cybersecurity/BreakEscape
1
0
Fork 0
mirror of https://github.com/cliffe/BreakEscape.git synced 2026-02-21 11:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Mission 5 Stage 0 initialization - Insider Trading

Browse Source 
Created comprehensive initialization document with SPECIFIC ENTROPY threat details:

TARGET:
- Quantum Dynamics Corporation (quantum computing research)
- 450 employees, DoD/DARPA contracts
- Post-quantum cryptography for military applications

SPECIFIC STOLEN DATA (Project Heisenberg):
- Quantum Key Distribution military specs (847 pages, classified)
- 14 zero-day vulnerabilities in competitor products
- DoD deployment database (247 facilities, schedules, network topology)
- Cryptographic key material and test data
- Total: 4.2 TB across 18,000 files (73% exfiltrated)

CONCRETE CONSEQUENCES IF ENTROPY SUCCEEDS:
- $4.2 billion DoD quantum crypto program wasted
- 12-40 intelligence officers at risk (retroactive decryption)
- 247 military facilities vulnerable during installations
- 5-year quantum supremacy advantage to China/Russia
- US quantum computing industry reputation destroyed

THE INSIDER - David Torres:
- Senior Cryptography Engineer, PhD from Stanford
- $180K medical debt (wife Elena has Stage 3 cancer)
- Recruited 8 months ago by Insider Threat Initiative
- Paid $45K so far, promised $200K total
- Exfiltration method: Steganography in training videos → YouTube
- Believes he's helping 'journalists expose military-industrial complex'
- Morally conflicted, can be turned if shown ENTROPY's true plan

ENTROPY 4-PHASE PLAN:
1. Exfiltration (current) - 73% complete via Torres
2. Analysis (2 weeks) - Digital Vanguard weaponizes research
3. Distribution (4 weeks) - Zero Day Syndicate sells to China/Russia/Iran
4. Deployment (12 weeks) - Decrypt DoD comms, attack facilities

CROSS-CELL COORDINATION (First Business Model Mission):
- Insider Threat Initiative: Recruitment ($15K per placement)
- Digital Vanguard: Technical analysis & infrastructure
- Zero Day Syndicate: Exploit weaponization & sales
- Crypto Anarchists: Payment processing
- Expected revenue: $45-70 million USD split across cells

INVESTIGATION STRUCTURE:
- 8-10 employee NPCs to interview
- Evidence correlation puzzle (logs, access records, financials)
- Non-combat resolution (dialogue-driven confrontation)
- Bludit CMS exploitation (CVE-2019-16113) for digital evidence

MORAL COMPLEXITY:
- Turn Torres into double agent (saves wife, provides intel for M6-M10)
- Arrest Torres (justice, but wife likely dies, limited intel)
- Sympathize and release (saves family, endangers national security)
- Expose everything publicly (disrupts ENTROPY but destroys company)

CAMPAIGN IMPACT:
- If turned: Torres provides intelligence through M10 finale
- Reveals ENTROPY operates as criminal corporation with service contracts
- Sets up M6 financial tracking, M8 insider threat patterns
- Human cost in M7 if data sold to foreign governments

Educational focus: Human Factors (insider threats), Web Security (CMS exploitation),
Security Operations (forensic investigation), Systems Security (privilege escalation)

Document: 600+ lines detailing specific operational plans, consequences, and NPCs.
Mission ready for Stage 1 narrative structure development.
This commit is contained in:
Z. Cliffe Schreuders
2026-01-14 09:46:33 +00:00
parent 6ac3495186
commit c50fab400e
1 changed files with 888 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

888
planning_notes/overall_story_plan/mission_initializations/m05_insider_trading/stages/stage_0_initialization.md Normal file
View File

@@ -0,0 +1,888 @@
# Mission 5: "Insider Trading" - Stage 0: Scenario Initialization
**Mission ID:** m05_insider_trading
**Stage:** 0 - Initialization
**Version:** 1.0
**Date:** 2025-12-29
---
## Mission Overview
**Title:** "Insider Trading"
**Duration:** 70-90 minutes
**Target Tier:** 2 (Intermediate)
**Mission Type:** Corporate Investigation (Standalone with Campaign Enhancement)
**Focus:** Multi-NPC investigation, evidence correlation, non-combat resolution
---
## The Specific ENTROPY Threat
### Target Organization: Quantum Dynamics Corporation
**Company Profile:**
- Leading quantum computing research firm
- 450 employees across 3 facilities
- Headquarters: San Francisco Bay Area (player location)
- Contracts: US Department of Defense, DARPA, NSA
- Primary Product: Quantum key distribution (QKD) systems for military cryptography
**What They Do:**
Quantum Dynamics develops post-quantum cryptography solutions for government agencies transitioning away from RSA/ECC encryption before quantum computers break classical crypto.
