Sunday 17 September 2017

Ripped from the Headlines: Fishtanks, Yachts, Bankers and Cuba

Ever wonder what it takes to hack into a casino? Or whether those wealthy tourists disembarking from that yacht are all they seem to be? Wonder no more! Searching for something new for your Night's Black Agents game, or looking for a special new toy for the opposition to play with? Read on!

Recently someone cracked a North American casino - name and location carefully withheld, according to the Washington Post - by way of its fish tank. The tank's systems were connected in order to monitor temperature, food, cleanliness; after all, it had to look its best. Since it was connected, hackers got into the casino's systems and stole 10GB of data, sending it all to a device in Finland, and from there God, and possibly the NSA, alone knows where. Nobody's saying what the data was. Best guess is guest information, credit cards, that sort of thing.

I've discussed this topic before, but it bears repeating. If your players are wondering how best to hack into a facility, the easiest route is via the weak point that is the Internet of Things.


Every single thing in that facility is connected to something. The fish tank needs food. Vending machines need to tell home base when they are empty. Lights and cameras need to sense activity. Projectors connect, as do thermostats, HVAC, plumbing, lavatories. Complex equipment, like tractors, may have multiple processes, some of which may have been modified by the owner, some of which may be set by the manufacturer to only accept its brand of maintenance. Every single thing needs to be managed, and that means it is vulnerable.

The facility owner may not even have full control over its systems. Recently there's been a ton of internet hate directed at the entrepreneurs behind the Bodega vending machine, because apparently they have no idea how marketing works and thought saying they wanted to destroy corner store bodegas would be a good idea. However my first thought wasn't 'oh no, my bodega,' because my nearest bodega is a few thousand miles away and I can't swim that far. No, my first thought was, 'here's a device that's technically managed by an outside agency, but you can bet your sweet bippy it'll be connected to the host's network.' Probably for no good reason either, but that's never stopped anyone in the history of anything. Which means that if the Bodega has a system vulnerability, then its host has a system vulnerability - and the same applies to every single outside agency device you care to name. The device might even have malware built right in.

In fact, there's a genius idea right there. Say your characters notice that the vending machine is supplied and maintained by XYZ Corp. Oh, no, it broke. Darn shame. Oh look, here's a new one - wow, that's fast service. Is anyone going to check and see whether the soda machine delivered actually is from XYZ Corp? Are they hell - so long as it supplies frosty beverages, the host's never going to question it. XYZ Corp will, so you need a workaround there, but apart from that you've an actual Trojan horse wheeled in and installed, dispensing all kinds of goodness, sweetness and light. Plus malware. Yummy. In Night's Black Agents terms, it's a job for the Wire Rat rather than the Hacker - but think of the benefits!

The next one's from this Guardian article about people smuggling. Many hundreds of thousands are fleeing Syria, some with much more money than the rest. For those with the cash, there's a better quality of service. Professionals, entrepreneurs and other wealthy migrants who couldn't get out by other means were paying a Turkish crime syndicate hundreds of thousands at a time to get them and their families out, on cruises best described as luxury desperation.

According to one Italian prosecutor, some smugglers were behaving like travel agencies, offering first, second and third-class accommodation. "It depends how much money you can pay."

We often talk about people smuggling in terms of desperation, hardship, and despair. The route to Italy has been described as the most lethal. Yet at the same time the rich buy their way out of that problem, and make the same crossing in Port Out, Starboard Home style.

As gamification, consider: this is the perfect route for an abandoned Conspiracy asset, Esoterrorist or other well-heeled undesirable to make their way out of a hot zone to somewhere more appealing. Dracula himself once used much the same tactic to get to Whitby, although he definitely travelled closer to third class than first. Finding an abandoned luxury yacht afloat in the Mediterranean is a good hook for a scenario, and this one has an added bonus: the crime syndicate that financed the cruise will be just as interested as the characters in finding out what went wrong, which makes them perfect second-string antagonists for the scenario.

