Hacking Commlinks for Fun & Profit, Is it possible? Options

[deek]

I'd allow it, but as others have already said, the only information your are getting off the commlink is a bunch of bank account information, including a password and login name.

Think about today's online banking. If someone knew my bank website (pretty easy) and stole my username and password, they could get into my account and steal all my money. But, they are going to have to transfer it to another account AT THE SAME BANK or send a paper check (similar to a certified credstick) to an actual address. Unless of course, they went to the bank in person and pretended to be me. In either event, I'm sure I'd be notified at some point of either of these activities.

Anyways, it could be done, but you are talking about taking up a good portion of time to hack a commlink, get the data, move money and potentially impersonate a person in the physical world...if you are talking thousands or hundreds of thousands of nuyen, yeah, that would be a good run and payout, but if you are talking about doing this on a regular basis for small cash...doesn't make much sense.

[hobgoblin]

Btw, is people familiar with the GSM phone system?

The interesting thing there is that you have yours sim card, and that ids your service provider and your account there. But on top of that there is a id number of phone. That is, every phone ever made has a supposedly unique id, so that if its reported stolen, it can be locked out of the GSM phone system globally, even if the sim is replaced by the thief or whoever he sells it to.

Gsm sim = SIN (to a degree)

Phone serial = access id...

[DireRadiant]

Hold on a second:

None of what I wrote contradicts your original nor this post. You'll note I did refer to the personal history data.

[deek]

I just thought of an in-game example of mine...one of my players met an obnoxious wageslave acting like a johnson at a train station (is was one of the SRM where the runners go to the top of a mountain resort in Denver). Anyways, the hacker hacked into this dude's commlink, changed his profile information including adding that he was looking for men, then copied his train e-ticket onto his own commlink. He then boarded the train using the guy's e-ticket (it was first class seating) without issue (I could have made that part more challenging, but didn't, as the ticket was already paid for and it wasn't really important to the plot).

Anyways, when the wage slave tried to board the train, he was apprehended, as his personal data didn't match the ticket, plus the ticket was already used. In addition, the wageslave was obnoxious and while a level-headed approach could have rectified the situation (including putting a little heat on the hacker) he was instead, escorted out of the station.

Now, the hacker had fun, hacked a commlink, but didn't really spend a ton of time hacking, so the rest of the table was fine with it. So, I'd be all for letting hackers continue to do this sort of thing without any major repercussions, but I'd probably start bricking them if they try to steal nuyen from bank accounts... These sorts of hacks may be more than enough to keep your hackers entertained and not break anything in game!

[Kerenshara]

None of what I wrote contradicts your original nor this post. You'll note I did refer to the personal history data.

I was mainly responding to the line "Nuyen isn't a file". If it's "cash" in the locked and encrypted "wallet", technically it IS.

And also, partially (I think) to "Comlink <> SiN". It's an excellent point, but I think I lumped it in with the above when I was making the post. I just wanted to make sure we hit the possibility that SOME Nuyen MIGHT in fact be stored "locally" as a file you could zap to yourself one way or another. I didn't mean to sound like I was bashing you, and if that's how I cam across (and I can see how it might seem that way), I apologise.

[Kerenshara]

Btw, is people familiar with the GSM phone system?

The interesting thing there is that you have yours sim card, and that ids your service provider and your account there. But on top of that there is a id number of phone. That is, every phone ever made has a supposedly unique id, so that if its reported stolen, it can be locked out of the GSM phone system globally, even if the sim is replaced by the thief or whoever he sells it to.

Gsm sim = SIN (to a degree)

Phone serial = access id...

Close, but not quite.
The way an access ID is described, it's much closer to an IP Address. But said IP MUST be registered to a MAC ID number, and your phone's "serial ID" fills that role.
The GSM SIM card/module is analagous to a comcode/account. When you dial a phone number (whose format is technically meaningless these days, due to number portability and IP telephony) a computer checks a registry and routes the call to the SIM card in question. Another database checks for for what IP that SIM was last issued at last log-on to the network, and queries yet ANOTHER database to see which physical tower is currently providing service to that SIM. Finally, the call is physically routed to the MAC address corresponding to the SIM via the IP address of the closest tower and your phone rings.
The SIM itself is only related to the SiN in how it is attached for identification and billing purposes.
But I like the way you presented the idea, and it's a good observation.

[hobgoblin]

I just thought of an in-game example of mine...one of my players met an obnoxious wageslave acting like a johnson at a train station (is was one of the SRM where the runners go to the top of a mountain resort in Denver). Anyways, the hacker hacked into this dude's commlink, changed his profile information including adding that he was looking for men, then copied his train e-ticket onto his own commlink. He then boarded the train using the guy's e-ticket (it was first class seating) without issue (I could have made that part more challenging, but didn't, as the ticket was already paid for and it wasn't really important to the plot).

