RUNNING HACKING
Patrons and Allies
- Mentors
- Brokers
- Fences
- Rival Corporations
- Rival Governments
- Faction Communities (historically things like BBSes, sites ,forums)
- Banks
Mission Targets
- Rival Hackers / Turf Wars between BBSes, Sites, Forums, Communities
- Computer Ops / Sysops, SysAdmins
- Rival Corps, Corporate Espionage, Rival Universities
- Corps/Universities with Gov’t Contracts
- Gov’t Labs, Bases, Agencies
- Banks
Tooling Quality
Code Level | Bonus |
---|---|
Non-Ported | -3 |
Infected | -3 |
Alpha | -2 |
Beta | -1 |
Release / Gold | +/- 0 |
Hacker Mission / "Run" Design
A hacking run (or mission) has a goal which the hacker is trying to achieve in support of the wider mission undertaken by the team:
- Investigate the defenses of a target corporation
- gain privileged access
An excellent example of this can be seen in MAX HEADROOM: 20 MINUTES INTO THE FUTURE as a hacker known as a “controller” back at the TV station finds maps of buildings, monitors news feeds, unlocks doors, and controls elevators all while in constant radio contact with the reporter on the street.
Maintaining links between hacking activities and the “real world ” activities is crucial to keeping both the team players and the hacker player engaged during the mission.
To do this, design a number of clues for the hacker to uncover through their activity which can assist the team.
For example: find the controller for the lights or elevators – now the team has more access to a physical site.
Next clue: find the camera feeds – now the hacker can provide “overwatch” as the team works.
Think of each clue a hacker can find as a key that unlocks more for the team to do, as well as team clues which can unlock more for the hacker.
For example: the team plants a remote access device – now the hacker has far more access to the network of machines.
Each clue has a source, and leads to some ability unlocked.
The hacker has to pass a challenge at a source in order to access the clue.
Clues can also be clues to mysteries – raising new questions or answering previous ones.
Clue | Found Here | Protected By | Leads To | Red Herring? |
---|---|---|---|---|
Hacker Battlegrounds
Links between systems are battlegrounds.
Hacker gets on Machine A, launches scans and exploits at Machine B.
ICE is the defense on Machine B.
ICEbreakers are attack from Machine A vs ICE on Machine B.
Movement is Hacking Combat is machine to machine, account to account.
Can be thought of as an island chain where each island is defended.
Cyber-trench-warfare is taking and holding systems.
Programs/services that are hacked give hacker that program ’s privilege, account, and group permissions/keys.
The goal is highest privilege access aka “root” or admin.
Ring 3 to Ring 0 to Ring -3
Silent ICE are tools like Network/Host IDS, honeypot, tripwire, log analyzer/correlation.
Software fights across links similar to corewars where each side's code attempts to corrupt and crash the others first.
Hacking Maps
As in a dungeon crawl, links between systems would be the roads or hallways/corridors between encounter areas.
- Global – Cables, Satellites, Radio and Microwave Relays – WAN
- Regional – Backbones, IXPs, ISPs – WAN/MAN
- Specific – Campus/ Building Maps – MAN/LAN
- Country Code – WAN
- City Code – WAN
- Exchange – MAN
- Line – MAN
- PBX Extension – LAN
Specific Network maps for alarms, camera, controls, cooling, power, doors, elevators, etc.
- Red Net – High Security – Internet / DMZs
- Yellow Net – Medium Security – Extranet – third party access
- Green Net – Low Security – Intranet used within company
- Black Net – High Security – Internal Private Network – HR, Financials
Alert Levels: Low to High
Response Levels: Passive or Active
A “Network Operations Center” (NOC) NPC Group may operate the target networks.
Hackers Versus Systems
Category | Details |
---|---|
Rewards / Treasure | Databases, File Collections, Application or App Licenses, Device Controls, Source Code |
Security (Difficulty) |
Hardening, Anti-Tamper ICE, Monitoring, Responses to Failed Hacks |
Operating System Make/Model | Toolchain availability and compatibility |
Networks / Communications | Inbound, Outbound, Network Interfaces, Wireless |
Interfaces | Text, GUI, 3D, VR/AR, Direct Neural Interface |
Hardware Make / Model | Size and Capacity |
Any “special abilities” for user accounts?
