Hacking RP Guide: Cybercrime and You

Discussion in 'Guides' started by PrivateNomad, Jul 2, 2019.

  1. PrivateNomad

    PrivateNomad There goes my hero, watch him as he goes Staff Member Technician Gold Donator Event Builder

    Joined:
    Jun 25, 2017
    Messages:
    449
    Likes Received:
    341

    [​IMG][​IMG]
    [​IMG]
    (Fun Fact: All hackers wear ski masks. Make sure your hacker character has one.)

    Hacking RP: Cybercrime and You


    Intro

    The concept of hacking computer systems is vastly misportrayed in popular media, in every genre and even among the public. Many picture the standard hacker as a man in a ski mask sitting in a dark room behind a wall of computers teeming with scrolling computer code, when in reality a typical hacker’s job setting is not too different from a developer or computer scientist.

    It comes in many names; network security, cybersecurity, penetration testing, etc. Hackers can hack for ethical reasons, unethical reasons, or even both; some hackers will attempt to steal data, encrypt data using ransomware, vandalize, and some hackers will test network and computer security measures in order to improve them.

    Due to modern security countermeasures, hacking is a difficult task; rarely do old scripts and methods actually work, leading most hacking to involve forms of social engineering to exploit the weakest aspect of any computer system whatsoever: the Human aspect. Or, in GC, the sapient aspect.

    What might a character need to know to hack? Even though hackers and developers most often use the same types of programming languages, the knowledge sets required for each are vastly different, often requiring suites of tools, up to date knowledge on a wide variety of security systems and exploits, and an understanding of how people think. If you want your character to be able to hack, consider that hacking in of itself is a profession, not a mere side hobby.

    As for the security of your network, it depends on your resources - both human and monetary. A low budget program or network may not have as good security as a government system, for example.

    Breaching Networks: Physical Access and Social Engineering
    In the modern Fringe, most computer machines and networks are digital, meaning they compute using binary states (though quantum computers do not necessarily use binary, they must still typically be able to communicate in binary). Similar to real life, networks typically communicate using the Galactic Nexus. This is the standard for all Nexus devices in the Fringe, that they must communicate using digital information. Machines that do not process using digital information must be able to interface with the Nexus; for example, Visitant alphas dedicated to computing are able to interface with a tachyonic relay for Nexus connectivity. In the fringe, cheaper machines may use semiconductor processors, while “good” machines typically use photonic processors. Larger servers and powerful computers may use quantum processors, though these are very rare in the Fringe, even in the larger Fringe factions.

    There is a common adage in cybersecurity: no system is unhackable. While this is generally true, in many cases a system is just extremely difficult to break into and not worth anybody’s time. This is why hackers most often employ social engineering in their tactics instead of attempting to force their way into a system. Phishing for login info using a fake website, embedding a program with a virus, leaving a flash drive with a virus around for someone to grab, etc. Almost all attempts at hacking now involves exploiting human error.

    Another common adage in cybersecurity is that if someone has physical access to a machine, they have complete control over it, simply because it is much easier to break into now. The same can be applied to androids and other robots.

    Decryption: The Imitation Game
    The act of encryption is to “encode a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.” Simpler encryptions or encodings are good to use for certain puzzles called cryptograms. Modern encryptions however, and another type of method called “hashing” are nigh impossible to crack; though it is possible to brute force shorter passwords, most secure passwords that are properly hashed are impossible to decrypt. In addition, the hardware required to perform the best brute force attacks is rare and expensive, utilizing quantum processors suitable for performing one singular algorithm, powerful enough to crack today’s SHA256 algorithm in under minutes. This is why social engineering is the preferred method of hacking. The Galactic Nexus typically uses a specialized form of digital encryption made to hold against quantum decryption attempts, making them nearly impossible to decrypt without the private key.

    Tracking
    Tracking is simply the act of finding a user’s physical location. To track somebody, you simply trace their IP and other connections, though it is by no means a simple process. Tracking works similarly to how it does in real life; in the real world, the user connects to the internet using their computer or other device. The computer “routes” data through your router, which is then sent to your ISP (internet service provider) which finally allows access to the internet. In the real world, it is very easy to discover the location of an IP address - however, that IP address’ location will only match the location of your ISP, which is generally just your city. The only way somebody could track your physical address using your IP address is through your ISP; the same goes for proxies. Proxies “hide” your connection by adding another server that you connect to, which masks your own connection. When someone pings your proxy IP, then they just get the location of the proxy; proxies make it nearly impossible to track somebody in the real world. The only way people can track through a proxy is either gaining control of that proxy server or having the VPN provider release that information, such as through a court order by the government if the proxy is based nationally.

    In the setting of the Fringe, the act of tracking somebody over the Nexus is a vastly similar process, though there are some differences that must be noted. By constructing a Galaxy-wide system of tachyonic communication and internet, we must sacrifice some security for the sake of widespread communication. In the Galactic Nexus, tachyonic relays act as “ISPs”, massive arrays of dishes and panels that utilize metamaterials in order to generate tachyonic frequencies that travel faster than light. Tachyonic relays are typically found as towers or space stations on common hubs, and are typically dedicated comms centers for that colony - lower bandwidth relays are also found on most ships. However, because tachyonic comms technology is bulky and expensive, computers and other devices typically utilize a standard radio transmitter that is much more powerful than modern variants and transmits data to tachyonic relays, which convert that data into tachyonic form. Sometimes a router is used as a middleman, typically for homes and ships, though typically not required as relays act as routers as well.

    [​IMG]

    To track somebody, you would first need the IP address they use to connect to the Nexus (assuming they are not using a proxy). The Galactic Nexus uses a form of IPV6 addresses to account for how many unique addresses might be needed. Most chat servers typically do not reveal the IP address of their users, however there are many different ways to find out (one way is to attach an IP logger to a link such as this. Similar to ISPs, when you ping the location of a Nexus user, you will only get the location of the tachyonic relay. Typically, this will only give you the planet or ship that the person is on. To precisely get somebody’s location, you have a few options:



      • If they’re on a ship, it's a bit complex, but if you can triangulate it you can generally track them unless they are using a proxy.​
      • The owner of the tachyonic relay has all the information about connected devices, including their precise locations. Typically these are protected, but in some cases they are not. The Haven Guard, for example, has the ability to track somebody’s address from their IP on Haven because Haven’s tachyonic relay on the Corrav Memorial Station is managed by the government.​
      • Physically go to the colony of the tachyonic relay and use packet sniffers and other digital surveillance devices to track down the user.​

    The usage of a proxy complicates the process if not makes it outright impossible, as each proxy server acts as another tachyonic relay that hides the user’s location. However, tachyonic relays are not easy to set up and operate, so they are typically run by security companies or other dedicated organizations - rarely does one person have the resources to set up their own Nexus proxy server.​


    Further Reading / Watching
    Steganography
    Computerphile

     
    Last edited: Jul 2, 2019
    WowGain, Pinkbat5, Jestephos and 2 others like this.