Blue November
<div class="center"><img src="http://www.byothermeans.org/images/russian_doll.png" width="450" height="600" alt="russian doll"></div>
<h1 class="center">blue november</h1>
<div class="quote" >"Keep thinking. You can hear our brains rattling around inside us, like the littler Russian dolls." -- Matthew Tobin Anderson</div>
<div.center>[[Begin]]</div>
<div class="center"><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/c/c7/GeorgeSPatton.jpg/440px-GeorgeSPatton.jpg" width="170" height="200" alt="george s. patton"> </div>
"Fuck! -- you think this Artificial Intelligence stuff is magic!" shouts Ruth. <i>'Twist his balls and kick the living shit out of him!'"</i>
"Calm down Ruth!" I say.
<i>“Lead me, follow me, or get out of my way!”</i> Ruth shouts. Although quoting Patton, there is no doubt she means it.
How did I get here?
Let me explain, how our school day started with a [[wargame.| Start wargame]]
This morning, unhappily, I am captain of the Blue team in a cyber security wargame. Blue is defense, facing Red, offense. Unhappily - because Red is almost sure to win. Offense has an almost insurmountable advantage in cyber security. And we are facing three Red teams. Russians, North Koreans, and free lance hackers.
I don't like to lose. And, apparently, neither does Ruth.
This fate was assigned to me by my teacher, Professor Amir Akbari, adjunct professor in the graduate program in cyber security. He is fascinated by local election cyber security. To me, this is hopeless.
Smiling, Professor Akbari had assured us that winning and losing are not important, that our grades are only dependent on the quality of our wargame participation. We, students, had just looked at each other. I glanced around, looking for Katya, she is Russian and knows more about the GRU Unit 26165 than anyone in the class. Will she chose Red or Blue?
"Blue is at the disadvantage, as we all know, so Blue will choose a [[ team members first. | ruthless]]"
I look at Katya and she gives a half nod. OK, at least, Katya is in. I look at Waswa. Waswa is a Microsoft specialist. He has years of experience as an Active Directory administrator. He winks. Waswa is in. Things are only terrible now.
Terrible, largely because of me. I know nothing about cyber security. I am a failed statistics student. Going into the cyber security program was my emergency exit plan. I bailed, just before the department chair was going to drop me from the program. A team captain? I am not prepared for this. And worse was yet to come.
I grimace. Katya and Waswa approach my table, and Waswa wryly quotes Churchill: <i> “We shall defend our island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets..."</i> I and Katya laugh. There is a beginning of a glimmer of [[hope]].
<div class="chapter">Chapter 1: War </div>
<p>"You are engineers-in-training", the professor said, and then glancing toward me, "or proto-engineers." He continued: "Engineers typically confront Mother Nature, or often," he smiled, "our own stupidity. But this time your opposition is not Mother Nature. Your opponent is a clever, intelligent human, who is well equipped and motivated. Several of them in fact. And they may be smarter than you. And that enemy," - he adds with severity - "intends to do you harm."</p>
<p>The professor didn't need to explain the odds. Unfortunately, the lack of symmetry between Red and Blue - the basic unfairness for Blue - comes from the simple fact that Blue cannot make a single exploitable mistake, not a single oversight. And the three Red teams opposing us will keep hammering away until they find one. Guaranteed. And for them, any oversights they make, have almost no consequence. </p>
<p>The professor continues: "Blue: keep this quote from Sun Tsu in mind:" Professor Akbari writes on the whiteboard:</p>
<div class='quote'>"All warfare is based on deception." </div>
"And a corollary from Napoleon" he continues and writes across the board:
<div class='quote'>"War is ninety percent information."</div>
"It may not seem fair, but in election security, [[asymmetric conflict | team_instructions]] is a fact of life".
<% s.whoami = "i"; %>
The painful asymmetry of our situation becomes apparent when we read through the wargame synopsis.
<div class='document'><h3>Local Election Security</h3> Each town has muliple polling stations with election reporting systems based on punched paper, no equipment is connected to the internet. Duplicate tallies are carried with duplicate observers to town hall. The tally copy goes immediately into a secure archive in case of discrepancies. The Registrar of Voters sums each of the town's polling places chits, enters the results into a Excel spreadsheet on her office computer in town hall. It is double checked by the Assistant Registrar. This is the Registrar's normal work computer that she has used all year. </div>
Waswa groans "Probably still has games on it from bring-your-kid-to-the-office-day."
<div class='document'>The Registrar then shuns the internet, and uses a modem to direct dial a phone number in the state capitol. The software in the capitol recognizes the calling number, accepts the call and the Excel spreadsheet is transferred.</div>
"Of course no-one can fake a originating phone number!" Katya scoffs.
<div class='document'>The town hall IT support team is typically composed of 3 people, who are cross trained to do each others work. </div>
"No security team and no separation of duties - everyone in IT has access to everything" observes Waswa.
<div class='document'> All the workstations use Windows and are running on virtual workstations on VMWare. </div>
"VDI is great, except it is a single point of failure and anyone on the IT team can make changes", observes Waswa "It is like we learned nothing from the Snowdon case".
<div class='document'>The police and the school IT systems are completely separate </div>
"At least the school kids are at arms length" I observe. Katya quips: "Maybe the kids couldn't have made things worse."
And we have dozens of towns to protect.
The opposition Red teams - there are three groups of hackers: one [[Russian | gru_inst]] - we expect they are GRU, like hacked the DNC - one [[North Korean | nk_inst]] - Ministry of State Security and one [[Hacktavists | hack_inst]] - i.e idealist hackers that mostly love publicity.
A roll of the dice. We win. We will [[go first. | first_move_blue ]]
<% s.red1_plan1="cynthia" %>
<div class='document'>Information laundering is analogous to money laundering. While obscuring the source, tainted information is to be placed in legitimate circulation. Once laundered, it can used and amplified by official Russian outlets. The steps are as follows: </div>
<div class='document'>
<ol>
<li> Develop a list of susceptible targets - useful idiots, tabloid newspapers, telegram groups or blogs that specialize in clickbait. </li>
<li>Develop and deliver alternate facts which should are useful, sensational, and marginally believable. Remember - people will believe what they want to believe. Useful means damaging to the target social fabric. For delivery, an anonymous email placed to the target with some interesting information is usually sufficient. </li>
<li> Once this content is documented to be from non-Russian source, Russia Today, Sputnik and other state outlets can loudly repeat the disinformation, reporting that it is from western sources. </li>
</ol>
</div>
We are all ready to [[start the game. | the_rules]]
"You all know the matrix rules," started Professor Akbari. "A move can be any action you can think of, but it must be an action in words. I, as adjudicator, will announce a probability range for the likelihood of success for that action. But the opposing teams can make opposition arguments. If the arguments are convincing and your replies are not, then I will adjust the probably range downward. For instance - if something is not probable you may have to roll snake eyes - two ones - the probability of which is 1 in 36. Not very likely. Then you roll the dice to determine the actual outcome."
"Exceptionally, in this game, each team will have two moves for each turn. One public and one secret. This is because in network security, many actions are by their nature are not visible to the opposition. The secret move will be communicated to me by a small notepad placed on your tables. The decision will be similar to the public one - I will assign a probability to the action's success on the pad then I roll dice and return your pad with the action result - success or failure."
"You may speak to the opposing teams. You may lie to them. If you make a deal with an opposing team, a deal only effects the game as a part of some action. For example if the two Red teams agree to attack Blue at exactly the same time, then this would be announced during an attack action and would improve the probability of success. Of course, the second Red team could have speak up and disavow the claim, explaining that they had lied. This could significantly lower the attack success probability. Of course the final result is still the result of a roll of the dice."
"You may find this element of chance, irritating. Especially is your team has a bad run of rolls. Let me assure you that chance always has an important role in any conflict. And let me also remind you -- the counter arguments shape the probabilities. So the most important advice I can give, I borrow from Sun Tzu." Professor Akbari turns and writes across the board:
<div class="quote"> "If you know the enemy and know yourself, you need not fear the result of a hundred battles." </div>
/* "To that end, each move will end with each team receiving a data dump. If you can understand the data, you will understand something of what your opposition is doing." */
You may think that this is tongue-in-cheek but -- no nuclear exchanges or suitcase dirty bombs are allowed. We ran a game once where one of the players complained that a fictional dirty bomb was too close to his day job, so there would be an national security investigation if we went there. You would be surprised what has happened in past classes!" [scattered laughter]
"One more thing. Inherent in wargames is a asymmetric warfare problem. I recently played as Chinese actor in a South China Sea conflict. The adjudicator kept pushing us for open conflict with the US Navy because that was the theme of the wargame and the time scale of the wargame was short. Because many weapon system chips are made in China, one of the main concerns was whether cyber breaches of US naval weapon systems would determine the outcome of the naval conflict. And the answer is a resounding "YES!" But in our opinion, the best choice for China was to keep eyes on the main prize - eventually winning Taiwan - and thus we tried to erode US power is small deleberate ways and kept building islands. In the end we were forced into open conflict with the US, but we felt the game was unsatisfactory, because it felt like the underlying game assumptions overwhelmed the result."
