In The Zalozhniy Quartet, there’s a scene (not really a spoiler) where the PCs are outmatched and are ‘supposed’ to flee, leading into a tense chase. Expecting player characters to take a particular action is always hazardous design – you can set up a situation where there’s only one valid route for the PCs to follow, and they’ll still stall and try a hundred alternate approaches before doing the obvious. In this case, waiting for the players to decide the situation was untenable and choose to retreat wasn’t an option – the scene involves a direct confrontation with… things they’re not equipped to deal with.
In my initial draft, I suggested a bunch of ways for the Director to make it clear to the PCs that running away was their best – indeed, only – option. Sense Trouble rolls. Having the bad guys beat up the PCs with ease. Having the NPCs soldiers accompanying the mission heroically sacrifice themselves, giving the PCs a chance to escape.
The solution, as pointed out by Robin, was to make the overwhelming odds a Core Clue, obtained with Military Science. The player character – a veteran of a hundred black operations and brush wars – instantly sizes up the situation, and realizes that hanging around is suicide. They’ve got to run. Making it a core clue changes the dynamic from “the GM forces the PCs to act” to “the PCs, by dint of their superior skills and experience, fight their way out of a lethal ambush and escape to safety”.
What makes this especially interesting, from a scenario design point of view, is that Military Science isn’t often used passively. It’s the sort of skill that a player brings up when they’re spying on a furtive meeting between two mercenaries, or when they’re trying to bluff their way onto a military base. Writing a scene that takes a skill normally used as an active, ‘I ferret out the clues thusly’ and just handing a clue to the players can produce interesting results.
Esoterrorists – Document Analysis: While paying for take-out at a nearby diner, you spot a cheque in the drawer of the cash register. The handwriting on the check matches that of the author of the Esoterror manifesto you’re in town to find. The check was right on top of the drawer – the target might still be right here in the restaurant.
Recalled Information & Flashbacks
Revealing facts to players as Core Clues (or as a benefit for spending points) is the core of GUMSHOE. A Mutant City Blues player uses Ballistics, and you describe how they work out that the killer must have been standing on the third floor balcony of the building across the street. Searching CCTV camera footage with Data Retrieval gets them a photo of the gunman, and running that through a police database with Research gets them a name.
Or, in Trail of Cthulhu, they use Occult, and learn that the owl sigil they found is associated with the Minervan League, and then use Credit Rating to get an invitation to a League-sponsored lecture.
You can go further than that. A Ballistics clue could equally point the characters towards a roleplaying scene.
“At that range, with the weather that night, it would have been a hell of a shot. You know one guy who could have pulled it off – an old army buddy of yours, an ex-sniper who’s now a shooting instructor. He probably knows all the good marksmen in this region. Maybe he knows the shooter; it’s definitely worth talking to him”
“You’ve seen this symbol before. You remember reading a book in the restricted stacks of the Orne Library, back at good old Miskatonic. The owl sigil is used by a sect called the Minervan league. In fact, you recall that that particular book was donated to the library collection after the death of its previous owner. Thinking about it, he lived near here. Maybe his family know more.”
More ambitiously, you can embed scenes inside other scenes, by means of a flashback. Keep flashbacks short, and be prepared to improvise in response to player actions in the ‘past’.
Occult: “You recognise that symbol – it’s the sign of the Minervan League. You know that because in your youth, you were acquainted with a member of the league. You even applied for membership, but weren’t accepted – did an existing member blackball you, or did you back out at the last minute?
Anyway, you remember your friend hinting about the league’s secret purpose. He started to say something about a Great Work… then he fell silent, as if suddenly frightened. What did you do?”
NPCs as Clues
A clue – especially an Interpersonal one – can be incarnated in the form of an NPC from the PCs’ past. Instead of, say, getting information from the waitress at the bar through Flirting, maybe the waitress is an ex-girlfriend of the Flirting player character. She’ll tell you what she overheard – but only if you apologise for what happened the last time she saw you.
If a PC has a high Intimidate, then presumably they’ve intimidated people in the past. So, when the PCs are combing the dark streets of the city, ask who’s got the highest Intimidate – the PC with the second highest rating is the one who gets jumped by the vengeful goons. (Of course they don’t go after the highest rating – that guy’s scary). Beating up the goons yields the next Core Clue.
