This is a continuation of my posts about using some of the ideas in the first edition of the Spycraft RPG to run espionage games in Fate Core.
The elements that I’m discussing are:
- Physical Infiltration
- Face-to-Face Infiltration
- Electronic Infiltration (System Hacking)
- Direct Assault
- Area Pursuits
This week, I’m going to talk about both Face-to-Face and Electronic Infiltration, and Interrogations. Both of these are similar in many ways to the Physical Infiltration topic discussed last week, but both have some important distinctions.
It takes an unflappable demeanour and the ability to completely assume another’s identity to infiltrate a guarded location by posing as someone who belongs there. This is no shadowy infiltration—the spy talks to the guards and walks around right in front of them. They may even deal directly with the main villain and have to maintain their cover for weeks before they are in the perfect position to execute their mission.
Every mission should have a goal or objective. Just like in Physical Infiltrations, the goal should be specific to a single piece of information or equipment, or a single target.
Again, examples include:
- Gather intel
- Steal a physical item
Note that when speaking of stealing an item or sabotage, the target does not necessarily have to be an inanimate object. Sometimes—and this applies to Physical Infiltrations as well—the target is a person. For example, “stealing an item” could also refer to rescuing or even kidnapping a person from the organization’s facility. Sabotage could also mean eliminating (i.e. assassinating) a member of the enemy organization, or just planting evidence to frame them for either a crime or a violation of the organization’s policies.
Again, like the Physical Infiltration, the security forces at the facility usually begin unaware of the attempted infiltration by the spy, and so the resistance is passive.
Here are some common elements that appear in many Face-to-Face Infiltration missions:
- Gaining Initial Access: The spy must enter the facility somehow. If this is a short-term mission (i.e. getting in and out within a couple of hours at the most), the spy will need to bypass the initial security checkpoint usually by posing as a general employee of the organization (or one of their contractors) or a specific individual. This may include using false identification, disguises, and the Deceive skill to convince the security forces (or systems) that you belong. Usually, this is a single roll in the Challenge.
In a long-term mission, the spy may spend weeks or even months infiltrating the organization by posing as a valued member of the team. In these cases, gaining initial access means convincing the organization to hire the spy or otherwise let them join the organization. It often requires the creation of a false identity with a complete history, and the spy must maintain that identity throughout the vetting process. Again, Deceive is usually the main skill here, though Rapport and Empathy play their part, and perhaps other skills may be needed to demonstrate competence in a field of expertise needed by the organization. As this step takes much longer than in a short-term mission, and usually requires surviving a more thorough investigation into the spy’s fake identity as well as proving him- or herself, this often takes 2-3 rolls in the Challenge.
- Reaching the Objective: In a short-term mission, getting to the objective could be 1-3 steps in the Challenge, based on the obstacles determined by the GM. Generally, the obstacles involve interacting with other individuals (e.g. bypassing further security checkpoints, interacting with other workers at the facility, etc.) though they could also include the occasional physical challenge (e.g. secured doors, sneaking into a restricted area, etc.).
In a long-term mission, this is the part that may take weeks to months to complete, depending on the nature of the mission. For example, an objective may be to gain the main villain’s trust in order to replace his trusted second-in-command (perhaps as part of a mission to kidnap and interrogate the second-in-command about the villain’s plans). In such a case, it might take a couple of months for the spy to set events in motion that show the lieutenant as incompetent or untrustworthy while demonstrating the spy’s value to the villain. Such a mission would also include multiple steps, perhaps involving a number of different still rolls.
- Completing the Objective: Like in Physical Intrusions, this could include accessing a computer system, planting a bomb, securing an item, eliminating a target, etc. This is the moment-of-truth in a long-term infiltration, and all the spy’s efforts will come down to that one skill roll.
- Getting Out: In short-term missions, the egress from the facility should be fairly short, just like in Physical Infiltrations.
In long-term missions, this may take a bit longer, though the GM should generally keep it to an absolute maximum of 2-3 rolls. After all, the climax of the mission has passed, and dragging things out will not really add any value to the game.
Here are two examples, one of a short-term Face-to-Face Infiltration, and one long-term.
Joshua Pact is performing a short-term infiltration of a villain organization’s facility—a massive data centre where all the organization’s main servers are kept under tight security. His objective is to locate a specific server and plant a physical intercept device on one of the data lines that will transmit copies of all data to an offsite location controlled by the spy’s team. It is important that he not be detected during the mission, as he does not want the organization to know they have been compromised.
