Hacking my way Options

[blakkie]

[blakkie]

[Serbitar]

Negative:
The system does not question admin actions. The system can only verify that it is an admin. The system can not find out whether an action is appropriate for the overall situation or not. Thats why any actions performed by an admin will never be hacking actions.

If you hack yourseelf root access, you are root. The system never questions root. It only verifies that you are really root.

[Serbitar]

[blakkie]

[Serbitar]

So to sum things up:

Comlink all 6
6 Analyze
3 Agents 6
Encryption 6

is a thing which most likely every Runner worth his salt will have, given the cost and availabilities in the book. Nothing of these is even restricted, you can walk into a shop and just buy it. Thus any matrix rules, or interpretation of the rules, must cope with this fact and take it as a quasi baseline.

As to monitoring system logs: It is right there in my example. It has been there from the start.

[Divine Virus]

umm.... isn't hacking on the fly 1 IP not, 1 turn?

[hobgoblin]

one small thing about admin accounts. in windows today you can remove the default admin accounts access to anything if so wanted. basicly is just another account, but as default it have higher access then the rest of them.

therefor its possible that even with a admin account you can run into files and other objects that you have no legal access to. now there are some safeguards buildt in, like say a admin can take ownership of something. but he cant give it back, so it will be noticed if its not supposed to be done unless asked for or orderd.

hell, there is a "crasy" security system being put into use for linux, developed by the NSA. its called SElinux. and with that, even if i log in as root i may not have all the powers one would normaly expect. i dont fully understand its full range of abilitys myself, but it seems one can vary the access rights based on if the root account is accessed localy or remotly, among other things.

so in many cases there would still be things one could not do, even with a admin account, when logged in remotely.

hmm, now that i think about it there was a story in a book i read, or maybe a web article, where the only way to gain full unrestricted admin access from a terminal was by having that terminal connected on the correct port on the network.

now the makers of this system was showing it of at some industry gathering, and was offering a money price if anyone could crack it, so sure of its safety they was.

but someone did in the and crack it. by waiting for the techies to walk away for a coffe break, leaving some sales zombie there. then one person distracted that zombie, while another picked the lock of the networking locker, flipped some wires over, created a secondary admin account or something like that, flipped the wires back, relocked the locker and waited for the techs to return. then he walked up to a terminal, enterd into the admin account and called the techs over so they could see ;) end of the day he walked out of there with the cash.

as the name of the person? kevin mitnick ;)

[Serbitar]

@Virus
I will check that

@hobgoblin

sure, there may be the ocasional account called "admin" or "root" that can not do anything in some system. But there is allways an account, that can do anything. Just call this one admin, and the rest security.

After all its just a matter of naming. For sake of simplicity, at least.

[blakkie]

[Serbitar]

Those are extreme exceptions. They do not have to be covered by rules, as long as they stay just that, exceptions.

[Kremlin KOA]

Blakkie That does notin any way model Real Life computing systems

Now considering that the SR4 wireless change was supposed to add realism

The closest I have seen to a system with admin being limited was quite simply one where nousernames were assigned to the Root

You could still hack root access withan exploit

At the last Ruxcon (big Hacker convention in Sydney Australia) the winning time for a particular hack contest for such a system was 12 seconds

[blakkie]

[Kremlin KOA]

there is a reason why NT is not normally used for large networks

besides which with NT all the major hacking (SR) actions can be done on an account with full priveledges

even crash (BSoD) although on NT it might take a hacking action

UNIX and LINUX systems, which are more secure, do allow root to access the kernel

oh and IRL NT does have a level of account which can access the kernel, it is just only supposed to be available to microsoft personnel

[James McMurray]

NT has been used in every large network I've encountered including two colleges, a 1500 employee (~1200 workstations) company, and a 110,000 employee company (with who knows how many workstations).

In the classified lab I worked in NT was used for some stuff and linux was used for others. The choice was made based on programmer's personal preference and software of choice.

