Question about Access Logs and Access ID? Options

[Shadowfox]

Alright, so I've converted Mercurial at Underworld 93 (don't know if any of you have played that one) to SR4 because I liked the story, but in any case, my groups hacker got into the Sorayama's system, got the intel he needed, got some paydata, was GOING to do a system transfer to take 500,000 nuyen, when he got attacked by 3 different kinds of IC, and logged off, before being able to delete the access logs.


Firstly, what exactly did it record? Each of his actions on the fake admin account he created, with the access ID name? Or just that an admin account made these changes? Do they have his access ID now? (one of the IC's was almost done with a track action, but he logged off in time)

Secondly, if you have someones access ID, what can you do with it exactly? Search for it? Directly try to connect to it over the matrix? (if it's connected). Secondly, if you spoof your access ID, is it temporarily spoofed on that node? Because one of the options says you can modify your commlink to spoof at all times?

I've got most of the other things down, I'm just confused about the datatrail and whatnot.

[Backgammon]

He deleted the log - end of story. Nobody knows what he did anymore.

Normally, though, by viewing the access log, you can tell what the hacker's ID was. With the ID, you can run a Trace to figure out a) where he physically was when he did the hack and b) where he is right now IF he is using the same ID as when he performed the hack.

As any hacker will always be spoofing their ID between hacks, you are usually only able to tell from where he performed the hack in your system and rarely where he is right now.

But, since he deleted the log, that's the end of that - unless you want to be cruel and say the node performed backups of the logs. That'll probably make the hacker feel disempowered and angry though.

[Heath Robinson]

Read again, Backgammon. He didn't delete the log.

[Backgammon]

D'oh, 8 am reading fail.

Yeah, so what I said about being able to trace him at the time of the hack then.

[Shadowfox]

So if you have someone's real accessID, a.k.a, the one hardwired into your commlink, they basically need to permanently spoof it or they're screwed right now?

[FrankTrollman]

So if you have someone's real accessID, a.k.a, the one hardwired into your commlink, they basically need to permanently spoof it or they're screwed right now?

Yeah, but that's incredibly easy. Your access ID is defined by the hardware that is actually talking to the matrix. I's seriously just one thing in your PAN and it can be anything in your PAN. Really you just need to buy a new thing with a signal rating and run your PAN through that. Now you have a different access ID. Not a fake new access ID, a real new access ID. Signal 8 sat links are incredibly cheap, and a dedicated hacker should probably be using those most of the time anyway. Tossing his old one and grabbing a new one is much cheaper than getting a new SIN.

Problem solved. Forever.

-Frank

[Backgammon]

Yeah, but spoofing your ID is very easy. As a GM I assume the hacker is constantly spoofing his ID. It's a simple test that he can't really fail, and you can assume he'll always be doing it. If you change your hardwired ID, well, you're just trading one number for another, right? What you need to do is basically spoof it every day, or several times a day, a certainly before and after a hack. You can also just buy the gizmo in Arsenal that automatically and periodically spoofs the ID of any device, though again I think it's trivial for a hacker to do this so I don't bother.

The only crucial limitation to spoofing your ID is that you CAN'T do it in the middle of a hack. When you spoof your ID, it kills all your subscriptions and links. So if you do it during a hack, you immediatly leave the node.

So normally, you'll have a unique access ID for the duration of a hack. Therefore, you can only be traced to where you performed the actual hack, as you ID from before, and after, the hack are different, so cannot be traced from the log.

[Shadowfox]

Yeah, but spoofing your ID is very easy. As a GM I assume the hacker is constantly spoofing his ID. It's a simple test that he can't really fail, and you can assume he'll always be doing it. If you change your hardwired ID, well, you're just trading one number for another, right? What you need to do is basically spoof it every day, or several times a day, a certainly before and after a hack. You can also just buy the gizmo in Arsenal that automatically and periodically spoofs the ID of any device, though again I think it's trivial for a hacker to do this so I don't bother.

The only crucial limitation to spoofing your ID is that you CAN'T do it in the middle of a hack. When you spoof your ID, it kills all your subscriptions and links. So if you do it during a hack, you immediatly leave the node.

So normally, you'll have a unique access ID for the duration of a hack. Therefore, you can only be traced to where you performed the actual hack, as you ID from before, and after, the hack are different, so cannot be traced from the log.

