Item #: SCP-2801
Object Class: Keter
Special Containment Procedures: A copy of SCP-2801 is currently held at Site-19.
All Foundation personnel are to undergo screening for SCP-2801-1 infection on a monthly biweekly basis. Additional screenings may be mandated by the site security director. All infected persons not held for research purposes are to be immediately terminated. No recordings of infected persons are to be made, and all other cognitohazardous material containing SCP-2801-1 are to be destroyed.
Foundation webcrawlers are to monitor file-sharing websites and hacker forums for copies of SCP-2801 or related materials. MTF Sigma-5 ("'; DROP TABLE taskforces --") is to remove these copies as soon as possible upon detection in compliance with standard data supression protocols.
MTF Theta-8 ("Blue Pills") is currently responsible for identifying and neutralizing persons or organizations in possession of SCP-2801. Utilization of Project Lethe and/or SCP-2000 is currently under consideration.
Description: SCP-2801 refers to a software for Linux-based operating systems capable of generating Class-II cognitohazards as audio or image files, using a variety of common formats. The effects of the hazards generated are determined by user-written code similar in syntax to the C programming language. SCP-2801 was freely distributed on 2018/3/17 on the hacker forum [REDACTED] under the title "Neurocrack", and has since been redistributed multiple times from various sources despite Foundation containment efforts.
SCP-2801 has demonstrated the ability to create self-propagating cognitohazards, referred to as SCP-2801-1,1 that are capable of nearly complete control over a host's behavior. This can include motor control, memory access, and psionic field manipulation, among other aspects. Over 100 unique SCP-2801-1 variants have been identified in the wild as of 2018/11/12, which are typically used for financial gain or as offensive tools, although other uses are not uncommon. Unless otherwise specified by its creators, SCP-2801-1 infection is permanent, and an effective treatment has not yet been found.
While the user-created nature of SCP-2801-1 variants means very few traits apply to every one, a few generalizations can be made regarding SCP-2801-1 behavior. Most SCP-2801-1 variants spread through the use of cognitohazards present in the speech of infected persons. In addition, variants often construct telepathic networks among infected persons, which can then be used for data exfiltration or to remotely control variant behavior, and variants with design flaws can unintentionally cause epileptic seizures. Infected persons are rarely aware of these symptoms.
See Document X3B-2801-RQ for descriptions of all known variants.
Addendum 2801: The following is a timeline of events related to SCP-2801 and SCP-2801-1.
2017/11/29: SCP-2801-A, the first known SCP-2801-1 variant, is discovered during testing on SCP-4993 at Site-19. Test results were inconsistent with previous experiments, and after further testing this was attributed to an unknown cognitohazardous agent present in D-8937, despite the lack of observable symptoms. Further investigation revealed similar agents present in 96% of the personnel in D-8937's assigned barracks.
2017/12/3: MTF Eta-11 ("Savage Beasts") begins an investigation into the origins of SCP-2801-A.
2018/3/17: SCP-2801 is uploaded to the hacker forum [REDACTED] under the name "Neurocrack" along with documentation and source code for a basic SCP-2801-1 variant2. The file was available for 7 hours and received download requests from 97 unique hosts before it was removed by MTF Sigma-5 ("'; DROP TABLE taskforces --"). The file was accompanied by the following post:
The author of this post was later identified as a penetration tester living in the city of Dallas, Texas named Nathan Snyder (designated POI-7684). A raid on POI-7684's apartment failed to apprehend him; the complex's owner indicated that he had left his apartment with a number of electronics the previous afternoon. POI-7684's status and location remains unknown.
2018/3/19: SCP-2801-B, -C, and -D are discovered alongside a spike in SCP-2801-A infections. While simplistic, these variants proved active exploitation of SCP-2801 was occurring much sooner than was expected. Foundation webcrawlers also take down a number of threads pertaining to SCP-2801 on both [REDACTED] and other sites.
2018/4/2: A string of identity theft cases is linked to a previously undiscovered SCP-2801-1 variant, designated SCP-2801-N, which was used to steal sensitive information from the hosts' mind while displaying very few identifiable symptoms. The operator of the variant was estimated to have stolen over two million USD in this fashion.
Upon detainment, the operator of SCP-2801-N claimed that the variant had been sold to him and by another hacker. The operator was terminated two days later. Investigation into the identities of the creator and other operators are still on going.2018/4/28: SCP-2801 utilization continues to spread despite containment efforts. SCP-2801 had been reuploaded to the internet under numerous screen names with over 1,000 downloads, and multiple users have opened threads attempting to sell SCP-2801 code modules. Five "Neurocracker"3 groups have also been identified, including Pseudonym4, which remains the oldest active group.
2018/5/6: SCP-2801-W is discovered in central Germany, having infected █████ people in less than a week, the highest infection rate of any variant at the time. SCP-2801-W utilizes large amounts of psionic signals to overwhelm a target, inducing epileptic seizures followed by sudden unexpected death in 83% of cases, even if the target is not infected. No correlation has been found between targets, and this behavior occurs at seemingly random intervals.A group named Cohaz has claimed to be the operator of SCP-2801-W on various black market websites. This group claims to be able to use SCP-2801-W to assassinate an individual of the client's choice in exchange for payment in the Monero cryptocurrency. These claims have not yet been verified.
2018/5/15: The Global Occult Coalition begins an initiative to identify and terminate persons in possession of SCP-2801.
2018/6/21: Growing awareness of Foundation and GOC efforts to suppress information about SCP-2801 among portions of the hacker community leads many to use covert channels or include SCP-2801-generated cognitohazards in threads in an attempt to deter censors. The adoption rate of SCP-2801 slows as a result, but the estimated user base remains large.
2018/8/4: Dr. Charles Stone, assistant director of Site-22, enters a coma as a result of SCP-2801-BE infection. As is typical of SCP-2801-BE behavior, Dr. Stone cut himself on his left arm with a knife and wrote the message "Send bitcoin have 1 week" along with a bitcoin address on the wall of his office with his blood before expiring. Compliance with these demands had no effect on Dr. Stone's condition, and he went into cardiac arrest and died 5 days later as a result of an epileptic seizure in the Site-22 medical sector. It remains unknown whether he was specifically targeted, or was infected by chance.
2018/8/6: Investigation into Dr. Stone's death reveals that at least 37% of Site-22 personnel were infected with SCP-2801-1. 7 unique variants were identified. Site-22 was placed under quarantine, and all SCP objects on-site were moved to Site-19.
2018/10/12: SCP-2801-CV is identified in South Korea, marking the 100th unique variant discovered.
2018/10/26: The Foundation and GOC are targeted by a number of coordinated remote attacks, consisting of both traditional cyberattacks and attacks utilizing SCP-2801-1. The attacks lasted for 4 hours and affected 7 Foundation facilities and 11 site networks, including [REDACTED]. In addition to causing a number of Euclid and Keter-class containment breaches, the attacks resulted in ███ personnel casualties and the leakage of ███ classified documents, including [REDACTED]. Restoration efforts are still in progress. Statistics regarding the attacks on the GOC are not available, but are expected to be similar.
Several Neurocracker groups, including Pseudonym and Cohaz, have declared their involvement in the attacks. Efforts to identify other collaborators are ongoing.
Restoration efforts are still in progress.
