Hacking bank accounts, Or: Pocket hacker is the best investment money can buy? Options

[Draco18s]

"Seize illegal activities with immediate effect, you have ten seconds to comply, failure to comply results in extermination!"

*Grabs them illegal activities*
"Ok Boss, now what do I do with 'em?"

(You're looking for "cease")

[Tymeaus Jalynsfe...]

It stops pretty much any agent from getting inside. A cheap encryption program deters pretty much all the autonomous spambots, dataminers, and identity-theft scripts you may walk by in daily life.
LoL for agents not having electronic warfare.

Also, I should remind everyone that Encrypt programs double as Zip files, for packing things up into accessable files. (the only difference is Sr4 encrypt assumes its password protected, while most people in the real world don't bother passcoding their family albums when sending them to family)
That alone makes the program one of THE most common use programs out there. Who here uses winrar, winzip, or winace? I do!

Yes, it will stop low level spambots, but NOT an actual Hacker. It is Not so useful for the high level stuff (but that is okay, because there are higher level Encryp Programs out there). Which is at it should be. *shrug*

I find it interesting that there are some that are now decrying the humble Encrypt Program as the end all be all of Computer Security. (IMG:style_emoticons/default/smile.gif)

[Udoshi]

It can be, if you consider War! military programs.

It is really, really hard to beat a threshold 20 Cryptanalysis test without glitching, considering the decreasing extended dice pools mechanic.

[Halinn]

considering the decreasing extended dice pools mechanic.

Fun thing about that: that's not actually a rule.

[Midas]

If the responses you have proposed were to be normal and rgular things, for what is toa corporate accountant small-time crimes ... then the response for an actual shadowrun, costing the company at least two orders of magnitude more, would have to be at least as strong, and as swift. More likely, two to four TIMES as much of a response.

And since the consequences of the responses you described would invariably amount to "roll up a new character" ... yeah. They render the entire premise of the game null and void.

Yes, the response is swift. The book suggests that the corp will dispatch a HTRT that will arrive on the scene about 10 mins after the alert is raised. And yet, you think mall security will let a pocket hacker steal from all and sundry all day long.

The reason shadowrunners succeed is not because the corp wants them to, but because they pull the job off before the corp can react, and have the skills and tactical abilities to defeat all the corp's exprensively assembled security systems, and manage to get away scott free.

Saying "If the authorities are gonna do anything to prevent or pursue a 15K crime, a 1,500K crime would therefore be impossible." is flawed logic. Also, as I keep saying, countermeasures and responses to a "highly skilled rare heist" and a "simple and common computer crime" are apples and oranges, and direct comparison is meaningless.

Full stop. I, myself, have always advocated doing this every 10-15 days, for the sole reason of not providing a quickly-recognisable pattern. Certainly not "every day".

But this is just your team. If, as you are maintaining, mass hacks should be simple as shelling peas, you are not going to be the only people in town on the act.

It can be neither such thing. I do believe the commlink itself came to somewhere around 5,000¥. The agents and the programs loaded onto them will cost in the neighborhood of 20,000¥ (the R5, Ergonomic, Optimised +2 Stealth alone is 5500¥). And on top of the 25K¥ to 30K¥ "Seed money", to get those programs without copy protection you are either a modestly skilled hacker with time to spare OR you have Warez-related contacts. All in all, neither "cheap" nor "easy" are applicable adjectives here.

Remember you are comparing this to shadowrunning, which generally involves a team of people each at the top of the game in their respective skillsets and using SOTA gear to something anyone with a basic understanding of the wireless world and malicious attitude could do with 30K. Being able to source cracked programmes (or even design your own) is not uncommon nor much of an additional barrier for anyone with a hacking bent, and you could do a bare-bones version of your scheme for much less than you are quoting.

In two words or less? "Human Nature."
For one, it won't be the mall's liability. They're not going to cover the costs associated with it. And since it's not happening twice in a single year (not by the PC running the scam at least) in that mall, there's not a lot of PR damage done.
For two, "security theater". It's always cheaper and easier to LOOK like you're doing something productive, than to actually enhance security. For proof of this, ... look at the TSA.

