Derniers sujets
» ma liste de minis
par qc mech Sam 04 Juin 2016, 10:30 pm

» Job 1: The Milk Run (honest!)
par Noirfatale Lun 25 Avr 2016, 12:02 am

» Ninja All-Stars
par Rathy Jeu 10 Mar 2016, 5:54 am

» Torin "McTwist" O'Neil
par Rathy Jeu 31 Déc 2015, 11:22 pm

» Joyeux Noël
par Noirfatale Dim 27 Déc 2015, 1:54 am

» what if lord Vador was Donald Trump
par Metalmek Ven 11 Déc 2015, 9:45 pm

» Battlebabes!
par Rathy Dim 06 Déc 2015, 5:15 pm

» "It's Shai Hullicious!", Pain en forme de ver de "Dune"
par Metalmek Dim 06 Déc 2015, 5:30 am

» Un rêve de gamer...
par qc mech Ven 30 Oct 2015, 11:11 pm

» Lazy compagny
par qc mech Ven 30 Oct 2015, 12:58 pm

Juin 2018

Calendrier Calendrier

1 - comment hacker de maniere realiste

Aller en bas

1 - comment hacker de maniere realiste

Message  Noirfatale le Ven 18 Juil 2008, 4:20 pm

I've been a fan of science fiction and modern day role playing settings almost since I started role playing. Computers are always an element in these settings, often a very important one. Usually the entire experience of interaction with a computer is summed up with a single computer use roll. When you've gone to the trouble to make a character who is a computational ninja, it's kind of anti-climactic to have your entire challenge be reduced to a single roll. My hope with this column is to change the role of that character, to help game masters give that character dramatic conflicts just as involved as those given to the muscle-bound ex-marine.

The first step is to make hacking look more realistic. Hacking shouldn't be as simple as issuing a few commands at a keyboard. There are wanna-be hackers who use this approach, running a program or set of programs they downloaded in hopes that it will take advantage of known weaknesses in poorly maintained computer networks. In current parlance these are known as "script kiddies" and they are given all the respect that term implies. Hacking is involved work that requires a lot of interaction with the target. A simplistic comparison can be given by looking at two movies.

The first movie is Swordfish, starring John Travolta and Halle Berry. It starts with our intrepid hacker breaking into a system using what is known as a brute-force attack, while John Travolta holds a gun to his head and a busty blonde fellates him by way of distraction. First, as somebody who has hacked systems for paying clients, busty blondes have never been part of the compensation package. Second, brute force attacks take time.

The second movie is Sneakers, starring Robert Redford and Sidney Poitier. Attacks in this movie are carefully planned. When they test the security of a bank, it isn't some wiz kid at a console guessing the magic password, but careful planning by a team of people, each with varying skills. When they actually compromise the bank, they don't settle for a simple "I got through the password screen and into the funds transfer app" but a true full compromise, with the team taking control of the central office. Although still entirely a product of Hollywood, this is a lot closer to the reality that I've experienced when hacking a system or dealing with a breach.

Making It Look Real

In the real world, the human factor plays a very important part in the security of a computer network. It is simultaneously the strongest part and the weakest part of a system. When you are putting a computer attack in your game, you should play on this fact to add dramatic conflict.

The first wave of a technological attack involves network mapping. There are automatic tools that can be set to the task of probing a range of addresses, looking for which network services are offered. In a network with good security, a person will notice that you are doing this unless you take great caution. Furthermore they will make an attempt to track it back to you. The very first thing that they do is tap their own social network. Network administrators are a social bunch in their own way, and no network administrator likes to see another network compromised. So if they contact the administrator of the network that launched a probe, that administrator will likely give up the offender, or look into tracking that offender back it the source themselves. If they can find evidence of a compromise they may even contact law enforcement agencies. When I've been hacked in the past, I haven't been shy about calling the FBI and providing full information.

That brings about an important point. Just because you have successfully compromised a system does not mean that your attack has gone unnoticed. The second task is significantly harder than the first task. There are automated systems to detect a compromise, and they are certainly something to contend with. The more serious threat though is the vigilant system administrator. A good system administrator sees a problem with her system and investigates the reason. Attacking a network with this kind of administrator is a risky proposition. The kind you want to target has a system administrator who sees that his machines are having trouble and solves it by rebooting.

What does this mean in-game? Most game systems allow for an opposed roll system when you are directly confronting resistance. So the computer roll shouldn't be a simple skill check, but a contested roll against the computer skill of the network administrator. A second roll should be made to see if the attack was detected. The game master may choose to keep this roll private from the players, since a wiley system administrator will often allow an attack to proceed while they track it back to it's source, especially if no assets are immediately threatened.

