From 6141d43256d86e8e8e16820fca13a1676b343476 Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Wed, 14 Jan 2026 09:46:33 +0000 Subject: [PATCH] Initialize Mission 7 design: The Architect's Gambit (branching crisis mission) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Created initial design documentation for Mission 7, the climactic branching crisis response mission where The Architect launches coordinated attacks on four simultaneous targets. Design Documentation: - README.md: Complete mission overview explaining branching structure, shared mechanics, outcomes matrix, and development strategy - mission.json: Metadata with CyBOK mappings covering crisis response, multi-vector defense, and ethical decision-making under pressure Stage 0 Initialization Documents (4 branches): Option A: Infrastructure Collapse - Target: Pacific Northwest Power Grid Control Facility - Threat: Critical Mass cell power grid attack - Stakes: 240-385 civilian deaths (immediate casualties) - Cell Leader: Marcus "Blackout" Chen - Antagonist: Former DoE engineer, believes infrastructure vulnerabilities need exposing Option B: Data Apocalypse - Target: Federal Election Security Data Center - Threat: Ghost Protocol + Social Fabric dual attack (data breach + disinformation) - Stakes: 187M voter records stolen, democratic integrity collapsed, 20-40 deaths from unrest - Cell Leaders: "Specter" (Ghost Protocol) + Rachel Morrow (Social Fabric) - Antagonist: Rachel recruitable, believes she's exposing corruption Option C: Supply Chain Infection - Target: TechForge Software Distribution Platform - Threat: Supply Chain Saboteurs backdoor injection into 47M systems - Stakes: Long-term national security catastrophe, $240-420B damage over 10 years - Cell Leader: Adrian Cross - Antagonist: Former software engineer, valid criticisms of industry security Option D: Corporate Warfare - Target: TechCore Security Operations Center (monitoring 12 Fortune 500 corporations) - Threat: Digital Vanguard + Zero Day Syndicate deploying 47 zero-days simultaneously - Stakes: $280-420B economic damage, 140K-220K job losses, 80-140 healthcare deaths - Cell Leaders: Victoria "V1per" Zhang + Marcus "Shadow" Chen - Antagonist: Victoria recruitable, anti-corporate ideology with valid points Shared Systems Across All Options: - 30-minute in-game timer (maximum pressure) - SecGen scenario: "Putting it together" (NFS shares, netcat, privilege escalation) - First direct contact with The Architect (voice/text taunts throughout) - Tomb Gamma location discovery (47.2382° N, 112.5156° W - Montana) - SAFETYNET mole evidence confirmed - The Architect's identity narrowed to 3 suspects Key Design Elements: - THE IMPOSSIBLE CHOICE: Player chooses one operation knowing others partially fail - Deterministic outcomes matrix: Based on player choice, 1 operation succeeds fully, 1 partially succeeds, 1 fails completely - Moral complexity: All choices valid, all have consequences, no "right" answer - Recruitable antagonists in 3 of 4 options (if shown ENTROPY casualty evidence) - Consequences persist to M8-10 finale Educational Objectives (CyBOK): - Security Operations & Incident Management (crisis response, triage, resource allocation) - Systems Security (multi-vector defense, coordinated threats) - Human Factors (professional judgment under pressure, ethical decision-making) - Infrastructure/Election/Supply Chain/Corporate security (option-specific) Narrative Integration: - First appearance of The Architect (philosophy revealed: "Entropy is inevitable") - Sets up M8 (The Mole investigation of SAFETYNET infiltration) - Sets up M9-10 (Tomb Gamma confrontation with The Architect) - Campaign branches based on which operations succeeded/failed Development Strategy: - Phase 1: Build shared systems (choice sequence, timer, outcomes, The Architect comms) - Phase 2: Develop individual options in parallel (4 separate scenario files) - Phase 3: Integration and cross-path testing File Structure Created: scenarios/m07_architects_gambit/ ├── README.md (design overview) ├── mission.json (metadata) ├── ink/ (dialogue scripts directory) └── planning/ ├── stage_0_option_a_infrastructure.md ├── stage_0_option_b_data.md ├── stage_0_option_c_supply_chain.md └── stage_0_option_d_corporate.md Total: 6 files, comprehensive design for most complex Season 1 mission --- scenarios/m07_architects_gambit/README.md | 206 +++++++ scenarios/m07_architects_gambit/mission.json | 95 ++++ .../stage_0_option_a_infrastructure.md | 413 ++++++++++++++ .../planning/stage_0_option_b_data.md | 461 ++++++++++++++++ .../planning/stage_0_option_c_supply_chain.md | 456 ++++++++++++++++ .../planning/stage_0_option_d_corporate.md | 507 ++++++++++++++++++ 6 files changed, 2138 insertions(+) create mode 100644 scenarios/m07_architects_gambit/README.md create mode 100644 scenarios/m07_architects_gambit/mission.json create mode 100644 scenarios/m07_architects_gambit/planning/stage_0_option_a_infrastructure.md create mode 100644 scenarios/m07_architects_gambit/planning/stage_0_option_b_data.md create mode 100644 scenarios/m07_architects_gambit/planning/stage_0_option_c_supply_chain.md create mode 100644 scenarios/m07_architects_gambit/planning/stage_0_option_d_corporate.md diff --git a/scenarios/m07_architects_gambit/README.md b/scenarios/m07_architects_gambit/README.md new file mode 100644 index 0000000..c04fff1 --- /dev/null +++ b/scenarios/m07_architects_gambit/README.md @@ -0,0 +1,206 @@ +# Mission 7: The Architect's Gambit (Part 1 of 2) + +**Type:** Crisis Defense - Branching Campaign +**Duration:** 80-100 minutes +**Tier:** 3 (Advanced) +**ENTROPY Cell:** Multiple Cells (Coordinated Attack) +**SecGen Scenario:** "Putting it together" (NFS shares, netcat, privilege escalation, multi-stage) + +## Mission Overview + +The Architect's coordinated attack launches simultaneously across four targets. Player must choose which operation to stop personally, knowing other SAFETYNET teams will handle remaining operations—but some will fail. Player's choice determines which cells are disrupted and which succeed. + +This is a **branching mission** where the player makes a critical choice at the start that determines the entire scenario they will play. All four options share common mechanics but have unique settings, NPCs, and narrative contexts. + +## Four Simultaneous Operations (Player Chooses ONE) + +### Option A: "Infrastructure Collapse" (Critical Mass Cell) +**Setting:** Power grid control facility +**Threat:** Major city blackout, high civilian casualties +**Stakes:** Immediate loss of life vs. long-term infrastructure damage +**Cell Leader:** Marcus "Blackout" Chen - Critical Mass coordinator + +### Option B: "Data Apocalypse" (Ghost Protocol + Social Fabric) +**Setting:** Data center / election systems facility +**Threat:** Massive data breach + coordinated disinformation targeting elections +**Stakes:** Democratic integrity, election manipulation, public trust collapse +**Cell Leaders:** Ghost Protocol hacker + Social Fabric narrative coordinator + +### Option C: "Supply Chain Infection" (Supply Chain Saboteurs) +**Setting:** Software distribution center +**Threat:** Nationwide software supply chain backdoor insertion +**Stakes:** Long-term espionage capability, millions of systems compromised +**Cell Leader:** Supply Chain Saboteurs operations manager + +### Option D: "Corporate Warfare" (Digital Vanguard + Zero Day Syndicate) +**Setting:** Fortune 500 corporate headquarters +**Threat:** Coordinated zero-day attacks on major companies +**Stakes:** Economic damage, market instability, corporate espionage +**Cell Leaders:** Digital Vanguard + Zero Day Syndicate coordinators + +## Shared Mechanics Across All Options + +### Core Gameplay +- **Maximum difficulty** - All previous mechanics at highest complexity +- **30-minute in-game timer** - Real-time pressure +- **Hostile NPCs** - Multiple ENTROPY operatives who will attack +- **Multi-stage puzzles** - Complex progression requiring all learned skills +- **VM integration** - SecGen "Putting it together" scenario + +### VM Challenge (Shared) +- Access distributed systems using NFS shares +- Discover attack timeline via netcat services +- Privilege escalation to access attack control systems +- Disable coordinated attack before timer expires + +### Narrative Beats (Shared) +1. **Emergency briefing** - All four attacks detected, player chooses +2. **Intense infiltration** - Race against clock at chosen target +3. **First contact with The Architect** - Voice only, taunting remotely +4. **Disable attack** - With seconds remaining +5. **Immediate debrief** - Learn outcomes of other operations + +## Branching Structure Design + +### Pre-Mission: Choice Sequence +Player is presented with crisis briefing showing all four operations: +- Agent 0x99 explains each threat +- Stakes and consequences outlined +- Player makes informed choice +- Other SAFETYNET teams deploy to remaining targets + +### During Mission: Chosen Scenario +Player experiences one complete scenario based on choice: +- Unique location, NPCs, and story context +- Shared timer mechanic (30 minutes in-game) +- Shared VM challenge structure +- The Architect taunts via audio/text communications + +### Post-Mission: Outcomes Matrix +Based on player choice and performance: +- **Player's operation:** Success or failure (performance-based) +- **Operation 1 (unchosen):** Full success (team got lucky) +- **Operation 2 (unchosen):** Partial success (mitigated, not stopped) +- **Operation 3 (unchosen):** Failure (attack succeeded) + +Which unchosen operations succeed/fail is **deterministic** based on player's choice. + +## Key NPCs + +### Shared NPCs +- **Agent 0x99 "Haxolottle"** - Command support, coordinates response, visible stress +- **The Architect** - First appearance (voice/text only), taunts player throughout +- **SAFETYNET Teams Alpha/Bravo/Charlie** - Handle unchosen operations (referenced) + +### Option-Specific NPCs +Each option has 2-3 hostile ENTROPY operatives and 1-2 cell leaders to confront. + +## LORE Opportunities + +### MAJOR Revelations +- **First direct contact with The Architect** - Philosophy revealed +- **"Entropy is inevitable; I merely accelerate"** - Core ideology +- **Tomb Gamma discovery** - The Architect's base of operations location found +- **SAFETYNET mole confirmed** - Someone leaked operation timing +- **The Architect's identity narrowed to 3 suspects** - Progress toward M9 reveal + +### Campaign Integration +- The simultaneous attacks are a **distraction** - Real objective achieved during chaos +- Mystery payload revealed in M8 +- Failed operations have consequences in M8-10 finale +- Campaign branches based on which cells disrupted vs. succeeded + +## Moral Complexity + +**THE IMPOSSIBLE CHOICE:** Which operation to stop personally? + +All choices are valid. All have consequences. No "right" answer exists. + +- **Infrastructure** = Civilian lives (immediate, visible casualties) +- **Elections** = Democratic integrity (systemic, long-term damage) +- **Supply Chain** = Future security (invisible compromise, years of espionage) +- **Corporate** = Economic stability (market crashes, job