IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Tracking and cybercombat, and some more.
FriendoftheDork
post Aug 11 2007, 02:29 AM
Post #1


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



Ok, this time I wonder about tracking. First of all, to track a persona you probably need to matrix perception test to recognise it and it's commcode. But what if the hacker being traced changes (spoofs) his commcode? Does that end the trace?

Secondly, you can only redirect trace if there is a trace in progress. But there are no rules that say how you know someone is tracking you. So far I've house ruled that with a good matrix perception test you can detect this with threshold stealth*2 test. But are there any rules for it?

What else ends a trace? If the Spider doing the tracing has it's persona crashed (happed last evening after a cybercombat), does that end the trace or can the program run still (the program was on the Spider's commlink).

What if the Spider had won? Can you trace a commlink that has just crashed? If not, what's the point of using cybercombat with attack program if the intruder can be back in a few moments and you still don't know who it is?



Ok the next issue is about hacking. If the hacker is detected by the system, the alert goes off. Now, normal reactions will be sending IC to attack the hacker, having a Spider or IC use Trace on hacker, sending alert to other comlinks or systems (possibly LoneStar), or even reboot system. How fast should this happen? A Spider can move from any part in the matrix to the node instantly as I can see, so I can't see why the hacker should have ANY time before something happens and initative is rolled.

If the hacker is detected before the node is hacked (brute forcing), then the system will get +4 firwall against him, meaning it will take somewhat longer time for him to crack it. But if he's already inside (with admin access of course) then he can just turn off the alert, delete all the security user accounts, make a new admin account, and renter the system right? And he won't need to make any more hacking test (just a few edit actions that are impossible to fail).

Is there something I have missed?


Go to the top of the page
 
+Quote Post
Tarantula
post Aug 11 2007, 02:53 AM
Post #2


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



First: I'd argue this is exactly whats happening when you "redirect trace" action, and thusly trying to spoof a different commcode would use the same test, with a different fluff explanation. Basically, anything you do trying to avoid being traced easier is a redirect trace action.

Second: You don't know. Be paranoid if you think someone's tracing you. Usually, you'll know if you kicked alert on a system you're in, and can safley assume you're being traced, if you don't know, well, then they're gonna find you. Its gotta be possible to be successful tracing in order for it to be a real threat to hackers.

Next: If the spider tracing has his persona crashed, then yes, the trace ends. The persona is what runs all the programs in the first place.

If the spider crashes the hacker, then no, he can't be traced, its crashed and no longer has a datatrail leading from where he was to where he is.

Hacking issues: A spider if hes already plugged in would take a complex action (SR4, 220) as logging in with a valid passcode. If he isn't plugged in, it'd take at least a complex action for him to jack in from seeing the alert, and then another to log into the node required (unless he jacked directly into the node the alert was on).

If hes already in when the node goes on alert, Sever Connection is a great standby. The node gets a firewall (+4 for active alert) + system test vs the hackers exploit + hacking. Chances are, the node wins, and the hacker is booted. If he can manage to avoid that, then his first action can be to turn off the alert, and any IC that are around are probably analyzing during this. Next action would be to browse for the security user accounts. IC either start their attack/trace, or try again to see him. Next, is edit the accounts. IC Keep attack/trace/looking. Now, browse admin accounts. IC continue their stuff. Edit admin account. Logout (if able due to black ic locking him in). And lastly, log back in.

Thats at minimum... 1)alert, 2) browse logs, 3)edit logs, 4)browse accounts, 5) edit accounts, 6) logout, 7) login. 7 complex actions. 2 1/3 combat turns if hot VR, or 3 1/2 if cold vr. Thats quite a bit. Gives the IC/spiders lots of time to do a lot to screw with him. And, remember spiders can command the alert back on while they're in there too.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 11 2007, 03:37 AM
Post #3


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (Tarantula)
First: I'd argue this is exactly whats happening when you "redirect trace" action, and thusly trying to spoof a different commcode would use the same test, with a different fluff explanation. Basically, anything you do trying to avoid being traced easier is a redirect trace action.

Second: You don't know. Be paranoid if you think someone's tracing you. Usually, you'll know if you kicked alert on a system you're in, and can safley assume you're being traced, if you don't know, well, then they're gonna find you. Its gotta be possible to be successful tracing in order for it to be a real threat to hackers.

Next: If the spider tracing has his persona crashed, then yes, the trace ends. The persona is what runs all the programs in the first place.

If the spider crashes the hacker, then no, he can't be traced, its crashed and no longer has a datatrail leading from where he was to where he is.

Hacking issues: A spider if hes already plugged in would take a complex action (SR4, 220) as logging in with a valid passcode. If he isn't plugged in, it'd take at least a complex action for him to jack in from seeing the alert, and then another to log into the node required (unless he jacked directly into the node the alert was on).