Not sure how much you understand about "human nature".

Malls that do not take preventative measures against hackers will lose business. The victim may feel less happy about visiting that mall, and word of mouth will have a multiplying effect ("Marge got her commlink hacked down ABC mall last week. She went back yesterday, and they said they were not liable and there was nothing they could do. I was gonna take the family next week, but I'm not so sure now.").

Your point on security theatre is all very well, but it doesn't explain why the mall security would want to take no preventative action or countermeasures at all.

You are talking about hacking 3000 commlinks for 5 nuyen each. If you assume about 6 million people passing through Seattle (or wherever your game is set) per day, that is 0.5% of people passing through the city per mass hack. Pull it off twice a month, and within one game year your character will have ripped 5 nuyen off about 10% of the city's population. So, even if there are only 10 people working this scam in the city at your rate, on average each citizen has been ripped off once. If you consider you are only targeting people with rating 2 Firewall or below (let's call it 50% for argument's sake), for the subset of population affected the cost is more likely 10 nuyen. Make it 100 people a year doing it, and the hacker vulnerable portion of the population are each getting ripped off for 100 nuyen, at which point the gameworld victims are likely to upgrade security on their commlinks sharpish.

[FuelDrop]

Just throwing it out there, but aren't worms and similar virus-type programs loaded onto hackers gum (from attitude) perfect for mass hacks like the ones you're talking about? as I understand it the hack would hit everyone in the radius at once instead of hacking one link at a time...

[Midas]

"Ignore them, and rely on the general stupidity of the majority of humankind". Seriously, most wageslaves aren't going to set up the hue and cry if their link alerts them to a hack-in-progress. At most, they're going to say "Feck, not again!" and hit the shiny Restart button. Possibly for the fifth time that day.

Your grip on gameworld reality seems pretty thin to me. Who is hacking their commlink 5 times a day, and to what end? And why would Joe Wageslave ignore a hack on his computer? Would you? Would any PC?

The credit account is in an offshore bank run by one of the major crime syndicates. Once you discontinue the service, there is no paper trail at all. And that is straight out of the book, by the by.

Not having Unwired myself (which perhaps explains my quaint view of the wireless world), I couldn't comment on your rules quote. A one-off 100 nuyen payment to set up an untraceable offshore bank a/c that magically launders money for nothing and shows the finger to the police/megas if they come snooping seems pretty stupid to me, but who am I to say?

Earlier, I suggested the Agent be directed to delete (or Corrupt) everything on the 'link immediately after the 5¥ transaction was complete. (IMG:style_emoticons/default/smile.gif) Yes, including itself.

So as well as ripping Joe Wageslave off for 5 nuyen, you are destroying his commlink as well. The cheap options of buying better firewall or Encrypt to Joe Wageslave are starting to look much more appealing, and the economic costs of your cybercrime have just snowballed. It is not just 15K that you have syphoned off the system now, but 3,015K. 3 mill economic cost for 1 mass hack, but nobody can be bothered to do anything about it. Yeah, right.

[ShadowDragon8685]

I'd like to just pour some white phosphorous on this debate:


Everything is assuming that the victim realizes they have been ripped off.

Nearly nobody is going to have immediate alerts set for 5 (IMG:style_emoticons/default/nuyen.gif) transactions or whatever. By the time they get their monthly statement, they probably won't even notice five extra nuyen. If they do, and assuming they do manage to correctly suss out the right 5 (IMG:style_emoticons/default/nuyen.gif) transaction (and don't blame it on the wrong person altogether,) they're likely to think "Oh hey, I must have got two soycafs that day" or something, not "Oh my god, I've been robbed! HUE! HUE I say! HUE and maybe even CRY!"

[Udoshi]

Fun thing about that: that's not actually a rule.

