The IT Blacksmith

Dr Keith wasn’t all about the ransomware and the dangerous headgear. He also taught me an important lesson about horror films, and their applicability to daily life.

The first time I dealt with him, he was having trouble with his laptop. It was, he told me over the phone, switching itself off at random. He’d be in the middle of watching David & Margaret on iView and it would just switch off. No warning, no reprieve. He’d switch it back on and it would be fine, but then it would happen again ten minutes later. If he left it for a while it might last longer before the next cut-out, but that was pretty random too.

As soon as I heard this story, I guessed at the problem. Laptops are a hothouse of complicated electronics, all crammed together with no room to breathe. To keep themselves cool, they have fans. But those fans suck in air through grilles on the side and underneath, and those can get gunked up, especially in houses with wood heating or occupants who smoke inside. The random cutouts sounded like overheating due to the fan being unable to take in enough air. Simple! Open and shut, no problem. I was sure this was going to be an easy case.

My confidence in my pre-diagnosis lasted until I walked into the house. Keith, even at sixty something, was clearly a health nut, complete with tracksuit, well-worn running shoes and a rowing machine in the corner of the living room. So when he told me he’d been an oncologist as a young doctor, I figured the chance of him or anyone in the house being a smoker was pretty much zero. He confirmed this. He also confirmed that he didn’t have a wood fire; this involved him going on a bit about the benefits of heat pumps in the Tasmanian climate, but chatty customers are part of the job. Looking at his living room, I saw that it was immaculate: no dust anywhere to find its way into the grilles of the laptop.

I picked up the laptop and sniffed it. It’s amazing how many problems you can diagnose with a nose. In this case, I diagnosed that the machine was new (“new laptop smell” is a thing, just like new cars but less upholsteryish) and very clean. Dr Keith assured me he only ever used it on the spotlessly clean coffee table and never on his lap; at any rate, he had so little fat on his body that the usual problem of a laptop being half-smothered did not apply. This was the cleanest piece of computer hardware I had ever seen, in a room so spotless that I could have eaten my dinner off any surface (though Keith would prefer that I use the dining table instead, to save on Mr Sheen).

So. Initial diagnosis was a bust. Never mind: no battle plan survives contact with the enemy, as old uncle Helmuth used to say. I switched the laptop on, and it was here that I noticed something new. It was, as he had told me on the phone, generally very well behaved, and very, very quiet.

Too quiet. Like the scene in a horror movie just before everything goes horribly wrong.

I carry a set of precision screwdrivers in my bag. I unplugged the lappie, took out the battery and took the back cover off. It was a Toshiba, so this was not too painful; god help me if I need to do the same for some other brands, which have a million screws in multiple incompatible sizes. As I did this, I marvelled at how tidy it all was. Keith really did keep it in tip-top condition. No dust anywhere. Of course, by this point I’d mostly guessed the terrible secret. The fan wasn’t sucking in any dust, and indeed wasn’t doing anything at all, specifically making any noise at all, because… it was an undead zombie!

Or rather, because it was stuck and wasn’t moving.

A pair of tweezers retrieved the culprit. One of those little stickers that modern computers are infested with, advertising the killer features that supposedly make each new piece of hardware the shiniest and featuriest gadget ever, had come off the bottom of the laptop’s case and made its way through one of the perfectly clean grilles all the way into the inner workings of the fan. As a result, the fan didn’t move, meaning not only that it made zero noise and sucked in zero dust, but also that it let the laptop heat up without interruption. Over time, the heat would reach a level where the internal thermostats would register an emergency, and the laptop would power down to prevent damage.

Part of my initial diagnosis was correct. The randomness of the powering-down was tied to the temperature in the room. Hot days meant a shorter time between shutdowns. But generally it’s the effort a computer is putting in that causes the heat, so rendering the video of David and Margaret arguing over which Adam Wingard flick was the least abysmal was usually enough to send everything to hell.

Sticker removed, I reassembled the laptop, commended Dr Keith on his dedication to cleanliness, and apologised that henceforth his machine might be a little noisier, now that it had a working fan again. He agreed that this was an entirely acceptable situation.

