It helps to have someone else - preferably a few someone elses, at least an Agent - ready to throw Spoofs up if you start getting traced.




At the very worst, you'd have to program the node to carbon-copy you the information it sends, so you can send it again later, so you can grab the info the schlub uses the next time he does an actual transaction.

So basically with the mechanics that exist in the game this is a viable option for earning extra nuyen. If the hacker sets it all up right he can pull this off with little work and little chance of getting caught, unless he uses the same technique over and over at which time people would start making changes in the actual transaction system or how you can withdraw nuyen or move it around.

However such a character is more a vanilla criminal and not so much a shadowrunner. If your character wanted to steal money from common people he could have easily become a banker (some offense intended) or worked for a corporation instead of risking getting fried by black IC every couple of weeks as a runner.

Unlikely. The sheer number of Joe Generic Wageslaves in the world would make such a "constant scrutiny" approach to security rather expensive. And none of those low-roller wageslaves are WORTH that kind of scrutiny.

Also, if that level of scrutiny was applied even to Joe Wageslave ... it'd also get applied to Joe Shadowrunner, too. Which would pretty much put the kibosh on the entire game, right there.

Easy way to bypass all the security discussed in this thread:

Sit in a busy location.
Hack every comlink.
Have said comlink authorize a 5 (IMG:style_emoticons/default/nuyen.gif) deposit to your offshore account.

Figure it takes 10 seconds to hack each one and that you can only hack one at a time (these are reasonable assumptions, given the game*).

In 8 hours you've made 14,400 (IMG:style_emoticons/default/nuyen.gif)

I don't know about you, but a wage of $1800 an hour doesn't sound too bad. And each account was only deducted by $5, and can easily be disguised as a coffee purchase or a slice of pizza at that streetside food vendor.

*A 10 second hack is about par for the system for hacking on the fly, and honestly, if you look closely you might even determine that the duration is even lower. Only one at a time means we aren't using an agent. Finding a location where almost 3000 people walk by every day? Trivial.

No.

Buy a Novatech Airwave (R3 Si3; 1,250¥), running the Mangadyne Deva OS (F2 Sy3; 800¥). Upload a cracked Pocket Hacker to the commlink.

Then buy a roll of gecko tape, and use a 4cmx4cm square of it to stick said commlink to the underside of a table or chair, in that busy area.

Then walk away and do not ever return to retrieve that commlink. Once you've collected your money, you're going to push it all through a one-time credit account (Unwired, p93; costs 10% of the deposit amount), leaving you with 12,960 nuyen.

Yes, you're writing off about 2,100¥ of gear. But, even if you assume a fairly-steep 50% laundering fee (I call that steep because you've already reasonably-anonymised the funds by using a one-time account), you're grossing about 6,500¥. So your profits are over 200%, at 4,400Ñ.

Per day. For functionally zero risk, if you don't run the scam too often. Twice a month would support a Middle lifestyle, with plenty of cash left over ...

I was ignoring steps such as this.

But yes.

That sounds suspiciously like a "Spoofing a Lifestyle" roll..

The trouble with these two theories is that they require that these commlinks and these hacks go unnoticed for a long period of time, but this is not necessarily so.

If the commlink is operating in Hidden mode, it could be detected by anyone searching for hidden nodes. If the commlink is in Public mode, then it will not take long before an unattended commlink is detected. Additionally there is the risk of accidentally trying to hack a security conscious passerby (if only their throwaway secondary commlink) every now and then.

I kinda consider such skimming tactics to be the mechanics behind Spoofing a lifestyle personally, and prefer the gains from such activities to be abstracted under such rules, but YMMV.

Of course not. But if you only need it to work for eight hours ... *shrug* ... that's not all THAT terribly long a time.


Eh. Any hacker worth the name will have scouted the area, and know the frequency (and maybe pattern) of "sweep for hidden nodes" efforts if any. Keep in mind, we may be talking about the commlink being taped to the bottom of a chair or table in a sidewalk cafe, in the middle of Times Square, hacking the commlinks of pedestrian passers-by.

It's not guaranteed to escape notice, but, it probably will do so, anyway.