Once the network is mapped, there are a couple of approaches to an attack. Both have worked well for me, and they should work well in game. Technological attacks look for places where a programmer has been lazy and let mistakes slip through. These can be gaping at times. Social attacks take advantage of human nature to gain the trust of somebody and get them to compromise the system for you.

Over The Top!

In a technological attack, the attacker examines the public interface to the system and looks for opportunities for a programmer to get lazy. On any computer but the most simplistic embedded machine like you might find powering a microwave or an older car, multiple programs interact via various predefined protocols or languages. When you are reading this column, for instance, you are reading it through a web browser that accepts two or three different languages for controlling it. The browser itself speaks another language to a web server to request this web page. Behind the scenes the web server speaks another language to a program on the server that generates this page. That program speaks yet another language to a database which retrieves the contents of this column and probably records information about your request for the article.

An attacker looks for opportunities to become part of that conversation. Any place where the system accepts input is an opportunity to join the conversation. An alert programmer will have taken steps to isolate the user's portion of the conversation, so that it can't be confused with the conversation that controls the interaction. Programmers are human though, and they get lazy, or maybe they simply lack the sophistication to isolate the user's input properly. In game terms you would handle this by forcing the attacker to make an opposed roll against the programmer's skill. As a side bonus, there's a really good chance that the programmer is actively monitoring the health of their software, so that an attack might succeed but still be noticed, with consequences to follow.

It's worth noting at this point, by the way, that programmers and system administrators are also frequently martial arts practitioners or gun enthusiasts. At least one contemporary computer conference includes an event called "Geeks with Guns" that involves live fire at a shooting range. It is a well-attended event.

Becoming Part of the Actual Conversation

A social attacks offer a lot more chance for role-play. For me they're also a lot more fun to use. In a social attack the attacker first finds a likely target. This is somebody with access to the resource they wish to compromise. Depending on the nature of the attack it might be somebody who controls access to the resource, or it could be somebody who has access themselves. In this case computer skills are irrelevant, and the ability to spin a good yarn, or as the Irish refer to it, bullshit, is paramount. If your game offers a system for these kinds of social interactions this is where they come into play. Otherwise, it's fun to sweat your players and see if they can pull it off in role play. Not nice, but fun.

In general the social attack requires a little ground work. You need to know some names, possibly some faces. This can be as easy as looking at the names of department heads on signboards in the building, or it could be a sophisticated seduction of a key employee at a local watering hole. Of the two, I like the romance of the second one better, but my limited social manipulation skills mean that the first method has netted me the most results.

How well has this worked, you ask? Just by dropping the name of a department head I was able to enter the secure server room which controlled the Internet communication for a significant portion of my home state, including at least one machine used for Department of Defense research. I used that method of access for six months before somebody caught on. I've seen the seduction method used to gain physical access to the server room which contains all of the important communications for a state government, including the printer that issued checks to state contractors and the network router that controlled all of the communication for the National Guard.

With an email purporting to contain wedding photos for a former employee, I managed to install my own executable software on several hard drives at a major data center which controlled the flow of parts to the Big Three auto makers and at least one defense contractor (and no, this is not responsible for their current market problems, the executable itself was relatively benign). In that case I attribute at least part of the success to the fact that I delivered on the promise, including wedding photos featuring a tall busty Asian woman. Seeing that the package contains what it actually purported to contain, nobody thought to question what else the package might contain. My program was installed on roughly half of the workstations within the company, including that of the most senior developer in the company. This does not mean, by the way, that I found a company of fools to practice upon. I've known that senior developer for a long time, and I'm quite certain that he's a better programmer than I am. He's human though, and fell prey to normal human curiosity.

Putting It Into Play

I've offered a few examples of attacks that have worked that can inspire your game. With these ideas you and your players can come up with your own ideas that are a lot more creative than what I have used. The key points to remember:

* Attacks take time and planning. If somebody is going to blow your head off if you don't crack the system in the next minute, it would be a good idea to make your peace with your maker.

* Systems don't exist in isolation. Get caught attacking one system and a global network of people will be tracking you down.

* Any system worth compromising will take a lot of work.

* It's never a simple blind test of your skill. You are always pitting yourself against the skill of the people who created and maintain the system you are compromising.

Until next time, happy hacking.
El Dictator

Messages : 1781
Date d'inscription : 15/04/2008
Age : 43

Voir le profil de l'utilisateur

Revenir en haut Aller en bas

Revenir en haut

- Sujets similaires

Permission de ce forum:
Vous ne pouvez pas répondre aux sujets dans ce forum