### The Stolen Data: "Project Heisenberg"
**SPECIFIC DATA BEING EXFILTRATED:**
1. **Quantum Key Distribution Protocol Specifications (QKD-Mil-Spec-2026)**
- Complete technical specifications for military-grade quantum cryptography
- Implementation details for photon polarization encoding
- Quantum random number generator designs
- Error correction algorithms
- 847 pages of classified technical documentation
2. **Zero-Day Vulnerabilities in Competitor Products**
- Quantum Dynamics' security research team discovered 14 critical vulnerabilities
- Affects products from: IBM Q Network, Google Sycamore, IonQ systems
- Vulnerabilities allow classical computers to break "quantum-secure" encryption
- Has NOT been disclosed to competitors (unethical retention for competitive advantage)
3. **Department of Defense Client Deployment Database**
- 247 DoD facilities scheduled to receive quantum cryptography installations
- Installation dates, facility IDs, personnel contacts
- Physical security specifications for each site
- Network topology diagrams showing integration points
4. **Cryptographic Key Material & Test Data**
- Archived quantum keys from client testing
- Real-world encrypted communications samples
- Test vectors that could compromise deployed systems if reverse-engineered
**Total Data Size:** 4.2 TB across 18,000 files
---
## The ENTROPY Plan: "Operation Schrödinger"
### Primary Objective: Weaponize Quantum Security Research
**Phase 1: Exfiltration (Current - Player Intercepts Here)**
- Insider Threat Initiative operative David Torres recruited 8 months ago
- Torres is Senior Cryptography Engineer with access to all Project Heisenberg materials
- Exfiltrating data weekly via encrypted uploads to Digital Vanguard servers
- Data transmitted: 3.1 TB / 4.2 TB complete (73% exfiltrated)
- Remaining critical data: DoD deployment schedules + competitor zero-days
**Phase 2: Analysis & Weaponization (Planned - 2 weeks)**
- Digital Vanguard's "Cipher Division" will analyze stolen research
- Identify exploitable weaknesses in QKD protocols
- Develop attacks against quantum cryptography before widespread deployment
- Create "quantum backdoor" exploits for already-deployed systems
**Phase 3: Distribution (Planned - 4 weeks)**
- Zero Day Syndicate will package exploits and sell to highest bidders
- Target buyers: Chinese MSS, Russian GRU, Iranian IRGC, criminal organizations
- Expected revenue: $45-70 million USD (split across ENTROPY cells)
- Crypto Anarchists will launder cryptocurrency payments
**Phase 4: Deployment (Planned - 12 weeks)**
- Buyers will use quantum crypto vulnerabilities to:
- Decrypt previously-secure DoD communications (retroactive decryption)
- Compromise future quantum-secured military communications
- Attack DoD facilities during quantum crypto installations (physical + cyber)
- Undermine global trust in quantum cryptography standards
**Specific Consequences if ENTROPY Succeeds:**
1. **National Security Catastrophe**
- US military communications compromised for 5-10 years (time to redesign QKD)
- $4.2 billion DoD quantum crypto program wasted
- 247 military facilities vulnerable during installation windows
- Previously-encrypted strategic communications retroactively decrypted
2. **Economic Impact**
- Quantum Dynamics loses $890M in contracts (company bankruptcy likely)
- 450 employees lose jobs
- US quantum computing industry reputation destroyed globally
- China/Russia gain 5-year quantum supremacy advantage
3. **Technological Setback**
- Global quantum cryptography adoption delayed 3-5 years
- Trust in post-quantum cryptography undermined
- Forces rollback to classical crypto (vulnerable to quantum attacks)
- Sets back "quantum-safe internet" initiative by decade
4. **Human Cost**
- Intelligence officers in field compromised by decrypted comms
- Estimated 12-40 human intelligence sources at risk of exposure
- DoD estimates 8-15 casualties from compromised operational security
---
## ENTROPY Cell Coordination
### Insider Threat Initiative's Role
**Cover Organization:** "TalentStack Executive Recruiting"
- Legitimate recruiting firm (acquired by ENTROPY 3 years ago)
- Uses executive search as cover for insider recruitment
- Has placed 23 operatives in tech companies over 18 months
- David Torres recruited during "confidential career consultation"
**Recruitment Method (David Torres):**
- **Financial Pressure:** Torres has $180K medical debt (wife's cancer treatment)
- **Ideological Alignment:** Disillusionment with defense contractors profiting from war
- **Gradual Compromise:** Started with "harmless" data (company financials), escalated to classified materials