A Core Clue points the way to another scene. It doesn’t have to be evidence interpreted by the PCs. Anything that opens up a new avenue of investigation works. Mix up the way you present core clues whenever you feel your game is getting repetitive!
GUMSHOE is a game system that privileges bite-size morsels of neat-sounding knowledge. Ideally creepy neat-sounding knowledge, handed out in such a way as to imply a whole universe of such things just beyond the players’ horizon. It’s as though Robin invented it thinking solely of me. Even before Trail of Cthulhu, I liked to make a habit of flavoring my game books with morsels of neat-sounding knowledge, laid out in such a way as to imply … that I knew all there was to know about architecture, or Gnosticism, or astrological decans, or aviation history, and had just picked one or two morsels for the delectation of the reader. Friends, I am here to tell you that is an illusion. I am frighteningly widely (that is, mostly uselessly) read and at have been trying with some success to drown a trick memory under waves of vodka, but I do not know all there is to know about any of those things (except possibly astrological decans, because there isn’t much to know about those in the first place).
With that confession off our chest, let me proceed to show you that such knowledge is an illusion. Better still, it is an illusion YOU can cultivate in the service of being a GUMSHOE adventure writer, whether pro or am. Any GUMSHOE GM can use this foolproof method on pretty much anything. You just need about an hour and a search engine.
In the fourth week of January of this year, my Twitter, Facebook, and email feeds all blew up with the news that there was a Cannibal-Rat Ghost Ship approaching England. A decommissioned 300-foot Russian cruise ship, the MV Lyubov Orlova, broke its chain off Newfoundland on January 23, 2013 while being towed to the Dominican Republic to be scrapped. Its emergency beacons transmitted in the mid-Atlantic, then went silent. About a year later, a Belgian “marine missions specialist” (read: excitable goof) speculated in the press (well, in the Sun) that the ship’s rats had devolved into cannibalism. Hey presto, Cannibal-Rat Ghost Ship. I should not have to explain, at this late date, why or even how this is essentially a perfect Night’s Black Agents story hook.
As with so many perfect game hooks, various killjoys set about pouring cold water (the icy waters of the North Atlantic!) on the story. (I don’t really want to get political about this, but I just love that the Guardian went the extra mile and found someone to assure their readership that the rats would instead set up a socialist utopia.) As with so many debunkers, they let their skepticism out-race the facts on the ground. Er, water. Or, as the Robert Benchley of the 21st century, Mallory Ortberg, put it on Twitter:
“the ocean is a PRETTY big place, I don’t think you can definitively say there are NO rat-ghost ships on their way to England right now”
But the skeptics did one great favor for Night’s Black Agents Directors; the Smithsonian piece provided a link to the MV Lyubov Orlova search blog, “Where Is Orlova?” Which, unlike the slackers in the British media, has apparently been quietly looking for the Cannibal-Rat Ghost Ship since it vanished.
See what you have already? You have a hook. You have the best (i.e., most sensationalistic) version of the story. You have a debunking for the NPC coverup to parrot. And you have a blogful of huge amounts of data and parallel info thanks to the kind of quiet obsessive who makes the Web so Wonderful. Combine that with the Wikipedia article and you have more than enough material for your Cannibal-Rat Ghost Ship adventure, whether the ship heaves up in Norway, or the PCs rappel down onto it from a borrowed Sikorsky, or the Director decides to put the Orlova in her pocket as the floating HQ of a dissident Nosferaterrorist and sprinkle clues (and cannibal rats) over the next six adventures.
It took me about half an hour to become as much of an expert on the Cannibal-Rat Ghost Ship as anyone except perhaps the rats themselves. Go thou and do likewise.
See P. XX
A column on roleplaying
by Robin D. Laws
With Kevin Kulp’s TimeWatch RPG blasting through Kickstarter as only a chronoton can, you may be asking yourself if you can put time travel in other GUMSHOE games. We at Pelgrane are not in the business of telling you not what not to do with GUMSHOE. (Unless you want to use it to light your Hibachi indoors. In which case, don’t do that.)
That caveated, here’s how you might do it in the various existing GUMSHOE settings.
