Yet Another Matrix System, but far closer to canon Options

[Blade]

@Kyoto Kid: Yes, that's a bit extreme to me. Except if she was good enough to avoid getting caught each and every time...
To me it's like saying "My street samurai learned his combat skills by shooting [insert corp's name here]'s guards every night."

I think that downplaying the importance of Matrix security is a mistake... but each GM is free to play as he wants.

@Frank : What's strange with your post is that when I read them I discover things about my rules. For example, loading an agent becomes a free action, an agent can simultaneously act on as many ports as he wants... All this is NOT in my rules. Please stop twisting them the way you want to support your point.

[Kyoto Kid]

...without going deep into Vi's backstory, (which is rather detailed) she was basically a "prototype" herself, gene-engineered and augmented by Metatech for the purpose (or so she believes) of matrix espionage in the "new" wireless environment. Her skill was developed though various exercises and "runs" against the Corp's internal system.

Where they screwed up was: making her too good at what she did. That takes care of the "learning curve" for her.

The disappearance of her parents and being made a ward of the corporation, fueled her suspicions and anger towards MetaTech which led to her selling the plans to the commlink and bolting to the shadows.

Again in her case, that works.

For someone else, in the setting proposed in the OP, the learning curve would be a lot tougher to near impossible unless they already had a background or worked in a high level matrix based occupation. However such a position would most likely be fairly good paying with little or no danger of getting shot at or arrested. Why would one want to leave such a stable and comfortable lifestyle for the uncertainty and danger of the shadows? In this way then yes, Matrix Specialists in the shadows would be fairly rare and pretty much need to be of the Fastjack/Dodger calibre in order to survive.

There are other ways to make matrix operations challenging than just making it so dangerous only the best of the best can cut it. I have done it. In a 3e campaign I had a player who ran the team's decker shaking in his boots just from the description of the sculpting and the way his icon had to deal with things. He didn't even encounter any of the really bad IC before he became so paranoid he jacked out.

[Cheops]

[Seven-7]

Cheops: I'm sure you THINK it's not as bad, but trust me it is. There was a god damn 15+ page topic on it and even the FAQ talks about it.

So here's some help (NOTICE: Standard Matrix):

1.) Program/Agent rating is limited by the System rating running it.
2.) For every (System Rating) programs/agent on a device, -1 to Response.
3.) Agent's exist independently of the user in the Matrix (pg.227)
4.) Agents use the response of the device they are running on.
5.) You may load an agent onto another device and still use it. (pg.228) Even if your offline. IN THIS CASE THE AGEN DOESNT COUNT TOWARDS YOUR PERSONAS ACTIVE PROGRAM LIMITS LIKE RUNNING PROGRAMS DO (#1+#2).
6.) You can issue commands to an agent.
7.) Commlinks can be subscribed to other commlinks, allowing a 'tree' of sorts.

Cost of a R4 System/R4 Response Commlink: 2,000+2,000:4,000
Cost of a R4 Agent: 10,000

10 Commlinks: 40,000(8BP)
1 R4 Agent: 10,000(2BP)
Copying the agent 5 times for each commlink to produce 50 agents (Without loosing response and not actually having to travel with them), doubles to 100 if you want -2 Reponse? Priceless.

Edit: These are things that throw 8-10 dice (Pilot+Program)

[Cthulhudreams]

[Cheops]

[kzt]

[Seven-7]

[Seven-7]

[Cheops]

We all obviously have different interpretations of the rules and from what I've seen of your comments in other threads I can tell that I am not going to sway you one bit. My reading of the rules is different than yours and my reading works for me so I'm disengaging right now. Bye.

[Blade]

@Kyoto: It's still possible for hackers to learn while living in the Shadows, but they'll need to be subtle. For example they can start by hacking easy targets, just like the street samurai will start with street fights in the Barrens. Or he can find a mentor who'll teach him everything...

My aim was not to make hacking challenging, I had two goals
1) Consistency. Hacking should be uncommon. In a society that relies so much on computer, hackers shouldn't be everywhere, even if it's cheap to get hacking gear.
2) Atmosphere. I don't want hackers to be 12 year old kids with public blogs about their achievments. I want them to be hardened professional, with small underground communities (online or physical)... Much more like 80's hackers (and the 80's cyberpunk hackers) or even today's hackers (as opposed to crackers) rather than like today's script kiddies (or even today's crackers).