- **Payment Structure:** $45K paid so far, promised $200K total upon completion
**Operational Security:**
- Torres meets handler (codename "Recruiter") monthly at coffee shops
- Uses encrypted Bludit CMS installation on personal laptop for dead drops
- Exfiltrates data via steganography in company training videos (uploads to YouTube)
- Believes he's helping "whistleblower journalists expose military-industrial complex"
### Digital Vanguard's Role
**Partnership Agreement:**
- Digital Vanguard pays Insider Threat Initiative $15K per successful placement
- Provides technical infrastructure for data exfiltration
- "Cipher Division" analyzes stolen technical data
- Shares findings with Zero Day Syndicate for weaponization
**Technical Infrastructure:**
- Bludit CMS servers hosted on compromised cloud infrastructure
- Automated data processing pipeline extracts key intelligence
- Machine learning analysis identifies highest-value targets
- Encrypted communications with Zero Day Syndicate for exploit development
**Business Model:**
- Insider Threat Initiative: "Talent acquisition and placement"
- Digital Vanguard: "Technical analysis and product development"
- Zero Day Syndicate: "Market distribution and sales"
- Crypto Anarchists: "Financial services and payment processing"
**THIS is the first time player sees ENTROPY operating like a corporation with defined service contracts between cells.**
---
## The Investigation: Player's Entry Point
### Discovery Trigger
**Three Weeks Ago:**
Quantum Dynamics' Chief Security Officer (Patricia Morgan) noticed anomalies:
- Unusual after-hours network traffic from engineering workstations
- Multiple employees accessing Project Heisenberg files outside their assignments
- Encrypted uploads to external servers during weekend maintenance windows
**Two Weeks Ago:**
Internal investigation inconclusive:
- IT audit found nothing (insider is sophisticated)
- Employee interviews revealed nothing (insider trained in counter-interrogation)
- Security logs showed access was legitimate (insider has proper credentials)
**One Week Ago:**
SAFETYNET notified after CSO discovered:
- Encrypted chat logs referencing "TalentStack" and "Cipher Division"
- Steganographic analysis of company training videos showed data embedding
- Pattern matches known Insider Threat Initiative methods from previous cases
**Today (Mission Start):**
SAFETYNET assigns player to:
- Infiltrate Quantum Dynamics as "external security consultant"
- Identify the insider without alerting them
- Gather evidence for prosecution
- Prevent final data exfiltration (DoD deployment schedules + zero-days)
- Understand recruitment methods to protect other companies
---
## Technical Challenge Integration
### SecGen Scenario: "Feeling Blu" (Bludit CMS)
**VM Integration Context:**
The insider (David Torres) maintains personal Bludit CMS installation for communication with ENTROPY handlers. Player must:
1. **Discover the Bludit Installation**
- Find reference to personal blog in Torres' employee profile
- Investigate suspicious domain registration (bluditblog.tech)
- Scan network for hidden web services
2. **Exploit Bludit Vulnerability (CVE-2019-16113)**
- Directory traversal vulnerability in image upload
- Bypass authentication via UUID prediction
- Upload web shell to gain server access
- Extract database containing ENTROPY communications
3. **Privilege Escalation**
- Escalate to root via misconfigured sudo permissions
- Access encrypted archives of exfiltrated data
- Recover chat logs between Torres and "Recruiter"
4. **Evidence Extraction**
- Flag 1: Torres' recruitment timeline and payment records
- Flag 2: Digital Vanguard server IP addresses
- Flag 3: Exfiltrated file manifests (proves what was stolen)
- Flag 4: Encrypted communications with "The Architect" approving operation
**Narrative Justification:**
- Bludit chosen because it's legitimate tool (plausible for engineer's personal blog)
- Vulnerability is realistic (CVE from 2019, appropriate for intermediate players)
- Data recovered provides concrete evidence for confrontation
- Aligns with ENTROPY's use of compromised web services for communication
### In-Game Challenges (Break Escape)
**Investigation Mechanics:**
1. **Multi-NPC Social Engineering (8-10 Employees)**
- Interview engineers to establish behavioral baselines
- Identify who has access to Project Heisenberg
- Notice inconsistencies in alibis and behavior
- Build relationship web to understand team dynamics
2. **Evidence Correlation Puzzle**
- Network logs + badge access records + file access timestamps
- Security camera footage + employee calendars