So a hacker should never hack from his own apartment basically?

[tr0n]

I'll try to put this in current day perspectives as I understand it. Basically, his Access ID info is like a serial number unique to his commlink. In our current day, we call this a MAC address. MAC address can be changed. After all, it's still just a bit of code buried in the firmware. We also have IP Addresses which are just a bunch of numbers that denote where we are located, somewhat physically and within the internet. With all of that being said...

If the player didn't delete the log file, then there should be a record with all of the actions he took, what account he used, and what his ID was at the time. They will have to do a search to isolate where he was physically at the time of the incident but I'm sure that won't be hard unless he spoofed it some how. Then, if he hasn't acquired a new commlink by now, or changed his current Access ID, then the next time he goes live the will be able to find him and hit him with an orbital laser. If one were so inclined, that is...

Edit: He can hack away to his hearts content from the comfort of his home/apartment. He just has to be very careful to not get caught and bounce himself through as many proxies and gateway connections as possible or some sort of equivalent in 2070. It's not a good idea to do this, no matter how good you think you are. Unless you are an old Echo Mirage survivor then I suppose it's ok...

[kzt]

Rule of thumb: Don't hack megacorps from anywhere that a 2000 lb JDAM hitting would kill anyone you really care about.

[Heath Robinson]

Rule of thumb: Don't hack megacorps from anywhere that a 2000 lb JDAM hitting would kill anyone you really care about.

Or would make you liable under your insurance contract. You might survive a JDAM if you're lucky (or have a spare rating point of Edge). Your car? Your apartment? Your cat? Fat chance.

[tr0n]

What's the crunchy system stuff/rules for changing the Access ID of a commlink and spoofing your location using 4.0 rules? Any takers? Let's see some Hacker & Technomancer stats.

[Backgammon]

It's just a simple Hack+Spoof(2) test I believe. I don't have my SR4A with me, but the test is clearly detailed in the rulebook, just look it up.
You can't spoof you location though. Your location is derived by swimming upstream through all the nodes your requests went through. That is impossible to fake - unless you handsomely edit the access log of those devices.

[Heath Robinson]

It's just a simple Hack+Spoof(2) test I believe. I don't have my SR4A with me, but the test is clearly detailed in the rulebook, just look it up.
You can't spoof you location though. Your location is derived by swimming upstream through all the nodes your requests went through. That is impossible to fake - unless you handsomely edit the access log of those devices.

Or happen to be using a directional aerial and connecting exclusively via a far-away node. That should let you use a Logic + Electronic Warfare test to add to the Trace threshold if the rules modelled anything approaching real life. Or if your GM is willing to give it to you on account of being a blag based in real world knowledge.

[Malachi]

What's the crunchy system stuff/rules for changing the Access ID of a commlink and spoofing your location using 4.0 rules? Any takers? Let's see some Hacker & Technomancer stats.

...this requires a Hacking skill + Spoof program
(2) Test. Alternately, you can modify the hardware itself
to supply a bogus code with a Hardware + Logic (2) Test

The test with the Hacking skill only changes your Access ID until you reboot, then your Commlink reverts to its hardware Access ID. The one with the Hardware test is a permanent change.

Frank, where is the rule that you can run your Commlink "through" another device and use that device's Access ID instead? I always had the impression that the Access ID that was stored in any log would be the Access ID of the device running the Persona program that was used to perform the action. Peripheral devices have no Persona firmware, therefore their Access ID would not be reported as the "originating" device of the action.

[Malachi]

Or happen to be using a directional aerial and connecting exclusively via a far-away node. That should let you use a Logic + Electronic Warfare test to add to the Trace threshold if the rules modelled anything approaching real life. Or if your GM is willing to give it to you on account of being a blag based in real world knowledge.

Yeah, that's exactly what the "Redirect Trace" action does, which is a Hacking + Spoof test opposed by the tracking Icon's Computer + Track. The RAW only let you do this when a Trace has actually been initiated against you, and it can only be done from the node where the trace is being performed. So, if you're in a node hacking it and some IC or Spider starts to Trace you, then you make the Redirect Trace test to give yourself time.

