Hacking for fun and profit Options

[Panagarden]

I have read a lot of threads on commlinks and how can and can't be done with them. There seem to be a lot of different opinions on what is possible but I haven't seen this one yet:

What stops a decent hacker from raiding every commlink he sees and stealing all the money?

It's relatively easy for a hacker with decent gear to get admin access to Joe Citizen's commlink. That commlink is his credstick. It seems very easy to steal dozens of peoples' life savings in the time it takes to finish a soykaf. Why bother doing runs when most people are walking around with an open wallet?

[Jaid]

Orbital Bovine Bombardment?

[edit] i personally presume it's basically under the same kind of encryption as a SIN... ie, the "Don't touch me" kind of encryption that begins and ends with an arbitrary "no" from the GM. but that's just my assumption =P [/edit]

This post has been edited by Jaid: Jun 1 2006, 01:12 AM

[CrimsonHawk]

well from what I understand joe standard is Very poor maybe 500 new yen in a secured cred stick stuck in the com unit when he wants to buy something. now from what I understand (cred sticks are super encrypted as is the bank its tied with)


otherwise I would leave a mini drone hidden in a few known mob hang outs and collect all the com unit access codes to them and bleed them dry slowly or if I was in a hurry for some cash when a battlebowl or such came around snag that and bounce it around the world a few times to be safe but within seconds you would have a couple billion to play with :rotfl:

[hobgoblin]

hmm, didnt this come up in a old matrix2.0 thread? (just before or after SR4 was released)

think of it as a single murder vs a series of murders with matching MO.

the first will have the cops more or less searching blind if the victim was picked at random of the street. ie, there is nothing to tie the murderer to the victim.

but with a serial murder case there will be similaritys. similar shoeprints arond there area. maybe similar biological material (basicly zeroing it down to a single person more or less). and the list adds up.

now do the same comparison with your question. a single virtual wallet emptyed and it could have been done by any number of the comlink id's in the logs. and if the hacker is smart/carefull he will be erasing logs as he goes.

but if there is hundreds of them happening within a small area then they can compare data and zero in on a single comlink id and so on.

its the same thing with a credit card fraud. the stupid ones charge a single, expensive item to the victims card (often said item is allso hard to transport, making them even more stupid). the smart ones however charge up many small ones that will not make you stop and wonder when you see the bill. maybe some low amount cash withdrawls, maybe some food or other every-day items. just make sure not not overextend a card and people will not notice.

less money then avarage on their account at the end of the month, could be any number of reasons. zero money the day after the paycheck and they will notice, even with a shared account and a teenager in the household :P

[Nasrudith]

Simple, most people will keep their money in the bank and wire it over when needed and game balance returrns. .

[Crusher Bob]

But then, there has to be a secure method of transmitting they payment orders to the financial institutions. So, the hacker is not 'empying your account' in a kind of emptying the cash box type smash and grab, but instead, hacking into your commlink, waiting for you to purchase a hotdog (or whatever) and sniffing your bank passwords. Then using your passwords to buy whatever it is he wants. Admittedly, the electronic paper trail left by these transactions will give you plenty of routes of investigation, but the fact that basically any Tom, Dick, or Harry can do this means that it will happen so often that the investigators will not have the manpower (or processor cycles) to look into every case.

Too many game systems don't allow secure encryption but fail to think of all the repercussions of this.

[Serbitar]

[FanGirl]

A quick question: where does this "20 Nuyen limit" thing come from?

[Crusher Bob]

[Serbitar]

[Serbitar]

[Edward]

On how you transfer the money to your bank account. You don’t, you transfer it to a account in the name of a good throwaway fake sin. Then you walk into gold mark and buy some heavy bling, bling, 24 carrot gold necklaces only an hour after you stole all the money. Then you trash the sin and sell the gold to a fence that is assuming you stole it (and thus treats in accordingly) you probably loose 50% of your money to the fence, nano-paste disguise and ID but its worth it for security.

Indecently while you where doing the theft your comlink was set up as for the person with that account and was sitting with your meet in suburb of Denver (also where your gold shop is) while you where stealing from people in London befor you sell the gold to a fence on the other side of Denver and take your hard currency back to Seattle to spend.

