Cyberpunk 2020: The hacker’s Netrunner’s arsenal

The Cyberpunk game series originated in the late 1980s, and it owes its existence largely to the popularity of books by William Gibson and Philip K. Dick as well as the film Blade Runner, which was based on one of the latter’s novels. Since then, the pen-and-paper games in this series have been refined and updated several times, and they have reached their culmination in the epic computer game Cyberpunk 2077, which fans had been anticipating for some time before its actual release.

But for today’s article we are interested in an earlier game in this series, Cyberpunk 2020. That is because it takes place in 2020 — our present day.

By and large, it’s a run-of-the-mill pen-and-paper role-playing game: People gather at a table or in a chat room, generate characters with certain skills and characteristics, and then under the guidance of a master proceed through a certain story. It takes place in a rather gloomy but incredibly stylish world where corporations hold great power, street violence is rampant, and people have modified themselves using cybernetics.

But we are interested in Cyberpunk 2020 primarily because one of the available character classes, Netrunner, is essentially a hacker who solves game problems using programs. That is, the character is a 2020 hacker as the authors of the late 80s and early 90s saw the role. Coming to the end of 2020, we wanted to compare the retrofuturistic hacker’s arsenal with real-world, present-day tools.

A few words about the world of Cyberpunk 2020

Netrunners operate not in the physical world, but in virtual reality. Do you recall those jumbles of geometric shapes that the filmmakers of that period loved to use to portray digital universes? That’s what the creators of the game had in mind, too. The plot explains it as follows: Algorithms transform the topography of real information systems into a kind of futuristic landscape.

When a hacker connects to the Net through a special “cyberdeck” device (or simply “deck”), their consciousness leaves the physical world and is embodied in the virtual one. Most professional Netrunners use an implanted interface to connect (it is possible to interact without such a device, using electrodes that stick to the head, but that doesn’t work as well).

In this reality, the computer systems of governments, corporations, and other organizations are represented in the form of Data Fortresses (Dataforts for short), with code gates and appropriately thick “data walls.” Generally speaking, Netrunners try to penetrate the fortresses to learn their secrets, steal files, open computer-controlled doors in the real world, eavesdrop on conversations, and so on. Of course, the programs and experts defend the Dataforts.

At the same time, extremely harsh laws — in effect practically all over the world — forbid illegal access to information and penetration of these information systems. Government organizations may use any means to take out the attackers. Corporate security services are not much nicer, and they have the right to arrest a hacker. He faces imprisonment in extremely harsh conditions at best, or at worst, memory erasure. Because the Netrunner is physically connected to the computer, defenders can even try to physically fry his brain.

The Netrunner’s arsenal

Depending on his hardware, a Netrunner can take a limited set of programs with him, so players who exercise forethought are rewarded. The available programs fall into several subcategories. We will cover the main sections described in the Cyberpunk 2020 rulebook, touching on the “Anti-Personnel” and “Demons” collections only lightly.

Anti-Personnel tools can disable the Netrunner (give him a heart attack, destroy his brain, ignite his hardware). Fortunately, no real-world analogs to these — or to Demons, virtual entities that can be armed with additional programs — exist.

But the other classes of programs from Cyberpunk 2020 resonate well with the real state of affairs in 2020.

Intrusion programs

The standard set of intrusion programs is small. Hammer and Jackhammer deal brutal attacks against data walls. You could make some rough comparisons with various classes of real tools and attack methods, ranging from brute-forcing to exploit packs, but strictly speaking, the very concept of data walls that need to be hammered to reduce their strength doesn’t really correspond to our actual 2020. There aren’t really any direct analogs to the game’s virtual hammers.

There is also a Worm. It’s described as something that emulates a part of the code of the attacked infrastructure that can penetrate walls and provide access from the inside. Worms in the Cyberpunk universe have nothing in common with their modern-day namesakes. According to our classification, these would be closer to Trojans — except that real Trojans rarely pose as part of infrastructure, more commonly infiltrating under the guise of user applications and files, which is a much more effective strategy in practice.

Decryption programs

Codecracker is the simplest program for opening virtual code gates. Rather than deciphering a key, it gains access by disassembling the gate code. In general, this is an authentic tactic — hackers often do try to find vulnerabilities in authentication systems — but fortunately, in the real 2020, this process is not automated.

The Wizard’s Book tries passwords and code words, entering billions in just a second. Perhaps this is the first program from the Netrunner arsenal with a real analog: Lots of tools exist for carrying out brute-force attacks. However, modern authentication systems have built-in security mechanisms to limit the number of allowed attempts. In other words, this kind of attack, though real, is no longer as effective as it once was.

The Raffles decryption program is used to try to find a key to a file or gate by asking the system leading questions. Fortunately, real systems are not trained to answer extraneous questions; otherwise, this might be a real threat vector.

Programs for detecting intruders

Watchdog, Bloodhound, and Pit Bull are programs that protect the information system and warn the operator of any infiltrations. In general, we use such technologies in most of our security solutions. They are called IDS (intrusion detection systems). A few differences distinguish these ones: Bloodhound can also determine a hacker’s physical location, and Pit Bull can disconnect hackers from the Net. In reality, performing these tasks is not so trouble-free.

SeeYa can identify invisible objects in virtual reality, and Hidden Virtue distinguishes real objects (a program, file, or attacker) from simulations. Our modern Internet works without the virtual interface, so we have no real-world need for such programs.