I believe the purpose of the Stealth program is that it already does things like attempt to "fake" the origin of the Hacking signal considering it acts as a negative DP modifier on the Track test. However, I don't think it would be terribly game breaking to let a Hacker make a single Redirect Trace test before the Hack begins to try and scramble the origin of their signal (like what Whistler did to the phone call in Sneakers). In this case I would let the PC make a single test and add the hits to the base threshold of 10 to Trace the Hacker's physical location.

[Ryu]

Your accessID is based on your hardware. If someone spoofs your accessID, that does not keep you from connecting to the matrix, but your AccessID Accounts will be compromised. So you get a few new chips to install (a hardware+logic(2) test), and change the account data.

Routing through a node: Proxy Servers, Unwired pg 104. Easier: Clustering with the Commlink and choosing the other devices AccessID, as per the Errata for Unwired pg. 55.

[Ard3]

And what if the hacker is technomancer? What about there AccessIDs?

[Heath Robinson]

Yeah, that's exactly what the "Redirect Trace" action does, which is a Hacking + Spoof test opposed by the tracking Icon's Computer + Track. The RAW only let you do this when a Trace has actually been initiated against you, and it can only be done from the node where the trace is being performed. So, if you're in a node hacking it and some IC or Spider starts to Trace you, then you make the Redirect Trace test to give yourself time.

I believe the purpose of the Stealth program is that it already does things like attempt to "fake" the origin of the Hacking signal considering it acts as a negative DP modifier on the Track test. However, I don't think it would be terribly game breaking to let a Hacker make a single Redirect Trace test before the Hack begins to try and scramble the origin of their signal (like what Whistler did to the phone call in Sneakers). In this case I would let the PC make a single test and add the hits to the base threshold of 10 to Trace the Hacker's physical location.

To me both of those seem to be doing things that are different to what I'm talking about. Redirect Trace is about throwing Spoofed Packets at the Trace in an attempt to mislead it. Stealth just makes it difficult to identify where the route is because it uses some protocol abuse to get the packets transferred through the network in 5-6 different streams, or something. Stealth is an exceptionally fuzzily defined program. Either way, they use Hacking (or just work) and that means that they're not concerned with the real world in their application.

The trick I described involves actually making it pretty difficult to know where you really are by ensuring that they can't triangulate you, and by maximising your location envelope. They can know how far away you might be on the basis of the gain of the aerial on the Node(s) you've got LOS to. If you're as far away as possible (or you ignore signals beneath a certain strength to persuade the other device to increase gain) then the radius of the sphere that determines your possible position increases. This makes it a real annoyance to find you. Especially since the centre of that sphere is in a random direction away from you - meaning that half the time a guess on your location will take them further away from you than if they just went to the location of that actual node.

EW also needs uses that Hackers care about. Stated uses that can be relied on instead of the GM punishing you out of the blue for not taking it. It has precisely three actions in the BBB. THREE! That's ridiculous. We're meant to care about it, but we seriously don't, because BPs are tight. There ought to be more than one way to achieve an end in any system, but in the Matrix there's usually one option and it's almost always Software. The Matrix is far too real world agnostic, such that we don't see the socially impaired nerdy hacker doing standing on bollards because he needs LOS to a camera. That apparently wasn't enough of a concern to include sections on dealing with Signal LOS and how it affects you in either of the two books that claimed to cover hacking.

We've had a Matrix book and a "Wireless World" section that don't actually cover important things like, well, the fucking wireless. That's criminal.

And what if the hacker is technomancer? What about there AccessIDs?

TigerEyes, an actual Dev, has told me that their AID automatically gets spoofed every time they connect to the Matrix. Which is basically every time they wake up or choose it.

[Backgammon]

A techno can be traced exactly the same as a hacker, and as Heath points out, Technos spoof every morning (as should any hacker), so the mechanics are the same.

A couple of thoughts I've had:

1) If the node you are on is too hardcore for you to edit the Access Log, what you could do is swim down the current and hack a smaller, easier node down the chain. Any trace action would stop at that node.

2) You could maintain a node somewhere and remotely log in to it. A trace would lead back to it, but not to "you". I don't think that's especially cost effective or really all that advantageous, but you could do it.

[Red-ROM]

I have a rigger , and I like to change my access ID via hardware + Logic (2). Mostly for flavor, but I'm also slightly better at it that way. And I agree that the Electronic warfare could be more usefull. That being said, the Hardware skill is pretty all encompassing.

