Wednesday, 11 February 2015

A Whole Bunch Of Pandas (Night's Black Agents)

I'm not sure what the collective noun for Pandas is - herd? pod? murder? - but if cybersecurity outfit CrowdStrike is to be believed, there's a whole heck of a lot of them out there on the internet.

CrowdStrike released a report on hacking in 2014, naming the main players, and the most serious threats, on the global network. Perhaps unsurprisingly, the vast majority call themselves some kind of Panda; GOBLIN PANDA, VIXEN PANDA, PITTY PANDA, GOTHIC PANDA, PREDATOR PANDA, DYNAMITE PANDA, SPICY PANDA ... the list goes on. Presumably this indicates a Chinese origin, or at any rate some kind of Chinese connection. Some of them are certainly run by the Chinese government, or at least hired on a freelance basis by the authorities, but your guess is as good as mine as to who did what to whom.

The whole report is well worth reading, and plugging into your Night's Black Agents game. It is free to download, so there's no reason not to give it a bash.  I want to draw your attention to the Notable Activity section, from page 28 to 29, and the section on DerpTrolling. I'm going to quote that section in its entirety:

The hacking collective DerpTrolling made early 2014 media headlines after claiming a string of DDoS attacks on multiple gaming companies and online gaming servers. The group likely originated out of the Steam gaming community, where some of its suspected members engaged in early DDoS attacks on rival gaming clans and their servers. DerpTrolling’s antics were often childish and had no clear motive other than being “for the lulz” and to boost their own egos. For this reason, they cannot be classified as hacktivists. Despite their immaturity, the collective was able to consistently carry out DDoS attacks on targets of their choosing, and these attacks had a real-world effect on the victims within the gaming community.

The attacks were particularly noteworthy as their DDoS tool, dubbed the Gaben Laser Beam (GLB) after Gabe Newell, the creator of Half-Life and the Steam community, supposedly created an attack that exceeded 400 gbps of network traffic utilizing a NTP reflection attack. This suggested DerpTrolling possessed an above-average knowledge of network protocols. While NTP reflection is commonly known in the security community, most “script kiddies” or “skids” were not aware of some of these more advanced techniques involving amplification, which allows for fewer devices needed to pull off larger DDoS attacks.

DerpTrolling has reportedly had several run-ins with law enforcement, though it is unclear how much of this is verifiable versus a ploy to increase their notoriety. One supposed encounter resulted in the group going silent for several months before returning and carrying out lower-level attacks on the gaming community once again. Given the collective’s poor operational security practices, it is likely that the members are actively being tracked by law enforcement agencies and that they cannot continue to maintain high-profile attacks while evading capture.

Emphasis mine.

Let's consider what that means, from an RPG point of view. The Double Tap book gives the Keeper a list of Cameos, potential NPCs to be used as needed. Each NPC is described in three possible ways: as an Asset, a Clue, and In Play. The Cameo also includes the preferred Interpersonal method to win their cooperation.

Here we have an example of a Cameo that's all but built for gaming. Not only does this hacker have the skills a character might want to draw on, she also has a background that practically invites law enforcement involvement. As has been shown before, law enforcement is adept at turning former hackers against their friends in the collective; what could be easier, for a NBA spook, than to lean on a hacker informant for dirt on the Conspyracy?

With all that in mind:


Conceal 4, Digital Intrusion 7, Infiltration 3, Mechanics 3

Sarah, aka R33pc33p - a reference to her favorite fictional character, Reepicheep - is one of four founding members of the hacker group LOLchat, first created on the message boards for online multiplayer shooter LeftB3hind. The group self-identified as hacktivists, but was really more interested in causing grief in online gaming communities, 'for the lulz.' It specialized in DDoS attacks, carrying out several significant coups, among them taking the PSN offline for four days, in summer 2013. Shortly after that the LOLchat group went dark, and it was believed at the time that poor security practices led to their apprehension by law enforcement. LOLchat has since made a relatively quiet comeback in 2014, engaging in minor harassment. R33pc33p is now the most active member, and seems to have graduated from lulz to more significant criminal enterprises. Several Point of Sale malware kits are thought to have been created, and distributed, by R33pc33p. In person, Sarah is a skinny, pale brunette who likes to wear colorful clothes, particularly game-related merchandise and T-shirts. She rarely comes outside any more, preferring her online identity, though she is known to attend two major game conventions each year. (Intimidation, Cop Talk, Flattery, Data Recovery)

AS ASSET: Can provide custom malware kits; keeps records on every entity she's ever hacked, or done business with, including confidential files ripped from their systems; can help create false online identities.

AS CLUE: Is harassing a Conspyracy asset; is an informant for both the Conspyracy and law enforcement, and is having trouble telling them apart; has collected a ton of evidence and files on the target her handlers wanted her to go after, but is now holding that information to ransom; is participating in the same online competitive multiplayer game as a Conspyracy asset, either in a rival gaming clan, or in the asset's clan.

IN PLAY: Flamboyant, extravagant in action and in deed. Emulates her hero Reepicheep, in that she follows a code of honor. Never pays too close attention to anything, unless it's online competitive multiplayer, or creating malware tools. Get very excited if close to victory!  

No comments:

Post a Comment