- Financial records (unexplained income)
- Personal communications (encrypted messages)
- Correlate all sources to identify insider
3. **Organizational Network Mapping**
- Map company hierarchy and access levels
- Identify who has both motive and opportunity
- Understand project compartmentalization
- Determine how insider bypassed security controls
4. **Non-Combat Resolution**
- No hostile NPCs (investigation only)
- Confrontation with Torres is dialogue-driven
- Choice: Turn, Arrest, or Sympathize
- Outcome based on evidence quality and player approach
**Encoding/Decoding Challenges (CyberChef):**
1. **Torres' Personal Notes** (Base64)
- Encrypted journal entries showing moral struggle
- Base64-encoded text found on personal laptop
2. **ENTROPY Communications** (Multi-stage: Hex → ROT13 → Base64)
- Handler messages discussing payment and timeline
- Found in Bludit database after exploitation
3. **Exfiltration Logs** (Hex encoding)
- File manifest showing what data was stolen
- Hidden in seemingly-benign training video metadata
**Lockpicking / Access:**
- **Server Room:** Requires keycard cloning from IT Manager
- **Torres' Office:** PIN code on digital lock (found via social engineering)
- **CSO's Safe:** Contains original investigation notes (lockpicking)
---
## Educational Objectives (CyBOK)
### Primary Knowledge Areas
**1. Human Factors (Primary Focus)**
- **Insider Threat Psychology:**
- Financial pressure, ideological motivation, gradual compromise
- Recruitment methods and social engineering
- Behavioral indicators of insider activity
- Counter-interrogation awareness
- **Social Engineering:**
- Interview techniques to extract information
- Building rapport with employees
- Detecting deception and inconsistencies
- Ethical interviewing practices
**2. Web Security**
- **CMS Vulnerabilities:**
- Bludit directory traversal (CVE-2019-16113)
- Authentication bypass techniques
- File upload vulnerabilities
- Web shell deployment
- **Web Application Exploitation:**
- Reconnaissance and enumeration
- Vulnerability scanning
- Exploitation workflow
- Post-exploitation data extraction
**3. Security Operations**
- **Insider Threat Detection:**
- Log analysis and correlation
- Anomaly detection techniques
- Access pattern analysis
- Data exfiltration indicators
- **Forensic Investigation:**
- Evidence collection and preservation
- Timeline reconstruction
- Digital artifact analysis
- Chain of custody
**4. Systems Security**
- **Privilege Escalation:**
- Linux sudo misconfigurations
- Permission analysis
- Escalation techniques
- Post-exploitation access
### Secondary Knowledge Areas
**5. Applied Cryptography**
- Steganography (data hiding in images/videos)
- Multi-stage encoding (Hex, ROT13, Base64)
- Encryption methods used by ENTROPY
**6. Organizational Security**
- Access control systems
- Compartmentalization principles
- Security clearance levels
- Physical security integration
---
## Key NPCs
### 1. David Torres (The Insider) - PRIMARY TARGET
**Role:** Senior Cryptography Engineer (5 years at Quantum Dynamics)
**Age:** 38
**Background:**
- PhD in Applied Mathematics (Stanford)
- Previously: NSA researcher (8 years), left due to ethical concerns
- Expertise: Post-quantum cryptography, lattice-based crypto, quantum key distribution
**Personality:**
- Brilliant but morally conflicted
- Loves his work but hates defense applications
- Desperate to pay medical bills (wife Elena has Stage 3 breast cancer)
- Genuinely believes he's helping expose "military-industrial complex"
**Physical Description:**
- Hispanic, average height, thin (stress weight loss)
- Tired eyes, often looks exhausted
- Wears glasses, casual tech-company attire
- Wedding ring (constantly adjusting it when nervous - tell)
**Daily Routine:**
- Arrives 7:30 AM, leaves 7:00 PM (long hours to access data unsupervised)
- Eats lunch at desk (avoids colleagues - isolation)
- Works late Friday evenings (uploads data during low-traffic periods)
**Behavioral Indicators (Investigation Clues):**
- Defensive when asked about Project Heisenberg access
- Financial records show $45K unexplained deposits
- Network logs: uploads to personal Bludit server
- Badge access: frequent server room visits at odd hours
- Security footage: meets "Recruiter" monthly at Café Artemis
- Laptop forensics: encrypted Bludit CMS with ENTROPY communications
**Moral Complexity:**
Torres is NOT evil:
- Wife's cancer treatment costs $380K (insurance denied)
- Sold his car, remortgaged house, depleted retirement
- ENTROPY offered $200K - enough to save Elena
- Believes stolen data will "expose government waste and warmongering"