SR4 allows a player to be a hacker and be able to do something else at the same time, and that's good. But that shouldn't lead players to believe that every kid with enough nuyens will start hacking right away.

----

About the agent discussion, I'd appreciate it if you didn't turn this topic into a new topic about agents according to SR4's BBB. But since it seems that it's the only topic that interest anyone I'll try to give better explanations about agents in my system as soon as I have time to work on it.

[Kyoto Kid]

...so in effect, more like Redford's team in Sneakers than "Crash" & "Burn" in Hackers.

[Blade]

I've realized there's a lot I forgot to say. I've also realized there were a few angles I didn't consider. Everything should be covered now, what follows should be added to the opening post.

Most of what is here is just explanations to make it troll proof but there also are a few new rules or small modifications to existing rules.

1. Connection slots, hosts, scale, security and ICE.

The subscription limits only applies to personas, it doesn't apply to nodes. But nodes can also limit the number of allowed connections.
For example, you can decide that you can't have more than 5 personas subscribed to your commlink at the same time. That's what most corp nodes do. To be able to handle a lot of connection at once, they often have a lot of nodes with limited subscriptions.
For example if they have a cluster of 1000 nodes allowing 1 connection each, the cluster will be able to handle 1000 personas at once, each one being monitored by one analyze program, and as many ICEs as are loaded on their node.
But the user won't notice that, because he'll be able to see other users and interact with them even if they aren't on the same "node", all nodes are linked seamlessly. Actually the user might as well be moving between nodes as his persona moves through the host, but the user won't notice it.
So to make it simpler, in game mechanics terms, we can consider that he is on a single node.

We can compare it to a building. A home will be smaller than a hotel, but there will be much more people in the hotel than in the house. According to that, there will be many more beds in the hotel than in the house. But for one individual, it will be the same: if he wants to sleep, he'll have enough bed at home and he'll also find one in the hotel.

This also applies for the security: to protect the home one or two guard(s) is(are) enough. To equally protect the hotel you'll need more. If you want each customer to be as safe as he'd be in the house with one guard, you'll have 1 guard per customer (or less if you consider that a guard can keep an eye on two customer). But overscaling isn't good: if your home is swarming with guards, an intruder can easily enter by dressing as one. Either that or you'll need to have guards check the guards, which won't be efficient.

Now let's imagine that there's a problem in the hotel. You can send all your guards to deal with it. But then anyone who can pick locks will be able to steal anything left in the other rooms while everyone is away. So you'll need to leave the other guards to guard the rest of the building.

What you can do is send other guards, from a guard room or from another building.
You can also do that in the Matrix, but it can be dangerous. If they are in the same node, you'll need to prevent the overscaling problem (too many agents hiding the rest of the traffic, or checking each other all the time) so you'll need to deactive them most of the time and activate them when there's a problem. But experienced hackers can use this to their benefits by modifying the code of the inactive agents so that when activated they'll help him.
Another way would be to store the agents in another system, disconnected from this one which will be connected in case of emergency (calling guards from another building). It's more efficient, as long as the hacker doesn't block the connection to this other node beforehand (blocking the door of the hotel, or even the road to it). But there's another problem : to allow for more agents to load themselves on the node you need to have slots for ICEs (which aren't the same as slots for regular agents, because they don't have the same privileges). These slots can be used by the hacker to upload and run his own hacking agents.

Another idea would be to replace crashed agents with new agents. But a crashed agent isn't removed from the system. It just becomes inactive, freezes, doesn't do anything useful, fooling the system which won't realize that something has happened to it. That's why you need a security hacker to see it, unload the agent and upload a new one, which takes some time. Some security hackers, nicknamed necromancers or archviles, are specialized in this behaviour and are the first target of most hackers.

2. Agent Smith

The "Agent Smith" phenomenon is a problem that corps don't want to see. The benefits it could give attackers far overcome the benefits the security could get out of it. That's why they designed the Matrix protocol to avoid it and also why a lot of cyber security experts are paid to proactively look for and eradicate any such threat that might appear.

There are two ways for an attacker to get an Agent Smith effect.

2.1 Loading an agent swarm

As explained previously, programming an agent that can act the same way a persona does (running on another node) means bypassing a lot of protections hardcoded in the Matrix protocols, making it extremely difficult. The data on the Matrix protocols is hard to get (and prone to attract attention from cyberpolice) and reverse engineering is long and strenuous.