If hes already in when the node goes on alert, Sever Connection is a great standby. The node gets a firewall (+4 for active alert) + system test vs the hackers exploit + hacking. Chances are, the node wins, and the hacker is booted. If he can manage to avoid that, then his first action can be to turn off the alert, and any IC that are around are probably analyzing during this. Next action would be to browse for the security user accounts. IC either start their attack/trace, or try again to see him. Next, is edit the accounts. IC Keep attack/trace/looking. Now, browse admin accounts. IC continue their stuff. Edit admin account. Logout (if able due to black ic locking him in). And lastly, log back in.

Thats at minimum... 1)alert, 2) browse logs, 3)edit logs, 4)browse accounts, 5) edit accounts, 6) logout, 7) login. 7 complex actions. 2 1/3 combat turns if hot VR, or 3 1/2 if cold vr. Thats quite a bit. Gives the IC/spiders lots of time to do a lot to screw with him. And, remember spiders can command the alert back on while they're in there too.

But spoofing your access ID has another purpose than just redirecting trace, which would make the redirect trace action unnecessary.

Second: The rules say you can only redirect a trace in progress. Which means you cannot continously redirect trace just because someone might try to trace you at that moment. Right? Otherwise every 1/3 action the hacker takes will be a redirect trace (assuming it's a complex action).

As for the crashing, sounds logical but that means cybercombat vs humans is a waste unless you use black hammer or blackout (in which case the persona is unharmed and the person is not).

Hacking: I was assuming the Spider is patrolling the matrix (or just playing GL while still connected on standby). As soon as he get's the alert he can get to the node in question asap. He may even be logged in already, but in AR, and switching to VR is a free action so no biggie. And not logging on the node with the alert is silly, giving the hacker more time. Thus only 1 complex action to get there at best I take it. And he doesen't need to physically plug anything, this is 2070.

Sever connection, I forgot about that one I have never even used it. So I guess this works even if the hacker got admin access? Of course the hacker can use edge on this and easily beat the node.

When inside, the hacker could get away with: 1 search for admin accounts, 2 edit accounts, 3 log off, all which can be done in a single round. So the the IC or Spider has only 3 rounds to find the hacker with a simple action (analyze+computer vs stealth), start trace, and attack with appropriate programs.

Can Spiders and hackers jam a connection like IC do?

Oh, and after getting a backdoor, the hacker can log in in his leisure, delete security accounts and any other admin account, copy everything on the node (given limitless bandwith and storage capacity. Boom, now the hacker has all the info in the node (no need to search while on the matrix), and all the programs (must be cracked) including the IC! Right?
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 11 2007, 06:08 AM
Post #4


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



QUOTE (FriendoftheDork)
But spoofing your access ID has another purpose than just redirecting trace, which would make the redirect trace action unnecessary.

Second: The rules say you can only redirect a trace in progress. Which means you cannot continously redirect trace just because someone might try to trace you at that moment. Right? Otherwise every 1/3 action the hacker takes will be a redirect trace (assuming it's a complex action).

As for the crashing, sounds logical but that means cybercombat vs humans is a waste unless you use black hammer or blackout (in which case the persona is unharmed and the person is not).

Hacking: I was assuming the Spider is patrolling the matrix (or just playing GL while still connected on standby). As soon as he get's the alert he can get to the node in question asap. He may even be logged in already, but in AR, and switching to VR is a free action so no biggie. And not logging on the node with the alert is silly, giving the hacker more time. Thus only 1 complex action to get there at best I take it. And he doesen't need to physically plug anything, this is 2070.

Sever connection, I forgot about that one I have never even used it. So I guess this works even if the hacker got admin access? Of course the hacker can use edge on this and easily beat the node.

When inside, the hacker could get away with: 1 search for admin accounts, 2 edit accounts, 3 log off, all which can be done in a single round. So the the IC or Spider has only 3 rounds to find the hacker with a simple action (analyze+computer vs stealth), start trace, and attack with appropriate programs.

Can Spiders and hackers jam a connection like IC do?

Oh, and after getting a backdoor, the hacker can log in in his leisure, delete security accounts and any other admin account, copy everything on the node (given limitless bandwith and storage capacity. Boom, now the hacker has all the info in the node (no need to search while on the matrix), and all the programs (must be cracked) including the IC! Right?

No, read the description of redirect trace... "By redirecting, you send a flurry of spoofed signals out in the hope of confusing the Track program." Its exactly that, spoofing in an attempt to avoid being traced.

Second: If it didn't disallow redirect actions with no trace active, you could simply do it before hand, as a success test (instead of opposed), and then have those success to add to new traces. This was unwanted, so you can't perform the action unless you actually have a trace in progress to oppose the test. Otherwise, I'd let them spend the complex action, and they can guess how well they did based off how many hits they got. They know they were bad (no hits) decent (1-3 hits) or good (4-6 hits) against any given traces running on them at the moment. Paranoid hackers probably would be running this action once every few combat turns, just in case.