The Esoterrorists/Fear Itself/Trail of Cthulhu
One of my favorite treatments of time travel comes, of all places, from an old Batman comic. And not during a cool Batman phase, but from the kooky silver age. In that story, the details of which my memory is doubtless mangling, Batman and Robin go back in time hypnotically. (In fact, now Googling “Batman time travel”, I find that I like this idea because I’m remembering it wrong.) In my memory’s mistaken version of how this works, they possess the bodies of their ancestors, who happen to be conveniently located and remarkably similar in appearance in ancient Rome, the old west, the Viking era and so on.
Lovecraft likewise treats time travel as a mental journey, making it the specialty of the Great Race of Yith. In a Trail game you need go no further than to have a series of weird murders committed by a victim of Yithian possession. When the investigators capture the first suspect, the Yithian simply jumps to someone else—perhaps a PC whose player is absent that session—and forges ahead with the mayhem. To really shut down the Yithian menace, the group must figure out what the entity is trying to accomplish, and then take action to ensure that it is no longer possible. Otherwise the body-hopping from the ancient past continues.
Scrubbing the Mythos detail from this idea for The Esoterrorists or Fear Itself allows you to reverse the direction of travel. Outer Dark Entities come from the future, when they have already breached the membrane, to create the conditions that will later allow them to breach the membrane. They can’t travel directly into this time, but possess those emotionally destabilized by Esoterror provocations. Again the problem is that stopping one meat-form merely slows them down, requiring them to find a suitably vulnerable replacement. The definitive solution depends on rendering what changes they’re trying to wreak in the timestream impossible. After the Veil-Out, the Ordo Veritatis might take temporary relief in the thought that they’ve prevented a future in which their demonic foes win. But plenty of additional ways for them to do it remain, as a fresh manifestation quickly demonstrates.
Mutant City Blues
The conceit in this mutant-powered police procedural is that all weird abilities are already well explicated by science. If you do want to invent a mutant time travel ability you have to find a spot for on the Quade Diagram. Somewhere out near sector F00, where the weirdo dream manipulation appears, might fit the bill. You also want to establish the effects of time manipulation as already measurable, if not fully understood. So perhaps a time distortion field might emit some sort of radiation that enters the bloodstream, or induce over-production of a particular preexisting hormone. As members of the Heightened Crimes Investigation Unit you can perform tests on tissue samples to determine whether victims, alive or on a morgue examination table, were exposed to time altering energies. Finding out who committed the time crime would then be a matter of finding out which local mutant miscreant has the mutation in question. That said, given the down-and-gritty reality level of Mutant City Blues superheroics I would be inclined to make time travel something that tantalizingly almost seems to exist, until the detectives get to the real truth of the matter. Perhaps false rumors of time travel could be connected to the alien beings some people in the world credit with the Sudden Mutant Event that created all weird powers.
The space opera setting of Ashen Stars seems tailor-made for timey-wimey activities. Like several sources of its inspiration, it includes godlike aliens. Or at least there used to be godlike aliens, the Vas Kra, who have devolved into the all-too-moral vas mal. And with those in the mix, even if only in the setting’s past, anything can happen. That allows you to nod to this key genre element without introducing brain-cracking paradoxes that rightly belong in TimeWatch territory. Needless to say the shift from universe with time travel to universe without would be an outcome of the Mohilar War. We might take a cue here from the current, degraded morphologies of the Vas Mal, the former godlike aliens. Now they look like classic UFO grays, which hook up to the motif of missing time. Perhaps in the Ashen Stars universe, missing time derives not from hypnosis or erased memories but from proximity to time travel and its contradictions in minds not capable of handling it. Back in the 20th century, when the Vas Kra came to earth to meddle with the human mind, those taken up into their vessels suffered gaps in understanding because they brushed too close with their transtemporal natures. This leads to the theory, oft-mooted by residents of the Bleed, that the Vas Kra ended the Mohilar War by interfering massively in the past of those forgotten beings. It explains how the war ended, how the Vas Kra lost so much energy that they had to devolve, and why no one remembers that this happened. The fear that this is so leads at least one powerful movement to oppose all efforts by the vas mal to reconstitute themselves, lest time travel come back, unleashing chaos throughout the cosmos—maybe bringing back the Mohilar, too.