[Kremlin KOA]

interesting
was going on US and Aus national statistics
most of the large networks in te US are UNIX or Linux(I think 75% or so between them circa '99)
the rest are wither MACos (rare as hen teeth) or NT

[James McMurray]

I can only speak from personal experience, not having worked in 75% of the companies in america and Australia. I'd be interested in seeing a source for that statistic, given how easily manipulated statistics can be. You'd probably get different numbers if you talked to Microsoft then you would if you queried a BBS populated by *NIX gurus.

[Kremlin KOA]

the aussie ones were supposed to be Australian Bureau... not sure if the US ones were as reliable.

It makes sense, as it is only a recent development for networ hub machines to be PCs as opposed to dedicated unix servers

[James McMurray]

Those are also 1999 statistics, which mean next to nothing now. I'm not saying it's wrong, just that tossing out a 7 year old number from partially unknown sources is far from being evidential.

[Kremlin KOA]

evidential it is
Absolue proof it is not
(sorry , the distinction between those is a pet peeve)

my major point was that the standard 'admin' account in NT is not what SR is calling 'admin' that is more like a security account

[James McMurray]

Ok, I suppose you could call it evidence. It's possible that it is false evidence, and it's definitely out dated evidence. But if you want to be technical, then the guy I pay $5 to so he'll say I was with him playing video games all night instead of out robbing liquor stores also constitutes evidence. :)

[blakkie]

[Serbitar]

After some thought I decided to skip my "no subscrpition" interpretation of the rules, for compatability. The subscription rule can always be bypassed by simply sniffing the traffic to a node and then spoofing the ID. This does simply add just another two dice rolls to any decent security network, but what the heck . . .
In my next text I will give an example of how to prevent unlimited "network relaying" for infinite security.

[Serbitar]

Comments: Assumptions 1-2 from my previous examples still apply.


TODAY: Hacking through a relay of linked nodes

It was discussed a couple of times: What can be done against a network where several nodes are linked, using the subscriber rule, together to prevent, or delay, hacking.
A very good example would be this:

A runners has a main comlink A, he uses for normal communication, and 5 "relay" comlinks B,C,D,E,F. Only comlink F has wireless capability.
The runner uses his main comlink to communicate, comlink B only accepts input from A and C, comlink C only accepts input from B and D and so forth:

A - B - C - D - E - F - WiFi-World

To get to A, a hacker has to hack B,C,D,E, and F first.
But then, in SR4, everything has a device rating. Even our clothes are nodes, as they have built in climate control and such. They might only have a device rating of 1, but they would also have to be hacked. So the runner could do the following:

A - B - C - D - E - cyberleg - smartgun - trousers - jacket - glasses - F - WiFi-World

This is perfectly acceptable under standard SR4 rules, and the first example isnt even unlogical, but a very sensible thing to do.
So what to do about this? Just let hackers go through everything?

I propose a rules interpretation that circumvents possible dice orgies, is fast and understandable:

A by using Spoof a hacker can disguise as a data packet and exploit a node to relay him to his destination. He needs the network ID of the host he wants to be relayed to. If he wants to also spoof the ID he originated from, he can do so in a separate test.
Every host, that the hacker is being relayed to, may roll against the spoof test with System+Firewall If the hacker has at least 1 net success, he is relayed to the next host in the chain, or he may chose to hack into the node that is relaying him using normal "hacking on the fly" procedures. In both cases he may choose to analyze the node to get information about the system ratings only. If he does not have any net successes, he may decide to immediately hack the node in question using standard "hacking in on the fly" procedures, use legit access rights to access the node, or be catapulted back to the node he started the spoof attempt from. When he is relayed to his destination, he may hack into the node on the fly, or access it with legit user rights.
Note that if the relay host, scores any net hits in the opposed test, it has detected that something is wrong and may launch security measures.

