Guide to Roleplaying “Hacking” on NationStates — Part 1
____________________________________________________________________
Since the new NationStates forum (i.e. this forum we are all using) was first set up in 2009 to replace the unholy Jolt, there has been the tendency on NationStates for National and International Roleplaying writers to assume that hacking is something that can be used as a kind of in-character “attack” against other roleplayers/writers participating in your RP thread — as some kind of a super elegant thing.
It is not.
And we are not just talking about whether it is unrealistic or realistic to do so. We are talking about borderline godmodding; something that should be avoided — that is, to claim that you can “hack” the other RP participants writing with you (without their permission) is just as bad as you saying “I have my nation’s soldiers in your land now; post your move.” It is something that is very bad, and should be avoided entirely unless the other players have given their full (read: clear) permission for you to make such a move.
Let us address one example of an old post that we’ve found on NationStates:
Sinkretichki Kombinat wrote:In addition to that, the botnets would be controlled via layers of proxies, denying easy identification of source countries, and be steadily expanding into various other nations via regular malware propagation methods. Given the NS world seems to be if not infinite, holding at least thousands of nations with perhaps trillions of devices among them, it would not be unreasonable to assume that blocking specific IPs at one point backfires or is unable to keep up.
The reason I have chosen the above post is because I’m not associated with the above poster, i.e. I hold no out-of-character or in-character interest for or against the poster in question (I don’t know who that person is).
What is wrong with the above “hacking” scenario post by the player Sinkretichki Kombinat?
And what can we do to avoid any such godmodding behaviour in future?
Let’s break it into half:
Sinkretichki Kombinat wrote:... In addition to that, the botnets would be controlled via layers of proxies, denying easy identification of source countries, and be steadily expanding into various other nations via regular malware propagation methods...
To start off, botnets are just remotely controlled machines. That is, they are nothing special. And people like to use “proxy” as a shield to say, “You will never find me!”
This is godmodding and should be avoided at all costs (if anyone do this to you, quickly call them out, politely, on it!), unless you (and your circle of roleplayers) like to do godmodding RPing — then that is fine. After all, NationStates has been and will always be an open world RP setting
What is a proxy? A proxy is just another node in a route from point A to point B. So if attacker sits at point A, proxy is at point B — and bot is at point C. And they want to attack location D in some country/nation. Let’s say, D is the nation “Grand World Order”. Well, the route would go from: A -> B -> C -> D, and even if they obfuscate point B, you (we, the fictional NationStates roleplayers) can still look up the chain.
But botnets are good at the thing they’re designed for — that is, large volumes of data transmission. So DDOS, or denial-of-service attack (i.e. something that fictional NationStates writers like to throw around as if it’s some kind of magic wand or magic spell) is easy. But the fact that they’re talking about proxies rather than something like P2P botnets — it will make you wonder: “What are they talking about?”
The second part of this sentence:
Sinkretichki Kombinat wrote:... regular malware propagation method...
Basically means social engineering. No need to make it too complicated in the hope of making clueless NationStates roleplayers (read: innocent players who can be fooled easily) confused. If there are government agencies trying to spread this sort of thing — stuxnet-like — then that’s basically grounds for war.
So what does that mean?
You have essentially declared war on the nation (you have targeted) preemptively. Like the Empire of Japan did with Pearl Harbour against the United States. But with technology.
Do not do this, unless you want your nation to be known as an international pariah. And if that is the case, then there is nothing wrong with this! (It’s actually a really good RP plot). But if you will then frame it as a “We will attack your nation secretly and there’s nothing that you can do about it” — then... don’t do this. This is very unethical and unfair behaviour, even for competitive roleplaying/storytelling.
In real life, it depends. Given the fictional “NationStates world” (i.e. the National and International Roleplaying and World Assembly’s General Assembly subforums) seems to be if not infinite, holding at least thousands of nations with perhaps trillions of devices among them, it would not be unreasonable to assume that blocking specific IPs at one point backfires or is unable to keep up.
The first part is true. The second part makes no sense to me — like, even an educated (and employed) tech person doesn’t understand what it means. Blocking specific IPs at one point backfires or is unable to keep up. Well, it’s not even wrong.
https://en.wikipedia.org/wiki/Not_even_wrong
The phrase "not even wrong" describes an argument or explanation that purports to be scientific but is based on invalid reasoning or speculative premises that can neither be proven correct nor falsified.
So, just how is information security handled?
How do breaches happen?
Invariably it’s because someone somewhere is being very very silly (i.e. an “idiot”).
From Google (the search engine): if you want to talk about true cracking, AES-256 is probably one of the more practical strong symmetric key encryption algorithms we have.
Out of the practical ones, is it the most secure? We’re not sure.
But for reference — breaking a symmetric 256-bit key by brute force requires 2,128 times more computational power than a 128-bit key. That is, 50 supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×10^51 years to exhaust the 256-bit key space.
That’s a very, very long time.
And if nations on NationStates are assumed to use one-time pads (which they should!), they are literally completely unbreakable. But we digress. For standard communication, one-time pads are not practical. So things like AES-256 is our next best thing.
And? Well... it is basically ridiculous to try to crack things.
So for now, we can’t. So as far as NationStates worldbuilding/fictional storytelling/roleplaying goes, as long as you are roleplaying as a Modern Technology nation, you’re good as far as encrypted messages go, as long as you’re not compromised or sending to the wrong target.
In NationStates Post-modern Technology setting... what if you are roleplaying as a Post-modern Technology nation?
Well... who knows?
But it is NationStates, after all.
Just make up something. “My super good encryption.... ”
And everything should be fine (i.e. nothing should happen to your nation).