- Handler convinced him data will go to "investigative journalists"
- Doesn't know about Zero Day Syndicate or foreign governments
**Confrontation Variables:**
- If player shows evidence of ENTROPY's true plan (foreign sales): Torres is horrified
- If player emphasizes human cost (intelligence officers at risk): Torres breaks down
- If player offers SAFETYNET protection + witness program: Torres might cooperate
- If player threatens prosecution: Torres lawyer up, limited intel
- If player sympathizes with financial desperation: Torres trusts player, provides full cooperation
**Turning Conditions (Becomes Double Agent):**
- Player presents evidence ENTROPY lied about "journalists"
- Player offers witness protection + medical coverage for Elena
- Player shows Torres "The Architect's" approval (proves it's criminal organization, not activism)
- Torres agrees to feed ENTROPY false data while SAFETYNET tracks network
**If Turned Successfully:**
- Provides ongoing intelligence for M6, M7, M8
- Reveals Insider Threat Initiative's other placements (23 companies)
- Helps identify "The Recruiter" (Insider Threat cell leader)
- Testifies against ENTROPY in M10 finale
- Elena's treatment funded by SAFETYNET witness protection program
### 2. Patricia Morgan (Chief Security Officer)
**Role:** CSO at Quantum Dynamics, Player's contact
**Age:** 52
**Background:**
- Former FBI Cyber Division (15 years)
- Private sector security consultant (8 years)
- Hired by Quantum Dynamics 2 years ago to secure DoD contracts
**Personality:**
- Paranoid but competent
- Frustrated by company's inadequate security budget
- Suspects everyone (including player initially)
- Professional, no-nonsense, respected by employees
**Player Relationship:**
- Initially suspicious of SAFETYNET involvement ("why now?")
- Provides limited access, tests player's competence
- If player demonstrates skill: full cooperation
- Warns player about CEO pressure to "solve quietly without damaging reputation"
**Key Information Provides:**
- Original investigation notes (incomplete but helpful)
- Security logs and network traffic data
- Employee access records
- Background on Project Heisenberg importance
### 3. Dr. Jennifer Zhao (CEO)
**Role:** CEO & Founder of Quantum Dynamics
**Age:** 45
**Background:**
- PhD in Quantum Physics (MIT)
- Founded company 12 years ago
- Visionary but business-focused
**Personality:**
- Brilliant scientist, pragmatic businesswoman
- Paranoid about company reputation
- Pressure to resolve quietly ("no press, no prosecution if possible")
- Conflicted: wants justice but fears DoD contract loss
**Moral Complexity:**
- Quantum Dynamics retains competitor zero-days unethically (competitive advantage)
- This retention makes stolen data more dangerous
- If exposed, company's ethical practices questioned
- CEO willing to suppress some truths to save company
**Player Interaction:**
- Minimal (brief meetings only)
- Pressures player for "discrete resolution"
- Offers bonus if kept quiet
- Secondary choice: Expose company's zero-day retention vs. quiet resolution
### 4. Marcus Webb (IT Manager)
**Role:** Infrastructure & Security Systems Manager
**Age:** 33
**Background:**
- Self-taught systems admin
- Works at Quantum Dynamics for 6 years
- Competent but overworked
**Personality:**
- Helpful, eager to please
- Defensive about security (knows systems are underfunded)
- Guilty about not catching insider sooner
- Provides technical access to player
**Investigation Support:**
- Provides network logs and server access
- Explains security architecture
- Gives player keycard cloner for server room access
- Accidentally reveals: company has minimal logging (budget cuts)
### 5. Dr. Sarah Chen (Cryptography Team Lead)
**Role:** Torres' direct supervisor
**Age:** 41
**Background:**
- PhD Cryptography (Berkeley)
- Leads Project Heisenberg team
- Manages 8 cryptographers including Torres
**Personality:**
- Brilliant, focused on research
- Trusts her team (too much - didn't notice Torres' behavior)
- Defensive of employees ("my team wouldn't do this")
**Investigation Value:**
- Provides Torres' work history and performance reviews
- Access to Project Heisenberg documentation (helps player understand what was stolen)
- Eventually admits: Torres seemed stressed last 8 months, she should have asked
### 6-10. Engineering Team NPCs (Interview Subjects)
**Purpose:** Establish behavioral baselines, provide alibis, red herrings
**Dr. Michael Park** (Quantum Hardware Engineer)
- Suspicious behavior (working late, secretive)
- RED HERRING: Actually having affair with HR manager
- Provides alibi for Torres (saw him in server room Friday nights)