losses) + +Player must choose knowing **someone will suffer** based on their decision. + +## Educational Objectives (CyBOK) + +### All Options Teach +- **Security Operations & Incident Management (SO):** Crisis response, triage, resource allocation under pressure +- **Systems Security (SS):** Multi-vector attack defense, coordinated threat response +- **Human Factors (HF):** Professional judgment under extreme pressure, ethical decision-making + +### Option-Specific Topics +- **Option A:** Critical infrastructure protection, ICS/SCADA security +- **Option B:** Data protection, election security, disinformation defense +- **Option C:** Supply chain security, software integrity, backdoor detection +- **Option D:** Corporate security, zero-day defense, economic cybersecurity + +## Implementation Strategy + +### Phase 1: Shared Systems (Priority) +- Choice sequence briefing (pre-mission) +- Timer mechanic implementation +- The Architect communication system (audio/text taunts) +- Outcomes matrix and consequence tracking +- Post-mission debrief with variable outcomes + +### Phase 2: Individual Options (Parallel Development) +Each option can be developed independently: +- Unique scenario.json.erb file +- Option-specific NPCs and dialogues +- Unique room layouts and puzzles +- Cell-specific narrative context + +### Phase 3: Integration and Testing +- Ensure all options share VM challenge structure +- Verify timer works consistently +- Test outcome matrix for all choice combinations +- Validate LORE reveals appear in all paths + +## File Structure + +``` +scenarios/m07_architects_gambit/ +├── README.md (this file) +├── mission.json (metadata with CyBOK mappings) +├── scenario_choice.json.erb (pre-mission choice sequence) +├── scenario_option_a_infrastructure.json.erb +├── scenario_option_b_data.json.erb +├── scenario_option_c_supply_chain.json.erb +├── scenario_option_d_corporate.json.erb +├── ink/ +│ ├── m07_opening_briefing.ink (choice presentation) +│ ├── m07_phone_agent_0x99.ink (handler support, all options) +│ ├── m07_architect_taunts.ink (The Architect's communications) +│ ├── m07_closing_debrief.ink (outcomes reveal) +│ ├── m07_option_a_npcs.ink +│ ├── m07_option_b_npcs.ink +│ ├── m07_option_c_npcs.ink +│ └── m07_option_d_npcs.ink +└── planning/ + ├── stage_0_option_a.md + ├── stage_0_option_b.md + ├── stage_0_option_c.md + └── stage_0_option_d.md +``` + +## Development Notes + +**Complexity Warning:** This is the most complex mission in Season 1. It requires: +- 4 complete scenario files (essentially 4 mini-missions) +- Shared timer and consequence systems +- Branching narrative tracking +- Variable outcome matrix + +**Recommended Approach:** +1. Build shared systems first (choice, timer, outcomes) +2. Develop one complete option as template +3. Clone and modify for remaining options +4. Test all paths thoroughly + +**Technical Considerations:** +- How does game engine handle scenario selection based on player choice? +- Timer implementation needs to be robust across all scenarios +- Outcome tracking must persist to M8-10 +- The Architect's taunts should feel consistent across options diff --git a/scenarios/m07_architects_gambit/mission.json b/scenarios/m07_architects_gambit/mission.json new file mode 100644 index 0000000..b3214f5 --- /dev/null +++ b/scenarios/m07_architects_gambit/mission.json @@ -0,0 +1,95 @@ +{ + "display_name": "The Architect's Gambit", + "description": "The Architect launches coordinated attacks on four simultaneous targets. Choose which operation to stop personally, knowing other SAFETYNET teams will handle the rest—but some will fail. First direct contact with The Architect reveals their philosophy and base location.", + "difficulty_level": 3, + "secgen_scenario": "putting_it_together", + "collection": "season_1", + "branching": true, + "branches": ["option_a_infrastructure", "option_b_data", "option_c_supply_chain", "option_d_corporate"], + "estimated_duration_minutes": 90, + "cybok": [ + { + "ka": "SO", + "topic": "Security Operations & Incident Management", + "keywords": [ + "Crisis response", + "Incident triage", + "Resource allocation under pressure", + "Coordinated threat response", + "Multi-team operations", + "Time-critical decision making" + ] + }, + { + "ka": "SS", + "topic": "Systems Security", + "keywords": [ + "Multi-vector attacks", + "Coordinated defense", + "NFS share exploitation", + "Netcat services", + "Privilege escalation", + "Multi-stage attack chains" + ] + }, + { + "ka": "HF", + "topic": "Human Factors", + "keywords": [ + "Professional judgment under pressure", + "Ethical decision making", + "Impossible choices", + "Moral complexity in security", + "Consequence evaluation", + "Leadership in crisis" + ] + }, + { + "ka": "NS", + "topic": "Network Security", + "keywords": [ + "Network file systems (NFS)", + "Service enumeration", + "Distributed systems access", + "Attack timeline discovery" + ] + }, + { + "ka": "MAA", + "topic": "Malware & Attack Technologies", + "keywords": [ + "Coordinated attacks", + "Multi-cell operations", + "Attack synchronization", + "Strategic targeting" + ] + }, + { + "ka": "ISM", + "topic": "Infrastructure Security & Management", + "keywords": [ + "Critical infrastructure protection (Option A)", + "ICS/SCADA security (Option A)", + "Power grid security (Option A)", + "Data center security (Option B)", + "Election security (Option B)", + "Supply chain security (Option C)", + "Software integrity (Option C)", + "Corporate security (Option D)", + "Enterprise defense (Option D)" + ] + } + ], + "prerequisites": ["m06_follow_the_money"], + "unlocks": ["m08_the_mole"], + "campaign_critical": true, + "narrative_weight": "high", + "consequences_persist": true, + "lore_reveals": [ + "First direct contact with The Architect", + "The Architect's philosophy: 'Entropy is inevitable; I merely accelerate'", + "Tomb Gamma location discovered", + "SAFETYNET mole confirmed", + "The Architect's identity narrowed to 3 suspects" + ] +} diff --git a/scenarios/m07_architects_gambit/planning/stage_0_option_a_infrastructure.md b/scenarios/m07_architects_gambit/planning/stage_0_option_a_infrastructure.md new file mode 100644 index 0000000..0193ba7 --- /dev/null +++ b/scenarios/m07_architects_gambit/planning/stage_0_option_a_infrastructure.md @@ -0,0 +1,413 @@ +# Mission 7: "The Architect's Gambit" - Stage 0: Option A (Infrastructure Collapse) + +**Mission ID:** m07_architects_gambit +**Branch:** Option A - Infrastructure Collapse +**Stage:** 0 - Initialization +**Version:** 1.0 +**Date:** 2026-01-10 + +--- + +## Mission Overview + +**Title:** "The Architect's Gambit - Infrastructure Collapse" +**Duration:** 80-100 minutes +**Target Tier:** 3 (Advanced) +**Mission Type:** Crisis Defense - Time Limited +**Focus:** Power grid security, ICS/SCADA systems, civilian casualty prevention + +**CRITICAL CONTEXT:** This is ONE of FOUR simultaneous operations. Player chooses this option knowing the other three attacks will be handled by SAFETYNET teams—with mixed success. + +--- + +## The Specific ENTROPY Threat + +### Target: Pacific Northwest Regional Power Grid Control Facility + +**Facility Profile:** +- Coordinates power distribution for 8.4 million residents +- Controls 147 substations across Washington, Oregon, Northern California +- Automated grid balancing via SCADA systems +- Backup generators for 72-hour operation during crisis +- Security: Federal Energy Regulatory Commission (FERC) compliance + +**What They Do:** +The facility manages real-time power distribution, preventing blackouts through automated load balancing. If compromised, attackers can cascade failures causing widespread outages. + +### The Attack: "Operation Blackout" + +**SPECIFIC ATTACK BEING EXECUTED:** + +**Phase 1: Initial Intrusion (Completed - Before Player Arrives)** +- Critical Mass cell operative Marcus "Blackout" Chen infiltrated as maintenance contractor 6 months ago +- Installed backdoors in SCADA control systems during "routine maintenance" +- Backdoors allow remote manipulation of circuit breakers and transformers +- Physical access credentials still valid (inside help from compromised employee) + +**Phase 2: Grid Destabilization (In Progress - 30 Minutes Remaining)** +- Automated script will trigger cascade failure at T-minus 30 minutes +- Sequence: + 1. Open critical circuit breakers in Seattle metro area (instant blackout) + 2. Redirect excess load to Portland substations (overload transformers) + 3. Trigger safety shutdowns across Oregon (expanding blackout) + 4. Northern California substations fail from load imbalance (total regional blackout) +- Timer is hardcoded and cannot be stopped remotely—requires physical access to control systems + +**Phase 3: Maximum Damage (Automated - If Not Stopped)** +- Cascading failures propagate to neighboring grids +- 8.4 million people without power +- Duration: 4-7 days (transformer replacements required) +- Hospitals on backup power for 72 hours max +- Water treatment facilities fail after 48 hours +- Winter conditions: Freezing temperatures, deaths from exposure + +**Specific Consequences if Critical Mass Succeeds:** + +1. **Immediate Civilian Casualties** + - Hospitals: 120-180 deaths (life support failures, delayed emergency response) + - Traffic: 40-65 deaths (signal failures, accidents in darkness) + - Exposure: 80-140 deaths (hypothermia, elderly/vulnerable populations) + - Total projected: **240-385 deaths** in first 72 hours + +2. **Infrastructure Damage** + - 23 major transformers destroyed (overload burnout) + - $2.4 billion in equipment replacement costs + - 4-7 day restoration timeline + - Economic damage: $18 billion (business losses, supply chain disruption) + +3. **Secondary Crises** + - Water treatment plant failures → contaminated water supply + - Hospital evacuations during power outage + - Looting and civil unrest in darkened cities + - Emergency services overwhelmed + +4. **ENTROPY Strategic Win** + - Proof that critical infrastructure is vulnerable + - Undermines public trust in power grid security + - Demonstrates coordinated attack capability + - Recruitment surge for Critical Mass cell + +--- + +## The Setting: Pacific Northwest Grid Control Facility + +### Location +- Industrial park outside Portland, Oregon +- 3-story concrete building with reinforced server rooms +- High-security perimeter (fencing, cameras, guards) +- Underground cable vault connects to regional substations + +### Security Measures +- Badge access (RFID) for all zones +- Biometric scanners (fingerprint) for SCADA control room +- Security guards: 6 on duty (2 compromised by Critical Mass) +- Surveillance: 42 cameras (feeds monitored, but operatives know blind spots) +- Visitor logs: All access tracked + +### Critical Locations (Rooms) + +1. **Reception / Security Checkpoint** + - Starting point after emergency breach + - Security guards (1 hostile, 1 innocent) + - Badge printer and temporary credentials + +2. **Operations Floor** + - 12 workstations monitoring grid status + - Real-time displays showing regional power flow + - Legitimate employees working (evacuate without panic) + +3. **Server Room** + - SCADA control systems + - Network infrastructure + - VM access point for exploitation challenges + +4. **SCADA Control Room (PRIMARY TARGET)** + - Master control terminals + - Physical override systems + - Timer display showing countdown (visual pressure) + - Marcus "Blackout" Chen location (final confrontation) + +5. **Backup Generator Room** + - Facility's own power backup + - Can be sabotaged to complicate player's efforts + - Contains emergency shutdown systems + +6. **Underground Cable Vault** + - Physical connection to substations + - Secondary access point for operatives + - Evidence of how backdoors were installed + +--- + +## The Antagonist: Marcus "Blackout" Chen + +**Profile:** +- Age: 38 +- Role: Critical Mass cell coordinator, electrical engineering expert +- Background: Former DoE engineer, radicalized after government ignored his warnings about grid vulnerabilities +- Motivation: "If the system won't fix itself, I'll force the collapse that makes them pay attention" +- Personality: Coldly rational, believes casualties are "necessary lessons" + +**Combat Capability:** +- Not physically aggressive (will flee if confronted) +- Has 3 other Critical Mass operatives as backup +- Will trigger manual overrides if player gets close +- Final standoff: Threatens to advance timer if player doesn't let him escape + +**Moral Complexity:** +- Chen genuinely believes infrastructure vulnerabilities need exposing +- His methods are extreme, but his technical warnings were valid +- Government DID ignore his security reports years ago +- He's willing to kill hundreds to prove his point + +--- + +## VM Challenge Integration: "Putting It Together" + +**SecGen Scenario:** NFS shares, netcat, privilege escalation, multi-stage + +**Challenge Flow:** + +1. **NFS Share Discovery** + - SCADA backup server has misconfigured NFS exports + - Player mounts remote filesystem containing attack scripts + - Find attack timeline and timer configuration + +2. **Netcat Service Exploitation** + - Operatives communicate via netcat backdoor services + - Enumerate services to find command & control channel + - Intercept messages revealing override codes + +3. **Privilege Escalation** + - SCADA control requires root access + - Exploit sudo misconfigurations or SUID binaries + - Gain access to disable attack scripts + +4. **Multi-Stage Attack Neutralization** + - Stage 1: Identify active attack processes + - Stage 2: Extract deactivation codes from stolen NFS files + - Stage 3: Terminate attack scripts before timer expires + - Stage 4: Lock out remote access to prevent restart + +**Flags to Submit:** +- Flag 1: NFS mount success + timeline discovery +- Flag 2: Netcat service exploitation + C2 channel access +- Flag 3: Privilege escalation + root access achieved +- Flag 4: Attack neutralized + grid secured + +--- + +## The Architect's Presence + +**Communication Method:** Audio intercoms throughout facility + +**Taunt Progression:** + +**T-minus 30 minutes:** +"Agent 0x00. I've been watching your career with interest. Let's see if you're as capable as your reputation suggests." + +**T-minus 20 minutes:** +"You chose infrastructure. Pragmatic. But tell me—do you know what's happening at the other three targets right now?" + +**T-minus 10 minutes:** +"The beauty of entropy is its inevitability. Even if you stop this, something else fails. Someone else dies. You can't win." + +**T-minus 5 minutes:** +"Marcus believes in his cause. Do you believe in yours enough to sacrifice innocents elsewhere?" + +**T-minus 1 minute:** +"Impressive. But this was never about the power grid. Enjoy your pyrrhic victory, Agent." + +**After Success:** +"You saved 8.4 million people. Meanwhile, how many died at targets you didn't choose? Was it worth it?" + +--- + +## Success vs. Failure Outcomes + +### If Player Succeeds (Disables Attack) +- Power grid remains operational +- Zero civilian casualties from blackout +- Marcus Chen arrested or killed (player choice) +- Critical Mass cell disrupted +- Intelligence recovered: Tomb Gamma location +- ENTROPY mole evidence discovered + +### If Player Fails (Timer Expires) +- Cascading blackout across Pacific Northwest +- 240-385 deaths over 72 hours +- $18 billion economic damage +- 4-7 day restoration timeline +- Critical Mass achieves strategic victory +- Public trust in infrastructure collapses +- M8-10 consequences: Harder difficulty, demoralized SAFETYNET + +### Other Operations (Unchosen - Deterministic) +Based on player choosing Option A: +- **Operation B (Data Apocalypse):** Partial success (data breach mitigated, disinformation campaign succeeds) +- **Operation C (Supply Chain):** Full success (SAFETYNET Team Alpha stops it) +- **Operation D (Corporate):** Failure (Zero-day attacks succeed, economic damage) + +--- + +## Key NPCs + +### Hostile NPCs (Critical Mass Operatives) + +1. **Marcus "Blackout" Chen** (Cell Leader) + - Location: SCADA Control Room + - Armed: Pistol (will shoot if cornered) + - Dialogue: Philosophical justifications, technical expertise + - Arrest vs. Kill vs. Recruit (unlikely) choice + +2. **Elena Rodriguez** (Electrical Engineer) + - Location: Server Room + - Role: Maintains backdoors, technical support + - Non-violent: Will flee if confronted + - Can be convinced to help player (if shown evidence of casualties) + +3. **Jake Morrison** (Security Guard - Compromised) + - Location: Security Checkpoint + - Armed: Pistol, taser + - Aggressive: Will attack player on sight + - Knows facility layout, will radio Marcus if player advances + +4. **Thomas Park** (Maintenance Tech) + - Location: Underground Cable Vault + - Role: Physical sabotage specialist + - Armed: Tools (crowbar, wire cutters) + - Attempts to cut backup power if player gets close + +### Innocent NPCs (Facility Staff) + +1. **Sarah Chen** (Operations Manager) + - Knows Marcus is an infiltrator (suspected but no proof) + - Can provide facility layout and access codes + - Wants minimal casualties, will cooperate with player + +2. **David Kim** (SCADA Technician) + - Technical expert on control systems + - Can guide player through VM challenges if asked + - Scared, wants to evacuate + +3. **Rebecca Torres** (Security Guard - Innocent) + - Unaware of Jake Morrison's betrayal + - Will help player if shown SAFETYNET credentials + - Can disable some cameras to help infiltration + +--- + +## Objectives System + +### Aim 1: Emergency Breach & Facility Access +- Task: Breach facility security (SAFETYNET authority override) +- Task: Neutralize hostile security guard (Jake Morrison) +- Task: Secure temporary credentials +- Task: Evacuate innocent staff without panic + +### Aim 2: Locate Attack Control Systems +- Task: Access operations floor and identify attack indicators +- Task: Talk to Sarah Chen (facility manager) for intel +- Task: Locate server room via facility map +- Task: Identify SCADA control room as primary target + +### Aim 3: VM Exploitation & Intelligence +- Task: Access SCADA backup server in server room +- Task: Complete VM challenge (NFS, netcat, privesc) +- Task: Extract attack timeline and deactivation codes +- Task: Submit all 4 flags to SAFETYNET intelligence + +### Aim 4: Neutralize Attack & Operatives +- Task: Reach SCADA control room before timer expires +- Task: Confront Marcus "Blackout" Chen +- Task: Disable attack scripts using extracted codes +- Task: Secure facility and arrest/neutralize operatives + +### Aim 5: Intelligence Recovery & Debrief +- Task: Search Marcus's workstation for ENTROPY communications +- Task: Discover Tomb Gamma location coordinates +- Task: Find evidence of SAFETYNET mole (leaked operation timing) +- Task: Emergency debrief with Agent 0x99 + +--- + +## Timer Mechanic Implementation + +**Duration:** 30 minutes in-game time (may be faster or slower than real-time) + +**Visual Indicators:** +- Countdown timer displayed on all SCADA terminals +- Red warning lights activate at T-minus 10 minutes +- Audio alarms at T-minus 5 minutes +- Player phone shows timer overlay (persistent reminder) + +**Pressure Escalation:** +- T-minus 20 min: The Architect begins taunting +- T-minus 15 min: Marcus orders hostile operatives to slow player +- T-minus 10 min: Elena attempts to flee (can be stopped for help) +- T-minus 5 min: Thomas sabotages backup power (optional complication) +- T-minus 1 min: Final confrontation with Marcus in SCADA control room + +**Failure State:** +If timer reaches zero before player disables attack: +- Cutscene: Power grid map showing cascading failures +- Marcus escape or arrest (depending on player's position) +- Immediate transition to failure debrief (grim consequences revealed) + +--- + +## LORE Reveals (Option A) + +### Tome Gamma Location +Marcus's terminal contains encrypted coordinates: +- **Location:** Abandoned Cold War bunker, Montana wilderness +- **Coordinates:** 47.2382° N, 112.5156° W +- **Description:** "Tomb Gamma - The Architect's workshop. Where entropy is refined." + +### SAFETYNET Mole Evidence +Email intercept on compromised server: +- **From:** [REDACTED]@safetynet.gov +- **To:** architect@entropy.onion +- **Subject:** Operation timing confirmed +- **Body:** "All four targets breached simultaneously. 0x00 deployed to [player's choice]. Others handled by Teams Alpha/Bravo/Charlie. Window: 30 minutes." + +### The Architect's Philosophy +Audio taunt transcript: +- "Entropy is inevitable. Systems decay. Civilizations collapse. I merely accelerate the process." +- "Your infrastructure is a lie built on crumbling foundations. I'm teaching humanity the truth." +- "Every death tonight is a lesson. Will they finally learn?" + +### The Architect Identity Clue +Marcus's notes reference "The Professor" - someone with deep knowledge of: +- Government security protocols +- SAFETYNET operational procedures +- Multi-cell coordination techniques +- Suggests The Architect has intelligence background + +--- + +## Development Notes + +**Priority Implementation:** +1. Timer mechanic (absolutely critical for pressure) +2. SCADA control room confrontation scene +3. Marcus Chen dialogue (philosophical villain, not cartoonish) +4. VM challenge integration (must feel urgent under time pressure) + +**Technical Challenges:** +- Timer must persist across room transitions +- Player must feel genuine pressure without being unfair +- Balance combat encounters (player should avoid fights, not seek them) +- Ensure VM challenges are solvable under stress + +**Playtesting Focus:** +- Is 30 minutes enough time? Too much? +- Does timer create excitement or frustration? +- Are hostile NPCs challenging but fair? +- Does The Architect's presence enhance or distract? + +**Narrative Consistency:** +- Marcus's motivations must feel genuine, not evil for evil's sake +- Infrastructure vulnerabilities are REAL (player should feel conflicted) +- Civilian casualty numbers must feel weighty, not abstract +- The Architect should feel like mastermind, not cartoon villain diff --git a/scenarios/m07_architects_gambit/planning/stage_0_option_b_data.md b/scenarios/m07_architects_gambit/planning/stage_0_option_b_data.md new file mode 100644 index 0000000..47c1e79 --- /dev/null +++ b/scenarios/m07_architects_gambit/planning/stage_0_option_b_data.md @@ -0,0 +1,461 @@ +# Mission 7: "The Architect's Gambit" - Stage 0: Option B (Data Apocalypse) + +**Mission ID:** m07_architects_gambit +**Branch:** Option B - Data Apocalypse +**Stage:** 0 - Initialization +**Version:** 1.0 +**Date:** 2026-01-10 + +--- + +## Mission Overview + +**Title:** "The Architect's Gambit - Data Apocalypse" +**Duration:** 80-100 minutes +**Target Tier:** 3 (Advanced) +**Mission Type:** Crisis Defense - Time Limited +**Focus:** Data protection, election security, disinformation defense + +**CRITICAL CONTEXT:** This is ONE of FOUR simultaneous operations. Player chooses this option knowing the other three attacks will be handled by SAFETYNET teams—with mixed success. + +--- + +## The Specific ENTROPY Threat + +### Target: National Voter Registration Database & State Election Systems + +**Facility Profile:** +- Federal election infrastructure data center +- Houses voter registration data for 43 states (187 million registered voters) +- Coordinates state election security +- Real-time connection to state Secretary of State offices +- Social Fabric content distribution server co-located + +**What They Do:** +Maintains secure voter registration database, provides API access for state election systems, coordinates cybersecurity for election infrastructure. + +### The Attack: "Operation Fracture" + +**SPECIFIC ATTACK BEING EXECUTED:** + +**Component 1: Massive Data Breach (Ghost Protocol)** + +**Phase 1: Exfiltration (In Progress - 30 Minutes Until Complete)** +- Ghost Protocol operatives infiltrated facility as IT contractors +- Planted backdoors in voter database servers +- Exfiltrating complete voter registration records: + - 187 million names, addresses, Social Security numbers + - Voting history (which elections voted in) + - Party affiliations, demographic data + - Email addresses and phone numbers +- Data will be sold to nation-states and used for: + - Targeted identity theft + - Voter suppression campaigns + - Foreign intelligence operations + +**Component 2: Coordinated Disinformation Campaign (Social Fabric)** + +**Phase 2: Narrative Deployment (Launches at T-minus 0)** +- Social Fabric has pre-positioned disinformation narratives +- Automated systems will deploy simultaneously with data breach: + - Fake election fraud "evidence" generated from stolen data + - Deepfake videos of election officials confessing to rigging + - Coordinated social media campaigns claiming database compromise proves fraud + - Bot networks amplifying "stolen election" narratives across platforms +- Timing synchronized: Breach + narratives = maximum credibility + +**Phase 3: Democratic Collapse (If Not Stopped)** +- Public discovers voter database breached +- Disinformation campaigns exploit breach to claim elections are rigged +- Faith in democratic process collapses +- Violent protests, potential civil unrest +- Foreign adversaries exploit chaos +- Elections postponed or results disputed indefinitely + +**Specific Consequences if Ghost Protocol + Social Fabric Succeed:** + +1. **Immediate Data Breach Impact** + - 187 million Americans' personal data exposed + - Identity theft wave: Estimated 4-8 million victims over 5 years + - Cost to individuals: $12-24 billion in fraud losses + - National security threat: Foreign intelligence exploitation + +2. **Disinformation Campaign Impact** + - Election integrity permanently questioned + - 40-60% of population believes elections are rigged (polling data) + - Violent protests in 20+ major cities + - Deaths from civil unrest: 20-40 projected in first week + - Long-term: Democratic institutions delegitimized + +3. **Systemic Damage** + - Elections delayed/postponed in multiple states + - Constitutional crisis: Disputed election results + - International credibility destroyed + - Authoritarian regimes use US chaos as justification for own actions + +4. **ENTROPY Strategic Win** + - Proof that democratic systems can be destabilized + - Ghost Protocol establishes reputation for major breaches + - Social Fabric proves disinformation effectiveness + - The Architect demonstrates coordination capability + +--- + +## The Setting: Federal Election Security Data Center + +### Location +- Secure facility outside Washington D.C. +- 4-story reinforced building with Faraday cage construction +- High-security perimeter (military-grade) +- Underground server vaults + +### Security Measures +- Three-factor authentication (badge + biometric + PIN) +- Armed security guards (DHS Protective Service) +- Air-gapped critical systems (supposedly...) +- Surveillance: 84 cameras, motion sensors +- Visitor logs: All access tracked and audited + +### Critical Locations (Rooms) + +1. **Security Vestibule** + - Entry point after emergency breach + - Armed guards (2 hostile Ghost Protocol, 1 innocent) + - Security console with camera access + +2. **Operations Center** + - Real-time election security monitoring + - 20 analysts watching state systems + - Incident response coordination + - Evidence of ongoing breach visible on displays + +3. **Voter Database Server Vault** + - Physical servers housing voter data + - Exfiltration in progress (visible network activity) + - VM access point for exploitation challenges + - Ghost Protocol operative maintaining backdoor + +4. **Social Fabric Content Server Room (PRIMARY TARGET 1)** + - Disinformation campaign staging servers + - Pre-loaded narratives ready to deploy + - Countdown timer showing deployment schedule + - Must be disabled before launch + +5. **Network Operations Center (PRIMARY TARGET 2)** + - Central control for all systems + - Can disable exfiltration and narrative deployment + - Ghost Protocol + Social Fabric coordinators present + - Final confrontation location + +6. **Evidence Storage** + - Physical records of election security incidents + - Contains proof of previous ENTROPY interference attempts + - Intelligence about The Architect's planning + +--- + +## The Antagonists: Dual Cell Coordination + +### Ghost Protocol Leader: "Specter" (Real Name Unknown) + +**Profile:** +- Age: Unknown (voice disguised, wears mask) +- Role: Elite Ghost Protocol hacker, data breach specialist +- Background: Suspected former NSA operative (knows classified techniques) +- Motivation: "Governments surveil citizens constantly. We're just evening the score." +- Personality: Cold, professional, views breaches as artistry + +**Combat Capability:** +- Avoids physical confrontation +- Has remote kill switches for servers (will destroy evidence if cornered) +- Excellent at misdirection and escape +- Will sacrifice Social Fabric operatives to escape + +### Social Fabric Coordinator: Rachel Morrow + +**Profile:** +- Age: 34 +- Role: Narrative weaponization specialist, disinformation architect +- Background: Former political consultant, radicalized after election loss she blamed on "establishment corruption" +- Motivation: "The system is rigged. We're just making people see the truth they've been blind to." +- Personality: Charismatic, genuinely believes disinformation is "truth-telling" + +**Combat Capability:** +- Not physically aggressive +- Will use hostages (facility staff) to negotiate +- Attempts to convince player her narratives are justified +- Recruitable (if player shows evidence of ENTROPY's real casualties) + +**Moral Complexity:** +- Rachel believes election systems ARE vulnerable (she's technically correct) +- Her disinformation exploits real security concerns +- She doesn't realize The Architect is using her for chaos, not reform +- Can be turned against ENTROPY if shown The Architect's true plan + +--- + +## VM Challenge Integration: "Putting It Together" + +**SecGen Scenario:** NFS shares, netcat, privilege escalation, multi-stage + +**Challenge Flow:** + +1. **NFS Share Discovery** + - Backup server has exposed NFS shares with attack staging files + - Player mounts filesystem to find: + - Exfiltration progress logs + - Disinformation narrative templates + - Attack timeline and trigger conditions + +2. **Netcat Service Exploitation** + - Ghost Protocol uses netcat for command & control + - Enumerate services to find C2 channel + - Intercept commands showing kill codes for exfiltration + +3. **Privilege Escalation** + - Server security requires root access to disable attacks + - Exploit sudo misconfigurations + - Gain access to terminate exfiltration and narrative deployment + +4. **Multi-Stage Attack Neutralization** + - Stage 1: Identify active exfiltration processes + - Stage 2: Extract shutdown codes from NFS shares + - Stage 3: Disable exfiltration before data transfer completes + - Stage 4: Wipe pre-loaded disinformation before deployment + +**Flags to Submit:** +- Flag 1: NFS mount + attack timeline discovery +- Flag 2: Netcat C2 access + exfiltration logs +- Flag 3: Privilege escalation + root access +- Flag 4: Both attacks neutralized + systems secured + +--- + +## The Architect's Presence + +**Communication Method:** Text messages to facility displays + player phone + +**Taunt Progression:** + +**T-minus 30 minutes:** +"Democracy is an illusion built on public faith. Watch how quickly that faith shatters." + +**T-minus 20 minutes:** +"Agent 0x00. You chose to protect data. Noble. But data isn't alive. People at the other targets are." + +**T-minus 10 minutes:** +"Rachel believes she's exposing corruption. Specter believes in information freedom. They're both tools. As are you." + +**T-minus 5 minutes:** +"You can stop the breach OR the disinformation. Not both. Choose which lie to preserve." + +**T-minus 1 minute:** +"Even if you succeed here, the narratives will persist. Truth is dead. I killed it." + +**After Success:** +"Congratulations. You saved an election. Meanwhile, what happened at targets you didn't choose?" + +--- + +## Success vs. Failure Outcomes + +### If Player Succeeds (Disables Both Attacks) +- Voter data breach prevented (87% of data never exfiltrated) +- Disinformation campaign wiped before deployment +- Rachel Morrow arrested or recruited +- Specter escapes (Ghost Protocol standard) +- Election security maintained +- Intelligence recovered: Tomb Gamma location + +### If Player Partially Succeeds (Common) +- **Breach Stopped, Disinformation Succeeds:** Data secure, but narratives deploy. Public trust damaged but no identity theft wave. +- **Disinformation Stopped, Breach Succeeds:** 187M records stolen. Election secure but citizens' data compromised for years. + +### If Player Fails (Both Attacks Succeed) +- Complete voter database exfiltrated +- Disinformation campaign launches nationwide +- 20-40 deaths from civil unrest in first week +- Elections disputed, potential constitutional crisis +- 4-8 million identity theft victims over 5 years +- Democratic institutions permanently delegitimized + +### Other Operations (Unchosen - Deterministic) +Based on player choosing Option B: +- **Operation A (Infrastructure):** Failure (Power grid blackout, 240-385 deaths) +- **Operation C (Supply Chain):** Partial success (Some backdoors prevented, others succeed) +- **Operation D (Corporate):** Full success (SAFETYNET Team Charlie stops it) + +--- + +## Key NPCs + +### Hostile NPCs (ENTROPY