Can you back this point up at all?
Because I'm nearly 100% positive its a core rule in the latest printing of the core book. (4a)

[Manunancy]

Spotting that sort of shenanigans is inmy opinion fialry easy : if you're a mall owner or the like, just set a few honeypots 'links around and have your beefier system keep an eye on them - a mass hack is bound to pay the 'pot a visit, at which point it's going to be spotted and probably traced.

The associated costs are fairly low, just a few low-end comlinks in teh security's pocket who wander ober the place, a few extra subscriptions to the mall's system and you're set.

That sort of things is beat cop level security and won't catch any halfway decent hacker (who are likely to spot the surveillance), but it's enough to detect and stomp over bots and script kiddies.

A meatworld analogy would be having a few cops our of uniform walking around known fleshspot looking for hookers soliciting Johns where it's not legal.

[ShadowDragon8685]

Manumancy: And the appropriate countermeasure to that is to install your flypaper commlink, walk away, and program it to monitor the site for a set amount of time (three days should be sufficient, but you can go to one week if you want to,) and have it exclude any device nodes that are there more than a certain amount of time in that threshold:

A lot of devices (probably the majority of devices) are going to be Rating 1 and 2. It does you no good to hack into the Device Rating 2 soycaf machine at the Starbucks in the mall, because it is not going to have any financial details on it. You're also going to want to exclude any commlinks present after working hours (assuming the mall does shut down,) and want to exclude any employees or the types of people who come and go all the time, as they are more likely to be willing to make waves by storming up to the management office in full Entitled American mode and demand the mall do something about their financial losses.

If they're using honeypot commlinks, they will be excluded on the same grounds that employee commlinks will be: that they've been there too often.

[e]Oh, and it was asked earlier: the reason you want your viral Agent to be as Ergonomic as possible is because it's going to be running on very crappy commlinks, and their users will get suspicious if their commlinks suddenly slow down. At the very least, they're likely to run a Purge program, or Analyze for the Agent. Did your Agent think to bring along a Disarm program and run it on the commlink's Analyze and Firewall? Probably not.

[_Pax._]

Yes, the response is swift. The book suggests that the corp will dispatch a HTRT that will arrive on the scene about 10 mins after the alert is raised. And yet, you think mall security will let a pocket hacker steal from all and sundry all day long.

That HTRT only gets dispatched if an alarm has been raised - and not just "two guards sent to check camera ourage in parking area two", no, more like "ALARM! ALARM! INTRUDERS DETECTED ON SITE! ALARM! ALARM!" The mall security guys? If all goes well, they won't ever GET an alarm, until at least two or three days later. At which time, calling out the HTRT-level response? Waste of time, energy, and all-importantly money. What good would be lokcing down the mall, two days after the crime took place?

Also, Corporate Security's HTRT's are head, shoulders, and then some above Mall Rent-a-cops where it comes to professionalism, training, response time, and the salary that pays for all of those. So even if a mall-wide alarm sounded? Mall Security would probably take longer to get their asses in gear, than the HTRT would take to arrive at a corporate black site, anyway.

Finally: see ShadowDragon's comment.

The whole reason the theft is 5¥ per person, instead of a bigger number with multiple 0's after it, is to go largely unnoticed for an extended period of time. It's really easy to miss a one-time 5¥ charge.

[Draco18s]

Can you back this point up at all?
Because I'm nearly 100% positive its a core rule in the latest printing of the core book. (4a)

Diminishing dice pools is listed at the end of a paragraph of various ways the gamemaster can limit how many rolls the character can make.

"The character may have a limited timeframe," "the gamemaster can limit the number of rolls," and "the suggested method is to apply a cumulative -1 dice pool modifier to each test after the first."

It is only suggested it is not actually a rule. The actual rule is that extended tests assume that given enough time a competent character will eventually complete the task (the problem is, you don't always have "enough time").

[Tymeaus Jalynsfe...]

It can be, if you consider War! military programs.

It is really, really hard to beat a threshold 20 Cryptanalysis test without glitching, considering the decreasing extended dice pools mechanic.