Third: Cybercombat against humans is not a waste. It boots the hacker out of the system, the system is on alert, and they have to reboot, and hack in again. Now you're ready for them.

Hacking: As far as patrolling the 'trix already, its still a complex action to validly login with a passcode. Thusly, the hacker has at least one complex action before spiders can show up. Unless they just happened to be in the node the hacker is when the alert goes off.

Yes, this works even if the hacker has admin access. Exploit + hacking skill (6 + say, 7) is 13 dice. Plus edge of 8 at most, is 21. System 6 + Firewall 6 + 4 (active alert) is 16. Not bad. Take out the edge, and the sytem almost always wins. Edge SHOULD let the hacker squeeze by and avoid being booted, remember, hes got roughly 7 complex actions ahead of him to safeguard his entry.

When inside: I thought you wanted to erase security logs too? Or did you decide to cut that out until you're done done hacking? Alright. Search for admin accounts: Interval is 1IP, I'd say admin accounts would be hard, if not extreme. So, threshold 8. Assuming 12 dice, chances are it takes him 3 IPs to find them. (3 hits + 3 hits + 3 hits). Thats one whole combat turn in hot VR, and more in cold/ar. Now, he can edit them, for another complex. Lastly logging off, for a total cost of 4 1/2IPs. (4 complex + 1 simple). Assuming he has a stealth of 6, the spider has 6 analyze and 6 computer, thats 12 vs opposed of assuming 6 vs 6. So, 12 vs 12. Chance are, it'll bounce between the spider seeing him, and him hiding every test. So, chances are, the spider/IC will see the hacker by the 2nd IP. Giving them 2 1/2 IPs with which to start screwing with him, like, crashing his persona, tracing him, etc.

Also, dont' forget that admin accounts would likely also be encrypted/data bombed. This adds even more time to the hacker before he can mess with them.

Yes, Anyone with blackout/blackhammer can jam open a connection.

After getting a backdoor (again, very hard actually) then he can start messing with the node by deleteing security logs (after defeating their encryption/data bombs), mess with other admin accounts, or copy whats on the node. Unless its data bombed/encrypted, in which case, the data bomb can delete the whole shebang. Worthless to the hacker now.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 11 2007, 11:00 PM
Post #5


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (Tarantula @ Aug 11 2007, 07:08 AM)
No, read the description of redirect trace... "By redirecting, you send a flurry of spoofed signals out in the hope of confusing the Track program."  Its exactly that, spoofing in an attempt to avoid being traced.

Second: If it didn't disallow redirect actions with no trace active, you could simply do it before hand, as a success test (instead of opposed), and then have those success to add to new traces.  This was unwanted, so you can't perform the action unless you actually have a trace in progress to oppose the test.  Otherwise, I'd let them spend the complex action, and they can guess how well they did based off how many hits they got.  They know they were bad (no hits) decent (1-3 hits) or good (4-6 hits) against any given traces running on them at the moment.  Paranoid hackers probably would be running this action once every few combat turns, just in case.

Third: Cybercombat against humans is not a waste.  It boots the hacker out of the system, the system is on alert, and they have to reboot, and hack in again.  Now you're ready for them.

Hacking: As far as patrolling the 'trix already, its still a complex action to validly login with a passcode.  Thusly, the hacker has at least one complex action before spiders can show up.  Unless they just happened to be in the node the hacker is when the alert goes off.

Yes, this works even if the hacker has admin access.  Exploit + hacking skill (6 + say, 7) is 13 dice.  Plus edge of 8 at most, is 21.  System 6 + Firewall 6 + 4 (active alert) is 16.  Not bad.  Take out the edge, and the sytem almost always wins.  Edge SHOULD let the hacker squeeze by and avoid being booted, remember, hes got roughly 7 complex actions ahead of him to safeguard his entry.

When inside:  I thought you wanted to erase security logs too?  Or did you decide to cut that out until you're done done hacking?  Alright.  Search for admin accounts: Interval is 1IP,threshold 8.  Assuming 12 dice, chances are it takes him 3 IPs to find them.  (3 hits + 3 hits + 3 hits).  Thats one whole combat turn in hot VR, and more in cold/ar.  Now, he can edit them, for another complex.  Lastly logging off, for a total cost of 4 1/2IPs.  (4 complex + 1 simple).  Assuming he has a stealth of 6, the spider has 6 analyze and 6  computer, thats 12 vs opposed of assuming 6 vs 6.  So, 12 vs 12.  Chance are, it'll bounce between the spider seeing him, and him hiding every test.  So, chances are, the spider/IC will see the hacker by the 2nd IP.  Giving them 2 1/2 IPs with which to start screwing with him, like, crashing his persona, tracing him, etc.