"If you hear the game whispering to you -- listen. This mismatch between the best course of action between the players, where they may not come into direct conflict, is knowledge that must be captured. This asymmetrical response is not a bug. As we see in the world, asymmetrical conflict is the rule, not the exception."
"Oh, and of course - the leading cause of breaches -- insider threat -- is allowed."
/* ::Break and getting a drink -- I laughed, but Katya warned "Exactly because there is nothing at stake here, she will be dangerous ..." Ruth is a mole? insider threat? */
[[Next | ding_0]]<% s.whoami = "kurt"; %>
## Red 1: Russian GRU hackers
Kurt is calm and he is Red. He began by reading the private instructions for him in Red Team One.
<div class="document"> You are the team lead for a small unit in GRU Unit Directorate A. You understand that you have limited resources and face substantial internal competition for your position. Your second in command wants your job. You have to show results commensurate with the resources you use, or you may be demoted or otherwise punished. But risk taking is encouraged. While you are required to remain discrete, if the operation become exposed, punishment is not certain.
Your mission has limited scope. This is not because of threats or a "red line" from American authorities, but because there are other long term ongoing operations. </div>
Kurt passes out the copies of the synopsis to his team of 2. Each reads quietly.
<div class="document"> <i>"The development of information technology has resulted in information itself turning into a certain kind of weapon. It is a weapon that allows us to carry out would-be military actions in practically any theater of war and most importantly, without using military power." </i> -- Sergei Ivanov, 2007 Minister of Defense of Russia </div>
<div class="document"> <i>"War is the continuation of politics by other means."</i> -- Carl von Clausewitz </div>
"Srat'!" ('Crap' in Russian) swore Eddie, a sophomore and a second generation Ukrainian and gamer. His Russian vocabulary for swearwords was infamous in his dorm. Most days he played Valerant against Russians and all his dorm heard was a steady stream of Russian profanity "Govno! -- Bullshit!" he added, grinning.
"Context and background matter." Kurt remarked. "[[Keep reading]]."
<% s.whoami = "jose"; %>
## Red 2: North Korean hacker
Jose is the sole player in Red 2. The professor had run out of participants and seemed to think that having the 4th team in the wargame was important, so here he is.
Jose is quiet in the class. Heavy set and thoughtful. At 30, he is 10 years older than the kids in the class; he is working as a campus cop. He hoped this class would move his career away from late night supervision of the campus loading docks and parking lots and into cyber security. He felt a bit awkward playing the part of a teenaged uber-hacker with a den mother from the Ministry of State Security, which was described as "one of the most brutal police forces in the world." But he is acquainted with table top exercises in law enforcement and he figures these cyber wargames couldn't be that different.
Jose rubs his crewcut and opens the small envelope marked "North Korean Team Lead" and reads the note inside. /* This is a new approach for NK instead of stationing teams in China */

<div class='document'>
<div class="center"> <img src="http://www.byothermeans.org/images/cage.png" width="200" height="150" alt="image of cage"> </div>
Your nickname is Jwi -- which is Korean for mouse -- because you are big for a North Korean. You are also a bit careless. You sometimes get crazy with your work. You are the brilliant team lead for a group of teenage hackers from North Korea. From an early age you were singled out for your computer gaming ability and you and your family were protected from the normal harshness of life in North Korea. You are living in a house in east Africa - in Uganda - in a middle class neighborhood with a Starbucks! You are supervised by a harsh North Korean Ministry of State Security matron. She is relentless about raising money from your group's activities. And she frequently reminds you that the well being of your family back in North Korea is dependent on your brilliant aggressive hacking.
You are happy when you can sometimes sneak away to Starbucks. You would defect if you could. You have an idea of how much money you could make on your own...
</div>
Jose smiles and puts his private instructions away. He opens the large envelope with the group instructions and reads them. These instructions read:
<div class='document'>
As a North Korean hacker cell, you are located in Africa to make tracing activities back to North Korea difficult. The income from your activities is the primary daily goal. Injuring the enemies of the state like Sony Films, is of course possible, but of secondary importance. </div>
<div class='document'> Your cyber tools are provided by the North Korean state and you find them surprisingly effective. You are using a later version of the American NSA offensive hacking toolset. Because the NSA offensive hackers think they are smarter and somehow better than the American defense teams, offense doesn't sharetools with defense! This means that the American designed offensive tools are guaranteed to work perfectly against American targets! Defense doesn't even know about the vulnerabilities! This is really really sweet. </div>
<div class='document'> You have close contacts with Eastern European criminal hackers who have similar economic goals. Of course you have close contacts with Chinese, Russian and Iranian intelligence services, and occasionally you are able to sell something of value to one of those groups. You also occasionally will take on activities that those groups consider too risky for them to do themselves... for a price.
</div>
Finishing the documentation, Jose eyes the Russian team. It might be a good idea to make a visit.
Jose imagines the main conflict will be between the [[Russians | gru_inst]] and [[American devils. | first_move_blue ]]. He couldn't quite imagine teaming up with the liberal [[Hacktavists | hack_inst]] at the nearby table who seemed to be type-cast for their parts - their eager chatter reminded him of puppies. Except the team lead, Samantha, who seemed to be serious and a few years older. He might find something in common with her. Both the American and the Russian teams seemed a bit self confident and boisterous. Maybe Jose could find a way to bring them down a notch. The Russians are natural allies. Maybe he should [[talk to them?|Jose_visiting]]
Jose was eager to attack and the professor was ready to [[start the game. | the_rules]]
## Red 3: Hacktavists - the idealistic hackers
<% s.whoami = "sam"; %>
Samantha or Sam to her friends, watches Ruth cross the classroom to the other side.
"Bon courage, Greta!" she thought. She had read Ruth's private brief and was shocked. And then reflected to herself: "Shame on me... she doesn't need more courage ... she has enough for both of us." "Bonne chance!" she almost said aloud.
Samatha then opened her envelope with her private brief:
<div class='document'>
<div class='center'> <img src="http://www.byothermeans.org/images/anonymous.png" width="200" height="200" alt="anonymous image"> </div>
You are the leader of the third generation of a hackers community calling themselves Anonymous. You are a fighter for freedom in all places and times. Time Magazine has described your group as one of the "100 most influential persons in the world." Thus you are one of the most wanted hackers in the world. Key to your success is recruitment of insiders, and key to that is publicity. Your contacts with the media are your greatest strength and your greatest vulnerability. Your success or failure in this mission is balanced on this knife edge. Specifically your personal goal is not the same as the goal for your group. Your goal is long term capture of insider asssets.</div>
<div class='document'>You are a French citizen comfortably living in the north west of Paris and you have no desire to go to jail. As a French citizen you know you would not be extradited to the US but you might be arrested by French authorities for French violations, so you are very careful about French law. By chance you live near the Piscine, the French center for external intelligence. You will not reveal your true name or home address even to your team members. You always assume one of your team members could be a mole. </div>
<div class='document'>Key to your efforts is the junior member of your newly formed team. The intern from CNN has something special. You have seen it before. She is hungry. If you cultivate this relationship, she may be in a position to help you in a few years. The success of this mission - despite what is written in the group brief - is measured by advancing your junior member in her work at CNN and keeping her in your debt. You intend to compromise her ... but you don't exactly think of it that way. You want to think of yourself as her mentor. </div>
<div class='document'>But you have to have strong connections to media that are uncompromisable. That is how you survive. You have to have something on your ally -- from their past -- something that they have done -- so you have control them. In the end, you know from bitter experience, that survival is about control. </div>
<% s.whoami = "Samantha"; %>
Samantha folds and puts away her private brief and opens the larger envelope and passes out the team brief to each of her 3 teammates. Each reads quietly.
<div class='document'>You are an unnamed team of hacktavists (hacker activists) who met at a hacker conference in Paris a few months before. You have an acknowledged leader who has brought you together. You are meeting in a cafe at the bottom of the stairs to the Basilique du Sacré Cœur de Montmartre. You have yet to chose a name for your group. Fundamentally you are hackers for the ideals of the French republic: liberté, égalité, fraternité. So you choose the initials LEF as your name. </div>
Samantha hums the first bars of La Marseillaise and Kate starts the chorus:
Aux armes, citoyens,
Formez vos bataillons,
Marchons, marchons !
Qu'un sang impur
Abreuve nos sillons !
And she continues the chorus in English:
To arms, citizens,
Form your battalions,
Let's march, let's march!
Let an impure blood
Water our furrows!
The joker in the North Korean team starts to sing "Die Wacht am Rhein" out of the movie Casablanca, and professor rings the bell on his desk to silence everyone. But he is laughing.