Indeed....
Only if you use the extended DP Mechanics. Not every one does, from what I understand.

[Tymeaus Jalynsfe...]

I'd like to just pour some white phosphorous on this debate:


Everything is assuming that the victim realizes they have been ripped off.

Nearly nobody is going to have immediate alerts set for 5 (IMG:style_emoticons/default/nuyen.gif) transactions or whatever. By the time they get their monthly statement, they probably won't even notice five extra nuyen. If they do, and assuming they do manage to correctly suss out the right 5 (IMG:style_emoticons/default/nuyen.gif) transaction (and don't blame it on the wrong person altogether,) they're likely to think "Oh hey, I must have got two soycafs that day" or something, not "Oh my god, I've been robbed! HUE! HUE I say! HUE and maybe even CRY!"

Funny thing is, they do not need to have that. At Rating 2 Comlink, The second the Agent Loads to the 'Link, the 'Link Crashes becasue it has just gone over its response limit (Rating 2 Comlink, remember, Running Analyze, Browse (Or Agent to access Browse) and Encrypt as a Minimum. Likely Reality Filter as well (Some Disagree, but it IS a common use Program for a reason) to gain the "Edge; " one of which is likely to be Ergonomic (Encrypt would be my choice) that is 3 Programs actively running at all time, 2-3 of which are not Ergonomic. When the agent is loaded, the Response reduces to Zero (Agent has 3 programs, only 2 of which can be Ergonomic, and if The Target 'Link has an Ergonomic Program running, even the Agent's Payload will be degraded for Ergonomic Options due to comlink limits, so 2-3 Additional Programs Load with the Agent), and the 'Link Freezes up). Pretty sure that will be noticed. If the Hacker Node starts unloading Programs to make room for its own, Pretty sure that will be noticed.

[Tymeaus Jalynsfe...]

If they're using honeypot commlinks, they will be excluded on the same grounds that employee commlinks will be: that they've been there too often.

[e]Oh, and it was asked earlier: the reason you want your viral Agent to be as Ergonomic as possible is because it's going to be running on very crappy commlinks, and their users will get suspicious if their commlinks suddenly slow down. At the very least, they're likely to run a Purge program, or Analyze for the Agent. Did your Agent think to bring along a Disarm program and run it on the commlink's Analyze and Firewall? Probably not.

Except that they do not have to be Honeypot Comlinks. Your Hacker 'Link will by necessity need to be in Hidden Mode. As such, a Simple Scan for Hidden Nodes will detect them. Then it is a simple process of elimination to discover the Pocket Hacker wherever it is Hidden.

As for the Agent and its Payload. It is entirely impossible to load the Agent with the right programs to accomplish what it needs to do, since the Agent will ALSO be affected by the Crappy Comlink. That Rating 3 Agent becomes a Rating 2 Agent on a Crappy Link. As such, you just cannot be proactive enough. Now, the easy solution for the Hacker is either do it himself (risky ands likely to get him caught if he sticks around; reason you wanted a Robo-Hack to start with) or use a Better Suite of Agent/Program Loads and Target Higher End Comlinks. Unfortunately, those are the 'Links that you likely want to avoid. AS it stands, targeting a Rating 1-2 Comlinks is ludicrous, Simply because they are the Average Joe's communication interface, and are likely to get you nowhere.

[Draco18s]

Likely Reality Filter as well

I don't think this program does what you think it does.

Reality Filter (Response)
A Reality Filter program translates a node’s VR sculpting into a metaphor
of your choice by attempting to interpret the node’s algorithms.
When you first run this program or enter a node while it is running,
make an Opposed Test between your Reality Filter + Response and the
node’s System + Response. If the filter wins, your preprogrammed paradigm
overrides the node’s signals and you receive a +1 Response bonus
while in that node. If the node wins, or a tie results, its metaphor overwhelms
the filter enough that you suffer –1 Response while in the node.

I don't know about how YOU use VR, but I certainly don't use VR while wandering around a mall.