**Lisa Rodriguez** (Software Engineer)
- Close friend of Torres
- Notices his stress, financial problems, wife's illness
- Sympathy complicates investigation (player must balance empathy with duty)
**James Kowalski** (Senior Security Analyst - Internal)
- Investigated initial anomalies, found nothing
- Defensive about missing insider (professional pride hurt)
- Provides technical insights on exfiltration methods
**Dr. Amara Johnson** (Quantum Algorithm Researcher)
- Works on Project Heisenberg with Torres
- Innocent, provides technical context on stolen data's value
- Explains DoD deployment timeline (helps player understand urgency)
**Kevin Tran** (Junior Cryptographer)
- New hire (6 months)
- Idolizes Torres (sees him as mentor)
- Provides character reference (Torres is good person, something wrong must be happening)
### 7. "The Recruiter" (Insider Threat Initiative Handler)
**Role:** Torres' ENTROPY contact (doesn't appear physically, referenced only)
**Real Name:** Unknown (player never learns in M5)
**Cover:** TalentStack Executive Recruiting senior consultant
**Evidence of Existence:**
- Security footage: meets Torres monthly at Café Artemis
- Always wears hat and sunglasses (face never clear)
- Burner phone communications (recovered from Bludit server)
- Payment records (cryptocurrency from untraceable wallet)
**Dialogue from Recovered Messages:**
- "Your wife's treatment depends on completing Phase 2"
- "The journalists are waiting for the deployment schedules"
- "The Architect is pleased with your progress"
- "Remember: you're saving lives by exposing military waste"
**If Torres Turned:**
- Torres can identify Recruiter's methods but not identity
- Sets up potential M8 connection (Insider Threat within SAFETYNET)
- Recruiter goes dark after Torres' arrest (cell protocol)
---
## Moral Choices & Branching
### Primary Choice: How to Handle David Torres
**Option A: Turn Torres into Double Agent (Recommended for Campaign)**
- **Requirements:**
- Present evidence of ENTROPY's true plan (foreign sales, not journalism)
- Offer witness protection + medical coverage for Elena
- Show empathy for his situation
- **Consequences:**
- Torres provides ongoing intelligence (M6: crypto tracking, M7: insider threat patterns, M8: helps identify SAFETYNET mole)
- Elena's treatment funded, Torres' family safe
- SAFETYNET gains 23 company locations with ENTROPY insiders
- Torres testifies in M10 finale
- Risk: Torres could be discovered by ENTROPY (managed via careful handling)
- **Campaign Impact:** HIGH - Major intelligence source for remaining missions
**Option B: Arrest Torres (Standard Resolution)**
- **Requirements:**
- Sufficient evidence for prosecution
- Miranda rights, legal arrest
- **Consequences:**
- Torres prosecuted, likely 15-25 years federal prison
- Elena loses medical coverage, high risk of death
- Limited intelligence gained (lawyer involvement)
- SAFETYNET must find other Insider Threat Initiative operatives manually
- Torres' knowledge lost
- **Campaign Impact:** MEDIUM - One cell disrupted but limited ongoing value
**Option C: Sympathetic Release (Risky Choice)**
- **Requirements:**
- Player believes financial desperation justifies actions
- Willing to let Torres go with warning
- **Consequences:**
- Torres flees with family (SAFETYNET loses track)
- Data exfiltration continues (partial ENTROPY success)
- Player faces investigation for misconduct
- Zero-days still sold to foreign governments (human cost occurs)
- Morally complex: saved one family, endangered many others
- **Campaign Impact:** LOW - Negative consequences in M7 (attack succeeds partially due to stolen data)
**Option D: Expose EVERYTHING Publicly (Whistleblower Route)**
- **Requirements:**
- Gather evidence of BOTH Torres' espionage AND Quantum Dynamics' unethical zero-day retention
- Leak to media
- **Consequences:**
- Torres arrested, company reputation destroyed
- Quantum Dynamics loses DoD contracts (450 employees laid off)
- Public learns of quantum crypto vulnerabilities (panic, market crash)
- ENTROPY's plan exposed (can't sell data, foreign buyers flee)
- Player faces disciplinary action (burned operational security)
- **Campaign Impact:** MEDIUM - ENTROPY disrupted but SAFETYNET damaged
### Secondary Choice: Handle Company's Zero-Day Retention
**Context:** During investigation, player discovers Quantum Dynamics:
- Discovered 14 critical vulnerabilities in competitor products
- Did NOT disclose to competitors (unethical)
- Retained for competitive advantage (potential securities fraud)
- CEO Jennifer Zhao aware and approved
**Choice:**
**Option A: Quiet Resolution (Protect Company)**
- Don't expose zero-day retention