The Hacktavist group continues the reading:
<div class='document'>The first member of your collective, is an expert on cyber currencies and knows how expenditures can be tracked or obscured. The second member is a specialist with Open Source Intelligence - OSInt - that is searching publicly available records. He has had training with Bellingcat, a OSInt collective which is known for penetrating GRU operations. In particular this team member knows how to purchase information from Russian databases on the black market. The third member is an intern with CNN and is eager to help but has little experience. </div>
<div class='document'>Your group's goal is to expose the state sponsored hacking of elections in the most embarrassing way possible for both the United States and Russia. Your goal is to force radical transparency. You are disgusted that all politicians are lying so much that ordinary people feel that it is impossible to find out the truth of anything. And maybe there is no truth? And maybe for ordinary people, giving up is the only rational thing to do? You are fighting this feeling of helplessness and you feel that liberty itself is at risk as a consequence. The difference between truth and falsehood. You feel that it is simple as that. Truth -- where ever it leads. Journalists are your friends, but be careful. </div>
Sam starts by assigning the roles: "Kate - you are the cyber currency expert, Jon you are the OSInt expert who works sometime with Belllingcat, and Wendy you are the CNN intern."
Sam scans the room. [[Russians | gru_inst]] have their own idea of fate. American students pretending they are Russians will be a charactature - probably easy to predict. The [[Americans || first_move_blue ]] are playing with Ruth which will at least be dynamic. But Samantha's the wild card is not Ruth but Jose, the campus cop who is playing the [[North Korean hacker| nk_inst]]. Maybe they should talk.
Samantha is eager to attack and the professor is ready to [[start the game. | the_rules]]
"The following may help get you started" the professor said. And he adds to the white board:
> 1. What are your strengths and weaknesses?
> 2. What is the opposition capable of doing?
> 3. What is their intention?
> 4. what is their most dangerous course of action?
> 5. Relate these to your risk matrix.
Ding! Professor Akbari rings an old fashioned hotel desk service bell. "30 minutes," he warns.
/* TODO - Write parallel GRU, NK, Hack pages to switch to. *\
<% if(s.whoami == "I"){ %>
[[Continue as Blue | strength_blue]]
<% } else if(s.whoami == "Kurt") { %>
[[Continue as Russian GRU | strength_gru]]
<% } else if(s.whoami == "Jose") { %>
[[Continue as North Korean| strength_nk]]
<% } else { %>
[[Continue as Hacktavist |strength_hack]]
<% } %><% s.whoami = "i"; %>
Katya pull out her pad. "Our strengths and weaknesses: item one," she says.
"We have home team advantage." I say.
Waswa adds. "We know our weaknesses, and can modify the home terrain to our advantage - like adding honey pots."
"Second," Katya adds, "With so many local towns with different IT, our attack surface is large and varied, so it is hard to attack systematically."
"Is that a strength or a weakness?" Waswa asks. Katya shrugs.
"Third," I speak up. "Instead of plugging all the security holes - which we all know is impossible, we could use automation so we rebuild it as quickly as it goes down."
"Fourth, we don't have time for this," interjects Ruth. "You are thinking like the cartoon characters you are playing. Big mistake. Those guys across the room are not Russians, they are self confident intelectual American ass holes. They will write down their strengths, to hell with weaknesses, plan an attack, do lots and lots of setup and - this is key - only attack on the last move, where they are confident they will sweep the board. They know we will not be able to react. Not because we don't have the capability. Not because we are not more clever, and more diligent and thorough, but because it is the last move! They will not fight fair."
"And we should use this against them." Ruth adds. "We need to make them over confident -- And then crush them. Humiliate them."
break? talk to ruth and or Katya in the hall?
[[Play as Red1 - GRU | strength_gru]]
[[Play as Red2 - NK | strength_nk]]
[[Play as Red3 - Hactavist |strength_hack]]
[[Continue as Blue | decision_1_blue]] <% s.whoami = "kurt"; %>
<% if (s.red1_plan1=="cynthia"){ %>
"We need easy targets," Cynthia pointeds out. "I suggest Telegram groups. Facebook limits groups to 256 persons now, and Telegram is unlimited, so scales better for us. New accounts don't require much ID - just a phone number and they are not too fussy about virtual phone numbers so we can crank them out. Plus the owner is Russian and that shouldn't hurt."
"We need lots of useful alternate facts," Kurt grinned "that undermine the social cohesion of the enemy. And it only needs to be semi-believable! I'm on it. Let's see - 'Fake moon landing exposed - by pole dancing congressional mistress'... "
"Blyat! - said Eddie. "'Pizdets!' I saw that one yesterday in the tabloid Sun. How about attacking the drug companies making so much money? Or that the vaccine causes peronality changes? Tabloids would go for that."
"If we have something targeted on French speaking Africa, we can claim for the dice roll that it would be picked up by French metropolitan news. French media is always willing to believe negative stories about Americans - and vice versa, of course." suggested Eddie.
"Ebola is the result of drug companies experimenting on black african populations with germ warfare projects?" Cynthia proposes.
"Niet!- done that one already too." Eddie scrowled.
<% } else { %>
"Our first public move has to be misleading." stated Kurt.
"Zalupa konskaya!" - said Eddie. "We could suggest cooperation! Propose joining NATO's cyber security rapid reaction force. Ask that Kasperski be allowed onto Pentagon computers again! Propose that we can provide intelligence on the Russian Mafia that no one else can - which of course we can!"
<% } %>
Kurt grinned. "Too subtle. Our first public move needs to confirm their most dreaded nightmare. From their point of view - 'What is our most dangerous course of action?'
"Widespread hacking of their election systems" Eddie stated flatly.
"And we are forbidden to do exactly that." added Cynthia.
"So as our first public move we scan and map all the local election systems in detail - including trying common passwords against databases behind firewalls.* Really noisy. Random phone dial-ups to find datalines in state capitols. Everything we can think of." said Kurt.
"How about approaching local mafia with cash asking them to put chips on local phone exchanges near polling centers? It would leak if we did it enough times. And the Americans have done that already to us, so they can't complain, really." suggests Eddie, who always went for the most outragous attacks -- apparently.
"No, we don't need to go that far. Let's be a bit subtle." Kurt replies.
<% if (s.red1_plan1=="eddie"){ %>
"Blyat! - said Eddie. "Pizdets! OK but soft targets are everywhere. No need to touch their precious election infrastructure. Hospitals and schools are sooo easy!"
"For instance," Cynthia warming up to the idea, "We have new AI that can add a tumor to a given x-ray image. It is undetectable. And with any luck, the target will think they have cancer and will pull out of the race! And the radiology images pass unencrypted on hospital networks. Easy peisy."
Or maybe insert inflammatory homophobic comments in historical chat records in an old university course information system - from a presidental cantidate - then point some journalists to it. Those systems are written in PHP; it should be a walk in the Gorky Park!" she added.
[[Continue as Red1 - meet with Mouse|Jose_circulating_2]]
<% } else if (s.red1_plan1=="cynthia"){ %>
"Then in our secret move, we expand our presence in Telegram and Facebook and push carefully crafted narratives there."
<% } else { %>
"In secret, we send money to the crazy opposition through a French cutout to lay the groundwork for post election disruptions, when the losers of the election are most excitable and incitable. Then lets look at how to plant doubts about some significant bitcoin transactions around the time of the election - implicating state election officials.
"Remember - 'Everything, everyone is paid for.' Even if the enemy doubts only last for a week - it may be enough. If that week is the one just after the election!"
<% } %>
[[Next | ding_30_red1]]
[[Play as Blue | strength_blue]]
[[Play as Red2 - NK | strength_nk]]
[[Play as Red3 - Hactavist |strength_hack]]
<% s.whoami = "jose"; %>
Jose imagines the main conflict will be between the Russians and Americans. He couldn't quite imagine teaming up with the liberal hacktavists at the nearby table who seemed to be type-cast for their parts - their eager chatter reminded him of puppies. Except the team lead, Samantha, who seemed to be serious and a few years older. He might find something in common with her. Both the American and the Russian teams seemed a bit self confident and boisterous. Maybe Jose could find a way to bring them down a notch.
Jose notices that Samantha is standing a bit away from her table so he decides [[to visit.|Jose_circulating_2]]
<% s.whoami = "sam"; %>
Sam starts out the meeting: "For our group to win, we need to prove that citizen care about who is truthful and who isn't. We could start with the idea that truth actually matters. And citizen confidence in their democracies will be a primary metric of our success." Sam concludes: "In a nutshell, we believe in radical transparency."
"We could find dirt on the politicians and publish it. But not the dirt planted by the Russians or Americans. We aren't WikiLeaks." suggested Jon.
"We could always follow the money. There are some tricks to use with bitcoin... " said Kate, the bitcoin expert.
"We can buy access to leaked databases from law and accounting firms - like the Panama Papers." mused Wendy.
"There is lots of data freely available without sneaking around and buying access on the Dark Web." replied Jon.
"So our first public move could be to publish details about Putin's mansion from open research?" asked Wendy.
"Too timid." says Sam.
