Sunday, January 25, 2015

Computer Wizards of the Present-Future

Credit where credit is due for the form of the phrase.

I was thinking more on the trouble I have with psionics in science-fiction games, and realized the solution was staring me in the face.  In science fiction, the role of magic in fantasy is best filled by gear, equipment, applied technology.  By analogy, the wizard-equivalent character ought to be the technologist who works magic.

I nominate the hacker.

The hacker-wizard is very much a live hypothesis (to use Peircian language), a live symbol, in current media.  For the hacker to 'work magic' feels much more plausible than for a psion, who strains suspension of disbelief.  Killing a man with just your brain is patently ridiculous, but killing a man by remotely hacking his pacemaker?  Not merely plausible; totally doable.  You don't need the Force to lift an X-Wing out of the swamp, just remote control.

The flip side is that hacking takes a lot of prep and intel.  Psionics is very fixed; you have this set of things you can do with your brain and they're not changing, but they're also very generally applicable.  Hacking is not like that.  You need to know your objective and your target before the mission.  If you're lucky, they have misconfigured their software or have a straightforward injection bug that you can exploit easily, typically in minutes to tens of minutes.  If you're less lucky, you can find a publicly-known exploit against some software your target is running and a payload that accomplishes your objectives and will run on your target (could take anywhere from a couple minutes to an hour, faster if Metasploit has what you need).  On the minus side, publicly-known exploits might be patched or the target's intrusion detection system (IDS) might recognize them, or they might just be buggy, and then you're SOL.  If you're particularly unlucky, you may need to get a copy of the correct version of the software running on the target and go find and exploit a bug yourself, then write and test your own payload.  This can take closer to days or weeks for most "real" software, or even longer for hard targets or targets running on weird hardware.  This generates something much like ACKS' mage repertoire mechanics; if you know of other hackers, and you know they have access to exploit you don't, they're targets for bargaining, treachery, and hackery themselves.

This reliance on preparation does put the hacker firmly on the wizard side of the Fighter-Wizard Axis.  On the plus side, once you've got your exploit+payload working, you can throw it over the network pretty indiscriminately.  Putting together a little smartphone app with a big red GO button which when hit spams your exploit to everything on the same wireless network is not a difficult task.  We already have better.  Hell, you could even give your Big Red Button app to the party's muscle and stay in the comfort of a sketchy van with too many antennas (in near future settings) or the starship (in far future settings), safely removed from the action but still able to provide remote support.

The general consensus from the Shadowrun crowd is that the distant hacker is sort of a problem because they go off and do "decker things" in their own little subsystem while the rest of the party is rolling hot through hostile territory.  Switching to prep-focused hacking might help alleviate this somewhat; once the run is underway, you can only work the magic you prepped.  You also need to be careful to not attract too much heat - if you get hackbacked and the adversary can determine your location from your machine, or you otherwise give away your identity or location, you could end up with a black helo full of goons inbound on your position while the party's heavies are away (or a hunter-killer drone or an orbital strike...).  And if you're doing RF (radio frequency) hacking, it doesn't even take that much to fix a location for the local spectrum allocation authority to come visit (as long as anyone's listening).  In less serious consequences, you might get kicked off the network or blacklisted and effectively cut out of the action until you can find a different way on.  I honestly feel like heat/noise is the hacker's limiting resource in play - once you've prepped your exploits, you can use them as much as you want, but eventually someone will catch on, and they will come for you with overwhelming force.  This too lends itself to wizardly caution, to restraint, to risk-management.  You're playing with fire; if you use your capabilities too much, you're not just going to run out of psi points for the day and have to stop -  you're going to get the whole party into some deep trouble.  It's an interesting dynamic though because the more technically sophisticated the target, the higher the risk of being caught yet also the greater the reward for success.  The hacker lets a party punch above their weight at targets like cyborgs in TL14 powered armor, but doesn't bring much at all to dealing with random wildlife.

I guess one good reason to go on the run yourself is if the target uses an air-gapped network or is hardened against RF communications.  On the other hand, those sound like the sort of targets you really don't want to be attacking if you can avoid it...

So...  what sort of capabilities are we looking at, realistically?  Intelligence gathering from vulnerable remote servers is fairly obvious; break in, get data, get out.  There's also lots of good intel-gathering to be done in the radio frequency domain.  There is much to-do about disabling or misusing "internet of things" targets these days; pacemakers, cars, printers, nuclear centrifuges, factories...  pretty easy to extrapolate out to smartguns, powered armor, combat stimulant autoinjectors, guided missiles, and combat drones.  Likewise spoofing GPS can cause all manner of mayhem via RF.  At a lower level, convincing the badge reader at the megacorp office that you're supposed to be there should be about as difficult as getting free bus fare, and feeding info to the faceman about the person he's talking to from their internet footprint is straightforward too.

In conclusion: hackers > psions.  Less suspension of disbelief, more cautious / preparatory focus, more playing with fire (except for 40k-style psions, in which case it's a pretty comparable amount of playing with fire really).  Maybe I ought to roll a cyberpunk MongTrav variant after all...


Dan said...

Good ideas. One way to kill two birds with one stone might be to use very short-range wireless signals - this reduces chances of remote detection while also getting the hacker stuck into the action.

I'm guessing that one reason why hackers don't normally replace 'wizard' or psions is because people think of them a being sneaky - which means they get rolled into the thief or rogue mindspace. But you're right; if you think about old-school stat blocks you would expect wizard, psion and hacker to all have Intelligence as their prime attribute. You can also use the 'weedy nerd' stereotype if you wanted to further conflate the physically weak wizard with the hacker.

The hacker does need some physical combat utility. Remote drones might be a good choice and are analogous to wizard summoning. Again make the signal short range so that the hacker can't just phone it in (pun intended).

I haven't played it yet, but a good source of inspiration for an 'action hacker' might be the Watch Dogs videogame.

Timothy Vaughan said...

I like this conception of the hacker. And I'd love to prototype a subsystem like that...

I'm reading the Sprawl trilogy at the moment so I'm all about that near-future tech setting. XD

You should post a possible implementation! I'd love to try it out. :)