Anyways, when the wage slave tried to board the train, he was apprehended, as his personal data didn't match the ticket, plus the ticket was already used. In addition, the wageslave was obnoxious and while a level-headed approach could have rectified the situation (including putting a little heat on the hacker) he was instead, escorted out of the station.

Now, the hacker had fun, hacked a commlink, but didn't really spend a ton of time hacking, so the rest of the table was fine with it. So, I'd be all for letting hackers continue to do this sort of thing without any major repercussions, but I'd probably start bricking them if they try to steal nuyen from bank accounts... These sorts of hacks may be more than enough to keep your hackers entertained and not break anything in game!

I would say it would be more appropriate if the hacker spoofed the ticketing system to charge the return trip to the johnsons account.

That is, i suspect that under a system like the SR4 matrix, you do not have a offline ticket as much as you board, pass a rfid/comlink reader that goes beep, and your account is charged the sum for a trip with that train (or if charged by the distance, your comlink is read again on exit, and the distance calculated and charged).

[hobgoblin]

Close, but not quite.
The way an access ID is described, it's much closer to an IP Address. But said IP MUST be registered to a MAC ID number, and your phone's "serial ID" fills that role.
The GSM SIM card/module is analagous to a comcode/account. When you dial a phone number (whose format is technically meaningless these days, due to number portability and IP telephony) a computer checks a registry and routes the call to the SIM card in question. Another database checks for for what IP that SIM was last issued at last log-on to the network, and queries yet ANOTHER database to see which physical tower is currently providing service to that SIM. Finally, the call is physically routed to the MAC address corresponding to the SIM via the IP address of the closest tower and your phone rings.
The SIM itself is only related to the SiN in how it is attached for identification and billing purposes.
But I like the way you presented the idea, and it's a good observation.

Nah, i would say that the access id is a MAC, or at least what it would have been, if one could have stored a infinitely long routing list and altered it instantly, no matter how deep. That is, the IP address is nice in real life because its a logical address. And one that can be carved up into as small a "sub-net" as one wants. So that the router x removed from your computer only have to look up a small part of the whole address to decide where to send the packets addressed to your computer, as there will be more routers farther down the chain.

and the SIM card may well become the SIN of the future, as there are plans of putting the logics of a RFID inside the SIM, and having the phone provide the antenna for a NFC system. extend that far enough and you have your SIM hooked up to national id services, bank accounts, door locks and whatsnot.

[kzt]

Pickpocket hacking is all a matter of scale. People who have money worth stealing probably have the security to protect it. Pulling 5 nuyen from 100 people who have weak security really isn't worth your time, if you are trying to pay for some serious hardware or software costing thousands. Also, I tend to think that the hackers of 2070 wouldn't ever admit to doing this, even if they did.

Could be that people couldn't admit to this. But how many people actually admit that they pay for their suburban house and SUV by begging at the expressway on ramps? But people actually do this. If you are willing to shoot people in the face for money but instead can sit at Fourbucks Coffee in the train station and with essentially no risk suck in 200 (IMG:style_emoticons/default/nuyen.gif) per hour you might not admit to you hacker buddies that is what you do, but are you going to not do it?

[kzt]

People are always confused about spoof -- it's not some general term for tricking a device, it's specifically a way to command a drone or slaved device while pretending to be its master. If you want to issue commands a commlink, you have to hack in and get authorized access for yourself. After that, it's a very simple matter to copy someone's ID. It might be encrypted, but that's not really a big problem. But it seems to me that if two people were using the same SIN at the same time, the system would detect it almost immediately and quash the copy. That's why fake SINs are so complicated to make -- you have to take a valid number, but scrub away anything that could show it's stolen or fake. You can't just steal one and make do.

They are broadcasting the SIN, there is no reason to hack anything. It's like having your SSN printed on the back of your jacket in inch-high letters. Nobody needs to use rubber hose cryptography to make you tell him what you SSN is, he can just read it without ever interacting with you.

What "system" is going to detect this? You are postulating a globally ubiquitous surveillance network that is explicitly not there in SR due to the balkinization.

[Kerenshara]

Nah, i would say that the access id is a MAC, or at least what it would have been, if one could have stored a infinitely long routing list and altered it instantly, no matter how deep. That is, the IP address is nice in real life because its a logical address. And one that can be carved up into as small a "sub-net" as one wants. So that the router x removed from your computer only have to look up a small part of the whole address to decide where to send the packets addressed to your computer, as there will be more routers farther down the chain.

and the SIM card may well become the SIN of the future, as there are plans of putting the logics of a RFID inside the SIM, and having the phone provide the antenna for a NFC system. extend that far enough and you have your SIM hooked up to national id services, bank accounts, door locks and whatsnot.