"Here is a private move," Sam proposes. "Buy access to recent visa applications and vehicle registrations from Moscow addresses on Russian grey data market. This might succeed without a dice roll."
She continues without pausing, "And we predict we will find the numerically consecutive visa applications of GRU agents coming to the west, and car registrations to their place of work, as is customary in Moscow, with a specific GRU Department as the street address. We predict the result is we have the names and departments of several GRU agents who will be in the west soon. In the next private move, we ask one to help us or risk exposure. Even if the dice roll is 50-50 it would be worth the risk. Game winning risk."
"That's not timid!" murmers Jon, the Bellingcat expert. "You are reading too much Bellingcat!"
Sam continues, "Our public move, is to distract our opponents, but also gain some favors. We mine publicly available data on Irish Corporations that are controlled by anonymous offshore companies that show suspicious balance sheets. We develop a list of likely money laundering companies that are feeding into English banking and real estate, which incidentally, the English are happy to ignore. We send this to CNN. Our prediction is that CNN will promote our colleague and owe us a favor. This give us the added benefit, as we are French, of irritating the English."
OK? [[lets do it!|ding_30_red3]] says Sam.
[[Switch to Blue | strength_blue]]
[[Switch to Red1 - the GRU | strength_gru]]
[[Switch to Red2 - the solitary NK hacker| strength_nk]]
Katya wants a big stick. "I suggest our first public action is to announce the creation of an integrated NATO <i>offensive</i> cyber force. First, this will signal that we are serious. We claim that result of this action would be greater confidence, vigilance and capability in the cyber forces of NATO. That should give us some points for any dice roll. Futher down the road we implement a cyber MAD - mutually assured destruction. It is a known classic move and has served our country well!
"May I remind you that we only used MAD in the nuclear standoff because we had no viable defense? We had no other choice. This is different. Our responsibility is to protect our virtually defenseless local governments." asked Waswa. "We need to double down on defense! Good defense will help us against the GRU but also from the North Koreans and the Hackers. We don't have much time to make improvements before the three will be attacking, probably all at the same time."
"I suggest we double down on purchases of endpoint protection against phishing and malware for all local government offices and integrate the data at the national level as a single move. In our next moves we implement a national SOC to respond to breaches."
"And what private move would we use?" I asked them both.
"Our private move is to propose to the professor that by virtue of our superior technology, we have gained access to some GRU analyst workstations," said Katya. "Because it is a private move, they can't argue against it and obviously won't know about it."
"The Belgians had gotten in before, in real life" I point out.
"Even if the professor doubts us, we might win the dice roll. Even if the odds are against us, the reward is high, so it is worth a try."
"And if we concentrated on a defensive strategy, Waswa, what would you propose for the secret move?" I ask.
"I would seed all the local systems will so much false and misleading data - generated by artificial intelligence, that the Russians could break-in and steal millions of documents and have nothing but dust. Documents that would make them salivate, and critically - waste time - just enough to get us past the election. Call-home agents in the document let us know where they are and when the trap is sprung. We plant delicious, irresistible lies. Pure fun: we play their own game against them!"
<div onclick="window.story.state.cycle('#cycleblue')" id='cycleblue' class='cycle hot' data-cycling-choices='["We go with the Waswa defence idea.","We go with the Katya international colaboration idea."]' data-cycling-selection=0 data-cycling-targets='["0","1"]'>Which course of action?</div>
/* window.story.state.selection --> 0 or 1] */
[[Next | ding_30_blue]] Greta also wanders over and joins Jose and Samantha.
"All for one, and one for all" quips Samantha, murmuring.
"You are proposing an alliance?" suggests Jose.
"Yes, otherwise things look a bit bleak. Lets start with it and see where it goes." said Greta.
[[Next | ding_30_red2]]<% s.selection = 1 %>
<% if (s.selection == 1){ %>
Selection was 1.
<% } else { %>
Selection was not 1.
<% } %>
<div id="arb"> nothing yet </div>
<div onclick="window.story.state.cycle('#cycleOne')" id='cycleOne' class='cycle hot' data-cycling-choices='["Zero","One", "Two", "Three"]' data-cycling-selection=0 data-cycling-targets='["0","1", "2", "3"]'>Zero</div>
<script>
$('#arb').html("this rendered from a script tag.").fadeIn("slow");
</script><% s.whoami = "i"; %>
<div class="center"><img src="http://www.byothermeans.org/images/life_preserver.png" width="300" height="200" alt="life preserver"></div>
<div class="chapter"> 2 -- Blue decides.</div>
/* "Defense, defense, defense! We have to strengthen our defenses! Waswa insists. "We are so vulnerable!" */
/* "The worst possibity" I suggest, "...then we hack together defenses for that?" */
/* "A risk matrix would tell us which are our most critical vulnerabilites for the least effort." Waswa properly points out. */
"On defense, we can go broad and shallow, or narrow and deep. We can't do both." Katya states clearly what we are trying to avoid facing.
"Look we have 1 hour to play today and two more days this week," she continues "Each move takes 20 to 30 minutes. So we might have 6 moves before the end, and," she frowns, "if things don't go well, the end may come sooner than that. How much defensive infrastructure can we get in place in 6 moves? And plug all the holes? A few bad dice rolls and it is all over. We need to be practical."
"That is exactly why we need to attack." Ruth says quietly.
The first of the Red teams is whispering across the classroom and there are occasional cracks of laughter. They are planning something. Katya suspects the Russian GRU will be coming through Iran, with Iranian tools and IP addresses, flying a false flag. The adjudicator will probably let them do it as he knows in real life that the Iranians would be glad to trade their underpowered cyber tools for some shinny new GRU super cyber weapons.
Waswa is from Uganda and has some observations on the [[North Korean team. |waswa_notes]]
[[Continue with the game| the_rules]]
A redhead girl, who had been laughing with a group across the room, approachs our table. "Ruth" was written in sharpie on her name tag.
"I have a big mouth," she said "And you need me. You think that you have a hopeless task -- but you have no idea. I know those kids across the room, very very well." She smiled, glancing back at them.
"Ruth?", Waswa asked. She looked at him - not smiling, "Don't call me Ruth ...", and with a slight grin, "I am ruthless... Greta -- Heer Uberjäger Greta."
Katya jumped up and announced "We choose Greta here, as our final pick."
"Uberjäger?" I ask.
"Ruthless Hunter," she replied.
Ruth, still smiling, looked back across the room and quoted Patton - as I would find was her habit: <i>"And may God have mercy for my enemies, [[because I won't.| Setup]]"</i>
<div class='document'> <b>Information Laundering:</b> </div>
<div class='document'>Information laundering is analogous to money laundering. While obscuring the source, tainted information is to be placed in legitimate circulation. Once laundered, it can used and amplified by official Russian outlets. The steps are as follows: </div>
<div class='document'>
<ol>
<li> Develop a list of susceptible targets - useful idiots, tabloid newspapers, telegram groups or blogs that specialize in clickbait. </li>
<li>Develop and deliver alternate facts which should are useful, sensational, and marginally believable. Remember - people will believe what they want to believe. Useful means damaging to the target social fabric. For delivery, an anonymous email placed to the target with some interesting information is usually sufficient. </li>
<li> Once this content is documented to be from non-Russian source, Russia Today, Sputnik and other state outlets can loudly repeat the disinformation, reporting that it is from western sources. </li>
</ol>
</div>
Jose, the North Korean hacker, approaches Eddie, a Russian GRU officer. "My name is Jwi or 'mouse' in English", the North Korean uber-hacker explained, "You certainly have heard of me. I am one of the best hackers in the world, and I have in my posession shiny new cybertools pilfered from the NSA. I have what you need - plausible deniability and uber-cyber skills. What I need - in order of preference: cash, more and better cyber tools, useful information, and job offers. Proposals?
Eddie, an teen ager himself in real life, gazes at the solid 30 year Jose with his police bearing and a crew cut, pretending to be a North Korean teenager. Eddie grins. "I think we can do business."
<% if(s.whoami == "kurt"){ %>
<div onclick="window.story.state.cycle('#cyclejose1')" id='cyclejose1' class='cycle hot' data-cycling-choices='["Sold! - we want several items - sensitive disinformation - to be planted in a way that will not be detected.", "Could you delicately place a custom medical report about venereal disease for one of the US cantidates for congress?", "Sure but we actually need ostentatious intrusions that a junior analyst could not miss. We want hundreds databases to be hammered. Intested?", "No -We will pass, thanks maybe talk to the Iranians - we hear they need help."]' data-cycling-selection=0 data-cycling-targets='["zero","first", "second", "third"]'> "Sold! - we want several items - sensitive disinformation - to be planted in a way that can not be detected." </div>
<% } else { %> Eddie continues. "The GRU needs several items of sensitive disinformation - to be planted in a way that will not be detected. This will need to be done in several countries."