The GM has set the difficulty of each step at Good (+3).
Step One: In order to save time and make this a quick mission, the GM tells Josh that he has a fake identity card that has been programmed to work in the facility’s security system. But getting into the right location and reassuring the security and other personnel at the location is up to him.
Josh arrives at the building dressed as a computer technician and approaches the entrance. A team of three security guards stand at the main desk in the building lobby, where the access control system is located. Josh inserts his card into the reader, and his face—along with his fake identity—come up on the screen. One security guard nods at him to proceed, but another holds up his hand and asks Josh if he’s new here. Josh answers in the affirmative, and the security guard asks him a couple of questions about his job. The GM tells Josh to make a Deceive roll to bluff the guard. Josh rolls +3, a tie. The GM allows Josh to proceed, but takes a boost indicating that the guard is slightly “Suspicious” and may make trouble for Josh as he tries to reach his objective.
Step Two: The GM has decided that it will take two steps to reach the room with the server. First, Josh has to pass through the employee lunchroom to “drop off” his lunch bag (where he’s hidden the intercept device). Naturally, he encounters a couple of co-workers, one of whom is trying to figure out a thorny computer issue. They stop Josh, introduce themselves to the “new guy” and then ask him his opinion of the computer problem. The GM asks Josh to make a Crafts roll to, if not solve the problem, at least convince his co-workers that he is a skilled computer technician. The GM tells the player that if he succeeds on the roll, he convinces the two men of his skills, and if he succeeds with style, he solves the problem. Josh rolls +4, beating the difficulty but not with style. He is unable to help with the problem, but the co-workers believe he knows enough about computers to pass.
Step Three: The next step involves getting to the correct server without being noticed. The supervisor on this shift greets Josh as he enters the main server room and is annoyed about being given a new employee without being advised in advance. Josh tries to convince the supervisor that he has been assigned to do spot checks on various servers as part of an internal audit, which will allow him to roam unaccompanied among the rows of servers. The GM invokes his “Suspicious” boost from earlier—the security guard called the supervisor and asked him to keep an eye on Josh—so the difficulty is now Superb (+5). Josh rolls and gets 5 exactly. The GM tells Josh that the supervisor wants to accompany him, but the man gets a call at that exact moment. Josh has only a couple of minutes to locate the server and plant the device before the supervisor rejoins him.
Step Four: Josh finds the server and makes his Crafts roll to place the device. He succeeds with style, and so manages to get back to the supervisor’s desk before the man’s call ends. The GM gives Josh a “Flawless Cover” boost for the final step of the mission.
Step Five: Josh is required to finish out his shift at the data centre before leaving so that he doesn’t arouse any further suspicion. He performs routine examination of the servers and looks over the team’s maintenance logs and assorted documentation, and then congratulates the supervisor on a well-run operation. He makes a final Deceive skill check to cover his activities over those next few hours and, using his “Flawless Cover” boost, succeeds with no issues. Josh leaves the building having completed a successful mission.
Natalie Romkovski is performing a long-term infiltration of an organization. Her team has identified the villain’s second-in-command, Rose Boon, as a major asset to the villain, and they feel that isolating her from the organization so that they can pick her up and attempt to turn her. They know this is going to be a long mission, but Natalie is skilled at these types of infiltrations. The GM has set the difficulty of each step at Good (+3).
Step One: Natalie first has to join the organization, and this is no easy task. She begins by identifying an individual that the organization has targeted for elimination. She finds the target and fakes his assassination, making it look like she has solved a problem for them. The GM has her roll Deceive in order to create a fake crime scene that will stand up to inspection. Natalie rolls a 4, and succeeds.
Step Two: Having gotten noticed by the organization, Natalie attends a gala party (faking her invitation, of course) so that she can “bump into” Rose Boon. It is easy for Natalie to find her target, and so she makes contact. She rolls Rapport to charm Rose and ensure that the other woman doesn’t forget about her. Natalie succeeds with style, and so the GM gives her the “Impressed” boost.
Step Three: Natalie is contacted by Rose after the gala and a meeting is arranged. Again, Natalie has to roll Deceive in order to ensure that her cover as an international assassin is not pierced by Rose’s investigation into her background and history. Natalie fails, but uses her “Impressed” boost to bump that up to a success.