Any “special abilities” for privileged/root accounts?
Each service provided by a computer raises its exposure level.
Hackers Versus Personal Equipment
TL-1 and later Electronics, Communications, and Computer Skills can be used to operate, modify, sabotage, or repair computerized personal gear.
Gear may have anti-tamper features.
Smart or networked gear may also generate network alerts when tampered with.
Hacker Actions
Hackers take actions in Initiative order like any other combatant.
Instead of moving, they hop between systems and accounts.
Instead of aiming, they recon the defenses of targets.
And instead of firing, they unleash exploit software against the target defenses.
Interface
⚅⚅ Electronics Check: Access a control port directly
Recon
⚅⚅ Comm Check: Scan networks for targets
⚅⚅ Computer Check: Scan targets for vulnerabilities
Choose Payloads
⚅⚅ Customize Payload to Target
Exploit
⚅⚅ Choose possible exploits from vulnerability analysis
⚅⚅ Check target is vulnerable
⚅⚅ Tailor exploits
⚅⚅ Launch Exploit
Use Payload
⚅⚅ Upload/Download
⚅⚅ Remote Command
⚅⚅ Hack Accounts
⚅⚅ Transfer $$$
Additional Actions
- Move / Connect / Recon / Bridge
- Trigger Program
- Disconnect
- Crash System
- Block/Spoof/Trace Connection
- Raise/Suppress Alarm
- Houseclean
- Sanitize Logs
- Create Backdoor
- Control Devices (Fire, Camera, Alarm, Door, Elevator, Phones)
- Reconfigure
- Inject Code/Data
- Analyze (aka Aim Time for Computer Weapons)
- Interface / Physically Access
- Improve Security
- Shred
- Ransomware
Hacker Rewards
- Bot zombies / increased compute capacity
- Databases / Collections / Files
- Accounts
- Code / Licenses
- Bank transfers / Purchase Orders
- Proxies
- Repositories
- Impersonate employee / company / reputation
- Use user special abilities of system
- Use root special abilities of system (if privileged account)
- Cryptocurrency Ransom
Hacker Mishaps
- Crash
- Lost Accounts
- Raid by security, legal enforcement, or mercenaries
- Worse … depending on who you antagonize
Hacker Reputations
- Rank in hacker group
- Fame for hacks
- Corporate reputation for consulting
- Civic reputation such as “rap sheet” or FBI file
- Social Networks
Hacker Downtime
- Auction and fence rewards from previous hacking
- Research
- Code a scanner, wardialer, file transfer, cracker, BBS, OS
- Patch/Break stuff
- Build or buy computer, modem, interface
- Maintenance: Defrag, Security Sweep, Upgrade
- Porting Code (make tool usable on different host)
- Profile Code (improve speed)
DESIGNERS NOTES
It's a sad thing to say this far into the computer age, but hacking games are generally few and far between and most of those that exist are pretty bad.
So, what would make a “good” hacking RPG system?
Turn Order:
Hack events are actions in the turn order like everyone else.
Max Headroom gets this so right as Fiona the Controller hacks alongside Edison's reporting, as they hand the baton of action back and forth.
Networks:
Re-using an old fantasy RPG tool, networks could be built as 'hexcrawls' where the hackers explore the space and then deal with things encountered there.
Systems:
Re-using another old fantasy RPG tool, systems could be built as 'mini-dungeons' where hackers explorer a branching space and deal with obstacles and collect treasures.
Programs:
These are the staple of hacking games, and most have a huge variety.
This is the embarrassment of riches in an otherwise bleak scape.
Roleplay outside of hacking:
What do hackers do in the downtime?
In most games nothing.
Totally undescribed.
So, a hacking game needs interesting networks somehow tied to the “real” game world.
It needs complex systems that make for interesting challenges, like mini dungeons.
It needs a good selection of programs, like spells in a fantasy game that all do varied and interesting things.
And it needs something for the hacker to do between hacks.
Ideally, this is how the hacker gets knowledge, tools, and motivation to do more hacks.