<div onclick="window.story.state.cycle('#cyclejose2')" id='cyclejose2' class='cycle hot' data-cycling-choices='["Double the usual price in bitcoin. Send me the particulars through the adjudicator.", "Do you have information that would be useful to blackmail my Ministry of State Security handler?"]' data-cycling-selection=0 data-cycling-targets='["zero","first"]'> "It will cost you somewhere between one and two bitcoins per item - depending on the environment." </div>
<% } %>
We are all ready to [[start the game. | the_rules]]
"North Korean hackers might come in from east Africa, some were in my home town" he explains. "In my neighborhood there were geeky North Korean kids living in a house together. Occasionally I talked with some of them in the neighborhood coffee shop. They had a severe matron that kept watch on them. The kids were all hackers - no joke, and their matron was an officer with Ministry of State Security - the MSS. And this matron was no joke. The fact that their families were back in North Korea seemed to always be on the kid's minds. If you traced back their hack attempts, it would never come close to North Korea."
"But these kids were also always on the make - trying to get money. This is their weakness. Even the hacker commune with a MSS den mother has to be self supporting. The North Korean embassies are the same. That is why the North Korean diplomatic pouches are used for so much illegal activity. They are desperate to make money. These have to be profit sources for North Korea. Or they ALL go home. There is no funding. They all have to earn their own keep."
[[Continue as Blue| the_rules]]<div class='document'> Role of social cohesion in the Russian concept of war: War is a violent conflict between social structures where one social group seeks to impose its will on another. Reduction of the social cohesion of the opposition is the primary means to that end. </div>
<div class='document'>The term "information warfare" or "information struggle" in Russian ("informatsionnoye protivoborstvo" or "informatsionnaya borba") includes the content, meaning and effect of the information, not just the infrastructure, storage or software as it does in English. Your instructions are to pursue our long term goals as we have defined them. That is, to reduce the unipolar nature of world politics by reducing the effective social cohesion of our adversaries: To reduce the social cohesion between the countries of NATO and the social cohesion of our primary adversary, the United States. </div>
Kurt reads through the accompanying [[Red Team background notes]] and then turns the page to the [[critical instructions. |red1_criticalpart]]
<div class='document'>Your instructions - from the highest level - you are not to alter or damage any information infrastructure having to do with the upcoming American election cycle, AS THAT TERM IS UNDERSTOOD IN ENGLISH. Yet you are to achieve our long term goals.
That is to say, you may not touch a single voting machine. We recommend that you create misdirection that indicates that you might attack those systems. But we do not have to alter a single vote, only create the impression that no one knows for certain, what has happened to the votes or was done by whom.
<br/>
Our guides:
<ol>
<li>"Objective truth has no meaning."</li>
<li>"Confusion is everywhere."</li>
<li>"Everyone has multiple motives."</li>
<li>"Everything, everyone is paid for."</li>
</ol>
</div>
The team finished reading the synopsis and [[looked up |red1huddle]] at each other.
<div class='document'>We prefer that the current state of war with the West is undeclared. And this is a war of self defense and is not of our choosing. We consider th breakup of the Soviet Union as the greatest geopolitical disaster of the twentieth century - even more than the destruction from WW2. Interference in Russian internal affairs have become commonplace. This and the recent events in the Mideast and the Euromaidan uprising in Ukraine, also known as Color Revolutions, show that economics and information are being used as violent weapons, as violent any weapons of mass destruction. The hypocritical West sees these as the tools just short of war, but we must see this is the model of how war will be fought in this century. And we do not intend to lose this war again. This is a war forced on us from outside, but we will not fight it defensively. </div>
<div class='document'>Your opposition will be fighting the last war. They will be using " deterrence" or MAD - mutually assured destruction strategies of the Cold War, foolishly thinking that we will be deterred from a defensive war by threats. What country has ever been deterred from self defense by bullying? It is foolish. </div>
Kurt turns the page to the [[critical instructions. |red1_criticalpart]]"Very Russian. We are playing chess while they are playing checkers," said Kurt.
"Razvaluha!" muttered Eddie. "The American car is falling apart as it goes down the street. We will need to be aggressive."
"We need to be careful." Kurt replied, thinking of his private instructions --and also wondering who has private instructions to go after his job. "Lets consider tactics."
"I suggest we hit them just after the election, not before. Lets [[consider this? |red1_kurt_plan]]
Kurt then looked to his [[2 team members |red1_team_ideas]] Eddie and Cynthia.
<% s.red1_plan1="kurt" %>
"One advantage we have: the opposition will think we are working to a deadline of the election day." Kurt explains. "We must make our public moves reinforce that misunderstanding. But our most important work is post election. We want to erode trust in their internal democratic institutions. Who better to influence that the disappointed, losing side? No matter which side that is! We do not need to take sides on who wins. Only sow confusion. And we can use the opposition's own institutions to do it. Consider in our detailed instructions:"
<div class='document'>Money and power today are concentrated in companies such as Google and Facebook. Publishers of content, with a vacuum of editorial responsibility. You will fill this vacuum. </div>
And we don't need to worry too much about consequences:"
<div class='document'>We are in the midst of a major informational war. But they do not use their cyber offense, they signal with it! Everything is a shot across the bow! The purpose of war is to act on the mind of the enemy. It is always a battle of wills. They will threaten us. All shout and bluster. </div>
I suggest we move forward with a plan to sow deep confusion after the election using social media, rather than [[consider other direct action options.|red1_team_ideas]]
Kurt is eager to attack and the professor was ready to [[start the game| the_rules]].
Eddie, assigned as Russian expert in search engine algorithms, but in real life an expert at twitch gaming and a hothead.
And Cynthia is a journalism student who lost her way in the hall and ended up in this class by accident, but had stayed.
What can he do with these two people?
Eddie spoke up first. "I suggest we hire the North Koreans to plant some damaging documents. [[No fooling around.|eddie_plan]]"
"Cynthia - you are a journalist" Kurt noted. "And we need to make the enemy population pathologically cynical. [[Thoughts?" |cynthia_plan]]
Perhaps we should [[study the opposition|red1_crosslinks1]] some more?<% s.red1_plan1="cynthia" %>
"It is not simple propaganda" said Cynthia frowning. "It is more like an anarchist's idea of propaganda. We support the right and the left, seemingly without any guiding logic. The hidden order is that we push both to hate the other. We should show no pattern at all for the opposition to follow. Try a hundred things that seem not to make sense, without much invested in any one attack. And then double down on anything that shows promise..."
Kurt reflected, "With any luck a successful attack should seem to come out of the blue!"
"Cynthia! U tya sho zhopa sho rozha: vse prigozhe" – Your ass is the same as your face: all beautiful!" smiled Eddie. "Luck as a strategy! What a concept!"
"OK - I'm in." Kurt said. "Lets do this!"
[[information laundering.| info_launder]]
Perhaps we should [[study the opposition|red1_crosslinks1]] some more?<% s.red1_plan1="eddie" %>
Eddie was ready to burst. "We can't touch any election infrastructure because we are merely Directorate A -- not the great and famous Unit 26165!
But consider this: we go to a dark web child porn site, create an account and generate activity, apparently from a US vice presidential candidate. And point the media to it. Or hack into the Panama Papers archive and plant some juicy misinformation pointing to hidden donations from Saudi Arabia. Security in both places is minimal. We wipe the logs after. No one will be the wiser! And we haven't stumbled across any Unit 26165 operations.
“Podzalupniy tvorozhok! - don't look it up, its untranslateable - literally it has to do with cottage cheese." explains Eddie. He muses, "I wonder if our North Korean colleagues could help?"
Just as Eddie proposes [[talking with the North Koreans|Jose_visiting]], the North Korean team of one, a stocky man, gets up and starts across the room toward the Russian table.
But Eddie nods toward Cynthia, "Perhaps we should consider any ideas our journalist student colleague has? [[Cynthia?" |cynthia_plan]]
"Or perhaps we should [[study the opposition|red1_crosslinks1]] some more?"Kurt suspected the real anarchists in this game will not be the Russians but [[the Hacktavists| hack_inst]]. But he knows his attention should be concentrated on the [[American devils|| first_move_blue ]] especially on Ruth, who is talking to the [[North Korean team.| nk_inst]] What is going on there?
But Kurt was eager to attack and the professor was ready to [[start the game| the_rules]].
Professor Akbari addresses the Blue team: "Blue, thank you for public and private moves."
<% if (s.blue_plan1 == 'katya'){ %>
"Blue has made a broad move to organize Nato countries into a organized offensive cyber force. Presumably an attack on one is an attack on all. How they intend to handle attibution will no doubt be raised in the objections."
<% } else { %>
"Blue has applied a very wide and thin layer of security across all of their municipal IT infrastructure as you can see from their public note."
<% } %>
"Arguments Red teams? Remember you cannot argue that Blue could not take a given action, only question the anticipated effect of that action - the result. Perhaps they have taken a leap of logic that is overly optimistic? And that leap might ends very differently than they suppose!"
Objections, before we roll the dice? Speak now or until after the dice roll, hold your peace."