I left him to his iView, and did not kill him and feast on his brains. I am, after all, not an IT undead creature of darkness wandering the night in unearthly torment. I’m just an IT blacksmith.

Dr Keith was a pillar of the community: three days a week at the local medical centre, formerly an alderman before everything got amalgamated in the 1980s. He seemed a little sheepish on the phone, and when I popped round to his rather nice house in Dover, I quickly saw why. His computer screen was showing one of those ransomware messages, all flashing text and spelling errors. He was sure it must have been a website he was looking at, but it all happened so fast that he wasn’t sure. A popup message, a foolish click, and everything went away.

Ransomware is in the news at the moment, with the latest example, WannaCry, causing panic from Patagonia to Portsmouth. It relies on encryption, the same technology that makes your internet banking secure and allowed the Germans to think their radio messages were secret in World War II. The Germans were defeated by Alan Turing and Colossus, but the mathematics has gotten a lot tougher to crack since then. Nowadays, if you encrypt a file and lose the key, you’d better hope you have backups.

Dr Keith’s scary message made the usual claims. Your files, it assured him, have all been encrypted. You can’t get at them unless you have the encryption key. You can’t get that unless you pay the S00par Wizzardz K0llektiv umpteen hundred dollars in Bitcoins. Dr Keith didn’t even know what a Bitcoin was, so he called me in.

This was a while ago, so it was the first case of ransomware I’d seen with my own eyes. Immediately, something made me suspicious. Understand that these things are never very well written. For a start, the text in them is most often composed by someone with a limited grasp of English — WannaCry is probably Chinese, for example, based on some clever linguistic analysis. Writing any kind of computer program is usually a group effort, but these nasties tend to be assembled by smaller groups of people, maybe even just a single “script kiddie” working alone. As a result, they look pretty flaky, even the successful ones. But this one… even by the very low standards of malware, this looked like it was stuck together with chewing gum and string.

A little detective work revealed that the popup message appeared in the Task Manager, a system program that can be used to monitor how a computer is running. That was unsurprising: it could hardly be popping up otherwise! But something else was not appearing in the same system program: the Desktop, the part of Windows that displays your icons and buttons and lets you launch other programs. That suggested an intriguing possibility: maybe the popup message was blocking Desktop from starting somehow. But if so, why?

Task Manager gives you all sorts of capabilities. One of them is the ability to stop a program starting up automatically. There are a lot of automatic programs in a typical computer: they handle everything from the mouse cursor to the printer, and without them your computer would be little more than a large electric paperweight. But the auto-starting program called C:\Users\Keith\Local Settings\jdlkalkschheijscnkjw.exe seemed a little outside the norm. I killed it — another of Task Manager’s helpful tricks — and the popup message disappeared. Progress!

Veeeeery carefully, I now started up Desktop and took a look at the damage. The mysterious jdlkalkschheijscnkjw.exe was sitting there, inert now, so I deleted it, and did a quick search for any lurking copies. There were none. I also checked his browser history, half expecting something rude, but it turned out to be almost boring: a website selling hats that just happened to play host to a dodgy advertisement. The site was now down with just a “please wait” message, meaning the owners must have found the problem, so that was good. I checked his downloads folder and removed the supposed advertisement that had borne the fatal payload. That was easy to kill. But as for encrypted files, there were none, anywhere on his computer. Everything was safe and sound. The ransomware had lied!

I know. Shocking, right? Criminals telling untruths! What is the world coming to?

The chain of events seemed to be this: Dr Keith had felt a need for a new hat, so followed a chain of googles and recommendations to an online shop that was playing host to a dodgy advertisement. The advertisement was clever enough to get through the good Doctor’s defences, both mental and technical. It downloaded a file to his computer. That file created the jdlkalkschheijscnkjw.exe program, and installed it in such a way that it ran before Desktop. It then rebooted his computer. When the computer started again, jdlkalkschheijscnkjw.exe started up, prevented Desktop from running, and popped up the scary message. What it did not do, as far as I could tell, was encrypt any files or do any other damage.

It’s like: what if the mafia tells you they’ve burnt your house down, but all they did was put red paint over your glasses? It’s the ultimate in criminal laziness. I’m almost impressed.

