Nodes. Once IC finds you. Options

[Vantive]

When discovered by IC, is there a way to become invisible again? Like a magic vanish button? Or must I kill all the Icons.

[GreyBrother]

Thread Stealth up. (IMG:style_emoticons/default/nyahnyah.gif)

The problem is, even if you phreak all the icons the Firewall is still aware of you and can just reboot the IC. Or call in reinforcements from a friendly node.

[Vantive]

Im not a Technomancer. Just a rigger with a pimped out comm... going to be running stealth 6.. Just does not seem like a whole lot thats all (IMG:style_emoticons/default/frown.gif)

Looks like I've gotta roll edge while I try and get into the node and to get all the stuff..

Most my hacks are getting staff lists, stock reports, shipping manifests and what not... so im not really looking for trouble.

[BlackJaw]

Well as I understand it, you aren't spotted by IC till it beats your Stealth Program. Once it does, it and the node (it's firewall) now see you. You can't be invisible again without leaving the node, re-spoofing your ID (which would also kick you out of the node) and then hacking back in. You may want to wait a while before doing so, to let the alert pass a bit.

Really it's best not to get caught. I recomend hacking in with as high an access as you can (admin is great, but it increases the treshold by +6. It's safer to do when you have a few hours to probe a system, sometimes I can get it on the fly by using edge,) and then disabling the IC once into the node so you can work unmolested. Disabling IC when you have admin access and it hasn't spotted you yet is very easy. You either unload it, or you change its "agent script" so that it doesn't check user IDs. It tends to be a good idea to simply leave it online and not checking ID because most well designed security setups have the IC set to send an alert e-mail to the admins/security when it's turned off, and that might get a security rigger to show up... and that can be a serious problem for a hacker. Changing its script means the IC is still online, and thus doesn't set off an alert. To be really stealthy you should reset it's agent script when you leave, otherwise the next security sweep could notice someone messed with the IC. Ofcourse you will need to do this before cleaning the Log of your actions... so that will leave you "visible" to the IC for at least 1 pass before you leave the node.

Another trick is to use the Disarm program (Unwired 111) on the IC's Anaylze Program (and Homeground Autosoft). This will drasticaly reduce it's ability to spot you. It's also not likely to be noticed unless someone anylazes the IC's active software, and it seems to be preforming fine no one will do that for a long while. Alas you can't use it on the IC itself. This trick leaves the IC fully intact agaitns everyone but you. This has been a boon to me recently when hacking an aztech attack helicopter. Neither the IC nor the Piloting Rigger saw me yet, so when I revoked the rigger's access, the IC turned on him. The best part: It was Black IC loaded with a Psychotropic Judas feedback option. The brain burned pilot will latter feel and strong compulsion to call up his own Aztech employers and report himself.

My hacker character uses a commlink optimized for Stealth (Unwired 198) so I'm sort of running Stealth 7. Also get the Mute program option (unwired 115) for your Exploit, Edit, Corrupt, Disarm, etc programs. It can get you the 1 full combat turn before an alert is sounded for screwing up most common hacker actions.

[Zaranthan]

Hacking goes much more smoothly if you rule that cyberspace doesn't allow spotters. If you want to do something to an icon, you have to beat its stealth yourself. You can't just have an agent Analyze everything and tell you which icon is the intruder, because your persona doesn't see the same false icon as the agent. One sees a stray config file, the other sees a deactivated device. After all, you don't decide what to Stealth yourself AS, it just works. Thus, much like Encrypt, it's reasonable to assume that any specific obfuscating scheme you can come up with is already being done by the software suite (remember, each "Program" as we refer to them OOC is actually several programs running in tandem).

[otakusensei]

Hacking goes much more smoothly if you rule that cyberspace doesn't allow spotters. If you want to do something to an icon, you have to beat its stealth yourself. You can't just have an agent Analyze everything and tell you which icon is the intruder, because your persona doesn't see the same false icon as the agent. One sees a stray config file, the other sees a deactivated device. After all, you don't decide what to Stealth yourself AS, it just works. Thus, much like Encrypt, it's reasonable to assume that any specific obfuscating scheme you can come up with is already being done by the software suite (remember, each "Program" as we refer to them OOC is actually several programs running in tandem).

The problem there is that it goes both ways. If an agent can't tell me what icon is the IC or the spider, the IC can't tell the Spider what icon is me or my agent. Sharing data between communicating icons allows things to move quicker because there are less actions spent determining what is what and more spent dealing with the hack so that things can return to normal game flow.

[Tricen]

I tend to agree with otakusensei on this one. Allowing the IC to communicate with one another allows for us to "get to the point" as it were. It just takes a bit of a paradigm shift on the GMs part when creating the run.

[deek]

Based on Unwired, there are only, what, three things that a node can do to you once it has flagged an alert?

1) It sends an IC, which could be anything from a killer black IC to a simply tracking IC.
2) It notifies a spider and then you are dealing with another hacker or whatever that dude wants to send at you.
3) It tries to disconnect you from the node. It only gets one chance, if it fails, you are in.

I'd say, most often, when hacking on the fly, go for the lowest account you can get...normally a user account. Once you get in, then hack an admin account. Now the system will get a chance to notice that hack, but I've seen much better luck on that one roll than adding another 6 to your initial hack on the fly threshold...

Now, going back to the OP, if an IC does find you, can ignore it and continue doing what you are doing, then hope to get out quick. Or, you could attack it, hope to defeat it, finish what you are doing, and get out. Or, with the right access, you may be able to disable it as part of your access.

