hacking hacking hacking, can we keep the hackers out? Options

[dog_xinu]

I might have missed something in the hacking rules, so if I have please forgive me.

It seems next to impossible to keep a hacker (or TM) out of a computer. From commlink, to cash register to Lone Star's Mainframe for Seattle.. As long as it is a hacker and not someone deciding to hack, they are throwing at least 15 dice for hacking test (and I have had characters thrown 20++), that is 5+ hits vs the "computer". Well d**m! they are going to get in. It might take a few IPs to do so but you cant stop them. You can only hope they glitch (or even better critical glitch) so you can set off an alarm.

I have been putting up wireless paint around places that have semi-secure data (or better) but that doesnt stop the hacker but just slows them down.

Am I missing something or what do you recommend?

dog

[Tarantula]

At best, a regular hacker can pull 6 (program) + 7 (hacking w/aptitude) + 2 (specialization) + 2 (codeslinger) +2 (VR) + 2 (lvl 2 encephalon) = 21 dice. That is the absolute limit of their hacking abilities. And this is with 20 BP spent on making it their thing.

It is virtually impossible to keep hackers out of a system. Keep it without wireless, so they have to go in with the team. Put some IC in it with analyze. (System 6, Firewall 6 w/ IC 6 w/ analyze 6) this makes the hacker hack in with threshold 6, and the node is trying to spot you with 12 dice. Since the best stealth program in the game is rating 6, then, let the node buy hits at 4 dice = 1 hit. That means if they can't hack through in 2 shots, the node detects them.

If they do get in, the IC gets a chance to spot them with its 12 dice vs stealth program. Give the IC more attempts anytime they do something that isn't allowed with their access rating. (Such as a user rating hack trying to look at the security cameras, the hacker can do it via hacking skill, but give the IC another shot to see through the stealth).

[Moon-Hawk]

Don't forget many devices will require no less than Admin access to do anything useful, thus +6 threshold to hack in.
Not that that changes much, they'll still get in eventually.

[Kyoto Kid]

...shooting the hacker? :grinbig:

Seriously, there are a few alternate houserule variants floating around. The most widely accepted is the Skill + Logic hits capped by Programme Rating. This forces many matrix ops to become extended tests which first, take more time and second, increase the chance of the system noticing something is up as each interval allows the system to make another detection test (at least the way we run it). We also use the skill rating as the cap for how many rolls a character gets in an extended test.

Also [as mentioned in the response above] there is the level of access the MS desires. This changes the required threshold. Make sure that the player mentions what level of access he or she wants before rolling.

Of course the main thing is having IC. Even if it is not killer, it can slow the intruder down as well as send an alert if it is crashed. In our group, we use the old rule that if the MS defeats an IC construct, she can opt to withhold 1 die from her pool to suppress it. Several IC encounters and then it becomes a challenge as the DP is reduced further. Also programme load is another thing to watch for. If the MS goes in with more active programmes than commlink Response/System rating, all her programmes operate at one level lower so now her utilities including stealth & spoof can become easier to overcome.

[DireRadiant]

It's a bit tricky to follow, but the opposition to Hacking is not in the initial hacking test. The Hacker gets the extended test and the system gets it's test to detect the attempt. The odds are likely the Hacker will succeed.

So it seems so easy. Why yes it is.

But look at p. 222 Hacked! - Once Inside, and Intruder Alerts.

Once the Hacker has gained access, it is up to the GM to decide if and how there is IC and what will happen.

Up to the GM to be creative or choose what opposition there is. There are some examples to follow and a description of some cases and standard routines, but it's up to the GM to figure out what happens.

Compare this to the character that pulls out a gun and shoots a random someone in the street. They roll agility + Gun and they hit! Wow, it's so easy, they shot someone, how do I stop them from shooting people? Well, D'uh, the GM concludes that Lone Star will show up, or the person shot shoots back, or whatever. Whatever is fun for the story.

You want Hacking to be a simple die roll that succeeds most of the time, then don't have IC.

You want to have the Hacker have a challenge, then give them a challenge.

The only limit is your imagination.

[Kyoto Kid]

...@DR, good points. Indeed the only way to really make it a challenge is that you the GM have to put some work into it if you don't want the Matrix Specialist on the team just waltzing through. Yes it can be a bit more daunting than just whipping up a few sec guards, some Lonestar cops, or a gunbunny or two as IC constructs can be loaded with various utilities just like Agents.

Databombs are always a good and simple option. The MS has to successfully defuse the bomb. If not, her icon not only takes damage but the data is destroyed as well.

But yes, the bottom line is imagination (and a bit of work). For example, In my last run of RiS I creeped out the Decker (and player) so badly that he jacked out before encountering any of the really bad IC waiting for the character. This was done just by description of the sculpting. Suspense can be the best weapon in your arsenal of tricks if you know how to build it up.

[Exodus]

[Stahlseele]

probably meant to write 6+ and just switched the plus and the six around

[Moon-Hawk]

[Fortune]

[Aaron]

EDIT: Sorry, nothing to see here.

ANOTHER EDIT: I can say that I believe that the "can't be immune to hacking" thing is intentional. Much the same way that things "can't be immune to magic" and "can't be immune to bullets/explosives/etc." There's always a way past defenses; it's true in Real Life, too. This is why there are guards and security magicians and spiders.

When I was playing a hacker, I would completely own any node I wanted, but I learned real quick to back the hell off if there was a spider in the node.

[dog_xinu]

[FrankTrollman]

Hacking is way more dumb than that, honestly.

Yes. If your computer is connected to the interwebs at all then people can hack them.

Yes. If someone can hack your computer they will succeed in doing so. Like pretty much instantaneously.