*cracks fingers cheerfully in anticipation*
These are the kind of discussions I love.
In the descriptions of "hacking a com code" it talks about getting the network to accept you and let you in by granting you a com code. That is in a way directly analagous to hacking a DHCP server to force issuance of an IP address to a protected network. If it's something that changes it CAN NOT be analagous to a MAC, because a MAC by definition is hard coded into the equipment, which is why I equated the PHONEs serial number to a MAC. I am making my distinction based on hard/firm/software comparisons. A phone's serial number can't change. You can SPOOF it to make it LOOK different to the network, but that's not the same thing at all. The SIM card's information is essentially firmware: the card carrys semi-permanent information, but can be erased and re-issued to a new user if the company desires. The IP address is issued each time the device logs onto the network, thus it is pure software. Multiple comcodes can be addressed and routed to the single physical piece of gear, just like multiple IP addresses can point to a single device by the unique hardware ID - the MAC.
Again, as DireRadiant mentioned above, Comlink <> SiN. When we refer to a SiN, it is a (theoretically) unique Serial Number assigned to the Wetware known as a (Meta)human being. Like the serial number on the phone (the permanent MAC), it's not supposed to change, but it could in theory be spoofed (like a MAC) in the form of a FAKE SiN, but in the end it still points to a single and unique piece of wetware: you. YOU never change, no matter how you label yourself. Your bank accounts and licenses are like assigned comcodes, which you can hack, but they only really exist in the Matrix (and maybe on some archaic hard copy somewhere). The "Firmware" in this case would be your comlink (your SIM card) because you can reprogram it to serve as the link between any particular piece of Wetware and any set of software.
Does that make sense?

[hobgoblin]

It may have been, it it was not bulk text to the nth...

give me a sec to parse it...

err, makes sense mostly, tho i suspect i cant comment on the "hacking a com code" as something tells me thats a SR4A thing, unless you can provide me with a page reference (or i missed a earlier quote in this thread).

[Tymeaus Jalynsfe...]

It may have been, it it was not bulk text to the nth...

give me a sec to parse it...

err, makes sense mostly, tho i suspect i cant comment on the "hacking a com code" as something tells me thats a SR4A thing, unless you can provide me with a page reference (or i missed a earlier quote in this thread).

If I remember right, that is an "Unwired" thing... no page numbers handy though as I do not have access to my books

[Kerenshara]

If I remember right, that is an "Unwired" thing... no page numbers handy though as I do not have access to my books

Quite right, P.53 Unwired

[Tymeaus Jalynsfe...]

There you go... Thanks Kerenshara...

[Writer]

*cracks fingers cheerfully in anticipation*
These are the kind of discussions I love.

I totally agree.

Does that make sense?

Very much so. And, it helps to think of the sentient using the SIN and commlink as "wetware", just another component.

Kerenshara, I think the answer to your question about multiple commlinks is, yes, you can walk around with multiple commlinks, even if you are using one SIN. With the description you gave, the wetware can connect to two different commlinks, much like the two commlinks can connect simultaneously to a single device or node. The complication is the interface between the wetware and the two commlinks. The interfaces or I/O devices only connect to one commlink at a time, though switching could be as easy as a simple action. It might be easier to run one commlink through another.

This brings to mind a related question.

Hacker A is posing as a corporate wageslave. She has her own personal commlink, and a corporate issued commlink. She uses her personal commlink to hack the corporate commlink and runs the corporate commlink through her personal commlink, sort of like running windows on a Linux machine. Now, with trodes on, she has access to her personal software, logs into the home office through her corporate commlink, and has a meeting. Well, let's say she needs to shut down her personal commlink to prevent security from detecting any anomalies on her commlink. Since the trodes are a peripheral device, they can just transfer their connection to the corporate commlink (especially if she set this up ahead of time). Would this be seemless? Or would there be a moment of some kind of dumpshock or glitching?

I imagine it could be seemless. She prefers AR, so she would be viewing the main window as if on the corporate commlink, with her personal commlink icons on the edges. When the transfer happens, all the personal icons would disappear and the corporate "settings" would remain. Does this all make sense?

[hobgoblin]

in ar it could be potentially seamless. hell, it may even be able to connect the same set of trodes to to multiple sources, it just depends on how smart the trodes are.

not with vr tho, that would result in dump shock, imo.

[PirateChef]

The easiest way to use hacking to go on a shopping spree is similar to the way many thieves do it now.