- Focus only on insider threat
- Quantum Dynamics reputation intact
- 450 jobs saved
- BUT: Unethical practice continues
**Option B: Report to Authorities (Ethical)**
- Report zero-day retention to SEC and DoD
- Company faces investigation
- Potential contract loss, layoffs
- Competitors notified, vulnerabilities patched
- Public cybersecurity improved
**Campaign Impact:** Affects M6 (if company collapsed, financial trail harder to follow)
### Tertiary Choice: Handling Elena's Illness
**Emotional Dimension:**
Player learns Elena Torres has Stage 3 breast cancer:
- $380K treatment cost
- Insurance company denied coverage (experimental treatment)
- 60% survival chance with treatment, 15% without
- Has two children (ages 8 and 11)
**Choices:**
**If Arresting Torres:**
- SAFETYNET can fund Elena's treatment (witness protection budget)
- OR: Elena goes without treatment (likely death)
- Player decides: Separate justice from mercy vs. Pure justice
**If Turning Torres:**
- Treatment automatically covered (part of deal)
- Torres cooperates fully knowing family is safe
**Emotional Weight:**
- Player must balance: National security vs. One family's life
- No "right" answer
- Game doesn't judge player's choice
---
## Success Outcomes
### Full Success
- Insider identified (David Torres)
- Complete evidence gathered
- Torres turned into double agent OR arrested with full cooperation
- Final data exfiltration prevented (DoD schedules + zero-days secured)
- Insider Threat Initiative network mapped (23 companies)
- ENTROPY's cross-cell business model understood
- Elena's treatment funded (witness protection)
**Unlocks for Campaign:**
- David Torres intelligence source (M6-M10)
- TalentStack Executive Recruiting locations
- Digital Vanguard server IPs
- Insider Threat Initiative methodology
### Partial Success
- Insider identified but incomplete evidence
- Torres arrested but doesn't cooperate (lawyer involvement)
- Some data recovered but exfiltration partially succeeded
- Limited intelligence on ENTROPY network
**Campaign Impact:**
- Reduced intelligence for M6
- Harder to track ENTROPY financial network
- M7 difficulty increased (stolen data used in attacks)
### Minimal Success
- Insider identified but escaped
- Insufficient evidence for prosecution
- Data exfiltration completed (ENTROPY success)
- Zero-days sold to foreign governments
**Campaign Impact:**
- Major setback in M7 (attacks more successful)
- Human cost (intelligence officers compromised)
- Player reputation damaged
### Failed Mission
- Insider not identified OR wrong person accused
- Data exfiltration completed
- Torres flees to ENTROPY
- Quantum Dynamics compromised permanently
**Campaign Impact:**
- Catastrophic consequences in M7
- US quantum crypto program destroyed
- Season 1 finale significantly harder
---
## Connection to Campaign Arc
### Setup from Previous Missions
**From M1 (First Contact):**
- Social Fabric's mass panic attack showed ENTROPY's ideological motivation
- Derek Lawson's "acceptable losses" philosophy
- First mention of The Architect approving operations
**From M2 (Ransomed Trust):**
- Ransomware Incorporated's cryptocurrency payments
- Financial trail hints at larger network
- Ghost Protocol coordination
**From M3 (Ghost in the Machine):**
- Zero Day Syndicate sells exploits to other cells
- Victoria Sterling's client list included multiple ENTROPY operations
- "The Architect" mentioned in encrypted communications
- Pattern of cross-cell coordination confirmed
**From M4 (Critical Failure):**
- Critical Mass + Social Fabric coordination (infrastructure + disinformation)
- Task Force Null assignment
- The Architect's infrastructure initiative
- Cross-cell planning sophistication
### M5's Unique Contribution
**MAJOR REVELATION: ENTROPY as Criminal Corporation**
M5 is the first mission where player sees ENTROPY operating like a business:
- **Insider Threat Initiative:** "Talent acquisition" (recruiting insiders)
- **Digital Vanguard:** "Technical analysis" (processing stolen data)
- **Zero Day Syndicate:** "Sales and distribution" (weaponizing intelligence)
- **Crypto Anarchists:** "Financial services" (laundering payments)
**Service Level Agreements between cells:**
- ITI receives $15K per successful placement from Digital Vanguard
- DV provides technical infrastructure for exfiltration
- ZDS packages exploits developed from DV's analysis
- CA handles all cryptocurrency transactions
**This reveals The Architect's true genius:**
Not just coordinating attacks - built a **criminal multinational corporation** with specialized divisions and profit-sharing.