Dr Keith’s files, meanwhile, were safe. I made sure he had a responsible backup procedure in place, and that his anti-virus and Windows Updates were all working. He promised he wouldn’t go shopping online any more, and wondered if I knew where he could pick up a nice hat. I told him I couldn’t help there. I’m not the IT mad hatter. I’m just an IT blacksmith.

Most of the time, when I do a house call to fix someone’s computer, the job is pretty straightforward. Bodgy internet, fussy printer, hard drive that won’t wake up: mostly I fix it, sometimes I have to break the bad news, but in general I don’t spend my time looking for naked photos of a bloke’s wife on his laptop. This is a story about the one time that was different…

Location: Abels Bay, by the beach. Theo was a balding forty-something chap with a nervous handshake. He told me his story and I understood why he was nervous. His wife of ten years, Elly, had recently made the decision to stop being his wife, and was in the process of introducing him to her lawyers. Point of contention: some photos that Theo had taken of her as she stepped out of the shower. Elly claimed that this sort of sleazy behaviour was typical of him, that he’d always done it even though she hated it. Theo admitted taking the photo in question, and plenty before, but asserted that it was always with her complete, even enthusiastic consent. Now that she wanted out of the marriage, he said, she was lying to make him look bad.

I’m the IT blacksmith, not the IT Freudian psychoanalyst, so I figured I’d give him the benefit of the doubt, and asked why he needed my help. “It’s the photos,” he told me. “They’re on here somewhere, and they show Elly, stark naked, and smiling, proving that she didn’t mind me photographing her. Trouble is I don’t know much about computers and I can’t find the bloody things. I want you to find them for me so I can prove I’m not the biggest sleaze since Rolf Harris!”

OK. So you want me to find naked photos of your wife. Riiiiight. Well, a buck’s a buck, and I used to live in Canberra so I’ve heard worse than this. Get to work then!

The first part of the job was easy. A simple command to find every photo file on his entire computer and stick a copy in one folder where I could check them. Took a while to run, but run it did. Problem: it turned up about ten thousand photos. Far too many to search through manually!

If I had a super computer with image recognition software, I could just program in “show us your rude bits” and it would spit out the anti-incriminating photos in no time. Problem: I did not have a super computer with image recognition software.

Or did I…?

As it happened, I did have a super computer. In fact, with two of us in the room there were two super computers! The human brain is a remarkable machine, and it just so happens that it’s very good indeed at finding pictures of people in among other noise. That’s the reason people keep seeing the Virgin Mary on their toast! Why not apply that fact to this puzzle?

I downloaded Irfanview, an image viewing program, and pointed it to the folder with the ten thousand photos. Irfanview had a feature I needed: it flicks through photos quickly if you hold down the space bar. That’s what I did: I just sat there, let my eyes unfocus, and began looking through all the images.

What did I learn? For a start, Windows sticks an awful lot of pointless photos on a typical computer. Hundreds, maybe thousands, of icons, buttons, animated dogs, chatty paper clips and the rest. Most of what I saw was those. And after that, I learned that Theo was indeed a keen photographer. Very keen. However, his subjects were mainly his boat, his dogs and the rocky and snow-covered piece of far north Tassie where he and his wife used to have a holiday shack. As for photos of Elly herself… there were none. Irfanview was fast, so we were able to go through the collection twice, just to make sure. I know the trick worked, because the couple of photos that had, say, Theo in a singlet or some passing tourist in a t-shirt were immediately obvious, even at high speed flicker, so I could stop and go back and, gritting my teeth, check to see if they contained Elly’s smile and other less-commonly-seen bits of her. They did not.

Poor old Theo had his day in court, and came out a chastened and somewhat poorer single man. Elly, if I’m to trust Theo’s account of the matter, started a relationship with a nice lawyer, coincidentally the one who had been of such great assistance to her in her time of need. And as for the photos, well… maybe they were there and had already been deleted by the much more tech-savvy Elly, or maybe they never were and Theo was delusional, or paying me to waste some time to make his argument look plausible. Who knows? I’m not the IT magistrate either; just an IT blacksmith.