Regarding Speedtrap, which detects the activity of programs that present a danger to the Netrunner, it’s difficult to nail down the real-world analog, but generally speaking, tools can enable you to detect the presence of software by its activity (for example, by scanning ports). Malware also often has mechanisms built in to detect security solutions. A Netrunner on the Net is, in fact, a kind of malware, so we can say that this program makes sense in modern terms.

Tools for handling security systems and other Netrunners

Flatline fries the interface chip that the cyberdeck uses to connect to the Net, and Poison Flatline disables the entire device. In reality, there is no such thing: remotely causing irreparable damage to hardware is extremely difficult. (Then again, don’t forget what happened to certain centrifuges for uranium enrichment, or other exotic stories such as the printer hacking that incapacitated nonvolatile memory.

Krash and DecKRASH cause hardware errors and force system reboots. The first attacks the nearest processor in the attacked deck or system, and the second focuses just on cyberdecks. These are the real deal. A multitude of tools exists to conduct Denial of Service attacks. True, the real equivalents are more highly specialized and more likely to attack the operating system than the hardware, but their effects are comparable.

Murphy forces the target to run all available programs at the same time. This one’s pure fiction. It is also not clear what the point of this action would be during a real attack.

Virizz slows down the cyberdeck, and the only solution is a reboot. The real-world analog would be, again, a DoS attack.

Viral 15 forces the cyberdeck to delete one random program or file per minute. It remains active until the system is restarted. That sounds like a kind of slow-motion wiper. Moreover, it stays in operation until reboot, meaning that it is probably fileless, running only from RAM. In reality, of course, it is much more profitable for attackers to delete data as quickly and stealthily as possible.

Evasion/Stealth tools

Invisibility masks the trail of the cybermodem, and Stealth mutes its signal to keep security systems from reacting to the presence of the stranger (while at the same time not blocking visibility by other Netrunners). Neither program would work in our reality.

Replicator creates millions of copies of the cybermodem traces to throw defenders off the trail. Such a tactic is genuine — faced with millions of indicators of compromise, a security program probably can’t react to a real threat in time.

Protection programs

Shield, Force Shield, Reflector, and Armor all protect the Netrunner against bodily attacks. Just like the attacks, these protective tools are fictional.

Flak creates a wall of static interference, blinding enemy programs. In reality, it probably corresponds to another type of DoS attack: one aimed specifically at cybersecurity tools.

Antisoftware tools

Killer (as well as several variants) is described as a virus that enters the logical structure of other programs, causing errors. This type of program may well exist: Viruses that embed themselves in executable files were once popular with virus writers, and they regularly caused infected programs to crash. However, that was not typically the intended behavior but rather the result of careless programming. In recent years, this type of threat has practically disappeared; it is not clear why it would be useful in practice.

Manticore, Hydra, and Dragon are programs for hunting demons. They’re no more real than the demons are.

Aardvark, however, is a real thing. The tool finds and destroys Worm programs (which you’ll remember are Trojans for our purposes here). In fact, Aardvark is nothing more than ordinary antivirus software. Judging by the description, it would be rather archaic by modern standards; it relies on signature analysis (current security solutions are much more complicated).

Programs for remote management

Viddy Master, Soundmachine, Open Sesame, Genie, Hotwire, Dee-2, and Crystal Ball are programs used to remotely manage various equipment (microphones, speakers, screens, cameras, doors, cars, and robots). They may well exist in reality, especially in devices from manufacturers that are not very concerned about security.

News At 8 is a program for accessing information and news through the Net. Of course, such software exists. It includes Web browsers, for example.

Phone Home allows the Netrunner to place and accept calls while on the Net. That’s just a standard client for IP telephony.

Utilities

Databaser creates files to store information. Nothing special about that.

Alias changes the name of the file to conceal its true purpose. This type of function is built into practically any operating system, only here, it also includes a randomizer.

Re-Rezz recompiles and restores damaged files and programs. In reality, it is impossible to recompile a damaged program without the source code (then again, if you have the source code, then there’s no problem). But the methods used for recovering damaged files are in fact more relevant in the second decade of the twenty-first century than ever before. For example, our rollback technology, which protects important data from ransomware, saves a copy of the file opened by a suspicious process and then replaces the damaged data with the copy.

Instant Replay and NetMap: The first one records the path of the Netrunner on the Net, and the second shows a map of the nearby Net regions. Pure fantasy.

GateMaster deletes Virizz and Viral 15 without needing to reboot the cyberdeck. This is like a very narrowly targeted antivirus program. It calls to mind early antivirus programs, which were written to counteract specific strains and not to protect the computer from malware in general.

Padlock is a program that limits access to a deck. It is indeed possible to write software to restrict access to something.

ElectroLock and Filelocker are programs for protecting information from unauthorized access. Basically, they are utilities for encrypting files. They differ in algorithm complexity. Such software actually exists (for example, our products call this technology File Level Encryption).

File Packer and Backup are quite realistic archiving and backup programs, respectively.

A view from the past

The Cyberpunk 2020 rulebook makes for quite entertaining reading and contains many interesting predictions apart from the hacker’s toolkit. It will be fun to repeat this exercise 57 years from now and compare Cyberpunk 2077 with the real year 2077. As they say, stay tuned.