Step Four: Rose brings Natalie to meet the villain, and he offers her a position within his organization. Now she can get to work making Rose look incompetent and untrustworthy. The GM decides that it will take three steps to get the villain to abandon Rose, and Natalie begins working immediately. Over the next couple of weeks, Natalie takes an opportunity to break into Rose’s office and plant incriminating evidence in her office safe. Natalie makes a Burglary roll and just barely succeeds.
Step Five: For the second of the steps that Natalie needs to frame Rose, she causes one of Rose’s operations to fail by sabotaging a key piece of equipment. Natalie rolls Crafts to sabotage the item, and fails. The GM allows her to succeed with a cost by giving Rose the aspect “Suspicious of Natalie” as she begins to realize what the other woman is doing.
Step Six: For the third and final check to frame Rose, Natalie confronts Rose directly and starts an argument about the best way to conduct an upcoming operation. Natalie uses to Provoke to get Rose to get so angry that she flies off the handle and loses control in front of the main villain. Since Rose is “Suspicious of Natalie,” the GM bumps the difficulty up by +2 to Superb (+5). Natalie invokes one of her own aspects (“Get under your skin”) to give herself a +2 and rolls a total of 6, succeeding. Their argument causes Rose to lose control, and she marches into the main villain’s office and demands that Natalie be captured as an enemy spy. But Natalie tells the villain that Rose is the spy, and when the incriminating documents are found in Rose’s office, he falls for the ruse. Rose flees the facility before the villain’s goons can grab her, and the mission is a success.
Step Seven: Natalie now needs to be extracted from the organization—it’s too dangerous to stay near the mentally-unstable villain—but she cannot just run or the villain will realize that Rose was framed. So Natalie decides to fake her death by assassination. She uses her Deceive skill to fake both the crime scene and a video of the assassination, and beats the difficulty by 1. The villain believes she has been killed, is left without a competent second-in-command in his organization, and the rest of the agent team now goes to pick up Rose, who has been burned and is now without resources.
Unlike the other two infiltrations, a hacker is usually located somewhere completely off site and performs their tasks in relative safety. The computer expert insinuates herself into a network and gathers data, corrupts files, plants evidence, or sets up backdoors for later easy access.
With Electronic Infiltration, some different goals are available than when the person is physically intruding into the facility.
- Gather Intel: This goal is the same as the previous infiltrations, in that the spy is gaining access to files or other information in order to copy them for their own team’s use.
- Sabotage: Planting physical bombs or such are not possible in Electronic Infiltration. However, the spy can sabotage data and even cause damage to equipment that is controlled by a computer.
- Lay Groundwork: A spy can hack into a computer system and place “back doors” that will allow easy access back into the system at a later date. The spy can also set up false identities in security systems, hijack digital security cameras, and otherwise “prepare” a location for later physical infiltration by adjusting systems to make it easier for intruders to bypass them.
The Skills Issue
If you’re using the default Fate Core skill list, you’ll note that there is no “Computer” skill. This means that the hacker cannot fall back on a single skill to succeed at every type of task he or she will attempt through the computer interface. This is a good thing, as you don’t want any member of the team to have one catch-all skill that can be applied in every circumstance.
My recommendation is that the hacker uses the same skills as their counterparts, and they should have an aspect (probably their High Concept) that gives them permission to use those skills as part of their hacking activities. So instead of using a Computers skill to sneak around in a network system and also to search for files and also to disable access barriers, the hacker will use Stealth and Investigate and Burglary. This also means that different hackers will be good at different types of hacking—someone with a high Stealth is better at sneaking into a system, whereas someone with a high Investigation will be able to quickly find whatever data they want in that network.
As in the other types of infiltration, the resistance to an Electronic Infiltration is passive at the beginning of the mission. Therefore, this is generally a Challenge, though of course it could become a Contest at some point (e.g. the hacker attempting to copy certain data files before they are erased by the opposition). It is rare for Conflicts to arise from an Electronic Infiltration, as the hacker and the opposition usually have no way to directly harm each other, either physically or mentally.
- Gaining Initial Access: Getting into the system requires a network connection of some kind—you can’t hack into a computer that is not connected to the outside world unless you’re in the same room with the physical equipment. But once that connection is established, the hacker can attempt to gain access through multiple approaches, such as fooling the system into thinking the hacker is an authorized user, bypassing the security software by using underlying system processes to gain entry, or using brute force to disable the security software with an overwhelming attack.