[Zaranthan]

Now, going back to the OP, if an IC does find you, can ignore it and continue doing what you are doing, then hope to get out quick. Or, you could attack it, hope to defeat it, finish what you are doing, and get out. Or, with the right access, you may be able to disable it as part of your access.

You don't really want to "defeat" IC. If the system's on alert, they'll be back on the node's next pass. What you really want to do is crash its proactive programs. IC without Attack or Trace is just weight on the node's processor limit that doesn't obstruct your hack until a live spider comes along and tells it to reboot (at which point you can blackout the spider and have free run of the system until the HTR shows up).

[CodeBreaker]

You don't really want to "defeat" IC. If the system's on alert, they'll be back on the node's next pass. What you really want to do is crash its proactive programs. IC without Attack or Trace is just weight on the node's processor limit that doesn't obstruct your hack until a live spider comes along and tells it to reboot (at which point you can blackout the spider and have free run of the system until the HTR shows up).

Only if someone on the Node (Another IC or Spider) loads it. And if a Node goes on Alert and you have Admin Rights use Edit on the login requirements to include a Passcode. Means that if a Spider wants to come in and say hello he needs to hack his way in. Might also work for any IC that wants to load up, but that might be a different Edit action on the Nodes Alert commands.

[CanRay]

You know, someone needs to design IC based off of Bubba the Love Troll.

...

WHAT?

[CodeBreaker]

You know, someone needs to design IC based off of Bubba the Love Troll.

...

WHAT?

Black IC with psycotropic effects that shunt you into a particularly unsettling Troll on Dwarf Gay Love porno?

[Summerstorm]

and by "love" we of course mean "rape"... sigh. (sorrysorry)

Also can't you attack with a "mute"-option attack program, and than kick its ass? And then spoof the IC's feedback to the System? Hm.. maybe a "all clear i am going, bye - no need for the spider or alarm anymore"?

[Magus]

Per Unwired when the node notices you and goes on Alert you lose your rights and go back to User rights

Pg 67 Unwired

Al erts
Another important line of defense in any system is the intruder
alert. A node under an active alert is “aware� of a specific
access ID that has hacked or is trying to hack his way into the
system. If a system is made up of multiple nodes, an alert in one
node puts all nodes on alert against the same intruder.
A node on alert gains a +4 bonus to its Firewall against the
intruder specified in the alert. Additionally, all privileges involving
the node itself (such as deactivating programs or agents, rebooting,
editing files, etc.) are no longer automatically allowed to the
trespasser, who must either use the Hacking skill to perform such
actions or Spoof a command from a legitimate user that still has
her permissions intact.
The young hacker, /dev/grrl, has hacked herself an
admin account, but she glitches on a roll and an active
alert ensues. While she normally would have been able
to Edit the node’s access log without rolling, she now must
make an Opposed Hacking + Edit Test against the node’s
Firewall + System to do so.

[crizh]

Interestingly, according to the faq, only the IC or Spider the system 'alerts' when an Alert is raised automatically is aware of you.

When you trigger an alert, will security automatically spot you, or do IC and security hackers still need to succeed in an Opposed Matrix Perception Test?

If the system is set to launch an IC program (or programs) immediately upon detecting an intruder, then that launched IC will automatically be aware of the intruder's presence. Any patrolling IC or security hackers, however, will need to spot the intruder as normal. At the gamemaster's discretion, alerted IC or security hackers may receive a +4 dice pool bonus to spot intruders (same as the +4 Firewall bonus that active alerts provide), as the system feeds them information on the intruder.

[Summerstorm]

Yeah... but for a spoof i don't need any access rights. When i mute and destroy all IC's and have analyzed them for their IDs before i got rid of them, I could spoof their interaction with the system, or not? Of course that would be terrible hard to do. Also i have to get ALL personas which are perceiving me, and all at once at best. Or can the system itself actively track me? Than i have to disappear for it for a least until i signaled an "all ok"

But well... best thing would be to just leave, get a new ID and come back for a new hack... and if that is not possible... shoot the facility up *g*.

[DWC]

Per SR4A, spoof only works on peripheral nodes and drones, so you can't spoof a command to a commlink or a nexus anymore.

[Summerstorm]

Hm, really?.... ok... maybe i can change my ID to the ID of the defeated IC, after i take it out. Then maybe my stealth kicks in again, and comunicates with the system? Somehow one has to be able to do this. I HAVE to MAKE it work *g*

[CodeBreaker]

Hm, really?.... ok... maybe i can change my ID to the ID of the defeated IC, after i take it out. Then maybe my stealth kicks in again, and comunicates with the system? Somehow one has to be able to do this. I HAVE to MAKE it work *g*

Respoofing your ID immediatly drops all Subs, you would be kicked out of the system and would need to hack your way back in.

Really, if an Alarm does go off your best bet is to Hack it off, kill any IC that gets launched (It automatically detects you, the other stuff still needs to roll a MPercep) and hope to god that nothing sees you.

Or you can pull out the big guns, load up all your Agents and bring the fight to the enemy. Have an Agent change the Login Passcodes every few turns, have another begin Editing the Access Log to remove your actions from it (Prevents an easy Trace if you get kicked), have an Agent with Analyse 6 running (If the Alert is still up does it get a bonus to Perception rolls?) checking everything that logs in for a Spiders/IC who have broken in. Gank everything that does Log In before they have time to reload the Nodes IC. Basically be a complete bastard while getting whatever you need from the system.