Digging Deeper
The ghost terminal was just the beginning.
Breaking In
Getting into the server room required planning.
The lock was electronic—a standard RFID system used throughout campus. But RFID systems have weaknesses, especially older installations. I spent three nights researching the specific model Somaiya used.
The vulnerability I found: the reader could be temporarily disabled by electromagnetic interference from a specific frequency. A modified portable speaker, tuned correctly, would make the lock fail open for about four seconds.
I am not proud of this. But I needed to know what was running in that room.
The Shadow Server
The terminal I had seen through the window was more than I expected.
It was not just accessing the attendance system. It was connected to everything:
- Academic records: grades, transcripts, course registrations
- Administrative systems: faculty data, budget allocations, official communications
- Placement portal: company databases, interview schedules, offer letters
- Examination systems: paper patterns, evaluation criteria, scheduled questions
This was not simple attendance fraud. This was a complete shadow infrastructure for accessing and modifying almost any data Somaiya held.
The Architecture
I documented everything I could in the twenty minutes I dared stay.
The shadow server was sophisticated:
- Dual network connections: one to the regular campus network, one to something external I could not identify
- Layered access controls: the system knew the permissions of every user in every system and could impersonate any of them
- Automatic cover-up: any modifications triggered scripts that adjusted logs, cleared traces, made the changes invisible to normal auditing
- Dead man's switch: if the system detected unauthorized access, it would wipe itself and alert someone
I had triggered no alarms—the speaker trick had not been anticipated. But I knew this was not built by amateurs. Someone with serious technical knowledge and inside access had created this over years.
The Data Trail
Before I left, I copied what I could.
Not the full system—that would take hours. But logs. Transaction histories. A list of the most frequent operations.
Back in my room, I analyzed what I had found.
The shadow server had been active for at least four years. The earliest logs I could find dated to the same year as a major network upgrade—someone had used that transition to install additional infrastructure.
The modifications it made fell into patterns:
- Attendance fixes: hundreds of entries adjusted, always making students appear more compliant
- Grade adjustments: smaller in number, but significant—a few points here, a reclassified paper there
- Placement data: the most troubling—company information accessed before announcements, interview schedules modified
- Email monitoring: administrative emails were being copied to an external address
Following the Money
Who benefits from this kind of access?
Attendance fixes helped students avoid consequences. Presumably for payment.
Grade adjustments helped students qualify for opportunities. Presumably for larger payment.
Placement data—that was different. That was competitive intelligence. Knowing which companies were coming, what roles they were offering, what salaries they were providing... that was worth real money to the right people.
I started mapping payments. The shadow server kept logs of its own operations, encrypted but breakable with enough time. Inside, I found references to transactions—not amounts, but codes that correlated with operations.
Someone was running a business inside Somaiya's digital infrastructure.
The Scale
The more I dug, the larger this became.
This was not one person helping a few students. The logs showed operations touching hundreds of records per semester. Attendance fixes alone could have generated tens of thousands of rupees monthly, if students were paying what I estimated.
And that was just the small stuff. The grade adjustments, the placement data, the email access—these were premium services. The kind of access that could change careers, that could be worth lakhs to the right buyer.
I was looking at a criminal operation embedded in my college's infrastructure.
The Players
I tried to identify who was running this.
The logs used codenames, not real identities. But patterns emerged:
- ADMIN: the primary operator, with full access to everything
- GATEWAY: someone who handled external communications
- COLLECTOR: presumably whoever managed payments
- STUDENTS: the clients, referenced by student IDs that had been hashed
I could not decrypt the student IDs—the hash was strong. But I could correlate operations with public events. When attendance fixes spiked, I could check which students had been struggling. When grade adjustments happened, I could look for whose GPA suddenly improved.
Not proof, but a direction.
The First Connection
One correlation stood out.
A series of placement data accesses happened exactly 48 hours before major company visits. Every time. Perfect timing for someone to brief candidates on what to expect.
And one company's data had been accessed more than any other: a major tech corporation that recruited heavily from Somaiya.
I knew someone who had gotten a offer from that company. Someone whose preparation had been suspiciously specific. Someone who always seemed to know exactly what would be asked.
I had a name. A place to start.
The Risk
But I was also getting paranoid.
The shadow server had dead man switches. It monitored for intrusion. If ADMIN was checking logs, they might notice the physical access I had made to the server room.
I had left traces. The door log would show the failure at the exact time I entered. The terminal might have logged my presence even though I touched nothing directly.
I needed to move fast. Before whoever was behind this realized someone was looking.
And I needed allies. This was too big for one student to expose alone.
Data tells stories if you know how to read it. But some stories are dangerous to know.
Next: The ghost in the system—identifying who built this shadow infrastructure.