Night’s Black Agents
What if the vampires are time travelers? They’re humans who, sometime in the future, discovered how to move through time. Problem: doing so warped their bodies. They became vulnerable to sunlight and had to drink the blood of humans uncontaminated by chrono-energy to survive. Their added strength and resistance to damage (except to the brain or heart) hardly counts as a fair trade. So they send agents back to the past, to prevent the chain of events that leads to their own development of time technology. Stopping those events requires a grand upsetting of the geopolitical power structure. To achieve this they must penetrate and destroy the world’s intelligence agencies. The PCs know too much about this, even if they don’t believe the truth, and hence find themselves on the run from somewhat sympathetic vampires from the future. Who still want to pulp them and take nourishment from their juices.
With the dying of the year, it’s time to read “The Festival” and to think of 2014. In this space, specifically, about the next year’s Ken Writes About Stuff installments. To get the good, or rather the known, stuff out of the way:
- January 2014: GUMSHOE Zoom: Mind Control. This is the kindest, bravest, warmest, most wonderful GUMSHOE Zoom I’ve ever known in my life. Presenting detailed rules for brainwashing, memetics, telecontrol, and brain hacking, and for gear from the Microwave Auditory Effect gun to subliminal flashers to tinfoil hats, it brings the fight inside your head.
- February 2014: Hideous Creatures: Star Vampires. “The human blood on which it had fed revealed the hitherto invisible outlines of the feaster.” Invisible outlines that shall be expanded upon, extended even, into all sorts of dimensions. Are they summoned demons or feral predators? Are they kindred or competitors to Colin Wilson’s Space Vampires? Herein we trace the Shambler From the Stars, with bonus Night’s Black Agents statistics and a scenario seed.
- March 2014: Lilith. “Satan here held his Babylonish court, and in the blood of stainless childhood the leprous limbs of phosphorescent Lilith were laved.” Lilith as Queen of the Vampires, Lady of the Night — or as First Rebel and First Heroine? We look at the many faces of Lilith, as a Trail of Cthulhu titan (Elder Goddess or Great Old One), Night’s Black Agents vampire queen, Mutant City Blues super-Typhoid Mary, and at her role in the center of the First Esoterror Operation.
- April 2014: Hideous Creatures: Dark Young of Shub-Niggurath. “Worlds of sardonic actuality impinging on vortices of febrile dream – Iä! Shub-Niggurath! The Goat with a Thousand Young!” Are they nameless horrors or numbered servitors, Druidic nightmares or ab-natural abominations? Where do they grow, and on what loathsome food do they thrive? Follow them to Hell and Hydra, or to Mormo and Monsanto.
- Bonus Stuff: Hideous Creatures: The Un-Numbered Ones. For subscribers only, this free issue of Ken Writes About Stuff opens the books on Lovecraftian monsters that have never taken stat-block form before in any game!
For any Ken Writes About Stuff installments you may have missed, go back to the main KWAS page.
You may note that the last two regular Hideous Creatures — and indeed the whole series — followed the results of our Esteemed Reader Poll on the topic fairly closely. The monsters in the Bonus Stuff will likewise track our Esteemed Reader Poll on that subject. (Although rather than do a whole HC workup on one of these essentially unattested monsters, I’m more likely to include a few creatures in more like normal Trail of Cthulhu creature writeup style.) It’s as though we care about what you want!
And so we do! Should the Gods of the Copybook Headings smile upon us and KWAS return for another year, what would you like to see us cover? By now, I think I’ve mapped out most of the possible things I can do in the format, although I’m always open to new suggestions.
Hideous Creatures: This category will definitely continue, as I’m hardly out of the Lovecraftian woods yet. Headliner monsters left to do include the Colour Out of Space, the Great Race of Yith, the Hunting Horror, and the Serpent Folk — but I could easily be persuaded to change things up with a few flavorful B-listers like the Dimensional Shambler, the Lloigor, the Rat-Thing, and the good old bad old Tcho-Tcho. Or maybe you have some favorite I haven’t mentioned here. We’ve already got a request in for the Elder Things, for example, to accompany the shoggoths.
GUMSHOE Zoom: Are there specific rules thickets you’d like to see me dive into? With physical and mental combat out of the way, what strikes you as rich in story possibility, and thus worth zooming in on? I promise, no vehicle building systems.
