Access Logs Options

[Shadowfox]

Alright, what if you obtain someone's AccessID from an access log?

The situation I'm having my players go through is trying to assassinate a drug dealer, but she's going to have left already, so I want to do a little bit of a hacking scenario to snoop for info, but I'm wondering; let's say she's in a rush so she just takes her commlink, unsubscribes from her house node and gets into her car and goes.

So the node is going to be protected by a databomb and some low level IC for fun, but one of the "folders' is going to be the access log, with her AccessID on it. What can they do with her access ID? Can they run a search on the entire matrix looking for anywhere else that it's shown up? Or can they just have a constant search running to look and see if she logs on somewhere?

[counterveil]

Searching for access across the entire Matrix is not really possible, since the Access Logs at each node would likely be under Security user level - just like the Access Logs at the drug dealer's home. This means they'd have to hack every node on the Matrix to get at the logs...not really a doable scenario both realistically and according to the rules and paradigm of SR4.

A search might turn up info that someone else has found after hacking a node, finding the Access Logs, and posting them somewhere on the intarwebz, but that would likely be old information that is no longer pertinent in the immediate sense.

What is the purpose of acquiring the access ID? Do they want to somehow track the drug dealer? If so, it would be easier to just set up a fake node that they know the drug dealer would want to access, get the drug dealer to access it while maintaining real-time filtering of the Access Logs on said node, and when the dealer is in they would then hack the commlink through that connection. Once they gained direct User or higher level access to the drug dealer's commlink, and assuming they didn't get caught, they could then generate a permanent connection through to another node (or the same one) to maintain a constant connection to the commlink - again, this is assuming the drug dealer isn't actively watching for this sort of constant connection nor has bots that are watching for it.

Hacking in SR4 is fun!

[Shadowfox]

Searching for access across the entire Matrix is not really possible, since the Access Logs at each node would likely be under Security user level - just like the Access Logs at the drug dealer's home. This means they'd have to hack every node on the Matrix to get at the logs...not really a doable scenario both realistically and according to the rules and paradigm of SR4.

A search might turn up info that someone else has found after hacking a node, finding the Access Logs, and posting them somewhere on the intarwebz, but that would likely be old information that is no longer pertinent in the immediate sense.

What is the purpose of acquiring the access ID? Do they want to somehow track the drug dealer? If so, it would be easier to just set up a fake node that they know the drug dealer would want to access, get the drug dealer to access it while maintaining real-time filtering of the Access Logs on said node, and when the dealer is in they would then hack the commlink through that connection. Once they gained direct User or higher level access to the drug dealer's commlink, and assuming they didn't get caught, they could then generate a permanent connection through to another node (or the same one) to maintain a constant connection to the commlink - again, this is assuming the drug dealer isn't actively watching for this sort of constant connection nor has bots that are watching for it.

Hacking in SR4 is fun!

I'm just wondering what the point of access logs are then if you can't use the information in them to find people?

[counterveil]

Access logs are more for the administrator of said node (or commlink, or whatever) to go back through to see who has accessed the system. In the event of post-hack forensics, this is a good way to determine *who* got in, *how* they got in, and how to stop them in the future (whether that be a straight denial of access to specific IDs, or creating a whitelist of IDs that are allowed access). Of course, this doesn't stop a good Spoof from getting past that, and in the rules of the game it's a simple couple of dice rolls to defeat a firewall.

Game-wise, the administrator of the node might notify the authorities that their node was hacked by a specific Access ID, the authorities could then find out who owned it, put out a warrant for the person's arrest, and then track them by non-commlink means. They'd likely have the person's address and other pertinent information that could help lead to an arrest.

[BlueMax]

Counterveil for the love of Rod don't use this against me... please
Another aspect is ultra secure nodes and honey pots. I have setup nodes where any change in the access log triggers an alert. The first case where I apply such a high level of security is paydata nodes. If its valuable, they want to check out anyone accessing the data. Anyone.
"Oh hey Bob, just checking out who is looking at the research." "No problem Jim. I understand this is hot drek"
The second case are honeypots. Nodes left out as traps. They contain nothing and alert when someone has hacked in.

