PHDays IV CTF Quals Storyline

May 23, 2013. The infrastructures of the four most powerful information security corporations were brought out of service by the participants of PHDays III CTF. The contestants also triggered the distribution of the most advanced malware – the worm Detcelfer, which infected more than 85% of all PCs and mobile devices in the world. Positive Technologies summons the task force of experts code-named Golem to neutralize the dangerous computer worm and investigate the incident.

The detailed research of the Detcelfer worm shows that in spite of the fact that various mechanisms were used for hiding and distributing the malware, its payload is pretty common – a backdoor. At the questioning, the CTF participants tell an unbelievable story that as soon as CTF started they were teleported to a fantasy world called D'Errorim and the worm Detcelfer helped them to fight "evil monsters". Is that a blatant lie or the result of hypnosis?

As soon as the investigation begins, experts realize that Paul_Axe, one of PHDays CTF developers at Positive Technologies, leaks insider data and someone promised him a great reward for “cooperation”. Paul takes part in two projects – PRISM and D’Errorim.

PRISM stands for “PRISM: Reality Interpretation Switching Modules”, and its goal is to create a hardware-software solution for creating and maintaining virtual realities – VR worlds, that are described using the custom language PILL (PRISM Illusion Layer Language). The main idea of this project is to create a custom virtual world and obtain an ability to bring certain individuals there. It was formed by Gerald Malkin – a mathematician and subsequently a member of the PRISM project – on the basis of the existence mapping theory by the philosopher Phil De Payne, and the universe polysemy theory by Kipp Carm, a theoretical physicist. Except Paul and Gerald, the PRISM project was developed by the Japanese biochemist Chika Sudo, Korean physicist Tal Gi Choi and Buryatian shaman Baatyr – the only person able to enter virtual realities without using PRISM.

The D’Errorim project is an implementation of a VR world for PRISM. It was developed targeting at PHDays III CTF participants specifically for testing the PRISM capabilities on the battlefield.

Both projects are supervised by Apollinary Ryzhebochkin, acting as an intermediary between the members of the two projects on the one hand, and the customers – Zohers – on the other. Zohers form a very powerful distributed group of people who literally rule the world. They sponsor a variety of global projects including PRISM and D’Errorim. Unfortunately, nobody knows what their mission is.

Not long before the final testing of both projects at PHDays III CTF, Gerald Malkin realizes that PRISM is really dangerous for people, so he decides to leave the group and publish an article revealing all the mathematical principles of the project. Zohers launch a hunt for Gerald and he disappears leaving his computer pre-configured to publish an archive containing sensitive information about Zohers.

Eventually, it turns out that Gerald is alive and agrees to cooperate with Golem to defeat Zohers. He provides the source code of the D’Errorim beta version as well as the PILL language specification. Now Positive Technologies is going to create its own VR world based on the leaked D'Errorim sources and set all Zohers as targets. Gerald reveals that PRISM has a powerful search engine that makes it possible to find all Zohers and bring them together inside a certain VR world.

To be continued....