[Kerenshara]

Your accessID is based on your hardware. If someone spoofs your accessID, that does not keep you from connecting to the matrix, but your AccessID Accounts will be compromised. So you get a few new chips to install (a hardware+logic(2) test), and change the account data.

Routing through a node: Proxy Servers, Unwired pg 104. Easier: Clustering with the Commlink and choosing the other devices AccessID, as per the Errata for Unwired pg. 55.

OK, I keep seeing this, and I think there is a serious mis-understanding about what's hardware, what's firmware, and what's software going on that we went on in some detail in the thread about hacking comlinks for fun and profit: http://forums.dumpshock.com/index.php?showtopic=26495

Per descriptions of hacking in the books, one of the first things a hacker does is utilize her comlink (hardware) to access the LTG and convince it to grant them an Access ID (software). Since that ID is granted TO the hardware, a modern comparison would be an IP address assigned to a Network device by it's MAC ID number, which IS hard coded into the device. Essentially, any traffic addressed to the Access ID would be routed to the physically nearest wireless device exchanging communications directly with the MAC ID in question. Now, a ComCode is a phone number. It is just a simpler (and fixed) version of an Access ID, but the two do not necessarilly have anything to do with one another. Now it IS possible to spoof the MAC the 'link presents to the network, but as long as it acknowledges the traffic for the bogus ID, it's all AOK. And the 'decker can spoof the rest of their data trail by making similar changes along the route. So if they are at all smart, even worst case the access logs will show nothing but a bogus MAC to a hacked IP should it beat all the redirects. To get the REAL MAC off the 'link, another 'decker or agent (or sprite or T'mancer or whatever) would need to gain access to the 'link's home node and look back out towards the incoming connection to get that information. And it's only really useful from a prosecutorial standpoint. In actuallity, the biggest problem is having them trace the open link to the final device communicating with your 'link wirelessly and jam it open then triangulate the signal back to the 'link/you. The access logs will show information about your "virtual" self, depending on the security of the system. Low level systems would just have the useless data I already mentioned and of course proof SOMEBODY had been there, which would help let them undo whatever you did. In a high security system, it might have kept enough data to be able to identify the unique avatar you crafted for yourself so they will know you if they see you again. That part's conjecture and up to GM interpretation. But if the 'decker spoofed their MAC (smart) while spoofing their data trail (prudent and often assumed), the logs themselves aren't much use in the case above unless there was sabotage of some kind of a back door added or the like. You should never need to change out the chips unless the real MAC gets compromised. Now, for a normal user whose COMCODE gets compromised, it's registered to the actual MAC (unless your friendly neighborhood 'decker fiddled it for you) in which case it's a good idea to change them up.

Make sense?

[Backgammon]

I hate your font

[Shadowfox]

Me too it hurts me eyes T__T

[Malachi]

The trick I described involves actually making it pretty difficult to know where you really are by ensuring that they can't triangulate you, and by maximising your location envelope.

Right, I understand. If you hack from a spot where you are connected by only a small (one ideally) number of wireless access points then it becomes much more difficult to determine a physical location because you only have the attenuation from one signal to guess the location instead of the attenuation from multiple sources. I have a degree in Electronic Engineering so I'm well familiar with all that wireless stuff, and I don't think its really necessary to put all of that into the rules. People need to know that for one-way communication, you only need to be within signal range of the sender, and for bi-directional communication you need to be within both device's signal range, which equates to the lower of the two involved in the communication. I have seen people have a difficult enough time with the aforementioned concept, burdening them and the rules with detailed explanations of the "hidden station" problem or what to do about increased packet loss or crosstalk would serve no useful purpose in the game. The groups that want that kind of detail probably already have people in the group with enough RL knowledge on the topic to craft their own rules for it. I suspect the majority of people simply don't care.

Per descriptions of hacking in the books, one of the first things a hacker does is utilize her comlink (hardware) to access the LTG and convince it to grant them an Access ID (software). Since that ID is granted TO the hardware, a modern comparison would be an IP address assigned to a Network device by it's MAC ID number, which IS hard coded into the device.

I had always equated the Access ID to the MAC ID of a device and the Commcode as a combination IP Address and phone number. The Access ID is part of the hardware (or firmware I suppose) of the wireless device which is why it requires a test using the Hardware skill in order to change permanently.