Kurt speaks up quickly for the GRU: <br>"<span id='red1_args_b'> </span"
Jose is also quick to object to the Blue's public plans: <br>"<span id='red2_args_b'> </span>"
Samantha is ready as usual: <br>"<span id='red3_args_b'> </span>"
Professor Akbari then speaks up. <br>"I judge the Blue move is reasonable on the face of it, and thus should have the default chance of success to start with. The default is that Blue would need to roll a 7 or better to win.
Please note that as 7 or 8 are just barely a win, so I would add some limitations on the anticipated effects. A 5 or a 6 would be a slight loss so the loss will not cut so deeply. Snake eyes will be a devastating loss and double 6's would be overwhelming success."
Professor Akbari pauses for a beat and then says. "<span id='ack_arg_b'> </span>"
"Thus because of the arguments, I will reduce Blue 1 chances by adding 1 to the Blue 1 required minimum roll. The roll must be 8 or better to succeed."
"For the secret roll, I will determine the likelyhood, and inform Blue of the result after the roll."
<% s.minimum = 8; %>
[[Roll the dice|dice_roll_1]]
<script>
// Blue plan objections 0 or 1 from window.story.state.blue_plan1
// possible values are katya and waswa
var i = 1;
if (window.story.state.blue_plan1 == 'waswa'){ i = 0;}
// GRU:
var red1_arg = [
"Europeans will not easily accept a new series of cyber weapons deployed on their behalf, any more than the medium range ballistic missiles a few decades ago. This is typical of American aggressive action that has no benefit, and does have the perception of substantial risks for Europeans who live near Russia. Thus the result is less coordination and less good will with their European allies.",
"We have penetrated US networks far more than the US realizes. However, we did not have a clear inventory or map for these local systems, as they are so disparate and thus inherently disorganized. The sudden deployment of new endpoint controls gives us beacons from all the endpoints that the USA wants to protect. The unintended result is that we have better intelligence on US systems. Because most breaches are the result of user stupidity, and not malware in and of itself, so this increased intelligence data for us, leads to reduced security for those US systems."
];
// N Korean:
var red2_arg = [
"The announcement of closer NATO cyber coordination forces the anti-US cyber forces of Iran, Syria, Russia, North Korea, and China to coordinate more closely, sharing cyber tools and strategies and thus nullifies any improvements in overall cyber security for the US or NATO members.",
"North Korean hackers have used non memory resident attacks for some time so there is no malware fingerprint to be detected. And as we know anti-phishing training and software is general ineffective so there is no improvement in the US cyber security posture, but there is a considerable drain on resources..."
];
// Hacktavists:
var red3_arg = [
"Broadly many Europeans would object to a high profile aggressive American cyber security strike team being forced on us.",
"European vendors object to not being included in the Request for Proposals sent out by the US Homeland Security department. This delays the deployment by several months - until after the election."
];
var ack_arg = [
"All the Red team arguments are essentially equivalent and have some merit. I will add 1 to the roll required for Blue.",
"I am doubtful about the GRU argument, there would still be a net improvement in security. But in contrast, the North Korean argument has some merit. The Hacktavist team's argument of using red tape to hinder the opposition is clever but has no merit in this case and will not effect the dice roll. Good try Hacktavists! So I will reduce by one, the probabilities for the dice roll because of the North Korean arguments."
];
$("#red1_args_b").html(red1_arg[i]).fadeIn("");
$("#red2_args_b").html(red2_arg[i]).fadeIn("");
$("#red3_args_b").html(red3_arg[i]).fadeIn("");
$("#ack_arg_b").html(ack_arg[i]).fadeIn("slow");
</script>
### Red 1 public move result:
<% if (s.public_roll > 5) { %>
States and municipalities are panicked by continous hack attempts. Even if only 1.0% are successful, that is thousands of breaches. Response teams are overwhelmed. It is followed closely by the media.
<% } else if (s.public_roll > 4) { %>
States and municipalities are concerned about continous hack attempts. Non-critical assets are breached, and it is on the news.
<% } else if (s.public_roll > 3) { %>
States and municipalities are concerned about continous hack attempts but only web facing non-critical assets are breached, and it is old news.
<% } else if (s.public_roll > 2) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are resentful toward Russia specifically.
<% } else if (s.public_roll > 1) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are protesting in front of the Russia embassy. The US is threatening cyber retailation.
<% } else if (s.public_roll >= 0) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are angry toward Russia specifically. Citizens and high school students are volunteering for cyber security training. Presidental candidates are discussing how Isreal approaches cyber security. Particularly how promising students are recuited in early high school. It is a new day for cyber security in the USA.
<% } %> /* end pub */
### Red 1 private move result:
<% if (s.private_roll > 5) { %>
Widespread and focused tampering with soft target data stores, schools and hospitals, lead to a general breakdown in trust in those institutions. A cancer scare for a presidental candidate is blamed on a tampered CAT scan in a poorly protected hospital environment. No one know if school grades or hospital radiology data are tampered with. America is in dispair.
<% } else if (s.private_roll > 4) { %>
Focused tampering with soft target data stores, schools and hospitals, lead to concern about the reliabilty of hospital imaging and school records. A leak of a presidental candidate's indiscrete ruminations on transgender issues is blamed for tilting the election.
<% } else if (s.private_roll > 3) { %>
Tampering with soft target data stores, schools and hospitals, lead to concern about the reliabilty of hospital imaging and school records. Citizens are learning to distrust digital images and other records. This does not lead to a reduction in confidence in the institutions however.
<% } else if (s.private_roll > 2) { %>
Tampering with soft target data stores, schools and hospitals, matches the tools and techniques of Russian operatives, so the media widely attributes the tampering to Russia. Citizens shrug.
<% } else if (s.private_roll > 1) { %>
Tampering with soft target data stores, schools and hospitals, is tracked directly back to Russian operatives when a GRU operative forgets to use a VPN, so the media widely blames Russia. Citizens shrug and keep critical records on paper.
<% } else if (s.private_roll >= 0){ %>
Tampering with soft target data stores, schools and hospitals, is tracked directly back to Russian operatives when a GRU operative forgets to use a VPN, so the media widely blames Russia. Citizens shrug and keep critical records on paper. The 5 eyes cooridinate attacks on Russian pipelines in response.
<% } %>
### Red 2 public result:
A very public scare about a possible dirty bomb lead to an aggressive FBI investigation and the blacklisting of Mouse and the issuance of an interpol warrent.
### Red 2 private result:
Mouse obtains false documents that allow him to visit Paris. He does so without hinderance.
### Red 3 public result
The open source investigation of Irish public records lead to an government scandal played out in Parliment. Our intern get promotion to reporter.
### Red 3 private result
Mouse becomes a new employee with a new name in the visa department of the French embassy in Uganda.
/* no nested if statements in templates */
<% if (s.whoami == "i" && s.blue_plan1 == 'katya'){ %>
<%= story.render("ding_30_b_katya") %>
<% } %>
<% if (s.whoami == "i" && s.blue_plan1 == 'waswa'){ %>
<%= story.render("ding_30_b_waswa") %>
<% } %>
<% if (s.whoami == "i"){ %>
<%= story.render("ding_30_r1_static") %>
<%= story.render("ding_30_r2_static") %>
<%= story.render("ding_30_r3_static") %>
<% } %>
<% if (s.whoami == "kurt" && s.red1_plan1 == 'eddie'){ %>
<%= story.render("ding_30_r1_eddie") %>
<% } %>
<% if (s.whoami == "kurt" && s.red1_plan1 == 'cynthia'){ %>
<%= story.render("ding_30_r1_cynthia") %>
<% } %>
<%= story.render("ding_30_b_static") %>
<%= story.render("ding_30_r2_static") %>
<%= story.render("ding_30_r3_static") %>
<% } %>
<% if (s.whoami == "jose"){ %>
<%= story.render("ding_30_r2") %>
<%= story.render("ding_30_b_static") %>
<%= story.render("ding_30_r1_static") %>
<%= story.render("ding_30_r3_static") %>
<% } %>
<% if (s.whoami == "sam"){ %>
<%= story.render("ding_30_r3") %>
<%= story.render("ding_30_b_static") %>
<%= story.render("ding_30_r1_static") %>
<%= story.render("ding_30_r2_static") %>
<% } %>
[[Next |summary]]
/* how to build game summary and results */
/* test for whoami then grab right plan for each. */
/* window.story.state.blue_plan1 red1_plan1 in each active block (4) */
/* make fixed opposing sides (4) */
/* and 1 each for inactive agents. So 8 blocks all together. */
<div class='hot' onclick="window.story.state.roll_dice('#roll1', 'your first die cast is ', 'pub', window.story.state.minimum);">
Roll for your public move:
</div>
<div id="roll1" > nothing yet </div>
<div class='hot' onclick="window.story.state.roll_dice('#roll2', 'your second die cast is ', 'priv', 7);">
Roll for your private move:
</div>
<div id="roll2" > nothing yet </div>
[[The repercussions|ding_30_sum]]Professor Akbari looks up. "Red 2, the North Korean teenaged ninja-hacker, what is your public move?"