To be fair, I give the decker/hacker 2D6 rounds to get stuff done before the security decker/hacker gets in to see whats happening. If this was deep inside a huge facility like the Aztechnology pyramid, I would give them 1d6 rounds as there is likely someone already jacked in who merely has to receive the alert, log that he is changing nodes to the other security deckers and enter the node.

BlueMax

[Dashifen]

To be fair, I give the decker/hacker 2D6 rounds to get stuff done before the security decker/hacker gets in to see whats happening. If this was deep inside a huge facility like the Aztechnology pyramid, I would give them 1d6 rounds as there is likely someone already jacked in who merely has to receive the alert, log that he is changing nodes to the other security deckers and enter the node.

I do something similar to this, except rather than 2d6 rounds of activity, I use a security tally like system where the system runs a Firewall + Analyze test every time a hacker uses a skill in the Cracking skill group. The threshold for this extended test is the hacker's Stealth x 2 (which can get really nasty for TMs who thread it). This way, even if they break in, they probably have a limited amount of time before the system just decides that something bad is happening, even if they don't know exactly what icon is doing it, and starts an alert.

[Malachi]

I have always thought that if someone's Access ID has been obtained, a Trace can be run on that Access ID. If that device is currently connected to the global Matrix somehow, then its location has been determined. If it is no longer connected, then you have obtained the location of the last device that it was connected to before it went offline.

Remember, the Access ID is the unified identifier for any Matrix device. All those data packets need to know how to find a device somehow and the Access ID is it. Yes, once somehow has your Access ID they've pretty much got you by the nuts, but that's why its so quick and easy to change it. Good Hackers should be changing it all the time.

[BlueMax]

Good Hackers should be changing it all the time.

A rule of thumb at my table: SOP is assumed.

So, if it needs to be done all the time... its considered done. This is to avoid using up all of the game time chasing every detail.

[TBRMInsanity]

Are AccessIDs recycled? ie the AccessID that is assigned to the drug dealer today may be assigned to a wage slave next week (kinda like IP addresses are today). Also, like IP addresses today, does your AccessID change from network to network (ie when you move from one router to another does the new router assign you a new AccessID)?

This would mean that if you have some one's AccessID right now you can get into their comlink and mess around with it (once you broke through all their personal security), but once the AccessID changed you would have to find the ID again and start from ground zero. That being said if you hacked into the device and used a "spyware" agent to boradcast the person's AccessID to you when it changes you could track their location that way (by knowing what wireless access point they were using [kinda how Google's service works today with WiFi]).

[Malachi]

A rule of thumb at my table: SOP is assumed.

So, if it needs to be done all the time... its considered done. This is to avoid using up all of the game time chasing every detail.

Yeah... I'm with you to a point on the "automatic actions" type stuff, but there is a limit to it. I would allow for "standing orders" of player actions given strict parameters: "After every Hack, I change my Access ID." As GM, though, you need to be careful with letting this go crazy on you. After the Hacker makes a carefully planned intrusion does he always need to state the Access ID change? No. But what if he had to Hack a corp system to cover his team's hasty exit while they were being chased by security units all the way to their safe house? When did this "unannounced" Access ID change happen then? Players will argue that it happened the soonest instant it could have in order to be most advantageous. Is it realistic that the Hacker would think to change his Access ID while exchanging shots with the corp security guards while speeding away in the group's van? Probably not. As a GM it seems reasonable to assume that the Hacker's Access ID could be used to track the group back to their safehouse. Your player will undoubtedly argue against this. Be careful of "auto-magic" actions.

[Malachi]

Are AccessIDs recycled? ie the AccessID that is assigned to the drug dealer today may be assigned to a wage slave next week (kinda like IP addresses are today). Also, like IP addresses today, does your AccessID change from network to network (ie when you move from one router to another does the new router assign you a new AccessID)?