Also, dont' forget that admin accounts would likely also be encrypted/data bombed.  This adds even more time to the hacker before he can mess with them.

Yes, Anyone with blackout/blackhammer can jam open a connection.

After getting a backdoor (again, very hard actually) then he can start messing with the node by deleteing security logs (after defeating their encryption/data bombs), mess with other admin accounts, or copy whats on the node.  Unless its data bombed/encrypted, in which case, the data bomb can delete the whole shebang.  Worthless to the hacker now.

Yeah, it seems to me redirecting trace is something different than spoofing your commcode to avoid datatrail.

Second: Are you telling me that you can try to redirect trace almost all the time, but you don't actually roll unless someone is tracing you?

And yeah my hacker is paranoid ;)

Third: The system is on alert against the intruder. If the hacker has to reboot, he'll probably spoof his commcode as well, meaning the computer should get no benefit against him anymore. And yeah the Spider is now ready for an attack - which might never come. The hacker can wait as long as he want to and the Spider has no way of knowing when the next attack ocurrs, or who was behind it. Seems like waste of time. From now on my Spiders will all be using Black Hammer or Blackout, and carry at least one Black IC backup.

Hacking: Ok thanks for clarifying this for me, didn't remember that part of logging on requiring a complex action and that data search is needed to find the files you want to edit.

My hacker is not nearly that good and can't afford better than rating 3 programs. Or maybe he just prioritized differently (since they got 75k each on a run once). On the other hand he is yet to face a system with firewall 6, best so far is 4 (he's not hacking megacorps, you know.) And he did need to use all 6 edge in the cybercombat vs the corporate spider, which of course had better programs than he did.

Hmm all this tells me I'm not nearly good enough to set up computer security. I've only used data bomb once, I didn't know they were that common,or that they could be used on admin accounts to prevent tampering.

You should note that my hacker has usually only tried to hack systems with low security - and often those with little data of value. It becomes silly if both the local Stuffer Shack and Ares HQ has 6 in all computer stats in all their systems.


Why would searching for admin accounts be hard, or even extreme? If even the admin can't easily access the different levels of user accounts with something as simple as a "list accounts" command, then the system will be a pain in the ass. I have no problems editing and creating admin accounts on my windows OS at least.

You say getting a backdoor is hard, but the part that should be hard is getting the admin access in the first place. Once that done I have a hard time seeing why doing anything at all with the system a legit user can would be hard (except databombs).

Hmm, he'll probably want to search for the password/passkeys to the databombs (defusing all the while) right after turning off the alert.

Edit: Is there any reason why he shouldn't be able to copy all the programs he wants (even IC) and use them for himself (after possibly cracking them)?
Go to the top of the page
 
+Quote Post
Ted Stewart
post Aug 12 2007, 12:31 AM
Post #6


Target
*

Group: Members
Posts: 37
Joined: 9-February 07
Member No.: 10,958



Keep in mind that things in the Matrix have real-world implications, and that Matrix systems are not carved in stone. If the hacker sets off the alarm and then manages to cancel it, the question becomes "Who was notified when the alarm went off?" Deleting the log file won't stop a security hacker who was just told to check out node BR342 and can bring the entire site to full alert if he feels it's justified. It's also particularly problematic if he is notified that there was an alarm, which is then immediately cancelled (or suddenly vanishes), and he can't find any information in the log indicating why.

If the matrix alarm system is tied to onsite security (as it should be, matrix attacks as distractions seem like a pretty common occurrence), that could also pose a problem. Security is going to be much more alert after an alarm, false or legit, and that can cause serious problems for a team on the premises.

Maybe if you're just snooping a site remotely, you'll get away with it in the short term, but if there are frequent or periodic false alarms or glitches in a single system, somebody will notice even without the log files. At that point they'll start tearing apart the network looking for a problem with their equipment, or temporarily cranking security through the roof to make sure nobody has compromised their security. Quite possibly both, if they have the resources to do so. So you'll either find a completely different system and have to start over, or have a very nasty surprise waiting when you try your usual backdoor.

At the end of the day, breaking into the same network in the same way repeatedly is bad for your health. You'd want to vary your approach to try to keep from being predictable.
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 12 2007, 06:38 AM
Post #7


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



QUOTE (FriendOfTheDork)
Yeah, it seems to me redirecting trace is something different than spoofing your commcode to avoid datatrail.
Maybe different the application, but they are both spoofing something, they're seperate actions with seperate mechanics, and if you want to use spoof to hide your datatrail, guess what, its a redirect trace action. (Its like saying you want to use an action to pull the trigger on your gun, when theres an action for fireing a weapon already, how you describe doing it is irrelevant, the action is there, and thats what you use.)