Campaign Frames: I’m still possibly happiest (or perhaps slap-happiest) with Moon Dust Men of all the issues of KWAS so far, so I’d love to do another campaign frame. I’m still trying to crack the “sitting” mechanism for a Carnacki campaign frame, so we’ll probably get that in 2014/15. I’ve also had a couple of requests for an Elizabethan setting, which might just be adapting Night’s Black Agents to the age of Walsingham and Marlowe, or it might be a full-on “School of Night” occult adventure frame. But what else cries out for GUMSHOE besides wide-lapel UFOs and steampunk ghost-breaking?
Looking Glass: Our city-in-a-PDF framework format got off to a rousing start with Mumbai, don’t you think? In the next year, I’m most likely to try and tackle a 1930s city to show how it can be done, but I’m happy to change planes on your whim.
Nighted Tomes: With monsters under the microscope, how logical is an “expanded look” at one of the major Mythos tomes? Expect to see a Necronomicon piece next year — but should it replace a Hideous Creatures entry or not? How much Cthulhu is too much Cthulhu? Shriek your answer to the stars, below.
Special Subjects: This is the “everything else” sort of category, but it boils down to one subject, so far mythical or folkloric or eliptonic, that can be spun for multiple GUMSHOE games. Lilith will go here, as does Die Glocke — what other mysteries should we plumb with our Investigative pools a-quiver? We already have one request for the Axe Man of New Orleans, so famous crimes might make another topic to plunder.
In short, fill up the comments below with what Stuff you’d like to see Ken Write About. And then I shall fill up your in-boxes with that very Stuff, or Stuff very much like it.
by Andrew Brehaut
Modern technologies, such as cellphones and the internet, are often a thorn in the side of the horror or thriller GM. Typical responses involve negating the use of this technology, be it through remote locations (no signal), dead batteries, villainous forethought (the cell towers have been damaged), the people contacted simply not believing the PCs’ story, or simply setting the game prior to the existence of such technology.
An alternative to outright negation is to look for ways that the technology may work only partially: the web of trust breaks and confidential information gets into the wrong hands, or information is corrupted or misunderstood. This is particularly suited to thriller games with espionage elements. Games with active magical forces can obviously go above and beyond the suggestions presented here.
These suggests are not intended to be used to hose the players; instead, when they use modern technology, they open themselves up to new problems. Consider these suggests to be “Yes, and” twists.
In keeping with the spirit of GUMSHOE, try to choose twists that not only cause trouble for the players, but introduce new information. The type of attack reveals something about the enemy. If the attackers reach through corrupt authorities to track your cell, that says something different to a black-bag job on an assets computer.
The following suggestions are based on generalities about cryptography and encryption. As I am not a cryptographer I am certain to have misconstrued some some of the fine points.
Characters in Fear Itself are typically less competent at the technical necessities required to keep communications private and concealed than the agents in a Night’s Black Agents game. As a result, you have more latitude for Fear Itself characters to be the instigators of their own failures than you do in Night’s Black Agents.
A simple guideline to consider is that if the character should be competent, then the failure should only come from depending on a (compromised or lazy) asset or NPC, or when a failed die roll presents an opportunity.
An example of this might be that the player blows a preparedness test for a cellphone in a tight spot. Instead of failing and not getting the phone, the GM might rule that they have a phone, but it has been compromised.
In Nights Black Agents, any network contacts whose pool has dropped to zero – or in a Mirror mode game, any flipped contacts (NBA pg 32) – are perfectly placed to be the weak link in the security chain. They may reveal cellphone numbers, secure keys, passwords, or any other secret information the character uses.
Less competent characters are unlikely to use secure methods at all. The GM has more latitude to hand-wave the details in this context.
Trust and Authenticity
The backbone of digital secret sharing is authenticity; sophisticated mathematical tools provide ways of ensuring that a communication is from who you think it is from, and that only the intended recipient can access it. Authenticity allows an increase in trust in the communications. Typically these schemes require a non-secret ‘key’ (part of a key pair, with one key secret, and the other non-secret) to be shared between the appropriate parties. Given an opportunity to trade encryption keys, and sufficient bits in those keys, this encryption is sufficiently secure that it will not be feasible to break using brute force in a reasonable amount of time. Not to mention, brute force cracking is lazy story telling, especially in a spy game1.
The math involved is the strongest part of any cryptographic system. Instead, the system is more easily broken by attacking the humans involved, or any secondary mechanisms used. While the math is typically tough, it requires that its process is followed strictly; deviation may introduce subtle weaknesses. Not only does the human angle make for a more believable story, it makes for a more interesting one.