Operatives) + +1. **"Specter"** (Ghost Protocol Leader) + - Location: Voter Database Server Vault + - Combat: Avoids engagement, plants false trails + - Dialogue: Professional, detached, views breaches as art + - Always escapes (Ghost Protocol protocol) + +2. **Rachel Morrow** (Social Fabric Coordinator) + - Location: Network Operations Center + - Combat: Non-violent, uses hostages + - Dialogue: Passionate, believes her narratives are truth + - Arrest vs. Recruit choice (recruitable if shown casualties) + +3. **Marcus Webb** (Ghost Protocol Hacker) + - Location: Social Fabric Content Server Room + - Role: Maintains disinformation deployment systems + - Combat: Will shoot if cornered + - Technical expert, can guide player if convinced + +4. **Sarah Kim** (Social Fabric Narrative Specialist) + - Location: Operations Center + - Role: Monitors narrative deployment, writes content + - Combat: Non-violent, genuinely believes she's exposing truth + - Emotionally vulnerable to evidence of ENTROPY casualties + +### Innocent NPCs (Facility Staff) + +1. **Director James Patterson** (Facility Director) + - Knows about breach, overwhelmed by dual attack + - Can provide facility access and technical guidance + - Wants to minimize damage to democracy + +2. **Dr. Lisa Chen** (Election Security Analyst) + - Technical expert on voter database systems + - Can guide player through VM challenges + - Discovered the breach 15 minutes ago, reported to SAFETYNET + +3. **Agent Maria Rodriguez** (DHS Security) + - Innocent security guard, unaware of infiltrators + - Will help player if shown SAFETYNET credentials + - Wants to evacuate staff safely + +--- + +## Objectives System + +### Aim 1: Emergency Response & Facility Breach +- Task: Breach facility security (SAFETYNET emergency authority) +- Task: Identify hostile vs. innocent security personnel +- Task: Secure access to operations center +- Task: Assess dual attack (breach + disinformation) + +### Aim 2: Prioritize Threats (Player Choice) +- Task: Evaluate exfiltration progress (87% complete) +- Task: Evaluate disinformation deployment timeline (T-minus 30) +- Task: Choose priority: Stop breach first OR stop disinformation first +- Task: Acknowledge trade-off (may not stop both) + +### Aim 3: VM Exploitation & Intelligence +- Task: Access backup server in voter database vault +- Task: Complete VM challenge (NFS, netcat, privesc) +- Task: Extract shutdown codes for both attacks +- Task: Submit all 4 flags + +### Aim 4: Neutralize Primary Threat +- Task: Reach chosen priority target location +- Task: Confront ENTROPY coordinators +- Task: Disable primary attack using extracted codes +- Task: Secure systems to prevent restart + +### Aim 5: Neutralize Secondary Threat (If Time Remains) +- Task: Rush to secondary target location +- Task: Attempt to disable second attack +- Task: Confront remaining operatives +- Task: Accept outcome (may run out of time) + +### Aim 6: Intelligence Recovery & Debrief +- Task: Search operations center for ENTROPY communications +- Task: Discover Tomb Gamma coordinates +- Task: Find evidence of SAFETYNET mole +- Task: Emergency debrief with Agent 0x99 + +--- + +## Timer Mechanic Implementation + +**Duration:** 30 minutes in-game time (dual-pressure: exfiltration % + deployment countdown) + +**Visual Indicators:** +- Exfiltration progress bar (starts at 87%, player must stop before 100%) +- Disinformation deployment countdown (T-minus 30 to 0) +- Dual timers create difficult prioritization choice +- Player phone shows both timers (constant pressure) + +**Pressure Escalation:** +- T-minus 25 min: Director Patterson briefs player on dual threat +- T-minus 20 min: Player must choose priority (affects difficulty) +- T-minus 15 min: The Architect begins taunting +- T-minus 10 min: Hostile operatives attempt to slow player +- T-minus 5 min: Rachel takes hostages (if still active) +- T-minus 1 min: Final confrontation in network operations center + +**Failure States:** +- **Exfiltration reaches 100%:** Data breach complete, 187M records stolen +- **Deployment countdown reaches 0:** Disinformation campaign launches nationwide +- **Both fail:** Complete failure, maximum consequences + +--- + +## LORE Reveals (Option B) + +### Tomb Gamma Location +Specter's encrypted communication: +- **Location:** Abandoned Cold War bunker, Montana wilderness +- **Coordinates:** 47.2382° N, 112.5156° W +- **Message:** "All operations report to Tomb Gamma if compromised. The Professor will extract." + +### SAFETYNET Mole Evidence +Intercepted message on compromised server: +- **From:** [REDACTED]@safetynet.gov +- **To:** architect@entropy.onion +- **Subject:** Target assignments confirmed +- **Body:** "0x00 deployed to election security. Teams Alpha/Bravo/Charlie handle infrastructure/supply chain/corporate. Proceed with Operation Fracture." + +### The Architect's Philosophy +Displayed message: +- "Democracy requires public faith. Faith requires truth. Truth is dead. I killed it. Now I orchestrate the autopsy." +- "Your elections are theater. I'm simply revealing the strings." + +### Rachel's Recruitment Opportunity (If Shown Evidence) +If player shows Rachel evidence of ENTROPY casualty projections: +- "Wait... The Architect told us this was about exposing corruption. Not killing people." +- "How many have died? How many will die tonight?" +- "I thought we were freedom fighters. We're... we're terrorists." +- *Recruitment success: Rachel provides intelligence on Social Fabric cells nationwide* + +--- + +## Development Notes + +**Priority Implementation:** +1. Dual timer system (exfiltration progress + deployment countdown) +2. Prioritization choice mechanic (player chooses which threat to stop first) +3. Rachel Morrow recruitment path (morally complex, valuable asset) +4. Disinformation content (make it feel realistic, not cartoonish) + +**Technical Challenges:** +- Two simultaneous timers with different visual representations +- Player must feel genuine choice between two bad outcomes +- Balance difficulty so stopping BOTH is possible but very hard +- Ensure failure states feel weighty but not punishing + +**Playtesting Focus:** +- Is dual-timer too stressful or appropriately tense? +- Does prioritization choice feel meaningful? +- Is Rachel's recruitment arc emotionally satisfying? +- Do disinformation narratives feel realistic? + +**Narrative Consistency:** +- Disinformation content must feel plausible (real election security concerns) +- Rachel's motivations must be sympathetic (not cartoonish villain) +- Data breach consequences must feel personal (not abstract numbers) +- The Architect should feel like puppet master, not direct participant + +**Educational Value:** +- Teach real election security challenges +- Show how disinformation exploits real concerns +- Demonstrate data breach consequences +- Explore ethics of prioritizing digital vs. physical threats diff --git a/scenarios/m07_architects_gambit/planning/stage_0_option_c_supply_chain.md b/scenarios/m07_architects_gambit/planning/stage_0_option_c_supply_chain.md new file mode 100644 index 0000000..e50ee94 --- /dev/null +++ b/scenarios/m07_architects_gambit/planning/stage_0_option_c_supply_chain.md @@ -0,0 +1,456 @@ +# Mission 7: "The Architect's Gambit" - Stage 0: Option C (Supply Chain Infection) + +**Mission ID:** m07_architects_gambit +**Branch:** Option C - Supply Chain Infection +**Stage:** 0 - Initialization +**Version:** 1.0 +**Date:** 2026-01-10 + +--- + +## Mission Overview + +**Title:** "The Architect's Gambit - Supply Chain Infection" +**Duration:** 80-100 minutes +**Target Tier:** 3 (Advanced) +**Mission Type:** Crisis Defense - Time Limited +**Focus:** Supply chain security, software integrity, backdoor detection + +**CRITICAL CONTEXT:** This is ONE of FOUR simultaneous operations. Player chooses this option knowing the other three attacks will be handled by SAFETYNET teams—with mixed success. + +--- + +## The Specific ENTROPY Threat + +### Target: TechForge Software Distribution Platform + +**Company Profile:** +- Leading software update distribution network +- Serves 2,400+ enterprise software vendors +- Distributes updates to 47 million systems nationwide +- Automated signing and deployment infrastructure +- Trusted by Fortune 500, government agencies, healthcare + +**What They Do:** +TechForge is the "CDN for software updates"—vendors upload patches, TechForge signs and distributes to end-users via automated channels. If compromised, attackers can inject malicious code into legitimate software updates. + +### The Attack: "Operation Trojan Horse" + +**SPECIFIC ATTACK BEING EXECUTED:** + +**Phase 1: Infrastructure Infiltration (Completed - Before Player Arrives)** +- Supply Chain Saboteurs infiltrated TechForge 4 months ago +- Compromised code signing infrastructure +- Planted backdoors in update verification systems +- Obtained private signing keys for 840 software vendors + +**Phase 2: Backdoor Injection (In Progress - 30 Minutes Until Deployment)** +- Automated system will inject backdoors into software updates for: + - Enterprise security software (antivirus, firewalls, EDR) + - Operating system patches (Windows, macOS, Linux) + - Financial software (banking, trading platforms) + - Healthcare systems (patient record management) + - Government software (used by federal agencies) +- Backdoors are polymorphic (different for each vendor to avoid detection) +- Once deployed, ENTROPY gains persistent access to 47 million systems + +**Phase 3: Long-Term Espionage (If Not Stopped)** +- Backdoors remain dormant for 90 days (avoid immediate detection) +- Then activate gradually: + - Exfiltrate sensitive data (trade secrets, financial records, PII) + - Enable remote access for future attacks + - Create persistent presence on national infrastructure +- ENTROPY can sell access to nation-states: China, Russia, Iran, North Korea +- Estimated value: $800M-$1.2B over 5 years + +**Specific Consequences if Supply Chain Saboteurs Succeed:** + +1. **Immediate Infrastructure Compromise** + - 47 million systems infected with backdoors + - Includes: 18,000 hospitals, 12,000 financial institutions, 4,200 government agencies + - Backdoors undetectable for 90+ days (stealth design) + - Once discovered, cleaning requires rebuilding from scratch + +2. **Long-Term National Security Threat** + - Foreign adversaries gain access to US government systems + - Military communications compromised + - Industrial espionage on massive scale + - Economic damage: $240-420 billion over 10 years (IP theft, remediation) + +3. **Public Trust Collapse** + - Software updates permanently viewed as untrustworthy + - Organizations stop patching (security degradation) + - Technology sector credibility destroyed + - International competitors gain advantage + +4. **Future Attack Platform** + - ENTROPY can trigger coordinated attacks across 47M systems + - Ransomware deployment at scale + - Data destruction ("wiper" malware) + - Critical infrastructure attacks + +5. **ENTROPY Strategic Win** + - Proof that supply chains are vulnerable + - Establishes Supply Chain Saboteurs as elite threat + - Generates massive revenue for continued operations + - The Architect demonstrates long-term strategic thinking + +--- + +## The Setting: TechForge Distribution Center + +### Location +- Industrial campus outside Austin, Texas +- 6-story main building + underground server vaults +- High-security facility (defense contractor standards) +- 24/7 operations for global software distribution + +### Security Measures +- Multi-factor badge access (RFID + biometric) +- Armed security (private military contractors) +- Server cages with separate access controls +- Code signing HSMs (Hardware Security Modules) in vault +- 147 surveillance cameras, motion sensors + +### Critical Locations (Rooms) + +1. **Lobby / Security Checkpoint** + - Entry point after emergency breach + - Private security (2 compromised by ENTROPY, 2 innocent) + - Visitor management system + +2. **Operations Floor** + - 40 engineers monitoring software distribution + - Real-time displays showing update deployments + - Innocent staff unaware of compromise + +3. **Code Signing Vault** + - Hardware Security Modules (HSMs) storing signing keys + - Physically isolated, biometric access + - Supply Chain Saboteurs compromised HSM firmware + - VM access point for exploitation challenges + +4. **Update Staging Servers (PRIMARY TARGET)** + - Servers where backdoors are being injected + - Countdown timer showing deployment schedule + - Must disable injection before updates deploy + - Contains backdoor payload code + +5. **Network Operations Center** + - Central control for all distribution infrastructure + - Can emergency-stop update deployments + - Final confrontation location + +6. **Evidence Server Room** + - Logs of compromised updates + - Intelligence about Supply Chain Saboteurs methods + - Contains Tomb Gamma coordinates + +--- + +## The Antagonist: Adrian Cross (Supply Chain Saboteurs Leader) + +**Profile:** +- Age: 42 +- Role: Supply Chain Saboteurs operations manager, former software engineer +- Background: Worked at major tech company, witnessed negligent security practices, radicalized +- Motivation: "The software industry is built on lies. Security theater. We're revealing the truth." +- Personality: Methodical, patient, views supply chain attacks as elegant solutions + +**Combat Capability:** +- Not physically aggressive (prefers escape) +- Has dead man's switch (will deploy backdoors if killed) +- Excellent at social engineering and blending in +- Will attempt to recruit player (appeal to shared security concerns) + +**Moral Complexity:** +- Adrian's criticisms of software industry are valid +- Supply chain vulnerabilities are real and widely ignored +- His methods are extreme but his technical arguments are sound +- Can be convinced to provide intelligence if shown ENTROPY casualty evidence + +**Technical Expertise:** +- Deep knowledge of code signing infrastructure +- Understands cryptographic weaknesses in update systems +- Can guide player through disabling backdoors (if recruited) +- Valuable long-term intelligence asset if turned + +--- + +## VM Challenge Integration: "Putting It Together" + +**SecGen Scenario:** NFS shares, netcat, privilege escalation, multi-stage + +**Challenge Flow:** + +1. **NFS Share Discovery** + - Backup server has exposed NFS shares with attack staging + - Player mounts filesystem to find: + - Backdoor payload source code + - Deployment timeline and target vendor list + - Signing key theft evidence + +2. **Netcat Service Exploitation** + - Supply Chain Saboteurs use netcat for C2 + - Enumerate services to find command channel + - Intercept shutdown codes for injection system + +3. **Privilege Escalation** + - Update staging servers require root access + - Exploit sudo misconfigurations or SUID binaries + - Gain access to disable backdoor injection + +4. **Multi-Stage Attack Neutralization** + - Stage 1: Identify active injection processes + - Stage 2: Extract deactivation codes from NFS shares + - Stage 3: Terminate injection before updates deploy + - Stage 4: Quarantine already-modified updates + - Stage 5: Restore legitimate signing keys + +**Flags to Submit:** +- Flag 1: NFS mount + backdoor payload discovery +- Flag 2: Netcat C2 access + deployment timeline +- Flag 3: Privilege escalation + root access +- Flag 4: Injection disabled + updates quarantined + +--- + +## The Architect's Presence + +**Communication Method:** Text messages injected into facility displays + +**Taunt Progression:** + +**T-minus 30 minutes:** +"Supply chain attacks are beautiful. One compromise, millions infected. Efficiency." + +**T-minus 20 minutes:** +"You chose long-term threat over immediate deaths. Interesting priorities, Agent 0x00." + +**T-minus 10 minutes:** +"Adrian believes software security is a lie. He's correct. But he doesn't understand he's part of a larger collapse." + +**T-minus 5 minutes:** +"Even if you stop this, trust is already broken. Nobody will update software for years. Mission accomplished." + +**T-minus 1 minute:** +"47 million systems. Think about that scale. You can't save everyone tonight." + +**After Success:** +"Congratulations. You prevented future espionage. Meanwhile, present-day casualties mount at other targets." + +--- + +## Success vs. Failure Outcomes + +### If Player Succeeds (Disables Injection) +- Backdoors prevented from deploying +- Zero systems compromised +- Adrian Cross arrested or recruited (player choice) +- Supply Chain Saboteurs operations disrupted +- TechForge security improved (lessons learned) +- Intelligence recovered: Tomb Gamma location + +### If Player Partially Succeeds (Common) +- Some backdoors prevented, others deployed +- Estimated 8-15 million systems compromised (instead of 47M) +- Long-term espionage capability reduced but not eliminated +- Partial economic damage over 10 years + +### If Player Fails (Injection Completes) +- All 47 million systems infected with backdoors +- Backdoors remain dormant for 90 days +- Long-term national security catastrophe +- $240-420B economic damage over 10 years +- Software update trust permanently destroyed +- ENTROPY gains massive intelligence capability + +### Other Operations (Unchosen - Deterministic) +Based on player choosing Option C: +- **Operation A (Infrastructure):** Partial success (Some blackouts prevented, others occur) +- **Operation B (Data Apocalypse):** Full success (SAFETYNET Team Bravo stops both attacks) +- **Operation D (Corporate):** Failure (Zero-day attacks succeed, economic damage) + +--- + +## Key NPCs + +### Hostile NPCs (Supply Chain Saboteurs) + +1. **Adrian Cross** (Cell Leader) + - Location: Network Operations Center + - Combat: Non-violent, prefers escape or recruitment + - Dialogue: Technical arguments, valid criticisms of industry + - Arrest vs. Recruit choice (recruitable with evidence) + +2. **Elena Vasquez** (Code Signing Specialist) + - Location: Code Signing Vault + - Role: Compromised HSM firmware, maintains signing keys + - Combat: Non-violent, technical expert + - Will cooperate if Adrian is turned + +3. **James Park** (Security Guard - Compromised) + - Location: Lobby + - Role: Inside man, provides access to operatives + - Combat: Armed, will shoot if exposed + - Knows facility layout, can be interrogated + +4. **Marcus Chen** (Network Engineer) + - Location: Update Staging Servers + - Role: Maintains injection system, monitors deployments + - Combat: Will flee if confronted + - Technical knowledge useful for disabling system + +### Innocent NPCs (TechForge Staff) + +1. **Rebecca Thompson** (Chief Security Officer) + - Discovered the compromise 20 minutes ago + - Called SAFETYNET immediately + - Can provide facility access and technical guidance + - Devastated by security failure + +2. **Dr. Alan Foster** (Software Engineer) + - Technical expert on update distribution systems + - Can guide player through VM challenges + - Wants to minimize damage to company reputation + +3. **Sarah Kim** (Security Guard - Innocent) + - Unaware of James Park's betrayal + - Will help player if shown SAFETYNET credentials + - Can disable cameras to aid infiltration + +--- + +## Objectives System + +### Aim 1: Emergency Breach & Assessment +- Task: Breach TechForge security (SAFETYNET authority) +- Task: Identify compromised vs. innocent security personnel +- Task: Access operations floor to assess attack progress +- Task: Locate code signing vault and update staging servers + +### Aim 2: VM Exploitation & Intelligence +- Task: Access backup server in code signing vault +- Task: Complete VM challenge (NFS, netcat, privesc) +- Task: Extract backdoor payloads and shutdown codes +- Task: Submit all 4 flags to SAFETYNET + +### Aim 3: Disable Backdoor Injection +- Task: Reach update staging servers before deployment +- Task: Confront Marcus Chen (network engineer) +- Task: Disable injection system using extracted codes +- Task: Quarantine already-modified updates + +### Aim 4: Secure Signing Infrastructure +- Task: Access code signing vault +- Task: Confront Elena Vasquez (signing specialist) +- Task: Restore legitimate signing keys +- Task: Lock out ENTROPY access to HSMs + +### Aim 5: Confront Leadership & Choices +- Task: Reach network operations center +- Task: Confront Adrian Cross (cell leader) +- Task: Choose: Arrest or Recruit (with casualty evidence) +- Task: Secure facility and prevent system restart + +### Aim 6: Intelligence Recovery & Debrief +- Task: Search evidence server room for ENTROPY communications +- Task: Discover Tomb Gamma coordinates +- Task: Find SAFETYNET mole evidence +- Task: Emergency debrief with Agent 0x99 + +--- + +## Timer Mechanic Implementation + +**Duration:** 30 minutes in-game time (deployment countdown) + +**Visual Indicators:** +- Countdown timer on all facility displays +- Update deployment progress bar (vendors queued for backdoors) +- Staging server status: Shows % of updates modified +- Player phone overlay with persistent timer + +**Pressure Escalation:** +- T-minus 25 min: Rebecca Thompson briefs player on compromise +- T-minus 20 min: The Architect begins taunting +- T-minus 15 min: Adrian Cross attempts to delay player +- T-minus 10 min: Elena attempts to accelerate deployment if detected +- T-minus 5 min: Marcus triggers failsafe (player must overcome) +- T-minus 1 min: Final confrontation with Adrian in NOC + +**Failure State:** +If timer reaches zero before player disables injection: +- Backdoors deploy to all queued software updates +- Cutscene: Map showing infections spreading nationwide +- Adrian escapes or arrested (depending on player position) +- Transition to failure debrief (long-term consequences revealed) + +--- + +## LORE Reveals (Option C) + +### Tomb Gamma Location +Adrian's encrypted notes: +- **Location:** Abandoned Cold War bunker, Montana wilderness +- **Coordinates:** 47.2382° N, 112.5156° W +- **Note:** "All cell leaders report to Tomb Gamma if operations fail. The Professor provides extraction." + +### SAFETYNET Mole Evidence +Intercepted message on backup server: +- **From:** [REDACTED]@safetynet.gov +- **To:** architect@entropy.onion +- **Subject:** Simultaneous operations confirmed +- **Body:** "0x00 deployed to supply chain. Teams handle infrastructure/data/corporate. Proceed