QUOTE (FOTD)
Second: Are you telling me that you can try to redirect trace almost all the time, but you don't actually roll unless someone is tracing you?

And yeah my hacker is paranoid ;)

I'd say that redirect trace actions could easily be rolled by the GM the same as perception checks. If you're so paranoid that you redirect trace once per combat turn, then the GM can factor that in, and roll a handfull of dice every combat turn. You don't know how you did, or if you were even being traced, which is how it shoudl be.

QUOTE (FOTD)
Third: The system is on alert against the intruder. If the hacker has to reboot, he'll probably spoof his commcode as well, meaning the computer should get no benefit against him anymore. And yeah the Spider is now ready for an attack - which might never come. The hacker can wait as long as he want to and the Spider has no way of knowing when the next attack ocurrs, or who was behind it. Seems like waste of time. From now on my Spiders will all be using Black Hammer or Blackout, and carry at least one Black IC backup.

I'd argue an alert is an alert. Being on alert gives it an extra +4 firewall to any intruders it knows are intruders (has defeated their stealth program).

QUOTE (FOTD)
Hacking: Ok thanks for clarifying this for me, didn't remember that part of logging on requiring a complex action and that data search is needed to find the files you want to edit.

My hacker is not nearly that good and can't afford better than rating 3 programs. Or maybe he just prioritized differently (since they got 75k each on a run once). On the other hand he is yet to face a system with firewall 6, best so far is 4 (he's not hacking megacorps, you know.) And he did need to use all 6 edge in the cybercombat vs the corporate spider, which of course had better programs than he did.

Hmm all this tells me I'm not nearly good enough to set up computer security. I've only used data bomb once, I didn't know they were that common,or that they could be used on admin accounts to prevent tampering.

Data bombs are great. They sit there, and unless you spend a simple action to observe in detail the file you're going to access (and succeed with a hit to ask if theres any data bombs on it), then you don't know its there. When you trigger it, you take its rating in damage on your condition monitor. Also, it can erase the file when its activated (as well as working with encryption). Fantastic for slowing hackers down (even if only to make them waste simple actions examining every file before they touch it). They can't outright prevent tampering, but, they do hinder it in an extreme way. If you try to access the admin files, and set off the data bomb erasing them, you can't just recreate them (since you never saw them) so you can't easily edit in a new admin account for yourself either. Encryption is nice too, first, they have to decrypt the file, once thats done, disarm the data bomb. Encryption wastes time for them to break, and the databomb will remove the file if they fail to disarm it before opening the file. Fanstastic stuff really.

QUOTE (FOTD)
You should note that my hacker has usually only tried to hack systems with low security - and often those with little data of value. It becomes silly if both the local Stuffer Shack and Ares HQ has 6 in all computer stats in all their systems.


Why would searching for admin accounts be hard, or even extreme? If even the admin can't easily access the different levels of user accounts with something as simple as a "list accounts" command, then the system will be a pain in the ass. I have no problems editing and creating admin accounts on my windows OS at least.

For the same reason that hacking one is a +6 threshold modifier. I figure, if an easy search is threshold 2, and hard is threshold 8. Its more of carrying over that its not the easiest thing in the world to mess with admin accounts (as theoretically, once the system is set up, you shouldn't need to access them very often). The people who run the system will know where the file is, and won't require a browse action to find it, since they already know where its at. Liken the browse action to using the find feature in windows, to look for some file, versus just knowing what folder its in, and navigating to there via explorer. Which is faster? (Well, generally, knowing where its at is).

QUOTE (FOTD)
You say getting a backdoor is hard, but the part that should be hard is getting the admin access in the first place. Once that done I have a hard time seeing why doing anything at all with the system a legit user can would be hard (except databombs).

No, getting admin access semi-easily (especially if you probe it first) is a nessecity for hackers being useful in a shadowrun setting. The backdoors are what cause problems, and they are hard to make. You don't know the passcodes/locations of everything. So, first, you find the admin accounts files, Then observer in detail it, decrypt it, observe in detail it again, disarm the data bomb, and now, you can finally edit it. Thats an extended action, simple, extended, simple, complex, and simple. Quite a bit of time for security to respond.

QUOTE (FOTD)
Hmm, he'll probably want to search for the password/passkeys to the databombs (defusing all the while) right after turning off the alert.

What kind of system are we talking about? No secure system would have the passcodes laying about. Search fails, period.

QUOTE (Dorkfriend)
Edit: Is there any reason why he shouldn't be able to copy all the programs he wants (even IC) and use them for himself (after possibly cracking them)?


Yes, encrypt then databomb them all. Unless he wastes the time to decrypt and then disarm all of them, when he tries to copy them, the databomb goes off, and crashes his persona, as well as removing the file. He gets nothing.

