Potential avenues for high-level technical information leaks?

[OsakanOne]

What are the potential points for high-level technical information leaks? Obviously nothing can happen until all GMs involved agree to it but I'm curious as to how any attempt against a given nation using intelligence agencies would actually function.

@Toshiro : What's the possibility of Project THOUGHT being leaked? I'd like to use it as the background of the political motivation to produce the Winter II. I'm annoyed your Kirie and Keiko (both, utter badasses) aren't in further circulation and I think creating a proper 'rival' platform would motivate Yamatai to deploy the platform more often as a direct response.

What are your thoughts on this? I wanted to ask publicly for the purpose of avoiding naysay and whisper so everything I've said on the issue can be seen by everyone -- and so people can chime in since I'm really interested on the particular topic.

 

[Toshiro]

Well Project THOUGHT's prototypes were concluded and have been on Yamataian assembly lines as production models for a while. The initial research and prototyping was secretive. As such any leaks, unlikely as they might be, would come from KFY.

Secondly, we can't outright force their adoption. Wes has repeatedly fought and resisted interest in frames/mecha above PA sized. The Kirie and Keiko only made it through because I shrunk them down from the five meter concept. No other plots have shown interest in using them except my own, either. We can't force that.

 

[OsakanOne]

My own concept is only 5.4 meters. They'd be direct competitors.

 

[Abwehran Commander]

On the topic of high-level leaks, I try to describe the possibilities in the currently unapproved article involving Computing systems and Security.

It's still a work in progress, but it not only describes some techniques and tools uses in today's systems (which can easily be transported into SARP) but with countermeasures as well.

 

[Kyle]

To be honest, I've never believed in the whole 'absolutely protected' system, a system that can't be broken into is impossible when its connected to a network, but even isolated systems are not safe. In the case of an intelligence agency being able to 'spy' or infiltrate another faction, it really depends on how that faction is set up. One example is that within the Neshaten, they do not trust foreigners and foreigners have 'zero' access to citizen information networks (at least until they become a citizen, in which case, they have to renounce the citizenship of the nation they came from, there is no dual-citizenship) this means that if a foreign spy was to try and access confidential information they'd be found out almost instantly, because the networks are constantly monitored. Now, this doesn't mean the system can't be broken into and prowled without anyone knowing, just that it would be hard to do.

 

[Fred]

There's no perfect encryption.

The only difference protection makes is how much effort and how long it will take to crack through the protection to get at the cheewy insides of whatever you wanted to access.

When hacking fails is when the time and effort invested turn out being insufficient. Either the hacker gives up, or is made to give up by circumstances.

 

[Abwehran Commander]

Quantum Encryption is as close to perfect as encryption can get, though I really don't believe it would be perfect in the SARP-verse given the tech-level.

 

[Fred]

Certainly not if you had quantum processing capabilities to help you crack it. If hardware can permit better defenses, it'll also permit better offense.

Granted, anything lower than quantum would likely lack the processing power to feasibly make a dent in it within an acceptable span of time.

 

[Abwehran Commander]

Pretty much what I'm trying to explain in my article.

 

[OsakanOne]

There's no perfect encryption.

The only difference protection makes is how much effort and how long it will take to crack through the protection to get at the cheewy insides of whatever you wanted to access.

When hacking fails is when the time and effort invested turn out being insufficient. Either the hacker gives up, or is made to give up by circumstances.

Untrue: obsfication requires you know what they know in order to communicate a successful message.

"Its where I put that thing that one time" contains so little information but so many knowledge-base specific hooks.

The real weakness of encryption isn't actually decoding it but how easy it is just to circumvent which is the NSA's primary method. There's all sorts of steps involved on both ends: if you intercept a transmission while its inside the enemy camp in a raw form or you can examine the basis of the transmissions rather than their contents and pattern the nature of the communications based on the length, timings and methods used to secure it you can usually estimate with great success what it will be -- or you can just invade their system directly using espionage and already know what the information is before encryption and after decoding without ever having to decrypt a damn thing.

Why? Breaking into something is much easier than decryption. Even breaking into PANTHEON with today's technology would be easier than cracking obsfuricated AES256, let alone AES512 or AES1024 salt/peper rainbow hashing to spice the encryption that's now quickly VERY becoming industry standard.

All it takes is a human mistake, poor memory management or the capacity insert any information at any step. PANTHEON being a sufficiently complex system, its weaknesses would inevitably be discovered very quickly: A good system starts with very simple repeated steps and flowers into complexity rather than how PANTHEON works - with no clear difference between live executing memory and long term storage (WOW MUCH EXPLOIT, VERY BUFFER ABUSE, VERY POOR DESIGN)

Even quantum attacks are defensible provided your method of storing information is esoteric enough: In order to successfully decrypt something, the other party has to know what their meaningful end result is of the decryption process. If you can obscure that and make it look like noise, they'll never ever know they found a positive result.

The ultimate conclusion is this:

You need to heighten the number of secured steps involved in transmission, decrease insecure steps, remove (as best as possible) all non-encrypted states of information and enforce rotating modulated obsfurication - ideally on a procedural OTP style system if you want a secure system.

This unfortunately makes networking in a universe with time dilation almost impossible because it is physically impossible for everyone in the SARP to synchronise clocks and dates.

Question:
Is whatever software system you're looking at vulnerable?

Answer:

​

 

[Luca]

The biggest security risk, to any organisation or government agency of any level is social engineering in my opinion.

You can't write a script or a put up a firewall to intercept someone slick enough to look as though they have always been there and extract information from a human weak point by profiling and conning them, playing on their weaknesses so they play into your hands and give you further information, passwords, who knows?

I even think in a 'super secure' setting like this that has biometrics for pretty much anything you can name, you can't defend against human error and swindling.

 

[OsakanOne]

Absolutely true, Luca.

 

[Luca]

You know what'd be really cool? If the players have to do a con like the one I outlined. Gathering all the information starting with a couple of leads, then constructing it, rehearsing it and putting it into action to, I dunno, get away with the National Bank would be an electrifying thing to play. Super-security be damned.

 

[Moogle]

. . . You've given me ideas for when I actually get off my lazy ass and write pirates.