The only other way to go is to follow the protocol and have the agent load itself on the node.
Agents have several limitations they can't enforce:
* they can't load other agents
* they need to have some kind of "superuser" access to be able to use cybercombat software (or exploit the node each time they choose to use one).
* They can't have admin access, and can't even spoof or exploit the node to get it. This means that one agent won't be able to allow access to other hacking agents.
* Most nodes have a limit of allowed basic and superuser agents, and most of them always fill their superuser agent slots to prevent hackers from loading their hacking agents. When the limit is reached, the port listening for agent request is closed, preventing any agent from trying to connect. To prevent DoS attack, the closing of the port often triggers a global agent check to remove any idle or suspicious agents.
* Each agent has to carry the matrix signature of their user, this signature will be checked upon connection. A hacker (or the agent itself) can bypass this by spoofing a false commcode ID, or by exploiting the node to connect.

The first way to do a swarm attack is to load your agents on some nodes and ask them to exploit the target node. The problem of that method is that due to the difficulty for an independant agent to exploit a node (see opening post), there's a good probability of failure. If the targeted node detects several hacking attempts by agents in a limited amount of time, it will trigger an alert.
Another way would be to load them as basic user agents and have them suddenly attack. Because of the matrix signature check, this option will also probably trigger an alarm.
A third way is to use an array of commlinks to connect personas running agents to the target node. This method is rarely used, because it needs more gear, more commcodes, and the hacker needs to "anonymize" each connection.

When an alarm is trigged all connected agents are scanned with the alert bonus. All agents trying to load themselves on the node or exploit the node afterwards will suffer the alert penalty. Most of the time the alert will also trigger track attempts.

On a big host with a lot of agents, it could be possible for a few agents to bypass all these. It's then a possibility that at least one of the agent will be able to pull off the job. That's why a hacker can augment his chances by sending more agents, but that will also augment the chances a track will successfully lead to him. In nearly all cases, the system will be aware of a massive hack attempt, which will probably lead to a close investigation later on.

Rules: a hacker (or anyone else) can try to storm a host with an agent swarm. It takes 1 hour per bonus point (up to +4). To simplify things, the hacker will then roll for one agent. The swarm bonus is added to his dice pool. Even if the hack succeeds, the node can do a Track attempt on the hacker with the same bonus to its dice pool. If the hacker is connected during the track attempt, he can try a redirect action. If he isn't, the agents can do it. Both tests don't benefit from the bonus. The node, if successful, can still get the hacker's Matrix ID, and gather data which will be useful to an investigation (such as the hacker's location). Spoofing the datatrail might slow down the investigation but won't protect from it.

2.2. Independent agent swarm

If someone can somehow get his hands on an independent agent and decide to use multiples copies for an Agent Smith strike, the system will react as if faced with a massive hacker attack (attack by several hackers at the same time). Most of the time, the host will be disconnected and the Matrix security service (or Matrix security contractors) will go on full alert. They can route the connection point of the target node to a security host designed especially to deal with such problems. The main objective of the security spiders will be to find the source of the problem and attack it directly, in the Matrix or in the physical world. Such threats aren't taken lightly and may result in a joint operation by several Matrix security corporations.

Rules: Developing an independent agent doesn't just require programming skills. You need gear, you need knowledge that's hard to get, you need time and more than everything you must avoid being detected by the various Matrix security experts. Actually, it's kinda like building your own nuclear weapon. Finding and purchasing one is also like getting your own nuke. There aren't rules about it; this can only be the result of a long and dangerous adventure.

3. Commlinks, personas and users

A commlink has one persona. The persona isn't a program, it's a part of the commlink's system. Multiple commlinks can't share the same persona and one persona can't use several commlinks at the same time (for example running programs on another commlink).

A persona can be on different nodes at the same time but you can't have multiple instances of a persona on one node (or one node cluster). Also a local network can refuse to have more than one instance of the persona on the network.

A user can have multiple commlinks. He'll need a valid commcode for each one, though. And even if one individual (one SIN) can have multiple commcodes, people will start to suspect something if one SIN is linked to more than 3 commcodes. Of course, it's still possible for hackers to get someone else's commcode, to hack the database to get one or to get a commcode from some illegal Matrix service provider.