This would mean that if you have some one's AccessID right now you can get into their comlink and mess around with it (once you broke through all their personal security), but once the AccessID changed you would have to find the ID again and start from ground zero. That being said if you hacked into the device and used a "spyware" agent to boradcast the person's AccessID to you when it changes you could track their location that way (by knowing what wireless access point they were using [kinda how Google's service works today with WiFi]).

No, Access ID's are akin to MAC Addresses, not IP Addresses.

[TBRMInsanity]

No, Access ID's are akin to MAC Addresses, not IP Addresses.

Makes more sense.

[InfinityzeN]

No, Access ID's are akin to MAC Addresses, not IP Addresses.

Was going to post that when I read his question. Glad I scrolled all the way down first.

[counterveil]

Yeah... I'm with you to a point on the "automatic actions" type stuff, but there is a limit to it. I would allow for "standing orders" of player actions given strict parameters: "After every Hack, I change my Access ID." As GM, though, you need to be careful with letting this go crazy on you. After the Hacker makes a carefully planned intrusion does he always need to state the Access ID change? No. But what if he had to Hack a corp system to cover his team's hasty exit while they were being chased by security units all the way to their safe house? When did this "unannounced" Access ID change happen then? Players will argue that it happened the soonest instant it could have in order to be most advantageous. Is it realistic that the Hacker would think to change his Access ID while exchanging shots with the corp security guards while speeding away in the group's van? Probably not. As a GM it seems reasonable to assume that the Hacker's Access ID could be used to track the group back to their safehouse. Your player will undoubtedly argue against this. Be careful of "auto-magic" actions.

Yeah, I used to struggle with the auto-action myself. There's a lot to keep track of in-game, and assigning auto-action to it makes it easy to ignore really burdening (and boring!) SOP. I actually settled with using a mechanic from the old Top Secret: SI Commando supplement called "Friction". In any op, there is always a chance of Something Going Wrong™. The more complicated things are, the more that chance increases. Bring more people? More friction. Have lots of really awesome but complex gear? Friction. Plucky but trouble-prone kid needs extraction? OMGFRICTION.

The TS:SI Commando rules are very very complicated with this, mostly because they strive for realism, but I just tend towards the simple so I do the following:

At opportune moments (GM Discretion, but right-before-combat is a good time) I have every player roll 1D6. I'll subtract 1 from their rolls if a run is sufficiently complex, or 2 if there are *tons* of moving parts. On any result of 1 or lower, Something Has Gone Wrong. Again, this is GM discretion but it could be anything from forgetting SOP to having gear malfuction, to having an extra patrol that wasn't accounted for or expected, etc. If I'm feeling particularly generous, I might allow the player(s) experiencing the Friction to roll appropriate Stat+Skill or Stat+Stat to see if they can mitigate the results of the Friction.

This has the awesome effect of introducing unexpected elements that do occur in any complex sitution into the gameplay without burdening players or GM with accounting for every little tidbit of SOP.

[BlueMax]

Yeah, I used to struggle with the auto-action myself. There's a lot to keep track of in-game, and assigning auto-action to it makes it easy to ignore really burdening (and boring!) SOP. I actually settled with using a mechanic from the old Top Secret: SI Commando supplement called "Friction".

Rod damnit! I knew this was familiar.

[counterveil]

Counterveil for the love of Rod don't use this against me... please
Another aspect is ultra secure nodes and honey pots. I have setup nodes where any change in the access log triggers an alert. The first case where I apply such a high level of security is paydata nodes. If its valuable, they want to check out anyone accessing the data. Anyone.
"Oh hey Bob, just checking out who is looking at the research." "No problem Jim. I understand this is hot drek"
The second case are honeypots. Nodes left out as traps. They contain nothing and alert when someone has hacked in.

Yeah, no worries the run you're on is going to have sufficient levels of protection inside the system itself - but that's why you sustained 9 boxes of damage in a firefight designed entirely to grab the system node maps, right? RIGHT?

Then again maybe they modified the system since...anyone check last modification date on that map you got? (IMG:style_emoticons/default/nyahnyah.gif)