A good guideline here is that the human link that breaks should never be the player characters. If they are competent enough to be using secure methods to begin with, it undermines the characters to suddenly cause them to make a mistake. Only in a crunch (e.g. if preparedness is involved) might they not use a secure channel, and in that instance they clearly know. This also means that PC to PC communication is guaranteed to be secure, which avoids an always check for hidden doors situation where the players waste time worrying about their intra-party communications.
The takeaway here is that you need to trust every link in the chain that has access to the secret keys. If the chain is secure, then any secret communicated with those keys is secure. Adding links to the chain increases the chances that the chain is compromised. As mentioned above, these mistakes and unnecessary links should occur at the NPC end.
When unsecured communications are being used, especially textual, there is little guarantee that whoever is at the other end of the system is who they claim to be. Snooping and supplying misinformation are trivial.
Secure communication relies on the sender having the recipient’s public key, and the recipient being able to get the sender’s in a trusted way. Without this, unsecured methods have to be used. The implication here is that communicating with people outside the existing circle of trust leaves you wide open: the police can’t be called without eavesdroppers having an opportunity to listen in.
One final point: Cryptography is extraordinarily hard. Cryptographers typically cannot see the flaws in a system of their own devising. Competent characters should know that they cannot invent their own cryptography safely, but if players push for it, then they are wide open and asking for trouble.
Aliens and Brute Force
Aliens present a reasonable excuse for brute force encryption breaking. Presumably their computational war chest vastly outstrips our own, so they would be able to brute force nearly all encryption with relative ease. The exception here is one-time pads which are still likely to be secure assuming aliens obey our same mathematical laws.
With people as the weak link in a cryptographic system, it helps to know some potential attacks that may be deployed against them:
- Probably the most common method for acquiring secrets is via social engineering. This is basically a confidence game. Email phishing is a blunt form of this. When the target works out of a large organisation, posing as a network administrator will often get easy physical access to a machine, and the willing cooperation of the target.
- Extortion, threats or torture that leverage vices, family, friends or debts is a very direct method for extracting secrets, but effective.
- Another direct method is the black bag job. Simply break in to the physical location containing a computer or device and either copying data or just stealing it.
Sometimes communications must travel through an insecure network. In this case, even when a message is communicated securely, an observer may still be able to gain information. Examples of an insecure network include wireless networks, cell networks, the wider internet, and local wired networks controlled by a third party.
Establishing a secure network on top of an insecure network (a tunnel, or a virtual private network) is possible, but is subject to the same secret sharing challenges sending the message in the first place. One development here is anonymizing networks such as Tor; with Tor, an observer could see you connect to Tor, but have no idea where the information goes2.
Transmitting secrets over an insecure network allows an observer to collect “meta” details about the communication. Things like: when the message was sent, the duration of connection and/or size of the message, where the message was sent from, and possibly where it was sent to. Proxy networks and other tools may be used to obscure the specific details, but with less latitude than true security.
In more complex systems (such as server software like websites or email systems), information inadvertently disclosed by the system may allow an attacker to find weak points or, in a particularly egregious situation, piece together information from the revealed pieces. This is especially dangerous when the information can be correlated with other sources.
Cellphones, especially smartphones, provide many options for problematic twists.
SMS messages and phone calls are not encrypted end to end, and can be accessed relatively easily via the network. Users of iPhones have access to Apple’s iMessage network which sends arbitrarily large messages and images with end to end encryption. However, if an iPhone cannot access the iMessage server for any reason, it falls back to unencrypted SMS by default. Harried characters may forget to check this, or assets may be lax at checking the setting. One other potential weak point of iMessage is that multiple devices can be configured to receive messages at a given address; someone may snoop on encrypted conversations without you realising. You can safely assume similar foibles of any consumer messaging service.
Competent agents can be assumed to have installed apps on smart phones they control to let them securely communicate and that avoid the risks of using consumer messaging. However, the phone itself is still vulnerable to attack at levels lower than the messaging application.
Smartphones such as Android phones, and jail-broken iPhones, allow for arbitrary software to be installed, and in doing so can replace or augment the operating system’s core software. A simple example of an attack at this layer is a key logger: by planting listening code into the software keyboard, the phone can record every piece of text entered system-wide, and secretly broadcast it, thus circumventing any encryption used. A compromised device may also use the device’s cameras, microphone and GPS to capture a broad range of additional ‘passive’ data.