Even if it's technically possible to have several personas answering to the same commands (for example using the same input device for several commlinks), doing so won't work. The Matrix protocol is designed to detect and refuse such behaviour. Adding small differences in the behaviour or the timing of each persona isn't enough to prevent detection (except if the time difference is big enough: two personas can do the exact same thing two or three hours after the other without any trouble).
So the only way to control several personas at the same time is to switch between different personas and command each one manually or to have a large enough time difference between their actions. It is possible to record the input (DNI or other) and have it replayed later, but as the Matrix is constantly shifting, an action will probably not get the same result when replayed.

One DNI can only command one commlink at the same time. Removing the DNI access to the commlink will log off the user from the commlink (security measure, so that stealing a DNI-linked commlink will disconnect the user). The only way to use several commlinks at the same time with DNI is to have more than one DNI, as it's impossible to use more than one trode net at the same time, it necessarily means having multiple datajacks.
For example if the user has two DNI he can switch from one to the other with one free action.

Simple interfaces such as keyboards or AR gloves don't suffer from the same limitation (for the hacker) as the user can stop to use them without logging off from the persona. He'll just need to switch the input from one device to another (simple action). This is a long process, and most nodes can detect the strange behaviour this method leads to.

For example if a user wants to hack a node using 10 commlinks, he'll need to exploit the node with each commlink (or get an admin access with one and then create accounts for the others). He then has 10 personas inside the place. If things get tough, the personas that aren't manned are sitting duck and will have their connection terminated by the node. Besides, don't forget that each persona will have their own server resources, meaning that they'll each face the same number of IC.
Once again, we can compare it to intruder inside a building. If only one intruder is detected, the security will only dispatch a few guards to deal with him. If different intruders are detected in different places in the building, each one of them will face the same number of guards. If the intruders are all in the same place, then a lot of guards will be sent to that place.

Using multiple personas for hacking is actually not efficient. This method isn't used to defend either because of the useless load it adds to the hosts, especially since spiders can log back in quickly enough. Some spiders can connect without using DNI (to avoid getting blackhammered) and come back as soon as their personas are destroyed, but the drawbacks outweighs the benefits (coming back to get your ass kicked every time isn't as efficient as going just once but actually damaging the opponent).

Small aside on DNI, AR and VR
* Using DNI is much more efficient than using another input interface. When not using DNI, all actions take twice as long. Besides, for situations which require reactivity, such as cybercombat, the user suffers a -2 modifier. But using DNI, even in AR, opens the door to biofeedback.
* Actually there's not much difference between DNI AR and DNI Cold Sim VR, except that when In VR you don't have that pesky real world to bother you when hacking. According to that, hacking in AR in most situations where switching to VR isn't a solution will probably lead to a negative modifier due to distraction.
Another difference is that some signals, especially for the feedback are blocked by the RAS (so that AR users don't start doing what their persona is supposed to do). The good news is that it acts as some kind of biofeedback filter (rating 4), but the bad news is that some of this feedback is useful for situations such as cybercombat. According to this, users engaged in cybercombat in AR suffer a -2 modifier to their cybercombat actions.
A user engaged in cybercombat in AR without a DNI will suffer a -4 modifier.


3. Architecture

When accessing the global Matrix grid with the user (or system) view, each accessible node will be represented by some object. One inside you'll see the content of the node, according to the settings of the Matrix architect. From one node, you'll be able to hop to a nearby node, without even knowing you're routing your connection through that first node, if both nodes allow that. Of course, in system view you'll be able to see the relationship between nodes and know the exact path you're following to access a node.

A routing node can't force a hopping persona to stop. This is intended to prevent hackers from using "trap" nodes, forcing the user to stop by the node when he wants to access another node by routing his connection through this node. But it's possible to have a node with selective routing. This node will only accept to route some personas. Most of the time, such nodes will then proceed to route the connections of the personas which went to a specific point in the node. The user will have to log on the node, go to a specific place (most probably in front of some kind of door) and he will be granted access to the next node (even if the next node might also require identification). A lot of corporate networks use this to have all personas checked in a high security node before being able to connect to other nodes in the network. In that case, the only node visible in the global matrix grid will be the entrance node and all users will have to connect to it to be able to access other nodes in this network.

Each chokepoint node the network have adds to the security of the network, but it's not good to have too many of them. Each node requires the user to log in, and most legitimate users don't want to have to log in 10 times before getting to the data they need. High security systems might include more of these chokepoints and most hacker will have better luck going physically on site to bypass these.