(H) Hacker:
Hacking: 5 (specialization stealth)
Computer: 5

Hot-SIM: +2 dice

Firewall: 5
Response: 5
Firewall: 5
Signal: 5

Loaded programmes:

- Exploit 5
- Analyze 5
- Spoof 5
- Sniffer 5


(C1) Comlink 1:
Firewall: 6
System: 6
Signal: -
Response: 6

(C2) Comlink 2:
Firewall: 1
System: 1
Signal: -
Response: 1

(C3) Comlink 3:
Firewall: 3
System: 3
Signal: -
Response: 5

(C4) Comlink 4:
Firewall: 6
System: 6
Signal: 6
Response: 6


Network architecture:

C1 - C2 - C3 - C4 - WiFi-World


Steps:
(bold steps denote the minimal version of this example)

(H) Sniffing Traffic
(H)Matrix Perception
(H) Spoofing relay
(C4) Detecting relay spoof
(H) Analyze action
(C3) Detecting relay spoof
(H) Analyze action
(C2) Detecting relay spoof
(H) Analyze action

Explained:

(H) Sniffing Traffic
Hacking+Sniffer: 5+5+2 = 3

The hacker wants to hack into Johnsons comlink. He knows Johnson is extremely paranoid and might have several layers of relay comlinks. He phones the Johnson to give a status report. As he does not want to hack into the MSPs database to get the node ID that is correlated to the Johnsons phone number, he is simply monitoring the traffic going from the MSP to the Johnson. To interfect the traffic he has to succeed in a Hacking+Sniffer test. With 3 hits, he easily intercepts the traffic.
Note: If the traffic was encrypted it had to be decrypted first.

(H)Matrix Perception
Computer+Analyze: 5+5+2 = 2

To get the ID out of the traffic, the hacker has to succeed in a simple matrix perception test.


(H) Spoofing relay
Hacking+Spoof: 5+5+2 = 5 hits

Now, the hacker wants to hide as a communications data package. He spoofs the ID of such a package and virtually knocks on the door of the Johnsons gateway host C4.


(C4) Detecting relay spoof
System+Firewall: 6+6 = 4 hits

The C4 chokepoint comlink scans the traffic for validity before relaying it. It achieves 4 hits in its test, which leaves the hacker with 1 net success. The node automatically relays the "hacker package" down the subscriber line.


(H) Analyze action
Hacking+Analyze: 5+5+2 = 2 hits

The hacker wants to know what node he is being relayed through. He rolls only 2 hits and goes for System and Firewall attributes. The GM tells him that both are 6. With a "holy shit" on his virtual lips the hacker is relayed to the next node.


(C3) Detecting relay spoof
System+Firewall: 3+3 = 3 hits

The C3 relayhost comlink scans the traffic for validity before relaying it. It achieves 3 hits in its test, which leaves the hacker with 2 net success. The node automatically relays the "hacker package" down the subscriber line.


(H) Analyze action
Hacking+Analyze: 5+5+2 = 3 hits

The hacker wants to know what node he is being relayed through. He rolls 3 hits and goes for System, Firewall and Response attributes. The GM tells him the ratings. The hacker is mumbling "getting better" while he is relayed to the next node.


(C2) Detecting relay spoof
System+Firewall: 1+1 = 1 hit

The C2 relayhost comlink scans the traffic for validity before relaying it. It achieves 3 hits in its test, which leaves the hacker with 2 net success. The node automatically relays the "hacker package" down the subscriber line to C1.


(H) Analyze action
Hacking+Analyze: 5+5+2 = 3 hits

The hacker wants to know what node he is being relayed through. He rolls 3 hits and goes for System, Firewall and Response attributes. The GM tells him the ratings, which are 1,1,5. The hacker thinks "big mistake" and notes the ID of this node. He might hack in here later to get some admin privileges and install a backdoor right in the Johnsons subscriber line.

The hacker is then relayed to the final C1 comlink, where he may try to hack in, with an Hacking+Exploit (6, 1 Phase) extended test.But his best choice is to do the whole procedure again and hack, the weak C2 comlink, get some admin privileges and then sit there and probe the hell out of the heavily fortified C1 comlink to avoid detection in his exploit attempt.

[Loestal]

Forgive me for not reading every page...but I can't seem to find how clean out your net hits from a system before logging off so you don't leave a data trail. I looked in the book, and perhaps I'm just passing it by but I can't seem to find how to do it..so could somebody please tell me or direct me to a page number so that I can figure this out.