Alternately? Use an LTA drone, with a higher Signal rating. One that is, in fact, also a legitimate advertising node, hovering over a busy pedestrian thoroughfare broadcasting advertisements for the latest "mal;e enhancers" or whatever (potential bonus: score some REAL advertising money on the side). The nice, legit, spamvertisig node? Is also where your Pocket Hacker agent is sitting. (IMG:style_emoticons/default/smile.gif)

Add a holographic projector to put screamingly-obvious "lookit me I'm a marketing venue" holo-billboards around the drone, too. Hide in plain sight.

...

Memo to me: must remember that trick for future Rigger builds. ^_^


Yes and no.

If done on a regular basis, with the motivation of "I want to pay my rent with this money", then you're right.

But if done as a one-off, a "we need some extra cash before our next run" effort? Then it's not spoofing a lifestyle, because the cash is almost certainly going elsewhere than rent, food, etc.

...

Also, it's useful to have the math worked out this way, so that a GM who is being overly stingy can have this fact pointed out to them in the clearest possible manner: "Nah, I give a pass on the run. Not stickin' my neck out that far for only five hundred nuyen, no way! Instead, I'll head down to the local mall and <insert scam description here>. Just buying successes to cut throught he die rolls, I figure on average I should clear <insert much higher sum here> ... for less than one-TENTH of the risk. ..... oh, and I can do this next time, too, if the Johnson tries to low-ball is that bad again."

IOW, "why should we do shadowruns for peanuts, when we can [mug people / steal cars / hack commlinks / etc] for ten times the money and half the risk?"

1. It's very likley the banking operations aren't done on the user's commlink node but on the bank's node. The commlink just send the authentication data, which might be some biometric data or other form of authentication that requires user input. You can hack that authentication, but you'll be up against the bank's system rather than the commlink's.

2. The Matrix is not exactly safe. Everyone who does buisiness over the Matrix is aware of this. Therefore, they probably have some security to avoid having too many problems. If you just steal a little every day, you can probably stay under the radar. If you want to do this, just follow the rules to spoof a lifestyle. If you steal more (even if it's stealing 1 nuyen many times), you'll probably attract some attention. And banks will jump on the occasion to make an example out of you and show everyone else you don't fuck with them.

3. Nuyen is an electronic currency. Which means that each nuyen can be traced down. If the user discovers that a hacker has stolen some nuyens, he'll call his bank, and the nuyens that were stolen will be flagged as such. There might be ways to launder it, but you'll lose a lot in the process.

And once you have rooted the target's commlink you can just wait until he provides that authentification information, record it, and from then on use it at will. Or change the destination account behind the user's back, which is how IRL trojans bypass even TAN checks.

I seem to remember it being mentioned somewhere that there are still paper currencies (Corp script ect). Convert nuyen into paper (at a loss for conversion costs), put those in circulation (hopefully getting some different ones back) then convert them back again, losing a bit more in the process. Boom, the specific nuyen that was being tracked is no longer attached to you. Of course you also have to effectively scratch a fake SIN and a tube of nanopaste if you want it to have any real effect at making you harder to track down... though if you can find a scapegoat and disguise yourself as them when you do the initial pickup that'll help immensely.

So let's agree that it's possible, carries some risk if you're not careful, and is generally not going to be a shadowrunner's first port of call for cash unless they're on a job and find themselves in need of some liquid assets in a hurry.

Hang on, did I just ask for people to agree on the internet? I must be losing my mind.

Unless the authentification information is a 2-step method generated from an external unit (that uses a dynamically changing algorithm) combined with biometrics.
A quick example: scan your fingerprint on the passkey plugged into your comlink, which generates a unique code, which is sent to the bank. Now you get a message to press button X on the passkey which generates the matching confirmation sequence for the transaction.

For the cost: A standard passkey costs 100¥ and a biometric scanner costs 200¥ - and it is likely that these things will be provided by the bank (and is included in the fee for account managing).