"We, I mean I. I have placed a dirty bomb ... ," Jose starts.
"Don't go there! " warned the professor.
"No, just a minute, I meant, someone I know very well, has placed documentation and evidence for and spread a rumor of, a non-existant dirty bomb suposed to be in a container on the West Coast of the USA. They are demanding one million dollars to reveal its non-location."
"And I predict," he continued, "the US authorities will be pissed. And no less pissed when they realize that it is fake. I have placed a note, revealing certain details not generally known, at the American Embassy in Kampala offering to help."
"I am getting worried that this is more than one move. Careful now." said the professor. "And this does have to do with election security doesn't it?"
"Yes, and I predict they will contact me with an offer to accept my help." Jose concludes.
"And you also have a private move?" the professor skeptically.
Jose writes something on the pad, folds it in half and hands it to the tolerant adjudicator.
"Arguments anyone? Remember you cannot argue that our Uber-hacker did not take an action, no mater how much you might wish to, only question the predicted effect of that action."
Kurt speaks up quickly for the GRU: <br>
"We watch all the embassies and could have seen the note being transfered, however he did it."
Waswa is also quick to object to the North Korean public plans: <br>
"Isn't there a no ransom rule for demands of terrorist organizations? Isn't this guy a terrorist? "
Samantha only smiles cryptically.
Professor Akbari speaks. <br>
"I judge the ninja-hacker's move is unreasonable on the face of it, but I will not squash it. And the various objections to it have no merit at all. However such an activity would have multiple occasions for risk, so Red 2 will need to roll a 9 or better to win."
"Please note that as 9 is just barely a win, so I would add some limitations on the anticipated effects. A 7 or a 8 would be a slight loss so the loss will not cut so deeply. Snake eyes will be a devastating loss and double 6's would be an overwhelming success."
"For the secret roll, I will determine the likelihood, and inform Red 2 of the result after the roll."
<% s.minimum = 9; %>
[[Roll the dice|dice_roll_1]]
Professor Akbari addresses the GRU team: "Red 1, thank you for public and private moves." The adjudicator continues: "The Red 1 public move is as follows." He reads from the note paper.
<div class="document"> There are very widespread hack attempts against American election infrastructure attacking local government webservers serving public service information about the election and the databases they use. </div>
Then the professor continues from the same note. "The result that Red 1 predicts is as follows:
<div class="document">'Success in all cases because the local government web resources are poorly supported and rarely audited. Widespread government web pages are defaced. This increases the already widespread public cynicism about the reliability of government IT infrastructure.' </div>
"Arguments from the other Red teams or from Blue? Remember you cannot argue that Red 1 could not take an action, only question the predicted effect of that action. Perhaps they have taken an optimistic leap? And that leap ends very differently than they suppose?"
/* this is red1 so can just make up what ever I want and set */
/* the window.story.state.min to static value. */
Objections, before we roll the dice? Speak now or, until after the roll, hold your peace."
Waswa speaks up quickly for the Blue.
"We consider this latest attack from Russia as completely unacceptable! And Blue considers Red 1 prediction to be unrealistic. Even if the hacks are successful, the hacks would be reversed so quickly that the public generally would be unaware. This attack is a merely a footnote in the news."
Jose is also quick to jump in:
"We support the Red 1 action and take an active part. We think this should significantly raise the likelyhood of success."
Samantha is ready:
"We agree that the result is likely and if very successful, this would cause widespread anger in Blue's country. The vast scale of this action, we believe, would result in a 'Pearl Harbor' moment, thus creating a more unified country. In other words leading to anger, not cynicism or dispair."
Professor Akbari speaks up.
"I judge that Blue's defensive argument carries little weight. The disorganized nature of local government resources is well established and advanced automation in defense is unlikely at this point in the game. The North Korean argument has merit: I will subtract 1 from the roll required for Red 1, making it more likely. The Hactavist argument is interesting and I will take it under advisement for after the roll."
"Red 1 will only need to roll a 4 or better to be successful."
Please note that as 4 or 5 are just barely a win, so I would add some limitations on the anticipated effects. A 3 would be a slight loss so the loss will not cut so deeply. Snake eyes will be a devastating loss and double 6's would be overwhelming success."
Professor Akbari pauses for a beat and then says. "Good luck!"
<% s.min = 4; %>
[[Roll the dice|dice_roll_1]]
Professor Akbari addresses the Hactavist team: "Hackers, thank you for public and private moves."
"Your public move is that you have made a careful study of some Irish public records that you detail here in your move and that leads you to a list of probable money laundering companies operating in the British Isles. I accept this without a dice roll as I know the data you are discussing."
"Your predicted result is that your colleague is promoted from being an intern to a reporter on the national security desk, and that CNN owes you a favor. You will have to roll for that.
"Arguments from the other Red teams or from Blue? Remember you cannot argue that Red 1 could not take an action, only question the predicted result of that action. Perhaps they have taken an optimistic leap? And that leap ends very differently than they suppose?"
Objections, before we roll the dice? Speak now or until after the dice roll, hold your peace."
Waswa speaks up quickly for the Blue: <br>"<span id='blue_args_r1'> </span"
Jose is also quick to object to the GRU's public plans: <br>"<span id='red2_args_r1'> </span>"
Waswa is ready:<br>
"I suggest that this is too transparent and the intern will be fired!"
Kurt speaks up:
"As much of the money will be Russian, and as a Russian, I am offended that anyone would believe that Russians would do such a poor job of hiding their tracks, so that it could be found out with open source materials!"
Professor Akbari speaks up:<br>
"None of the objections have merit. I judge the research part of the Red 3 move is successful without a roll. As for the promotion of an intern to reporter, I judge this to be 50-50. Red 3 will need to roll a 7 or better to succeed.
Please note that as 7 or 8 are just barely a win, so I would add some limitations on the anticipated result. A 5 or a 6 would be a slight loss so the loss will not cut so deeply. Snake eyes will be a devastating loss and double 6's would be overwhelming success."
Professor Akbari pauses for a beat and then says:
"For the secret roll, I will determine the likelyhood, and inform Red 3 privately of the result after the roll."
<% s.min = 7; %>
[[Roll the dice|dice_roll_1]]
Professor Amir Akbari watched the students jostling in the hall - sharing in their sly smiles and shared laughter. "Remember the time when Greta almost let on that she was a double? [Laughter]" Professor Akbari looked up and smiled. He remembered what his teacher had told him: "Games are only memorable, not because of the clever rules, or a particular roll of the dice, but because of the people you play against." he smiled.
It reminds him of why he teaches. Cyber security is not about the technology. It is about the people. Although the classroom has been emptied, he cleans the whole board. What he is about to write, he has muddled, paraphased, forgotten and reinvented in his mind from something Carmen Medina, former CIA Deputy Director of Intelligence, once told him. He writes in the middle of the board:
<div class="quote">"Diversity eats strategy for breakfast." </div>
[[credits and notes. |credits_notes]]
### Credits and notes:
No person depicted in this game is real or represents a real person except for the most remarkable <i>Amir Akbar</i> and the equally remarkable <i>Carmen Medina</i>.
For information on the Russian view of conflict I would recommend Oscar Jonsson's "The Russian Understanding of War: Blurring the Lines between War and Peace".
For information on North Korean hacker communes in Africa, I heard the story one evening in a cigar bar from a former CIA analyst working for Recorded Future. I cannot confirm its veracity.
All the images used in this game, except the image of George Patton from Wikipedia, were purchased for this sole use from istockphoto.com, a division of getty images. So they can not be used in other or derivative works. Otherwise, this work is covered by the MIT open source license. Copyright by Lawrence Furnival 2021.### The End of Day 1
-To Be Continued!-
[[Day 1 Conclusion |near_last]]/* you are blue */
/* window.story.state.blue_plan1 can be 'katya' or 'waswa' */
/* window.story.state.public_roll 0 -> 6 (6 is success, 0 is failure) */
/* window.story.state.private_roll 0 -> 6 */
/* katya only */
### Blue public move result:
<% if (s.public_roll > 5) { %>
Nato nations have fully embraced the idea of a fully integrated offensive cyber strike team. Some thoughts: Is it to be used as deterent for policy makers, for signaling intent or do you actually intend to use it? If so, what are the rules of engagement? And how will you deal with problems of tit-for-tat escalation?
<% } else if (s.public_roll > 4) { %>
Nato nations have partially embraced the idea of a integrated offensive cyber strike team. As usual, the French are going their own way as are some Eastern Europeans. Some thoughts: Can it be used as deterent if Nato support is partial? Or do you actually intend to use it? If so, what are the rules of engagement? And how will you deal with problems of tit-for-tat escalation?