An old one from Monaco: HSBC's banker to the rich and famous was arrested and charged over allegations that he siphoned close to $10 million from his clients' accounts. The banker, Stephen Troth, fought back by claiming his employers were the ones to blame, not him. That didn't work, and he was later arrested again in Monaco for kiting cheques. Before all this happened, Troth worked with Edmond J Safra, a banker who was burnt to death in an arson attack. The fire was set by Safra's bodyguard and nurse Ted Maher, who wanted to impress his boss by rescuing him from a blazing inferno, but only got the inferno bit right. Troth was part of Safra's old banking operation, and when HSBC took that over Troth went to work for HSBC.

Ordinarily I wouldn't delve too deeply in yet another banking scandal, were it not for the fact that it happened in Monaco, the microstate that's home to the rich and eccentric. All sorts of people can claim Monaco as their home, so long as they pay a hefty fee. Moreover, as you can see from the above truth defies fiction; if I'd tried to write that plot I'd be laughed out of every publishers from here to Hong Kong. It's got everything: the rich, lunatics, mysterious arson attacks, a disgraced money man claiming his trial is a cover-up for high level corruption, plus all the lavish trappings of wealth in the ritziest microstate in the world.

I've argued before that when designing supernatural threats the Keeper ought to make liberal use of history and folklore. People have been dreaming this sort of thing up for millennia; it's a cinch there's gold in there for Keepers, if only they sift for it. The case of Stephen Troth goes to show that the same applies to less supernatural plotlines. With just the information above I could come up with two or three Night's Black Agents plots without having to do much work; the same goes for you, Director.

Finally, news from Cuba: Canadian and American diplomats posted to Cuba are falling ill, and report a bewildering variety of symptoms, from speech loss and headaches to balancing problems and nervous system damage. Initial reports suggest some kind of sonic weapon is to blame, but nobody's sure what that weapon is - or even if such a weapon is feasible. Infrasound is supposed to have unusual effect on the human body, causing fatigue, panic attacks and, in extreme cases, hallucination. However an effect at this level is more akin to some kind of mad scientist's death ray than anything known to be in development.

The reports came in before Hurricane Irma, which caused considerable damage to Cuba. It would be interesting to know if the effect continues post-Irma.

Frankly, it's tempting to call this a psychosomatic illness. Even if you assume that such a weapon is possible, it's incredible to think the Cubans developed one - and what would be the purpose? A few diplomats sent home ill? Even if you call it a test run, perhaps conducted by the Russians rather than Cuba, there's less high-profile targets you could be testing it on. Nobody would give a damn if this was happening, say, in the Ukraine, except the Ukrainians, and frankly if the West isn't going to pay attention to actual missiles then it wouldn't blink at whatever this sound gun is - assuming it exists at all.

Israel's supposed to have something called The Scream and there have been attempts to make less-than-lethal sonic devices, but the known examples of those toys are very, very obvious when they go off. It wouldn't just be a few diplomats complaining of headaches; half Havana would hear it. Or, as with the Active Denial System, a device that acts on nerve receptors, it's large enough to be seen by pretty much anyone. However this whatever-it-may-be is portable and small enough to avoid immediate detection.

Psychosomatic effects can spread. Sick building syndrome is a bane of facility maintenance people and building surveyors alike as there's no agreed cause, yet, when it starts, an entire building's population may be affected - or at least say they are. Often there is no real cause, no mold or HVAC malfunction you can point to. People just get ill, and as soon as one person says they're suffering it's a sure bet half a dozen others will too - whether they actually are, or not. SBS can be caused by poor work/life balance and stress, factors that don't involve the building in any way, but once people get it into their heads that the building's at fault, nothing will persuade them otherwise. In many ways it's similar to hauntings; all it takes is one or two people spreading the tale, and before you know it everyone's chattering about cold spots and poltergeists.

Edit 12 October: I see I'm not the only one who thinks the whole thing might be psychosomatic.

That's it for this week. Enjoy!

No comments:

Post a Comment