Let's assume that having rooted the target's commlink you can to the Intercept Traffic action without having to decrypt the encoding first. It's still not certain that you can use a recorded transaction to fake a new transaction. At least IRL it's not always the case. This is part of the things that should have been explained about the SR4 Matrix but that are left to GM's whim.

Anyway, it is possible that you can easily get the commlink to transfer money after hacking it, but my point is that it's not without risks. It's the same situation as the team infiltrator using his palming skills to steal jewelry, the face using his social abilities to run a scam and things like that.

The way I see it there are three ways to handle that kind of things:
1. You can do it, you do a check every month and you get x nuyens * net hits nuyens off your lifestyle. You run the Shadows for something else than money, or because you want more money.
2. You can do it, but running the Shadows bring you enough money so you don't need to.
3. You can do it, but there's a risk of getting caught in the long run, either by the authorities or by other people who "control" that kind of business and want a cut. So runnning the Shadows is a better option.

All can be correct, depending on the world the PC live in.

... and the systems necessary for a commlink or nexus to READ that passkey cost 15,000¥. That's right, fifteen thousand. That should be well outside the reach of "Joe Wageslave" - honestly, it's probably an entire year's salary for him.

Puts that idea in perspective, doesn't it?

(I know this off-hand, because I actually DID install that system into my hacker-adept's commlink. Because he really is that bloody paranoid about computer security.)





If this is held to be true, then the first time you runt he shadows .... you're fucked. The very moment you get paid, in fact. And so is your fixer, and also the Johnson who hired you.

Because if Joe Wageslave's 5¥ can be tracked that accurately, and despite laundering the funds through the local organised crime syndicate ... then what makes you think that Jimmy Shadowrunner (the guy who commits murder, arson, kidnapping, and maybe even rap for hire on semiregular basis) is going to not have his 5,000¥ traced with exactly the same speed and precision?




This whole scenario simply illustrates that SR's entire financial system has to firmly grasp the Idiot Ball (<--- tvtropes link, YOU HAVE BEEN WARNED), or else the entire house of cards that permits the game to happen in the first place, comes crashing down around our ears.

Please note that a passkey is also an authentification method for remote access, like the access to your online bank account - the bank needs the passkey system, not "Joe Wageslave".
Please read UW, p. 64 for more details ^^

That's why you don't get paid with direct money transfer, but use methods that exist for the purpose of making the transfer untraceable, such as a certified credstick.
So sure, you can get Joe Wageslave's commlink to ask his bank to create a certified credstick with 5 nuyens on it, but the logistics get a bit complicated when you need to pick up a thousands of credsticks. I guess there are other easier ways to convert the traceable nuyens into untraceable money, but you'll lose a share of the money (around 20% based on today's costs) in the process.

http://www.youtube.com/watch?v=MyqpbdCKoMo

Ah-hahahahahahahahaaah.

That's a good one.


Truely, rapping for hire is one of the most heinous crimes a Shadowrunner can perpetrate.

Shove it into a credstick. All back-tracing information is lost.

Indeed... (IMG:style_emoticons/default/smile.gif)

That is because IRL we have crypto systems by which two sides can establish that their counterpart knows a shared secret (like a fingerprint, or the key embedded in those electronic tokens), but the actual secret cannot be derived from the communication in realistic time. In Shadowrun on the other hand, encryption is fundamentally broken (and that is stated quite clearly), and by extension all other crypto techniques went down with it. This does not just follow from mathematic theory but also from simple gameplay logic -- if secureID tokens would work in the setting we'd be back at practically unbreakable encryption, which makes poor fun.

So any additional authentication at worst makes the hacker roll Decrypt once against the strength of the Encrypt program on the commlink/peripheral device...

Yeah, either the security measures are unbreakable (real life) or they're unsecurable (gameworld).

I think one-time pads still work, but evidently they're so much of a hassle that nobody ever bothered to install such a system on the THOR shot satellites.

That, or that run wasn't just a hack, but they actually broke into AZT's main base to crack the safe with the launch codes in it...

Or AZT were gigantic knobs and kept their earthside one-time pads on a system connected to the 'trix - or, somehow, the runners hacked the satellite and got into its pads to send them back to itself.

Haven't you heard? Everything is wireless.