Sidenote: Does your name mean eventually you could become a Dorksaken?
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 14 2007, 11:42 PM
Post #8


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (Tarantula)
QUOTE (FOTD)
Third: The system is on alert against the intruder. If the hacker has to reboot, he'll probably spoof his commcode as well, meaning the computer should get no benefit against him anymore. And yeah the Spider is now ready for an attack - which might never come. The hacker can wait as long as he want to and the Spider has no way of knowing when the next attack ocurrs, or who was behind it. Seems like waste of time. From now on my Spiders will all be using Black Hammer or Blackout, and carry at least one Black IC backup.

I'd argue an alert is an alert. Being on alert gives it an extra +4 firewall to any intruders it knows are intruders (has defeated their stealth program).


QUOTE (FOTD)
Hacking: Ok thanks for clarifying this for me, didn't remember that part of logging on requiring a complex action and that data search is needed to find the files you want to edit.

My hacker is not nearly that good and can't afford better than rating 3 programs. Or maybe he just prioritized differently (since they got 75k each on a run once). On the other hand he is yet to face a system with firewall 6, best so far is 4 (he's not hacking megacorps, you know.) And he did need to use all 6 edge in the cybercombat vs the corporate spider, which of course had better programs than he did.

Hmm all this tells me I'm not nearly good enough to set up computer security. I've only used data bomb once, I didn't know they were that common,or that they could be used on admin accounts to prevent tampering.

Data bombs are great. They sit there, and unless you spend a simple action to observe in detail the file you're going to access (and succeed with a hit to ask if theres any data bombs on it), then you don't know its there. When you trigger it, you take its rating in damage on your condition monitor. Also, it can erase the file when its activated (as well as working with encryption). Fantastic for slowing hackers down (even if only to make them waste simple actions examining every file before they touch it). They can't outright prevent tampering, but, they do hinder it in an extreme way. If you try to access the admin files, and set off the data bomb erasing them, you can't just recreate them (since you never saw them) so you can't easily edit in a new admin account for yourself either. Encryption is nice too, first, they have to decrypt the file, once thats done, disarm the data bomb. Encryption wastes time for them to break, and the databomb will remove the file if they fail to disarm it before opening the file. Fanstastic stuff really.

QUOTE (FOTD)
You should note that my hacker has usually only tried to hack systems with low security - and often those with little data of value. It becomes silly if both the local Stuffer Shack and Ares HQ has 6 in all computer stats in all their systems.


Why would searching for admin accounts be hard, or even extreme? If even the admin can't easily access the different levels of user accounts with something as simple as a "list accounts" command, then the system will be a pain in the ass. I have no problems editing and creating admin accounts on my windows OS at least.

For the same reason that hacking one is a +6 threshold modifier. I figure, if an easy search is threshold 2, and hard is threshold 8. Its more of carrying over that its not the easiest thing in the world to mess with admin accounts (as theoretically, once the system is set up, you shouldn't need to access them very often). The people who run the system will know where the file is, and won't require a browse action to find it, since they already know where its at. Liken the browse action to using the find feature in windows, to look for some file, versus just knowing what folder its in, and navigating to there via explorer. Which is faster? (Well, generally, knowing where its at is).






Yes, encrypt then databomb them all. Unless he wastes the time to decrypt and then disarm all of them, when he tries to copy them, the databomb goes off, and crashes his persona, as well as removing the file. He gets nothing.

Sidenote: Does your name mean eventually you could become a Dorksaken?

Alert: The books specify that alerts are against "the intruder", but as others are detected by analyse+computer when trying to break in they become intruders themselves. My point was that if he has a backdoor the system identifies him as admin, not as an intruder so the alert is useless.

Data bombs: The player mentioned something: If he copies a file with a databomb ,the bomb should not go off as the file is not opened or changed. Then he can search and disable the bomb, descrypt it etc. If this was the admin files, then he could probably get the passwords from it right? After all the admin account must know the passwords to recognise them when a legit user uses them. That was what I meant by searching for passwords etc. before. Of course to access them you need admin access, you need to get around the databomb and you need to decrypt the files.

Hmm seems like you said even copying will trigger the databomb. My player thought that couldn't happen as the databombs can't detect that you are copying them (at least there are no programs today that can detect itself being copied). I don't know what's right, and the book is as always silent... except it says that if someone tries to access the file the bomb goes off. Arguably copying IS accessing.

Sidenote: That is for the Gay Lord of the Dork to decide. As a true follower I make no demands. ;)

(PS no disrespect to any gays)
Go to the top of the page
 
+Quote Post
hobgoblin
post Aug 14 2007, 11:49 PM
Post #9


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



trying to compare matrix rules to much to how things work in real life leads to one thing, splitting headaches...
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 15 2007, 12:01 AM
Post #10


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (hobgoblin)
trying to compare matrix rules to much to how things work in real life leads to one thing, splitting headaches...