Jailbreaking a phone is done by taking advantage of security vulnerabilities in the phone’s operating system. While typical jailbreaking does require some user intervention (partly as it is intended to be an intentional attack), there have been jailbreaks that only required visiting a website. If a smartphone that is considered secure has been used to access untrusted websites (and any website that is not delivered securely with known-good certificates can be considered untrusted) then it could possibly have been compromised by a malicious site. In the real world the chances of such an attack vector being viable are extremely narrow, but in the fictional world of a spy thriller where agents may not have opportunities to keep their devices up-to-date and are frequently accessing servers in the seedy underside of the internet, the risks rise. A competent agent with time and access is going to use a disposable or public computer to access these sites, but under pressure there may be no choice.
Obviously, if a smartphone with secret keys on it is stolen or lost, it is a serious risk until it can be remotely deactivated. Lock screens are a weak defence against an attacker; iOS and Android have both suffered multiple security holes allowing lock screens to be bypassed.
Light, Sound and other Emissions
Modern mobile devices have more direct ways of creating trouble too. To function they must emit radio waves on various frequency bands, as well as light and/or sound to be functional.
With phones from sloppy assets, or that have been appropriated, there is also a risk of alarms and other sounds occurring. The iPhone, for example, has a switch that disables the ringer but does not disable all sound system wide. The system’s policy allows some sounds, such as alarms, to occur even when the ringer is disabled. This is a particularly appropriate “gotcha” for normal people thrust into dire situations without warning, such as in Fear Itself.
Another class of potential attack in the modern world (and form of information leakage) is that devices such as cellphones that connect to wireless and cell systems broadcast unique device IDs to those networks. In both cases the attacker could compromise the network itself, but because these devices must broadcast their communication, it is often easier to use malicious base stations and traffic snoopers. For wifi this can easily be achieved with cheap plug computers. In both cases basic identifying information can be harvested without the target being aware.
This is possible because the devices need to maintain a low level of background traffic to maintain a presence on a given network (e.g. so that calls or data can be routed to the device). This information can then be pooled over time. For instance if the same IDs appear in networks of two or three geographically separate locations, a conspirator could reasonably assume that it is not a coincidence.
Particularly with wifi, the range of each network is small enough that with a collection of networks or malicious base-stations, a particular device’s movements could reliably be tracked in a known area.
TEMPEST Monitors (NBA Pg 100) are another risk of carrying a cellphone or other broadcasting device.
In games with supernatural, in addition to creatures being extra sensitive to light and sound, they may perceive frequency ranges well above even ultra violet; In these spectrums the radio signals from cell and wifi systems would be clearly visible bursts emanating from the characters.
If the creatures communicate with each other in these frequency ranges, it is possible that may even mask cell or wifi signal for short bursts.
In a situation where a character must be separated from a device, such as at a meeting with criminal elements, they should be concerned about tampering. The question is what could have been tampered with in the time window, and what the signs of it would be.
Some devices are easier to tamper with than others. Those with battery access for instance; a matter of seconds may be all that is needed. Phones without user accessible batteries may seem less vulnerable to tampering, but with the appropriate tools (such as the right screwdriver, a special prybar and a suction cup for an iPhone) you can have it open and closed again in a couple of minutes. The easiest way to check for physical tampering is to open the device and examine it.
Software tampering is harder to identify, but may take longer to perform. This is the equivalent of a jailbreak. It may be achieved over a network, or by connecting the device to a computer. Between five and fifteen minutes for a competent attacker to determine and use the correct attack vector and required waiting for software installs and device restarts would not be unreasonable. Tampered devices may run hotter and/or use battery faster than the usage would suggest. With the appropriate hardware and software tools and some time, the image of a device can be checked against a known good copy and if need be restored.
Finally, devices with SIM cards are vulnerable to tampering. It takes only a couple of minutes and some text messages. This allows trivial call and message snooping.
Back of the sticks?
An alternative to just denying characters use of cellphones due to lack of signal in the remote locations is to allow them to find a patch of poor signal; if they use it, they may be pinned in one spot while making a call, or waiting for their encrypted data to transfer. Maybe not your first choice when being stalked by a vampire.