Virtual Reality
In VR, you “exist” wherever your persona is within the Matrix. You
start either in the node of your own commlink or one of the nodes
to which you are subscribed and from there “move” to other nodes.
Physical distance is meaningless within the Matrix—it’s all a matter of
network connections, available memory, switching systems, and transmission
rates, not actual meters and kilometers. Getting to a node on
the other side of the world is practically instantaneous.
The simsense signal from the sim module translates the complex
code structures of the actual Matrix into graphical icons and other sensory
data (including emotions). Every object you see in full VR is an
icon. These icons represent programs, devices, systems, and other users.
Everything experienced in full VR is a symbolic representation. Not all
icons are what they appear to be. To tell what something really is, you
need to analyze it with a Matrix Perception Test (see p. 228).
How “real” is full VR? Most of it looks computer-generated. No
matter how astounding or even photo-realistic the level of detail, it is
still obviously artificial. Urban legend and hacker lore describe corners
of the Matrix that are virtually indistinguishable from the real world—
mythical and dangerous places called ultraviolet nodes.
Perceiving the VR Matrix in its full glory overwhelms the physical
senses. Any action taken in the physical world while in VR suffers a –6
dice pool penalty.
Virtual reality can be experienced two ways: the safer cold sim or
the more powerful and dangerous hot sim.

So no, I don't think the average Joe wandering around a mall is going to be in full simsense VR.

Also note the rules section at the end of the Reality Filter.

When you first run this program or enter a node while it is running,
make an Opposed Test between your Reality Filter + Response and the
node’s System + Response.

Some shlub running a 2-2-2-2 comlink with a Reality Filter (rating 2, due to the device limits) is going to have 4 dice in this test.

Odds that the server wins: rather poor.

A "Public Library" nexus node (Arsenel p50) has a System of 4 and a Response of 5. That's 9 dice to Joe's 4. Joe would have slightly less than 50-50 odds even in a "Small Matrix Cafe"; 5 dice to his 4. Most wage slaves aren't going to bother, because almost every time they activate their Reality Filter, they lose, and the jumbled mess of icons reduces their system's Response.

[Tymeaus Jalynsfe...]

I don't think this program does what you think it does.

I don't know about how YOU use VR, but I certainly don't use VR while wandering around a mall.

So no, I don't think the average Joe wandering around a mall is going to be in full simsense VR.

Some shlub running a 2-2-2-2 comlink with a Reality Filter (rating 2, due to the device limits) is going to have 4 dice in this test.

Odds that the server wins: rather poor.

A "Public Library" nexus node (Arsenel p50) has a System of 4 and a Response of 5. That's 9 dice to Joe's 4. Joe would have slightly less than 50-50 odds even in a "Small Matrix Cafe"; 5 dice to his 4. Most wage slaves aren't going to bother, because almost every time they activate their Reality Filter, they lose, and the jumbled mess of icons reduces their system's Response.

I know exactly what it does, and the Reality Filter would be for the Comlink, not the Mall's/Store's/Library's/Etc Node, since the user benefits from his own Iconography Scheme, and he does not need to log into a node that is public as a Data Request will handle most interactions (if not all) required. And the results of that Data Request will be translated into his Reality because the information goes to his 'Link.

Yes, he would need to be in VR for this benefit (Duh?), which is why it may not always be applicable, but I cannot see anyone not actually buying it (and even if they don't due to price, it does not affect my argument in the least). *shrug* Another reason why I default to 2-3 active programs (Analyze, Browse (or Agent) and Encrypt (possibly Ergonomic)) on the Rating 2 Comlink for my main argument. Whether it is 2 or 3, the 'Link downlines the second the Hacking Agent is loaded. No way around that one. It is, after all, a Crappy Comlink to start with, but is likely the one that the Joe Average WageSlave can afford) (IMG:style_emoticons/default/smile.gif)

[Udoshi]

I don't think this program does what you think it does.