Yeah I know, but I need SOME way of understanding what can and what can't be done, and when the books are silent or nonspecific I have nothing to turn to other than real life.

Go to the top of the page
 
+Quote Post
hobgoblin
post Aug 15 2007, 12:41 AM
Post #11


panda!
**********

Group: Members
Posts: 10,331
Joined: 8-March 02
From: north of central europe
Member No.: 2,242



look at it this way, copying a file is the same as reading a file.

hell, monks copied books by writing down what the read. the computers are doing the same...

so if the databomb can go of by someone reading the file, it should also go off when copying...
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 15 2007, 02:10 AM
Post #12


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



QUOTE (fotd)
Alert: The books specify that alerts are against "the intruder", but as others are detected by analyse+computer when trying to break in they become intruders themselves. My point was that if he has a backdoor the system identifies him as admin, not as an intruder so the alert is useless.

Ahh, yes, then I would agree, a validly logged in admin would never be considered an "intruder".

QUOTE (fotd)
Data bombs: The player mentioned something: If he copies a file with a databomb ,the bomb should not go off as the file is not opened or changed. Then he can search and disable the bomb, descrypt it etc. If this was the admin files, then he could probably get the passwords from it right? After all the admin account must know the passwords to recognise them when a legit user uses them. That was what I meant by searching for passwords etc. before. Of course to access them you need admin access, you need to get around the databomb and you need to decrypt the files.

Data bombs say their effect occurs when someone accesses the file. Not opens. Accesses. This to me says doing anything at all with the file contents. I.e. Edit/transfer/read actions set it off; Analyze or browse actions don't.

QUOTE (fotd)
Hmm seems like you said even copying will trigger the databomb. My player thought that couldn't happen as the databombs can't detect that you are copying them (at least there are no programs today that can detect itself being copied). I don't know what's right, and the book is as always silent... except it says that if someone tries to access the file the bomb goes off. Arguably copying IS accessing.

Actually, yes, current day programs can detect when a FILE is being copied. How? Because the hard drive is reading the sectors in which the file is located. Data bombs protect files(which can be inactive programs as well). So yes, it will know when it is being copied, and having not been defeated, inflict rating dmg to his matrix icon, as well as sounding alerts/erasing the file as instructed.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 15 2007, 12:01 PM
Post #13


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



What you say makes sense. Hmm, so if the hacker actually attempts to simply download the entire system that would cause all the databombs to go off simultaneously? Ouch! Well I better tell him then, a someone with 4 in cracking skill group and electronics should know that.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 18 2007, 04:02 PM
Post #14


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



Tarantula, another matrix issue came up last time. If the system has say 3 admin accounts, do you need 3 databombs to protect them?

And what happens when a hacker gets admin access, is he then logged in as one of those 3 admin accounts or has he created a fake one temporarily?

If there is only one admin account, and the hacker hacks in as one, does that mean he is logged in to that account? Then if he tries to edit it or create a new one, and the databomb goes off is he suddenly logged off?

Does that means the whole system crashes if the databombs delete the admin files?

I picture the admins have backup of the whole system offline, but still taking down a system like that is pretty bad....

Go to the top of the page
 
+Quote Post
Tarantula
post Aug 18 2007, 10:43 PM
Post #15


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



I'd say its 1 databomb for the "accounts" file, which contains all valid user, security, and admin accounts. Of course, more paranoid systems could split those into individual files, or even individual accounts if you wanted to. The common case would be 1 accounts file, encrypted and data bombed.

When a hacker hacks admin access, the system thinks hes an admin, he didn't validly log in through one of those accounts, but through some sort of trickery has made the system think he is a valid admin. This is justified via page 218. Using Computer Skill. When you are a valid account, you use computer skill for edit, repair, track, and transfer data actions. When you have a hacked account, you use your hacking skill.

If only 1 admin account, no, he still has just tricked the computer into thinking he is valid. He isn't in THAT admin account. If he edits the accounts file to either put in his, or get rid of the admin account, then yes, the databomb would go off (unless he successfully disarmed it first). Not suddenly logged off, but I'd say the system would go active alert upon the triggering of a data bomb.

No, the system doesn't crash if admin files are deleted, just any admins trying to log in would be told invalid username/password, please try again. Or whatever their system was setup to show for a invalid set. Yes, the admins likely do have backups offline. Taking out their ability to access their own system is kind of a pain, but theres no reason they can't just go in and "replace" the storage with their backup. (Think of it as having copied your hard drive to a different one for a backup, then swapping them out after your computer gets infected with a virus.) It'd be purely on the hardware level, so it doesn't matter that they can't validly logon as an admin to tell it to restore.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 18 2007, 11:49 PM
Post #16


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (Tarantula)
I'd say its 1 databomb for the "accounts" file, which contains all valid user, security, and admin accounts. Of course, more paranoid systems could split those into individual files, or even individual accounts if you wanted to. The common case would be 1 accounts file, encrypted and data bombed.

