This stuff fascinates me. You may have seen the speaker elsewhere, or read his work. He's Jayson E. Street, and he's had articles in Forbes as well as talkathons in Las Vegas. He's an ongoing (if that's the right word) speaker at DEF Con, and there are several videos of his on YouTube. I'm going to quote one sentence from the Forbes article, because it ought to be engraved in words of fire on the beating heart of every IT professional: 'it appears ease of use will once again trump security.'
Now, let's talk about that suit.
"If I am in this suit, I am out to screw you over terribly," says Street. Well, so are your Night's Black Agents. So what is it about the suit?
It does two things.
First, it fits in. Look at that conservative cut. He wouldn't be out of place in any North American business environment, and probably not in most places in Europe. He'd melt here in Bermuda - the waistcoat (vest o'doom) is not your friend in our climate.
Second, it allows him to transport any number of Trojans, horses and otherwise, without suspicion. USB pens, a flashlight that is also a video recorder, you name it. "When I walk into your facility, I am a walking, talking Google street car." Except this street car can leave things behind, like those pens, so he can pick up on your conversation later. Or plug in an external hard drive, if he wants a chunk of data. Bring along a tablet packed with useful apps. Who knows? But it's all hidden there in that vest o'doom, detectable if he goes through some form of X-ray security, or is just plain given a pat-down, but otherwise unseen.
The key to his entire talk, but especially this section, is this: anyone can do what he does. Most of the tools in his vest o'doom are commercially available, particularly in the US. Street bought some of his gear from Think Geek, for crying out loud. I shop at Think Geek (or I used to, anyway). Admittedly I wasn't buying USBs packed with keyloggers, but still ...
So how can we gamify this?
You could treat it as a simple Electronic Surveillance spend, where every 1 point spent buys 2 points Digital Intrusion. That seems a little bland. You could make it a combined spend, by saying that the agent can spend Bureaucracy or Flattery as well as Electronic Surveillance, each point adding to the pool, provided at least 1 point Electronic Surveillance is spent. So 1 point Bureaucracy plus 1 point Electronic Surveillance equals 4 points Digital Intrusion. That's probably enough to crack most OPFOR installations.
As a Cooperative task (p50 main book), assuming the agent with Electronic Surveillance is not at her best dealing with people, it could be: lead character (the one with Flattery/Flirting/Reassurance and Disguise) goes in, and secondary (with Electronic Surveillance) talks the lead through the technical stuff, presumably using an earpiece. So the secondary spends Electronic Surveillance to give the lead a Digital Intrusion pool. Or, using broadly the same trick but with Preparedness, reduce the Difficulty of future Digital Intrusion checks, or reduce the opposition's defensive pools. "Yeah, we thought of that. Which is why I sent Billy in during the day with my special vest o'doom, posing as one of the external audit team. Boy, are they going to be pissed when they find that nasty data stick of mine, plugged into the CFO's desktop!"
Or you could chain it to some Technothriller Monologue, to refresh 4 points Digital Intrusion. This may require some Disguise spends, mind you. "What they don't know will hurt 'em, I think to myself, as I dip into the vest o'doom for another of my specialty pens. This one goes in the CFO's office, this one for the CEO, and, oh, look, is that the exchange server? Let me just pop my tainted data stick in that little beauty."
Or it could be a great way to drop a clue. The agents find a nerdy-looking corpse stuffed behind a dumpster, but whichever goon did the deed didn't search the body thoroughly. Here's this funny vest, and it's stuffed full of data, or maybe it's still receiving output from those special little pens. The agents have to get to the data somehow, but that's their problem.
That's it for now. Enjoy!