access card did not work. But through a window, I saw something.

A terminal running. Screens filled with data. And a chair—empty now, but clearly used recently.

Someone was working from a ghost in the system.

The Decision Point

I could have stopped here.

I could have reported my findings to administration. Could have let official channels handle it. Could have gone back to my normal student life and trusted the institution to investigate.

But I knew what would happen. The report would be filed. Questions would be asked. The person behind this would be warned. Evidence would disappear. Nothing would change.

I had stumbled onto something, and if I wanted to understand it, I would have to go deeper.

The Files had begun.

What I Did Not Know

Standing outside that server room, I thought this was about attendance fraud. Maybe someone selling clean records. Maybe a professor helping favorite students. Simple corruption.

I did not know this went further.

I did not know about the other systems this ghost had access to—the placement records, the exam papers, the administrative emails.

I did not know about the people involved, their positions, their reach.

I did not know what they would do when they learned someone was investigating.

I was about to find out.

Every investigation begins with a single anomaly. The question is whether you look away or look deeper.

Next: Digging deeper—what the data revealed about the shadow system.