When a hacker hacks admin access, the system thinks hes an admin, he didn't validly log in through one of those accounts, but through some sort of trickery has made the system think he is a valid admin. This is justified via page 218. Using Computer Skill. When you are a valid account, you use computer skill for edit, repair, track, and transfer data actions. When you have a hacked account, you use your hacking skill.

If only 1 admin account, no, he still has just tricked the computer into thinking he is valid. He isn't in THAT admin account. If he edits the accounts file to either put in his, or get rid of the admin account, then yes, the databomb would go off (unless he successfully disarmed it first). Not suddenly logged off, but I'd say the system would go active alert upon the triggering of a data bomb.

No, the system doesn't crash if admin files are deleted, just any admins trying to log in would be told invalid username/password, please try again. Or whatever their system was setup to show for a invalid set. Yes, the admins likely do have backups offline. Taking out their ability to access their own system is kind of a pain, but theres no reason they can't just go in and "replace" the storage with their backup. (Think of it as having copied your hard drive to a different one for a backup, then swapping them out after your computer gets infected with a virus.) It'd be purely on the hardware level, so it doesn't matter that they can't validly logon as an admin to tell it to restore.

Ty I think this answers my questions. Ugh, until next time my player who admitedly knows alot more about computers, networks and hacking than me comes up with a new dilemma.

I'd guess that actually restoring the system would take some time in off-hours, as they need to physically reset and restore the whole system at location.
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 19 2007, 12:03 AM
Post #17


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



I can change a hard drive inside of a minute from when I shut the comp off to when its on with the new drive. Its not really all that difficult. I'd say maybe an hour tops on the Corps end, since they'll be doing everything very carefully.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 19 2007, 07:27 PM
Post #18


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



Ok another hacking question: Cyberware.

How easy it is to hack cyberware, what cyberware is pretty safe, and why doesen't everyone with cyberarms etc. have skinlinks or similar safe ways to avoid hacking? You don't control a pacemaker by bluetooth, then why control a cyberarm wirelessly if you can control it by reading your nerves or DNI?
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 19 2007, 07:29 PM
Post #19


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



Don't forget that you can tell a device to turn its wireless off. I'd say most cyberware is probably set to have wireless turned off, unless commanded on, or if the DNI fails. So, chances are, you can't hack most cybeware unless its DNI is damaged or the user decides to turn its wireless on. You don't typically control a cyberarm wirelessly, but its very good for medical diagnostics.
Go to the top of the page
 
+Quote Post
FriendoftheDork
post Aug 19 2007, 10:24 PM
Post #20


Running Target
***

Group: Members
Posts: 1,288
Joined: 4-September 06
From: The Scandinavian Federation
Member No.: 9,300



QUOTE (Tarantula)
Don't forget that you can tell a device to turn its wireless off. I'd say most cyberware is probably set to have wireless turned off, unless commanded on, or if the DNI fails. So, chances are, you can't hack most cybeware unless its DNI is damaged or the user decides to turn its wireless on. You don't typically control a cyberarm wirelessly, but its very good for medical diagnostics.

Hmm, yeah this was pretty much what I envisioned. The reason I asked is that my player have read tons of referanses to a cyberlimb or other cyberware being hackable in the BBB, but if everyone just uses DNI and only activiates wireless when going to the doctor, hacking cyberware is not a good strategy.


I have yet another question, but I'll make a new thread.
Go to the top of the page
 
+Quote Post
Thomas
post Aug 19 2007, 10:38 PM
Post #21


Moving Target
**

Group: Members
Posts: 407
Joined: 9-February 05
From: Oklahoma City, OK, USA
Member No.: 7,070



QUOTE (Tarantula)
I can change a hard drive inside of a minute from when I shut the comp off to when its on with the new drive.  Its not really all that difficult.  I'd say maybe an hour tops on the Corps end, since they'll be doing everything very carefully.

Remind me to put my admin account in read-only memory – to save me the trouble of having to go down to the office and restore the system in the middle of a rainy night, having the guards make clever comments about my ork barbarian PJs and pink, fuzzy bunny slippers, and then having to hack all their finances and give them some interesting criminal records.
Go to the top of the page
 
+Quote Post
Tarantula
post Aug 20 2007, 05:17 AM
Post #22


Dragon
********

Group: Members
Posts: 4,664
Joined: 21-September 04
From: Arvada, CO
Member No.: 6,686



Thomas: You can't make it read-only by RAW.

If it was allowed, what would you do for other system administrators? Would the costs be worth it to change the memory out every time you got new administrators? And forbid that you ever get your password compromised. They just gotta get in the system and steal your passcode from you, and they've got a permanent backdoor until you change your hardware.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 20th July 2024 - 07:26 AM

Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.