- Reaching the Objective: The key elements in these steps of a Challenge are usually a) finding the data the hacker wants, and b) getting access to it if it’s restricted.
- Completing the Objective: This is a single step that means the hacker has achieved the mission objective. As noted above, this could be copying and/or destroying data, placing data (e.g. fake credentials) or back doors in the system, or taking control of physical assets controlled by the computer system.
- Getting Out: Disconnecting from the system is nearly instantaneous, but this step can represent pulling out of the system without leaving any traces that an investigator can use to identify or track the hacker after the fact.
The reality is that it is extremely difficult to cause physical damage to a computer system through purely hacking methods. While it is possible for a hacker to turn off the fans and cause the CPU to process so much data that it overheats and potentially catches fire, this is actually very difficult to do and the damage would be very localized and likely be detected almost immediately.
However, there are real-world examples of hackers taking control of physical assets that are connected to computers and using those to do damage. For example, the Stuxnet worm used programmable logic controllers (PLCs) to cause fast-spinning centrifuges in Iranian nuclear facilities to tear themselves apart by making them spin at extremely high speeds and disabling the safety shut-down protocols. So the physical assets were damaged, though the computers themselves were not physically harmed in any way.
But the players are encouraged to be creative with their ability to do damage with physical assets that are controlled by networked computer systems. Imagine a villain organization with a manufacturing plant that uses lasers on robotic arms to cut and weld metal parts. If the spy hacker could take control of those robotic arms, then he or she could use them to damage other nearby equipment or even assassinate someone standing in range of the lasers.
The last element I’m going to cover this week is Interrogations. As mentioned in the Fate Core rulebook, interrogations are generally Conflicts rather than Challenges. The interrogator(s) are trying to cause mental damage (usually) to the target in order to force them to concede and give up the information they want. The target is trying to resist by causing mental damage to the interrogators to undermine their confidence, exhaust them, and otherwise convince them to give up.
Interrogations sit on a spectrum as to how the target is treated. At one end of the spectrum is forceful questioning—the target is asked questions in a direct and forthright manner and not permitted to leave until he or she has given up the information. At the other end of the spectrum is torture, where the questioners physically and mentally do harm to the person to break their will. Between those two points is a vast space where the player characters can choose to act.
Obviously, the type of game being played will inform the kinds of decisions the PCs (and thus the players) choose to make about how far along that spectrum they are willing to go. In a light-hearted action-espionage game, moving toward torture is going to be out of place. But in a gritty, dangerous setting where life is cheap, interrogations may regularly feature some sort of physical punishment.
This is something that the GM and players should discuss before the game, to ensure everyone is on the same page and that all players at the table are having fun.
“Taken Out” and Concessions
If the agents want to have confidence in the information they are given, it is important that they overcome the target’s willpower. This means that they should focus on inflicting Mental stress and consequences.
So what happens if they just choose to beat up the target until he or she is taken out? I recommend that a target who has been taken out (or concedes) with purely physical attacks tells the agents what he or she thinks they want to hear, rather than the actual truth. Torture of this nature is notoriously unreliable, and the agents should be aware that they can never trust the information gotten through these methods alone.
This also applies to the old “I put my gun to the target’s head and tell him that I’ll shoot him if he doesn’t start talking” approach. If the target has an option to lie or otherwise provide false information, he or she will take it.
However, if the agents choose to engage in physical attacks during an interrogation, its value is in giving bonuses to rolls in the mental conflict. For example, if the agents keep the target awake for long periods of time and the target ends up with an “Exhausted” aspect, then the agents can use that aspect to help them with their rolls to break down the target’s mental resistance to giving up the information.
Note that some common action-espionage movie tropes—like the aforementioned putting their gun to a target’s head and demanding information—should work in certain types of games. In those cases, a straight Provoke roll can be used to determine if it gets the agents the information they want and the game then moves on. Don’t feel constrained to play out a long interrogation if it doesn’t fit the pace of the current game.
The Final Installment
Next week, I’ll post my final notes on running espionage games, including Direct Assaults, Seductions, and Area Pursuits, along with a bit of discussion on ways to incorporate the rest of the agent team into the single-agent Infiltrations in order to keep all the players engaged.
See you then.