[Aaron]

Simple enough:

[Geekkake]

My understanding of how a commlink functions with financial transactions is as follows:

Your commlink doesn't carry your money. It's not a credstick. Your money is in your bank account, behind bank security. You can't just "take" that money. But you can defraud. Let me give you a real world example:

You wanna buy something on the International Cyber Webnet. Your money is in your bank account. You have your PC, you have your debit card. You order the item, and enter the information on your debit card into your PC (on the vendor website) and submit it to the vendor. The vendor's merchant account provider takes the funds out of your bank account and places it into the vendor's (usually with a cut for themselves - legit business isn't so different from the shadows). Then, you (presumably) get your stuff.

At no time during that transaction was your money "present" in your debit card or PC. The only real financial transactions were between the vendor, their merchant services, and your bank. You can, however, steal the debit card information and defraud the account with fraudulent purchases as per previous posts.

Replace "PC" with commlink, "Internet" with "Matrix", and "debit" with "whatever database software holds your banking information on your commlink", and you have how to works in 2070.

If you absolutely must make a large purchase with fraudulent funds, I recommend doing so with a competent black market contact with an offshore account in a country with liberal banking and taxation laws, such as the Caribbean League.

[Edward]

That is pretty much how I saw things now you can sniff somebody’s comlink until they make a purchase and get all that information, including the transmitted data coming from there biometric scanner.

And considering the power of the matrix to track money I would not trust the security of a bank in a country like the Caribbean league or a black marked contact, these people are for sail and could possibly be hacked.

All transfer between my short term bank account that is obviously taking stolen money (and will be shut down in a day) and my usual accounts should be conducted in the form of high value, untraceable and portable commodities. Gold, platinum, precious stones.

Edward

[hobgoblin]

i would expect that the only datatraffic from the targets comlink when paying for goods is a account number. this is transmitted to a special terminal that have a set of biometric scanners and a encrypted link to the bank.

when paying you transmitt your account data, and scan your biometrics at the terminal. the terminal collects both and transmitt it to the bank. the bank check it against the data it have in the database. if ok, then it starts the money transfer to the shops bank. when transfer is completed and verified, the customer is mailed a receipt for whatever goods he bought...

[Geekkake]

[GrinderTheTroll]

[vipox]

When someone transfers important data such as a password over an encrypted link, what is transmitted is a one time hash, which with timestamps and other random data included to stop replay and man in the middle attacks, even if the line encryption is broken what you get is a hash and that hash can only be used once, so having it means nothing.

This stops normal sniffer attacks, but if you break into the sending comlink and then record the password given at the source, but this is ideally stoped buy using a challage response password system, with multiple questions / responses. So that the password if recorded can only be used if the exact same challage is given. Given that banks with most likely "run" anti recorder agents on your comlink while you are doing all this.

So I really don't think that it is all that possible.

but anyway I will stop ranting now.

[GrinderTheTroll]

[Tarantula]

At that point though, why not just knock the guy out in his apartment, and steal his commlink, and use it to buy stuff completely legitimately before he wakes up. Since you'd need to have had access to the passkey at least once to copy it.

[GrinderTheTroll]

[Shrike30]

More like Robbery 1 :P

[hobgoblin]

nothing like breaking in, having your troll buddy sit on the victim, and order pizza and similar on his comlink ;)

[Edward]

“i would expect that the only datatraffic from the targets comlink when paying for goods is a account number. this is transmitted to a special terminal that have a set of biometric scanners and a encrypted link to the bank.”

Remember, you can have your own biometric scanner. All you have to do is reprogram your biometric scanner to deliver from a file instead of scanning and hack the stores biometric scanner (or sniff it’s output and break the encryption, a 30 second job given the encryption rules)


GrinderTheTroll points out that it’s a boring game if you do this all the time. There are 2 problems. First what are you going to do about that annoying question “why do you run the shadows” when you can so much more easily and safely live on theft, and even if you’re a thrill seeker why don’t you do this for a week and then have all the gear you could possibly want, or at least hold it in reserve for if you get into money trouble.

This is in the same basket as stealing cars for chop shops, it doesn’t make for a fun game but you need to recognize its something the characters can do. And have no conservable reason not to do if you back them up against the wall money wise.

Edward