An alternative to smart phones is cheap, disposable ‘feature’ phones (called ‘burners’) with prepaid data. These can be purchased with cash, no personal information, and can be trivially disposed of after use.
Relying on burners allows trivial anonymity as long as the burners only contact other burners, and do not contact a device known by the observer (that allows the entire network to then be unravelled).
The main downsides to burners is that they can’t have cryptographic keys or software loaded onto them easily. This means that communications are necessarily insecure, but it also means that there is no reliable (cryptographically speaking) way to authenticate with others. Anonymity and trust are naturally opposed. Weak secrets such as pass phrases or PINs can be trivially snooped by any observer that has either compromised the network or has the target surveilled.
Some smartphone burners exist. These often suffer from antiquated operating system versions with plentiful known vulnerabilities and no way to upgrade.
Accessing the wider internet is relatively safe; you can do so anonymously from a variety of publicly accessible computers (Libraries, internet cafés etc) without needing to put your own hardware at risk, with limited chance of your location being uncovered beyond the typical physical risks, and without too much concern about key logging or other snooping.
The biggest restriction is that the character may not be able to get the machine out of its kiosk mode, which means being limited to only the web browser, and potentially some coarse filtered view of the web (administered at a firewall).
If the machine can be accessed out of a kiosk mode (surreptitiously), then it is relatively trivial to connect more securely and directly to known good machines (perhaps virtual machines) to then access out into wider internet unobstructed.
One potential problem here is that the character may need to relay their secret key via USB stick. Beyond the dangers inherent to carrying the key (leaving the key behind would be a potential disaster), there is the risk of any malware on the computer infecting the USB stick, and then in turn the characters own computers. This is more likely to cause a computer to run sluggishly and/or unreliably than it is specifically going to leak information to the enemy.
Characters with heat (see Night’s Black Agents pg 87-88) from government agencies may experience difficulty crossing borders: a failed heat roll may result in laptops and phones being seized for searching (and copying or tampering). While consumer operating systems now provide full disk encryption, characters may be subjected to extra scrutiny due to its presence (“If you have nothing to hide, why do you need the encryption?”); the characters will of course be able to manufacture convincing reasons, but the argument may still be leveraged as an excuse to detain them.
Alerting the Authorities
Players may at some stage wish to call in reinforcements in the form of law enforcement, or media. Instead of ruling it out completely, consider allowing it. Keep in mind that the characters are unlikely to be able (or want) to use authenticated channels to make this communication, so there is limited trust involved. Any respondents will act accordingly.
The characters will probably do one of two things: lie about the situation, or come off sounding like cranks. If they lie, then whoever investigates is likely to be wildly unprepared for what is happening. Meat for the grinder, and stability tests for the characters. With the crank option, the response is likely to be slower arriving.
For law enforcement, consider having a couple of uniforms roll up to investigate. The characters will have to work extra hard to achieve their original objective and keep them alive. If the officers die at the scene, the characters can expect their heat to rise, and attached with it records of the call and tags for any weirdness mentioned. These unexplained deaths will surely crop up again later, too, perhaps pinned to the characters.
In the case of media, a reporter given a crazy but potentially promising tip may wish to do some initial research, and perhaps meet up with the informants. Again, the characters are going to have to work to keep the reporter alive. In a Night’s Black Agents game offering up a small story may only take out a single low level cell of the conspiracy, but is reasonably achievable. Tip offs with larger scope take a lot more time to come to fruition, and will end up endangering more people.
Competent characters will be aware of the security risk of most of these problems. Don’t try to hide this from the players to spring on them later; let them stew in their own juices and make the decision in the heat of the moment. They always get their message in or out, but they know they have let something slip in the process. Allow Sense Trouble rolls to alert characters, particularly if they have points in the appropriate abilities (Cryptography, Electronic Surveillance, etc)
When a network contact is turned, an agent may see telltale signs that their communications have been breached, but not know what exactly.
- If you are interested in reading more about the strength of cryptography, check out the PGP FAQ. While some weaker keys have been cracked, the amount of computing power needed is phenomenal. Using strong keys, and regular secure key rotation should mitigate most of the risk.
1.The default setting of Night’s Black Agents (pg 28) assumes that government agencies do possess tools to crack even the strongest keys. You may prefer to assume this in your games.
- Tor is not perfect though. This article is an interesting read about one attack on Tor using malicious end points.