And old story with NSBOP (now GDBOP)
by Vasil KolevA story that’s about time to get published. It happened to me some time in the summer of 2001, and this year all the obligations I had on old contracts should have expired.
Some pre-history – in the beginning the company I worked for (my first job in Sofia) was mostly deploying and running free porn hostings (mostly photos, 60MB quot, 200KB file limit, from the technical standpoint it was a pretty interesting task). The office was in a small apartment, the main servers in USA, we had some equipment and a nice connection to Orbitel, which we worked through. We also had one leased line to one of the colleagues’ home, who was working from there.
Because all kinds of people registered in the hostings (and they started really well, from 0 to 44Mbps in two weeks, and that in the 1999-2001 period – there were times when we were pushing more than the bandwidth of Bulgaria :) ), we had one-two people whose job was to look the whole day at what’s being uploaded and to remove what’s not acceptable – pirated software, child pornography and non-porn stuff (you can guess how physically damaging such work is :) ). What wasn’t blocked got automatically submitted to some search engines, to pull more traffic in (the hosting was living from advertisements).
So what happens – one of the colleagues misses one site with child porn (or it got replaced some time afterwards, I’m not sure), the site gets sent to the search engines, after which it gets discovered by FBI and they start searching who are we (and in the mean time I think the site got blocked by us). After some time they find out who we are (through the hosting), contact NSBOP (that was the name then, they became GDBOP later), and they started investigating us – eavesdropping lines, etc. (which brought some weird problems with our Internet connection as they had connected directly to the wire and that killed the connection a few times). They had also made up some weird scenario on how we did the job (the colleague with the leased line was the photographer, we processed and uploaded the photos, and I, because I’m from Dobrich had a channel for trafficking kids). So they make some arrangements with FBI and come to take us in – at the same time FBI goes at the co-location facility and takes the servers offline to look for bad stuff.
So, in one nice summer day we get a ring on the door. I can’t remember who opened, but the one that rang was a pretty nice red-headed girl, after who a ton of people stormed in and told us not to touch our workstations, after which they gathered us in the kitchen before sending us two by two to NSBOP. This was my first encounter of Yavor Kolev, the only thing I remember from him is his bragging of how much his gun costs (I think $500 or something like that).
They brought us to their office and told us to start writing explanations. We wrote two lines each (my name is so-and-so, I’m a student somewhere, and I’ve been with the company for a year or two), after which we waited for some time until the results of the examination became known…
I somewhat feel bad for the people that did the checking. Not only they found nothing, but they had to go through the whole cache of the browsers on the machines used to check the sites – the stuff our people went through for a month, they had to see in a day. According to the tale of one of the colleagues who was left there as a witness, at some point the checker just watched at the garden outside while hitting enter for the next picture. They felt a bit mad and decided to look also for unlicensed software, and found none such …
And because we had some linux machines (like my workstation and some servers), they have brought an expert to look at them. I looked afterwards at the .bash_history, and to I got somewhat amazed – except locate and find, nothing else was really done, some really simple measures could hide anything from such check (this wasn’t going to look into archive files, for example). Afterwards the lad was a student in the Network Security course and I made sure not to examine him…
I don’t see a lot changed in the last 7 years. They’re still so bad in the technical part, still so laughable in the way they work… A few times afterwards we’ve sent information on fraud and stuff that they deal with, and nothing happened – there wasn’t anyone to push them (and probably wasn’t going to be an action for the media). Not to mention their arrogant behaviour after they came in which is the usual one – looks like you owe them money …
I wonder if there’s a way for them to be taught something, to do some real work between the errands.