A node can be the master of other nodes. In that case, a user having access to the master node will be able to go to the slave node without having to log in the slave node. He might even not see the difference between the master and slave nodes. But a user accessing the slave directly not will have to log in the master node to access it. Sometimes, such slaves nodes are used as traps: when a hacker goes inside that slave node, his account on the master node is destroyed and the hacker won't be able to get back on the master node.

4. Special node behaviour

In this system, Matrix security is quite close to physical security: doors, guards, drones, lock and so on. But a big part of hacking and Matrix security lies in thinking outside the box. Here are a few examples of Matrix tricks that nodes or networks can use for a better protection.

4.1 Tracking

Some nodes require the user to route his connection through a specific node or to connect from a specific area (or not to connect from one). In that case, the connection of each persona will be tracked to the user's commlink. Hacking these nodes (require redirecting the trace to a legitimate connection point.
Some node can do that tracking to check if the user is routing his connection from an anonymizer.

4.2 No persona

Some nodes (such as DNI, cyberware, cameras and slave devices) don't need to have personas at all. They just communicate with master nodes. In that case it's simply impossible for a user to log on this node. The only way to hack it is to spoof a message.
Such nodes can have a physical flip to allow for a persona in some cases (maintenance for example).

4.3 Hostage persona

Some secure networks might require the user to leave an instance of his persona in one (or multiple) node(s) - probably a high security node - so that if he turns out to be an intruder, his persona will be attacked in this node. This security procedure is quite rare because of its use of node's resources (maintaining an inactive persona) and potential danger (what if a hacker spoofs the matrix signature of a legitimate user?)

5. Ratings, security and usage

A rating 6 firewall isn't that expensive, especially for a corp. Why would a corporation have firewalls with a smaller rating? Taking SOTA into account isn't enough: nothing prevents the corporation from copying their latest firewall to all their sites.
But there are 3 reasons why this won't be the case:

1. Connection to the outside: upgrading the firewall through the Matrix means getting it from an outside connection. This means that a hacker can intercept it, modify it and send a firewall with security holes instead. This won't be too easy to do (there are a lot of anti-tamper systems involved) but it can be done. That's why it's better to have them brought and installed physically, which will be slower and more expensive.

2. Widespread use: using the same firewall everywhere means that if a hacker can find a hole in one firewall, he'll be able to exploit it in all similar firewalls. Due to the use of heuristic and other factors this isn't always true, but it's still a danger that has to be taken into account. Of course, the security hole will probably be quickly fixed, but if the intrusion was in a minor system, it can take weeks or even months before it is discovered.

3. Ease of use: a rating 6 firewall is more than a high-end program. Actually, it's not that at all (that's why you can have one on a rating 1 device). It means that the OS is really secure (think BSD) but this security can be detrimental to the ease of use (think BSD installation). It also means that the log-in system is more complex. Most nodes running a rating 6 firewall will require a dongle, a special chip or piece of hardware or biometric data (or all of them) to log-in.

--------------

I hope that everything is covered now, let me know if there's still something missing (or broken).

[Cthulhudreams]

If I can limit my number of connections, why don't I make my base security system, then limit the number of connections to none. Or better yet, make my top secret lair security system limited to one connection, then log into it myself, via a hardwire link?

Doesn't this feature make it completely impossible to hack security systems?

Lots of your rule don't actually seem to have mechanics attached. You mention that in the 1000 node example as one system 1000 people can connect, and then ICE can 'move' between 'nodes' and there are some 'effects' associated with that. Except you haven't actually defined them at all.

What happens when I have 2 Ice on each node, and when a hacker alerts me to his presence I send 1 ICE from each node to attack him

You mention dongles and shit to log in to a rating 6 firewall. Can I spoof having them if I am logging in remotely/ If not, why not? What does spoof even do in your system?

Also, the spoofing the matrix signiture thing in the hostage persona's section? How does that even work? Also, no matter how you make it work I can kill any hacker arbitarily who uses hotsim.

All I have to do is get that 1000 node setup mentioned under ICE, spoof the guys matrix persona? logged on as 999 hostage personas, then make my ICE kill him, as he will die as he gets attacked by 999 black hammers.

Seriously, the ideas are good, but there are no mechanics attached to any of the 'rules' and you probably need to fix this.

[Blade]

It's covered: you can set your node to refuse personas.