When someone is in a store, and picks up an item, they tell their comm to send a purchase order to the stores main purchasing computer. (In ar they press the buy button, and the commlink takes care of the rest). The easy way to make cash off of this system is to watch someone as they shop, intercept the buy order as it is sent out, then use your comm to send a duplicate transmission. You get the item for free, they get charged twice. The system lets it through, b/c it looks like they just decided to buy two. When they notice the second charge, they then dispute the charge and get their money back. Everyone thinks either the customer was an idiot and accidentally hit the buy button twice, or that there was a hiccup in the system.

As long as you keep the amount low enough, no one will really even notice.

[Writer]

As long as you keep the amount low enough, no one will really even notice.

This is probably why it isn't in the realm of shadowrunning. Yeah, the risks are higher running shadows, but the pay is higher, also. On the other hand, this could be one way to detail the abstraction called "spoofing lifestyle".

[Kerenshara]

Kerenshara, I think the answer to your question about multiple commlinks is, yes, you can walk around with multiple commlinks, even if you are using one SIN. With the description you gave, the wetware can connect to two different commlinks, much like the two commlinks can connect simultaneously to a single device or node. The complication is the interface between the wetware and the two commlinks. The interfaces or I/O devices only connect to one commlink at a time, though switching could be as easy as a simple action. It might be easier to run one commlink through another.

*scratches head* my comment about two 'links wasn't to a single SiN per-se, so much as two diferent 'links accessing a single BANK account throwing up a red flag for the BANK. Unless I mangled something else somewhere and missed it. Point it out and I will try to un-kludge it.

This brings to mind a related question.

Hacker A is posing as a corporate wageslave. She has her own personal commlink, and a corporate issued commlink. She uses her personal commlink to hack the corporate commlink and runs the corporate commlink through her personal commlink, sort of like running windows on a Linux machine. Now, with trodes on, she has access to her personal software, logs into the home office through her corporate commlink, and has a meeting. Well, let's say she needs to shut down her personal commlink to prevent security from detecting any anomalies on her commlink. Since the trodes are a peripheral device, they can just transfer their connection to the corporate commlink (especially if she set this up ahead of time). Would this be seemless? Or would there be a moment of some kind of dumpshock or glitching?

I imagine it could be seemless. She prefers AR, so she would be viewing the main window as if on the corporate commlink, with her personal commlink icons on the edges. When the transfer happens, all the personal icons would disappear and the corporate "settings" would remain. Does this all make sense?

Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?

[PirateChef]

Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?

What you can do (and this works with bluetooth) make the switch to teh second device without turning off the first, thus interrupting the connection without shutting it down. This should make for a seamless transition.

You can try this if you have a bluetooth headset, and two phones. Place different calls on each phone, and you can switch between which one the headset is linked to fairly seamlessly.

I think you'd still get dumpshock if you were in vr though, as the incomplete data hits your head.

[PirateChef]

This is probably why it isn't in the realm of shadowrunning. Yeah, the risks are higher running shadows, but the pay is higher, also. On the other hand, this could be one way to detail the abstraction called "spoofing lifestyle".

Yeah, i'm pretty sure this is what they mean by that.

There are other variations on the same theme to get actual nuyen in your account, but then things get complicated.

[Kerenshara]

What you can do (and this works with bluetooth) make the switch to teh second device without turning off the first, thus interrupting the connection without shutting it down. This should make for a seamless transition.

You can try this if you have a bluetooth headset, and two phones. Place different calls on each phone, and you can switch between which one the headset is linked to fairly seamlessly.

I think you'd still get dumpshock if you were in vr though, as the incomplete data hits your head.

OK, never tried that myself, so I can't comment, but it makes sense. And while the device handoff might be seamless, even in AR you have to deal with the comcode (IP) changeover, which is sure to cause at least a stutter.

[Writer]

*scratches head* my comment about two 'links wasn't to a single SiN per-se, so much as two diferent 'links accessing a single BANK account throwing up a red flag for the BANK. Unless I mangled something else somewhere and missed it. Point it out and I will try to un-kludge it.

Sorry, I was mixing issues. I'm not sure it would necessarily be a problem for one SIN to access via two commlinks, but it might raise a few eyebrows. There really isn't a reason for it.

Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?

I was thinking that trodes are subscribed to Commlink A, which controls Commlink B. Make a single command combo (like a macro) to do a simple subscription switch to Commlink B, then shut down Commlink A. You might see a stutter, but no one outside your POV would, because it is only affecting your trodes.

[Kerenshara]

I was thinking that trodes are subscribed to Commlink A, which controls Commlink B. Make a single command combo (like a macro) to do a simple subscription switch to Commlink B, then shut down Commlink A. You might see a stutter, but no one outside your POV would, because it is only affecting your trodes.

Sure, but I wouldn't call that "seamless". Automated, and probably unnoticable to others, but not seamless. Enough for a cover for sure. Kerenshara wouldn't know anything about THOSE tricks. Nope, not her.