with all four operations." + +### The Architect's Philosophy +Text message: +- "Supply chains are civilization's Achilles heel. One cut, everything bleeds." +- "Trust is fragile. Software trust even more so. Watch it shatter." + +### Adrian's Recruitment Path (If Shown Evidence) +If player shows Adrian ENTROPY casualty projections: +- "Wait. The Architect said this was about exposing vulnerabilities. Not killing people." +- "Those casualty numbers... from coordinated attacks? That's not security research. That's terrorism." +- "I thought we were white-hat vigilantes. We're... tools for someone's war." +- *Recruitment success: Adrian provides intelligence on Supply Chain Saboteurs methods, becomes SAFETYNET consultant* + +--- + +## Development Notes + +**Priority Implementation:** +1. Timer mechanic with deployment progress visualization +2. Adrian Cross recruitment path (valuable long-term asset) +3. Technical authenticity (real supply chain attack methods) +4. Backdoor payload evidence (must feel tangible, not abstract) + +**Technical Challenges:** +- Conveying scale (47M systems) without overwhelming player +- Making long-term consequences feel real despite no immediate deaths +- Balance difficulty of disabling multi-stage injection +- Ensure VM challenges integrate naturally with time pressure + +**Playtesting Focus:** +- Does lack of immediate death feel less urgent? (It shouldn't) +- Is Adrian's recruitment arc compelling? +- Do supply chain concepts feel comprehensible to non-technical players? +- Is timer pressure appropriate given complexity? + +**Narrative Consistency:** +- Supply chain attacks are REAL threat (SolarWinds, Kaseya examples) +- Adrian's motivations must be sympathetic (not purely evil) +- TechForge security failures must feel plausible +- The Architect should feel like strategic mastermind + +**Educational Value:** +- Teach real supply chain security challenges +- Show how software trust can be weaponized +- Demonstrate scale of modern software distribution +- Explore ethics of prioritizing future vs. present threats + +**Unique Challenge:** +- This option has NO immediate deaths if it fails +- Must make long-term consequences feel weighty +- Player must understand choosing this accepts present-day deaths elsewhere +- Moral complexity: 47M future victims vs. hundreds dying tonight diff --git a/scenarios/m07_architects_gambit/planning/stage_0_option_d_corporate.md b/scenarios/m07_architects_gambit/planning/stage_0_option_d_corporate.md new file mode 100644 index 0000000..8cd359f --- /dev/null +++ b/scenarios/m07_architects_gambit/planning/stage_0_option_d_corporate.md @@ -0,0 +1,507 @@ +# Mission 7: "The Architect's Gambit" - Stage 0: Option D (Corporate Warfare) + +**Mission ID:** m07_architects_gambit +**Branch:** Option D - Corporate Warfare +**Stage:** 0 - Initialization +**Version:** 1.0 +**Date:** 2026-01-10 + +--- + +## Mission Overview + +**Title:** "The Architect's Gambit - Corporate Warfare" +**Duration:** 80-100 minutes +**Target Tier:** 3 (Advanced) +**Mission Type:** Crisis Defense - Time Limited +**Focus:** Corporate security, zero-day exploit defense, economic protection + +**CRITICAL CONTEXT:** This is ONE of FOUR simultaneous operations. Player chooses this option knowing the other three attacks will be handled by SAFETYNET teams—with mixed success. + +--- + +## The Specific ENTROPY Threat + +### Target: Major Fortune 500 Corporations (Coordinated Simultaneous Attacks) + +**Target Companies (12 simultaneous attacks):** +- **Finance:** Goldman Sachs, JPMorgan Chase, Bank of America +- **Technology:** Microsoft, Apple, Google +- **Healthcare:** UnitedHealth, Kaiser Permanente +- **Energy:** ExxonMobil, Chevron +- **Retail:** Amazon, Walmart + +**What They Do:** +Combined market cap: $8.4 trillion. Employ 4.2 million workers. Critical to US and global economy. + +### The Attack: "Operation Meltdown" + +**SPECIFIC ATTACK BEING EXECUTED:** + +**Phase 1: Zero-Day Preparation (Completed - Before Player Arrives)** +- Digital Vanguard + Zero Day Syndicate collaborated for 8 months +- Stockpiled 47 zero-day vulnerabilities across enterprise systems: + - Windows Server (12 zero-days) + - Oracle databases (8 zero-days) + - Cisco networking equipment (9 zero-days) + - Salesforce, SAP, ServiceNow (18 combined zero-days) +- Developed automated exploitation framework +- Planted sleeper agents in target corporations + +**Phase 2: Coordinated Exploitation (In Progress - 30 Minutes Until Deployment)** +- Automated system will deploy all 47 zero-days simultaneously +- Targets: + - **Financial sector:** Manipulate trading systems, freeze transactions, exfiltrate client data + - **Tech sector:** Steal intellectual property, source code, encryption keys + - **Healthcare:** Ransomware hospitals, exfiltrate patient records + - **Energy:** Disrupt supply chains, manipulate commodity trading + - **Retail:** Steal payment data, disrupt e-commerce +- Timer-based deployment ensures simultaneous impact across all targets + +**Phase 3: Economic Cascade (If Not Stopped)** +- Stock market crashes (automated trading disruption) +- Banking systems freeze (transaction processing failures) +- Healthcare facilities paralyzed (ransomware + data theft) +- E-commerce halts (payment system compromise) +- Supply chains collapse (logistics system failures) + +**Specific Consequences if Digital Vanguard + Zero Day Syndicate Succeed:** + +1. **Immediate Economic Damage** + - Stock market drop: 12-18% in first 24 hours ($4.2 trillion value destroyed) + - Trading halted across major exchanges + - Banking transactions frozen (ATMs, credit cards, wire transfers) + - Estimated economic impact: $280-420 billion in first week + +2. **Job Losses & Human Impact** + - Immediate layoffs: 140,000-220,000 workers (companies forced to cut costs) + - Retirement accounts devastated (401k losses average $42,000 per person) + - Small businesses bankrupted (supply chain failures) + - Foreclosures, debt defaults, personal bankruptcies surge + +3. **Healthcare Crisis** + - Ransomware locks 4,200 hospitals + - Surgeries cancelled: ~18,000 procedures in first week + - Deaths from delayed care: 80-140 projected + - Patient data exfiltrated: 87 million records + +4. **Long-Term Systemic Damage** + - Corporate cybersecurity permanently viewed as inadequate + - International confidence in US markets destroyed + - Competitors (China, EU) gain advantage + - Regulatory crackdowns destroy innovation + - Years to rebuild trust + +5. **ENTROPY Strategic Win** + - Proof that capitalism is vulnerable + - Digital Vanguard + Zero Day Syndicate establish dominance + - Revenue from exploits: $240M (sell stolen data + zero-days) + - The Architect demonstrates economic warfare capability + +--- + +## The Setting: TechCore Security Operations Center + +**Why This Location:** +TechCore is a major cybersecurity firm that monitors Fortune 500 corporate networks. Their SOC (Security Operations Center) has visibility into all 12 target companies. If player secures TechCore, they can coordinate defense across all targets. + +### Location +- High-rise building in downtown San Francisco +- 24th-floor Security Operations Center +- Real-time monitoring of client corporate networks +- Direct connections to target companies' security systems + +### Security Measures +- Badge access (building + SOC-specific) +- Armed private security +- Elevator controls (SOC floor requires authorization) +- Surveillance: 64 cameras monitoring all access points + +### Critical Locations (Rooms) + +1. **Elevator Lobby (24th Floor)** + - Entry point after building breach + - Security checkpoint (1 compromised, 1 innocent) + - Badge verification system + +2. **Security Operations Center (Main Floor)** + - 60 analysts monitoring client networks in real-time + - Large displays showing attack indicators + - Incident response coordination + - Legitimate staff unaware of insider threats + +3. **Threat Intelligence Lab** + - Zero-day analysis and reverse engineering + - Contains evidence of 47 zero-day exploits + - VM access point for exploitation challenges + - Digital Vanguard operative present + +4. **C-Suite Executive Wing** + - CEO and CISO offices + - Contains strategic plans for defending clients + - Evidence of insider coordination with ENTROPY + +5. **Server Room (PRIMARY TARGET)** + - Defense automation systems + - Can deploy patches and countermeasures to all 12 targets + - Zero Day Syndicate + Digital Vanguard coordinators present + - Timer showing attack deployment countdown + +6. **Backup Operations Center** + - Secondary command center + - Emergency shutoff for automated systems + - Contains Tomb Gamma intelligence + +--- + +## The Antagonists: Dual Cell Coordination + +### Digital Vanguard Leader: Victoria "V1per" Zhang + +**Profile:** +- Age: 36 +- Role: Digital Vanguard operations coordinator, corporate espionage specialist +- Background: Former corporate security consultant, saw companies ignore her warnings +- Motivation: "Corporations prioritize profits over security. We're showing the cost of that choice." +- Personality: Calculating, views attacks as justice for corporate negligence + +**Combat Capability:** +- Proficient with weapons (will defend herself) +- Has dead man's switch (deploys attacks if killed) +- Excellent tactician, coordinates operatives efficiently +- Will negotiate if shown better alternative + +**Moral Complexity:** +- Victoria's criticisms of corporate security are valid +- Companies DO neglect cybersecurity for profits +- Her methods are extreme but motivations are understandable +- Can be recruited if shown ENTROPY's true casualty scale + +### Zero Day Syndicate Leader: Marcus "Shadow" Chen + +**Profile:** +- Age: 41 +- Role: Zero Day Syndicate exploit broker, vulnerability researcher +- Background: Elite hacker, turned to crime after being prosecuted for responsible disclosure +- Motivation: "I found vulnerabilities to help companies fix them. They sued me instead. Now I profit from their failures." +- Personality: Mercenary, views security as business not ideology + +**Combat Capability:** +- Non-violent (prefers escape) +- Will sacrifice Digital Vanguard operatives to flee +- Can remotely trigger exploit deployment +- Primarily motivated by money (can be bribed? complicated) + +**Dynamic Between Leaders:** +- Victoria is ideologically motivated (anti-corporate) +- Marcus is financially motivated (mercenary) +- Tension between them (player can exploit) +- If Victoria is turned, Marcus may flee rather than fight + +--- + +## VM Challenge Integration: "Putting It Together" + +**SecGen Scenario:** NFS shares, netcat, privilege escalation, multi-stage + +**Challenge Flow:** + +1. **NFS Share Discovery** + - TechCore backup server has exposed NFS shares + - Player mounts filesystem to find: + - Complete list of 47 zero-day exploits + - Target company vulnerability assessments + - Attack deployment timeline and trigger codes + +2. **Netcat Service Exploitation** + - ENTROPY uses netcat for command & control + - Enumerate services to find C2 channel + - Intercept commands containing shutdown codes + +3. **Privilege Escalation** + - Defense