As for limiting it to one persona then logging yourself, it's a good way to make your system secure, but it's not impossible to hack: the hacker can still use spoofed messages to act on your node (in the limit of what's possible with messages) or lure your persona in another node to attack it, disconnect it and replace it. And then it'll be harder for you to get back. Besides, you can't do it on every node.

As for the mechanics, the idea of this rule system is to be open and flexible, programs can do a lot of different things, so rather than list them all, I just list the main idea of each program and a few examples and it's up to the hacker to find clever uses. Just like it's done with the standard skills in the physical world.

For example, the Spoof program is used to fool drones into believing you are the legitimate user. This means you can use it to impersonate the Matrix signature of a legitimate user. So it means that with a hacking+Spoof roll the hacker can impersonate a legitimate user (of course he'll need to know what the signature of this user is). The nodes, ICEs and spiders will roll a Matrix perception test: computer+analyze. If they get more hit than you, they'll be able to see that you're not the user you're pretending to be.
Actually you can compare the Spoof program to the impersonation skill, and the Analyze program to the perception skill.

But you're right, there are some details I forgot:

* About the 1000 node, the best way to consider it is to forget everything about the 1000 node thing and just consider it as 1 big node, that will be able to run a lot of programs and agents at the same time, so that each user will get the same attention from the node.
Really, the best is to compare it with a building : you can send a guard from point A to point B without any problem, except that there won't be any guard at point A aftewards.

* About dongles and stuff, it's just a fluff explanation to how rating 6 firewall systems are. Spoofing them isn't necessary, it's already covered by the high rating which in turn has an impact on the Exploit test. So there's no need to make it more difficult. On the other hand, if the hacker can get the dongle, he'll get a +4 bonus to his exploit test (a nice way to help novice hackers to hack big nodes).

[Cthulhudreams]

[Blade]

I edited the answers to your issues ;)

The messages limits aren't limits to the amount of messages you can send, but limits to what you can do with messages. These limits can be whatever limits the system administrator wants. For example you can decide that a node can't be "remotely" turned off, only a connected persona can do it. In that case, the hacker can send a spoofed message telling the node to turn off, but the node won't do anything about it (though it might report it, if ordered to).

[Cthulhudreams]

The problem with proposing a rules framework is that there has to actually be rules at some point.

So lets drill down into the hostage persona and spoofing a users matrix signiture thing. I have 20 commlinks at home in my hacker stack, each with an ICE loaded with black hammer. I am fighting a security spider who is hot VRing

From that hostage persona line I spoof his signiture, load it into the 20 commlinks in my hackastack and he dies instantly from being attacked by 20 ICE with black hammer at the same time? Even if he only takes stun this means I auto win any fight ever.

Your 'message limits' thing renders any node completely unhackable.

I create the node. I define any activity except 'connecting' as outside the limits of the node. I connect to the node. I set the persona limit to one.

My node is now completely unhackable. Anyone is just going to do this with all their gear/drones/whathave you. (I render my core commlink unhackable by defining any action except connecting via the DNI as not permissable and setting the persona lmit to 0

[Blade]

Hostage issue: spoofing the signature doesn't make the spoofed persona have any impact on the real persona. If you impersonate the president and kill yourself, the president won't die.

Message limit: yes your personal node is nearly unhackable... But you'll have serious limitations on what you can do with it : you can't just send messages with it, because you won't receive the answer, so you'll need to send your persona on the nodes you want to interact with.
Now let's consider that for a moment you get disconnected. Either someone cut your wire, someone kicked your persona's ass in another node, someone jammed the signal between your DNI and your node... And before you're able to log-in, he's in there. You've lost your node, and you'll have to do the same thing he did to get it back. It's a risk you can choose to take.

Besides, only a few users (most probably shadowrunners or security agents) would limit to one persona: allowing for other personas to connect to your node is great to let your friends and family see your pictures or your blog and so on.
And even less are likely to limit messages to just connecting.

[Cthulhudreams]

[Blade]

The hostage thing is an example of a trick that can be used by nodes to enhance the security of the network. To compare it to a physical world situation, it's like going in a building with a cortex bomb and leaving the detonator to the guards at the front door. If you're caught doing something illegal in the building, they trigger the bomb.
But if you dress up as someone who's inside the building (which means he left his detonator at the front desk) and start wreaking havoc, the guards will think that this guy is causing problem and blow his head off.

But if you enter the building dressed as the guy and give your detonator, if you're seen causing problems, they'll blow your head off, not the otehr guy's.

[Kyoto Kid]