### Setup for Future Missions
**For M6 (Follow the Money):**
- Cryptocurrency payments from Torres to track
- Digital Vanguard server IPs lead to HashChain Exchange
- Financial network mapping begins
- If Torres turned: Provides account numbers and transaction IDs
**For M7 (The Architect's Gambit):**
- If Torres NOT turned: Stolen quantum crypto data used in coordinated attacks
- Supply Chain Saboteurs could use zero-days from this operation
- DoD deployment schedules used for timing attacks
- Human cost if data sold to foreign governments
**For M8 (The Mole):**
- Insider Threat Initiative's "Deep State" operation mentioned
- Torres reveals: ITI brags about "government placements"
- Setup for SAFETYNET mole discovery
- Recruitment methodology learned here helps identify mole
**For M10 (The Final Cipher):**
- If Torres turned: Testifies about The Architect's approval of operation
- Provides evidence of corporate structure
- Key witness in finale confrontation
---
## Stage 0 Completion Summary
### Technical Challenges Defined ✅
**SecGen VM Challenge:**
- Bludit CMS exploitation (CVE-2019-16113)
- Directory traversal, auth bypass, web shell upload
- Privilege escalation via sudo misconfiguration
- 4 flags revealing ENTROPY communications and evidence
**In-Game Challenges:**
- Multi-NPC investigation (8-10 employee interviews)
- Evidence correlation puzzle (logs, access records, financials)
- Social engineering to extract information
- Non-combat resolution (dialogue-driven confrontation)
- Encoding/decoding (Base64, Hex, multi-stage)
### ENTROPY Cell Selected ✅
**Primary:** Insider Threat Initiative (recruitment and placement)
**Secondary:** Digital Vanguard (technical analysis and infrastructure)
**Cross-Cell Coordination:**
- Zero Day Syndicate (exploit weaponization)
- Crypto Anarchists (payment processing)
### Narrative Themes Established ✅
**Primary Theme:** Moral complexity of insider threats
- Desperation vs. Duty
- Sympathy for criminals with understandable motives
- System failures that enable insider recruitment
**Secondary Theme:** Corporate espionage as national security
- Private sector vulnerabilities
- Post-quantum cryptography arms race
- Government-corporate partnership security
**Tertiary Theme:** ENTROPY as criminal corporation
- Professional service contracts between cells
- Profit-driven coordination
- Business model sophistication
### Specific Threat Defined ✅
**What:** 4.2 TB of quantum cryptography research and DoD deployment data
**Why:** Sell to foreign governments, undermine US quantum supremacy
**How:** Recruited engineer via financial desperation, exfiltrating via encrypted blog
**Consequences:** National security catastrophe, 12-40 human casualties, $4.2B program wasted
### Educational Objectives Mapped ✅
**CyBOK Areas:**
- Human Factors (insider threats, social engineering)
- Web Security (CMS exploitation, web shells)
- Security Operations (forensics, log analysis)
- Systems Security (privilege escalation)
**Appropriate for Tier 2:** Intermediate difficulty, builds on M1-M4 mechanics
---
## Next Stage
**Stage 1: Narrative Structure Development**
With initialization complete, next stage will develop:
- Complete 3-act structure with detailed plot points
- NPC character arcs and dialogue beats
- Investigation puzzle design (evidence correlation mechanics)
- Confrontation scene with branching dialogue
- Campaign integration points
**Key Questions for Stage 1:**
- How does player narrow suspects from 8-10 to David Torres?
- What evidence is required for each confrontation option?
- How do Torres' responses change based on player approach?
- What are the emotional beats of the investigation?
- How does Elena's story intersect with main plot?
---
**Stage 0 Status:** ✅ COMPLETE
**Approval Required:** Ready to proceed to Stage 1 narrative structure development.