It pretty clearly works in AR, too, though as the +1 response isn't conditional at all. Unwired also introduces a bunch of AR-display augmenting/changing programs, so its quite possible(a near certainty, really) that a common use program can also works similiarly to its cheaper brethren.

[Draco18s]

but I cannot see anyone not actually buying it

Have you made a hacker recently?

Have you used Reality Filter recently?

It's awful. It's a 50-50 (or lower) chance of getting a bonus with the risk of a crippling penalty. And that's for a shadowrunner. As soon as Joe Shmoe activates his on the Library's node with his 2-2-2-2 comlink, loses the roll off, his comlink crashes. That's right crashes. He's not at a response of 1 running a minimum of three programs (as you're so keen to point out). If he's running all 3, his comlink ends up with a Response of 0, and it freezes up.

[ShadowDragon8685]

ITT: Commlink rules about program limits are retarded, news at 11.

Also, if you want to be technical, your pocket hacking commlink doesn't actually need to run jack shit on the other guy's commlink. It can hack in just like you do and do things remotely.

[The Jopp]

Have you made a hacker recently?

Have you used Reality Filter recently?

It's awful. It's a 50-50 (or lower) chance of getting a bonus with the risk of a crippling penalty. And that's for a shadowrunner. As soon as Joe Shmoe activates his on the Library's node with his 2-2-2-2 comlink, loses the roll off, his comlink crashes. That's right crashes. He's not at a response of 1 running a minimum of three programs (as you're so keen to point out). If he's running all 3, his comlink ends up with a Response of 0, and it freezes up.

Many times when the rules talk about lowering RESPONSE on a commlink (apart from running an X amount of programs) I prefer to simply apply it to all response TESTS. So whenever the game calls for a test involving the response attribute THEN you are affected.

[Draco18s]

Many times when the rules talk about lowering RESPONSE on a commlink (apart from running an X amount of programs) I prefer to simply apply it to all response TESTS. So whenever the game calls for a test involving the response attribute THEN you are affected.

Rules quote on that?

I'm digging through the books right now, and almost every mean thing a hacker can do to a target system that effects response will freeze the node when response is reduced to 0.
(DDOS, Sparky echo, Nuke*). Many other sections refer back to "Response Degradation" on page 212 of the core book (which offers no insights into what happens at a response of 0).

*Nuke specifically needs to reduce both System/Pilot and Response to 0.

[Tymeaus Jalynsfe...]

Have you made a hacker recently?

Have you used Reality Filter recently?

It's awful. It's a 50-50 (or lower) chance of getting a bonus with the risk of a crippling penalty. And that's for a shadowrunner. As soon as Joe Shmoe activates his on the Library's node with his 2-2-2-2 comlink, loses the roll off, his comlink crashes. That's right crashes. He's not at a response of 1 running a minimum of three programs (as you're so keen to point out). If he's running all 3, his comlink ends up with a Response of 0, and it freezes up.

Yes...
Yes...

I guess we differ on whether it is Awful or not. *shrug*

I see the Reality Filter as a program that the masses use a lot. Only high end Sculptured systems will have their own reality (High Level Corporate R&D, Entertainment Industries, Etc), for the most part, so the common user will not run into those all that often unless they choose to (so Obviously no RF on the Local Library Node). Why? Becasue the Corps want to sell a program that allows the user to experience his OWN reality the way he wants to experience it (makes them feel less oppressed). Which is why the RF is a Common Use Program. Yes, as mentioned above, there would be some places that do spend the money to go all out and sculpt their system. Virtual Disney, Virtual Six Flags, Virtual Mideval Times, etc. But they are likely the exception, not rule.

[Tymeaus Jalynsfe...]

Also, if you want to be technical, your pocket hacking commlink doesn't actually need to run jack shit on the other guy's commlink. It can hack in just like you do and do things remotely.

It can, yes, but not with the Constraints placed upon it by the Scheme. Mainly becasue they want deniability, and distance, prior to the actual transfer of money. At which point, the Agent has to be loaded to avoid such little things as being out of range due to Wi-Fi Inhibition.