If you expose your brain to the interwebs at all, you're dead. Like, yesterday. It doesn't really matter whether you're Fastjack or Dodger, the black IC rules are so gratuitously deadly that you will die. Probably in one round.

But you don't have to expose your brain to the interwebs. Also you don't have to expose any of your devices to the interwebs. There's no enforcement mechanism for any of this.

---

So yeah. Under the basic rules the acting player always wins in hacking. The hacker hacks into the system. The Black IC kills the hacker. All the die rolling is just a formality.

But because it's so deadly, and because nothing actually happens to you if you opt out, everyone opts out. You just set your devices to not accept incoming signals from hostile devices because you can fucking do that and you just run all your computer operations in AR. It's a problem hich solves itself.

Final analysis is that the Hacker would be unstoppable, but there's literally no reason for his abilities to ever be usable. It's like if Mages were completely unstoppable but people could stop them entirely just by stating at the beginning of the session that you'd prefer to not have spells cast on you.

Shameless Plug

-Frank

[Cthulhudreams]

In the shadowrun world as written, everyone is kept out of devices because they all come with a handy on-off switch for wireless that is turned to 'off' by any player. GM opponents often also indulge in the off switch while defending secure compounds and other such things.

This makes you, as a player, immune to hacking relatively easily as frank points out. GM's usually manage this with a blend of 'secure' systems with no wireless and 'unsecure' systems with wireless tat the hacker can do cool stuff with, but its all strikingly silly.

i'm playing in a game with franks rules atm and i'm rather impressed actually - the infomational powers work quite well, and the attack powers are not as good as feared, but you do need signal defense. Ironically a death note and manaball did much the same thing, though the manaball was more effective.

[Aaron]

[kzt]

Also, things are not nearly as secure as he imagines they are. Nobody is unless they have a complete air gap on their network, and it's hard for people at home to do their banking on-line if the banks servers are air-gapped from the internet.

'the biggest problem he sees in industry is the feeling that "we don't think it [breaches] can happen to us,", he said, "but it's happening every day."'

'"We are well past the $5 billion per year mark, and I don't know where the top end is," commented one STRATCOM official. "The $5 billion is mostly on defense. We buy huge amounts of software and people to run that, but it's totally ineffective against Tier III" cyber [advanced persistent] threats, this official noted.'

[deek]

[Nightwalker450]

You can still do AR through hard lines and skin links. But it would only be via those that are part of your immediate person (unless you bring long cords to run between every member of your team...) So this would handle smart link guns, AR driving (put the skinlink on the steering wheel), and other similar things but you wouldn't be able to get camera images or map overlays or any other such thing provided by another member of your team.

[deek]

Nor would you see the myriad of AROs that are all about the area...and it think that is the main area that you are getting a bulk of the bonus.

[Cheops]

Opting out in RL is rapidly becoming a near impossibility and I imagine that in a future where you can live in whatever virtual world you want to it'd be even harder to opt out of that technology.

I dare you Frank, to spend 1 week without using the Internet AT ALL.

Tell me how useful you were and how satisfied you are after that.

There are so many tricks that you can use that it is daunting. Password levels are a good way to do this. Not every user has access to the security cameras. Passkeys are another great way since you have to get your hands on one before you can even try to hack.

Track is possibly the best deterrent to hackers. My PCs hate it when they are hacking and I say that the IC runs up to them yells "Tag! You're it!" and runs off. Now they're on the clock. This gets even funnier if a Black IC jams open their link. Also keep in mind that jacking out doesn't instantly wipe out their datatrail so if the IC can track fast enough it can still narrow down their location. That's when the corp shadow team starts to hack its way into gridguide etc to track you physically.

Edit: also please note that Track only requires MLOS now not even a matrix attack. I just like to see the look of panic on the hacker's face when they know they are being tracked. A more sadistic GM doesn't even have to let the PC know that they are being tracked and could potentially have surveillance on the hacker before the hack is completed.

[Ryu]

Why should a corp NOT run its network if Black IC is guranteed to win everytime? Why wouldn´t there be services that provide roaming Black IC to all loyal corp citizens? Why wouldn´t you trust your corp, your loving family, not to kill you because they can?

Answer: The corp will run the network and everybody will use the matrix.

Problem: The black IC won´t win all the time, and hackers will succeed. Problem for the target, that is. The corp will rather drop dead than admit the problem.


Now should there be easy ways to keep hackers out? In my opinion, the scale should go a bit further on the hard side. One first step may indeed be to use skill+attribute instead of equipment+skill, as now you have to learn.
If you use ratings as thresholds, not just anyone is going to reliably beat a system 3 all of a sudden. Script kiddies are kept out, and serious phone service provider strike teams take care of attacks against the general populace. Minor hacking attempts are handled by your matrix security provider, usually LoneStar.

[Aaron]

Regarding black IC v. intruders, when I was playing a hacker, my program loadout was configured for stealth and intrusion when I got into a node, not for combat. That skewed a lot of results toward any black IC in the node.

[Kyoto Kid]

...Ryu, I like your thinking. I am currently playing a Matrix Specialist under a new (as in "green" GM) and have been schooling him on how to make the Matrix tougher. The last couple of runs were pretty much cakewalks even though we do use the Attribute + Skill capped by Programme rating rule. I like the idea of the system's rating being a threshold however how this is applied is another matter.

Since pretty much every matrix test becomes an extended test under the Skill + Attribute houserule (save for cybercombat), this would make it tougher. However, should the threshold be applied against the total number of hits in each roll, or the number of hits allowed by the programme rating cap?

[Whipstitch]

[kzt]