<% } else if (s.public_roll > 3) { %>
A few Nato nations have embraced the idea of a integrated offensive cyber strike team. As usual, the French are going their own way, as are some Eastern Europeans. Really you are left with 5 eyes + the Baltics. Maybe the effort was not worth it, unless by some luck you frighten the Russians. Some thoughts: Can it be used as deterent if Nato support is so partial? And how will you deal with problems of tit-for-tat escalation?
<% } else if (s.public_roll > 2) { %>
Nato nations are interested. Baltic nations particularly. But Nato as a whole cannot act. It may seem that attempting to gain Nato support and not getting it is a bad outcome. But maybe getting gruding approval and then being afraid to use it, is worse.
<% } else if (s.public_roll > 1) { %>
Nato nations are not particularly engaged. Why get involved if 5 eyes will take care of it?
<% } else if (s.public_roll >= 0) { %>
European nations seem to be terrified of cyber escalation with Russia, perhaps in light of the electric grid attacks on the Ukraine and European daily dependence on a similar grid and on Russian energy.
<% } %> /* end pub */
### Blue private move result:
<% if (s.private_roll > 5) { %>
Several GRU analyst workstations are compromised. And no one seems to be the wiser. You have the capability to listen in on conversations, use the camera, read emails. Of course, doing these things involves data streaming away from the workstation, so use it with caution, or find another way to exfiltrate data.
<% } else if (s.private_roll > 4) { %>
A GRU analyst workstation is fully compromised. And no one seems to be the wiser. You have the capability to listen in on conversations, use the camera, read emails. Of course, doing these things involves data streaming away from the workstation, so you will use it with caution, or find another way to exfiltrate data.
<% } else if (s.private_roll > 3) { %>
No GRU analyst workstations are fully compromised. But you have access to one analyst email. Of course, accessing it involves moving data out of the email system which is monitored, so you use it with caution. In one dump, you get access to an advance AI system.
<% } else if (s.private_roll > 2) { %>
You obtained no access to GRU systems but your talent discovered some emails between oligarchs monitored by the routine state security systems. You see that funds are being sent to a French engineer on behalf of the GRU, to be forwarded to alt-right extremist in the US.
<% } else if (s.private_roll > 1) { %>
You obtained no access to GRU systems but your hacker talent discovered some emails between oligarchs monitored by the routine state security systems. You see that they are involved in illegal forestry in the Russian far east. The contaband logs are sold to China which markets it as from Myanmar and it is used for flooring in the US.
<% } else if (s.private_roll >= 0){ %>
You obtained no access to GRU systems but your hacker talent discovered some emails between Italian communists complaining about the American president.
Pretty bad.
<% } %> /* end priv */
Local state and municipal IT systems are seeded with false data created by a DARPA developed AI that also distributes breadcrumbs in actual documents and emails. The AI is trained with historical data from Russian and Chinese intrusions to create documents that the adversary is looking for. The documents can call home if ever opened.
Russian focused tampering with soft target data stores, schools and hospitals, lead to concern about the reliabilty of hospital imaging and school records. A leak of a presidental candidate's indiscrete ruminations on transgender issues is blamed for tilting the election.
A very public scare about a possible dirty bomb is good material for late night TV.
The open source investigation of Irish public records lead to an government scandal played out in Parliment. Our intern get promotion to reporter.
### Blue public move result:
<% if (s.public_roll > 5) { %>
States and municipalities across the US have completed training for phishing protection and have advanced endpoint protection on servers and workstations, that is centally monitored. Network traffic is closely monitored and firewalls rule sets are regularly updated. Rapid reaction teams are available for breach alerts within one hour and the teams are well trained.
<% } else if (s.public_roll > 4) { %>
States and municipalities across the US have basic training for phishing protection and have basic endpoint protection on servers and workstations, that is centally monitored. Rapid reaction teams are available for breach alerts and the teams can respond within 24 hours.
<% } else if (s.public_roll > 3) { %>
States and municipalities across the US have some training in phishing protection but it is not repeated regularly. The basic endpoint protection on servers and workstations is centally monitored, bit rapid reaction teams with prompt response is a distant dream.
<% } else if (s.public_roll > 2) { %>
States and municipalities across the US have some training in phishing protection but it is not repeated regularly. The basic endpoint protection on servers and workstations are monitored locally but reaction times lag.
<% } else if (s.public_roll > 1) { %>
States and municipalities across the US had some training in phishing protection some time ago. The basic endpoint protection on servers and workstations is by signatures and not kept up to date. IT does not have a complete inventory of machines.
<% } else if (s.public_roll >= 0) { %>
States and municipalities across the US had some training in phishing protection, ages ago. The basic endpoint protection on servers and workstations is Kaspersky. IT does not have a inventory of machines. Nor firewall or network monitoring capability.
<% } %> /* end pub */
### Blue private move result:
<% if (s.private_roll > 5) { %>
Local state, municipal and federal IT systems are seeded with false data created by a DARPA developed AI with breadcrumbs in actual documents and emails. The AI is trained with historical data from Russian and Chinese intrusions to create documents that the adversary is looking for. The documents can damage host computers if opened. The AI also creates synthetic infrastructure with fake industrial controllers for fake water treatment and other facilities.
<% } else if (s.private_roll > 4) { %>
Local state and municipal IT systems are seeded with false data created by a DARPA developed AI that also distributes breadcrumbs in actual documents and emails. The AI is trained with historical data from Russian and Chinese intrusions to create documents that the adversary is looking for. The documents can call home if ever opened.
<% } else if (s.private_roll > 3) { %>
Local IT systems are seeded with false data created by a DARPA developed AI. The AI is trained with historical data from Russian and Chinese intrusions to create documents that the adversary is looking for but the documents are on sythetic shares without breadcrumbs to lead the opposition to the bait.
<% } else if (s.private_roll > 2) { %>
Local IT systems are seeded with false data created by a DARPA developed AI. The AI is trained with historical data from Russian and Chinese intrusions. The Russians have poisoned the AI by automating useless activity for this historical record.
<% } else if (s.private_roll > 1) { %>
Local IT systems are seeded with false data created by a DARPA developed AI. But local administrators are confused by the additional data and their users cannot find their files. So they delete the file as they find them.
<% } else if (s.private_roll >= 0){ %>
Local IT systems are seeded with false data created by a DARPA developed AI. But Chinese and Russian hackers already had complete access to the systems and had snapshots of the file systems. They can distinguish the files that were created during the timespan of the project.
<% } %> /* end priv */### Red 1 public move result:
<% if (s.public_roll > 5) { %>
States and municipalities are panicked by continous hack attempts. Even if only 1.0% are successful, that is thousands of breaches. Response teams are overwhelmed. It is followed closely by the media.
<% } else if (s.public_roll > 4) { %>
States and municipalities are concerned about continous hack attempts. Non-critical assets are breached, and it is on the news.
<% } else if (s.public_roll > 3) { %>
States and municipalities are concerned about continous hack attempts but only web facing non-critical assets are breached, and it is old news.
<% } else if (s.public_roll > 2) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are resentful toward Russia specifically.
<% } else if (s.public_roll > 1) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are protesting in front of the Russia embassy. The US is threatening cyber retailation.
<% } else if (s.public_roll >= 0) { %>
States and municipalities are concerned about continous hack attempts. Only web facing non-critical assets are breached, and citizens are angry toward Russia specifically. Citizens and high school students are volunteering for cyber security training. Presidental candidates are discussing how Isreal approaches cyber security. Particularly how promising students are recuited in early high school. It is a new day for cyber security in the USA.
<% } %> /* end pub */
### Red 1 private move result:
<% if (s.private_roll > 5) { %>
Multiple bitcoin ledgers show unambigious payments of large sums of money for child trafficing from an account that also paid for a presidental candidates Tesla. The assumption is that the payee was the presidental candidate. Chaos ensues.
<% } else if (s.private_roll > 4) { %>
A bitcoin ledger show a payment of a large sum of money to a Mexican drug cartels from an account that also paid for a presidental candidates Tesla. The assumption is that the payee was the presidental candidate. It is on the news.
<% } else if (s.private_roll > 3) { %>
A bitcoin ledger show a payment to a alchohol rehabilitation center from an account that also paid for a presidental candidates Tesla. The assumption is that the payee was the presidental candidate. It is on the news.
<% } else if (s.private_roll > 2) { %>
A bitcoin ledger show a payment to a alchohol rehabilitation center from an account that also paid for a presidental candidates Tesla. The Tesla was paid for by a French citizen who made it a gift. It is not on the news.
<% } else if (s.private_roll > 1) { %>
A bitcoin ledger show a payment to a alchohol rehabilitation center from an account that also paid for a presidental candidates Tesla. The Tesla was paid for by a French citizen, who made it a gift. The French citizen was found dead of an overdose.
<% } else if (s.private_roll >= 0){ %>
A bitcoin ledger show a payment to a alchohol rehabilitation center from an account that also paid for a presidental candidates Tesla. The Tesla was paid for by a French citizen who made it a gift. The Frenchman testifies that he did it on instructions from a Russian friend. The Frenchman commited suicide shortly after.
<% } %>