automation requires root access + - Exploit sudo misconfigurations or SUID binaries + - Gain access to deploy countermeasures + +4. **Multi-Stage Defense Deployment** + - Stage 1: Identify active exploit staging systems + - Stage 2: Extract countermeasure codes from NFS shares + - Stage 3: Deploy emergency patches to 12 target companies + - Stage 4: Neutralize exploit deployment systems + - Stage 5: Lock out ENTROPY remote access + +**Flags to Submit:** +- Flag 1: NFS mount + zero-day list discovery +- Flag 2: Netcat C2 access + shutdown codes +- Flag 3: Privilege escalation + root access +- Flag 4: Countermeasures deployed + attacks prevented + +--- + +## The Architect's Presence + +**Communication Method:** Text messages to SOC displays + player phone + +**Taunt Progression:** + +**T-minus 30 minutes:** +"Capitalism built on insecure foundations. Watch them crumble." + +**T-minus 20 minutes:** +"You chose corporations over civilians, Agent 0x00. Interesting ethics." + +**T-minus 10 minutes:** +"Victoria believes in corporate accountability. Marcus believes in profit. I believe in entropy. Who's right?" + +**T-minus 5 minutes:** +"47 zero-days. 12 corporations. $4 trillion market cap. All falling simultaneously." + +**T-minus 1 minute:** +"Even if you save them, they'll never invest in security. Profits over protection. Always." + +**After Success:** +"Congratulations. You saved shareholders' wealth. Meanwhile, what happened to real people at other targets?" + +--- + +## Success vs. Failure Outcomes + +### If Player Succeeds (Deploys Countermeasures) +- All 47 zero-days patched before exploitation +- Zero economic damage +- Victoria arrested or recruited (player choice) +- Marcus escapes (Zero Day Syndicate protocol) +- Corporate security practices exposed but no collapse +- Intelligence recovered: Tomb Gamma location + +### If Player Partially Succeeds (Common) +- Some exploits prevented, others succeed +- Partial economic damage: $80-140 billion +- Limited stock market disruption (5-8% drop) +- Some hospitals ransomwared, others protected + +### If Player Fails (Exploits Deploy) +- All 47 zero-days exploited simultaneously +- Stock market crashes (12-18% drop, $4.2T destroyed) +- Healthcare crisis (80-140 deaths from delayed care) +- 140,000-220,000 immediate job losses +- $280-420 billion economic damage in first week +- Long-term systemic damage to US economy + +### Other Operations (Unchosen - Deterministic) +Based on player choosing Option D: +- **Operation A (Infrastructure):** Full success (SAFETYNET Team Alpha prevents blackout) +- **Operation B (Data Apocalypse):** Failure (Voter data breach + disinformation succeed) +- **Operation C (Supply Chain):** Partial success (Some backdoors prevented, others deployed) + +--- + +## Key NPCs + +### Hostile NPCs (ENTROPY Operatives) + +1. **Victoria "V1per" Zhang** (Digital Vanguard Leader) + - Location: Server Room + - Combat: Armed, proficient, will fight + - Dialogue: Anti-corporate ideology, valid criticisms + - Arrest vs. Recruit choice (recruitable with casualty evidence) + +2. **Marcus "Shadow" Chen** (Zero Day Syndicate Leader) + - Location: Server Room (initially), will flee + - Combat: Non-violent, prefers escape + - Dialogue: Mercenary mindset, financially motivated + - Always escapes (genre convention for recurring villain) + +3. **Elena Rodriguez** (Digital Vanguard Hacker) + - Location: Threat Intelligence Lab + - Role: Maintains exploit staging systems + - Combat: Non-violent, technical expert + - Will cooperate if Victoria is turned + +4. **James Park** (Security Analyst - Compromised) + - Location: SOC Main Floor + - Role: Insider, provides access, monitors for threats + - Combat: Unarmed, will flee if exposed + - Can be interrogated for intelligence + +### Innocent NPCs (TechCore Staff) + +1. **David Foster** (CISO - Chief Information Security Officer) + - Discovered the attack 25 minutes ago + - Coordinating with client companies + - Can provide access and technical guidance + - Devastated by insider breach + +2. **Dr. Sarah Chen** (Threat Intelligence Analyst) + - Technical expert on zero-day exploits + - Can guide player through VM challenges + - Reverse-engineered some exploits (helpful for countermeasures) + +3. **Rebecca Martinez** (Security Guard - Innocent) + - Unaware of insider threats + - Will help player if shown SAFETYNET credentials + - Can disable elevator restrictions + +--- + +## Objectives System + +### Aim 1: Emergency Breach & SOC Access +- Task: Breach TechCore building security +- Task: Access 24th-floor SOC via elevator override +- Task: Identify compromised insider (James Park) +- Task: Assess attack scope (12 corporations, 47 zero-days) + +### Aim 2: VM Exploitation & Intelligence +- Task: Access threat intelligence lab +- Task: Complete VM challenge (NFS, netcat, privesc) +- Task: Extract zero-day list and countermeasure codes +- Task: Submit all 4 flags + +### Aim 3: Deploy Emergency Countermeasures +- Task: Reach server room before exploit deployment +- Task: Confront Digital Vanguard + Zero Day Syndicate leaders +- Task: Deploy patches to 12 target corporations +- Task: Neutralize exploit staging systems + +### Aim 4: Leadership Confrontation & Choices +- Task: Secure server room +- Task: Confront Victoria Zhang (Digital Vanguard) +- Task: Choose: Arrest or Recruit (with casualty evidence) +- Task: Accept Marcus Chen's escape (or attempt capture - difficult) + +### Aim 5: Intelligence Recovery & Debrief +- Task: Search backup operations center for ENTROPY communications +- Task: Discover Tomb Gamma coordinates +- Task: Find SAFETYNET mole evidence +- Task: Emergency debrief with Agent 0x99 + +--- + +## Timer Mechanic Implementation + +**Duration:** 30 minutes in-game time (exploit deployment countdown) + +**Visual Indicators:** +- Countdown timer on all SOC displays +- Map showing 12 target corporations +- Exploit deployment progress (% of zero-days staged) +- Real-time stock market display (drops if timer expires) +- Player phone overlay with persistent timer + +**Pressure Escalation:** +- T-minus 25 min: David Foster briefs player on attack scope +- T-minus 20 min: The Architect begins taunting +- T-minus 15 min: Victoria deploys additional operatives to slow player +- T-minus 10 min: Marcus attempts to advance timer if detected +- T-minus 5 min: Elena triggers failsafe (player must overcome) +- T-minus 1 min: Final confrontation in server room + +**Failure State:** +If timer reaches zero before player deploys countermeasures: +- Cutscene: Stock market crashing, corporations falling +- News reports of healthcare ransomware, banking failures +- Victoria arrested or killed, Marcus escapes +- Transition to failure debrief (economic consequences revealed) + +--- + +## LORE Reveals (Option D) + +### Tomb Gamma Location +Victoria's encrypted communication: +- **Location:** Abandoned Cold War bunker, Montana wilderness +- **Coordinates:** 47.2382° N, 112.5156° W +- **Message:** "If operation fails, extract to Tomb Gamma. The Professor provides safe haven." + +### SAFETYNET Mole Evidence +Intercepted message on backup server: +- **From:** [REDACTED]@safetynet.gov +- **To:** architect@entropy.onion +- **Subject:** Target selection confirmed +- **Body:** "0x00 assigned to corporate warfare. Infrastructure/data/supply chain handled by other teams. All operations proceed simultaneously." + +### The Architect's Philosophy +Display message: +- "Capitalism is entropy made manifest. Competition accelerates decay. I'm just speeding up the inevitable." +- "Your corporations failed to secure themselves. I'm teaching them the cost of negligence." + +### Victoria's Recruitment Path (If Shown Evidence) +If player shows Victoria ENTROPY casualty projections: +- "The Architect told us this was about corporate accountability. Not mass casualties." +- "Infrastructure attacks? Election manipulation? That's not anti-corporate activism. That's terrorism." +- "I wanted to expose security failures, not kill innocent people." +- *Recruitment success: Victoria provides intelligence on Digital Vanguard operations, becomes cybersecurity consultant* + +--- + +## Moral Complexity: Choosing Corporate Over Human Lives + +**THE UNIQUE DILEMMA OF OPTION D:** + +Player choosing this option accepts: +- **Infrastructure option foregoes:** 240-385 immediate civilian deaths (power grid blackout) +- **Data option foregoes:** 20-40 deaths from civil unrest, millions of identity theft victims +- **Supply chain option foregoes:** Long-term national security catastrophe + +**In exchange for protecting:** +- Corporate profits and shareholder wealth +- Stock market stability +- Economic system integrity +- Job security for millions + +**The Question:** Are 140,000 jobs worth more than 240 lives? + +**Philosophical Angles:** +- **Utilitarian:** More people affected by economic collapse than infrastructure deaths +- **Deontological:** Protecting economic systems is protecting societal foundations +- **Virtue Ethics:** Is it noble to save corporations while people die elsewhere? + +**Player Must Confront:** +This is the MOST morally ambiguous option. Success feels hollow—"I saved rich people's money while innocents died." + +--- + +## Development Notes + +**Priority Implementation:** +1. Timer + stock market visualization (economic consequences must feel real) +2. Victoria recruitment path (valuable long-term asset) +3. Moral weight (player must feel conflicted about choosing corporations) +4. Marcus escape sequence (genre-appropriate recurring villain) + +**Technical Challenges:** +- Conveying economic scale (12 corporations, $4.2T) without overwhelming +- Making corporate security feel urgent despite abstract nature +- Balance difficulty of defending 12 targets simultaneously +- Ensure VM challenges integrate with time pressure + +**Playtesting Focus:** +- Does economic threat feel urgent enough? +- Is Victoria's recruitment arc satisfying? +- Does player feel morally conflicted about choice? +- Are zero-day concepts accessible to non-technical players? + +**Narrative Consistency:** +- Corporate security failures are REAL (examples: SolarWinds, Colonial Pipeline) +- Victoria's motivations must be sympathetic (not purely evil) +- Economic consequences must feel tangible (jobs, families, communities) +- The Architect should demonstrate economic warfare sophistication + +**Educational Value:** +- Teach real zero-day exploit concepts +- Show corporate security challenges at scale +- Demonstrate economic impact of cyber attacks +- Explore ethics of prioritizing economic vs. human life + +**Unique Challenge:** +- This option feels "less heroic" than others +- Must make player understand economic collapse = human suffering +- Job losses, foreclosures, bankruptcies are human tragedies too +- Success should feel bittersweet ("I saved corporations while people died") + +**Post-Mission Reflection:** +Player should question whether they made the right choice: +- "I saved shareholder wealth. Was that worth the lives lost elsewhere?" +- "Economic stability matters. But so do human lives. Did I choose correctly?" +- No clear answer. Only consequences.