 decker tricks, show off your genius |
  |
 Feb 11 2004, 01:07 AM
Post
#26
|
|
|
Running Target  Group: Members Posts: 1,362 Joined: 3-October 03 From: Poway, San Diego County, CA, USA Member No.: 5,676  |
Who needs decking? Just have a teammate infiltrate the base and run a bar magnet over the security host.
|
 |
 
|
|
Feb 11 2004, 01:10 AM
Post
#27
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
...computers in 2060 use optical storage. what's a magnet going to do?
and also, why would you need to modify your newly-forged account to make it looks like it's been there all along? that's what validating it is--making it seem legit. the only reason an admin would invalidate it is if the account were brought to their attention as being faked--like, say, the guy using it racks up security tally. |
|
|
|
|
Feb 11 2004, 01:22 AM
Post
#28
|
|
|
Running Target Group: Members Posts: 1,362 Joined: 3-October 03 From: Poway, San Diego County, CA, USA Member No.: 5,676 |
Computers still use electrical wiring, which can be affected my magnets. The magnet would cause some wires to misfire, causing some of the photon circuits to misfire, causing a few improper 1's, 0's, and 2's. (Or one-zero dualities, thoguh I imagine people just call them twos) This wouldn't be nearly as bad as degaussing a magnetic drive, but it would cause some bugs and fragmentation.
|
|
|
|
|
Feb 11 2004, 01:31 AM
Post
#29
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
a few. you'd have to have a really, really powerful magnet, though, and it'd take a really, really long time to have any significant effect. i mean, heck, the computer you use right now is chock full of magnets. long before you manage to screw up an optical computer, someone will have noticed the errors and gone on a magnet hunt.
|
|
|
|
|
Feb 11 2004, 02:05 AM
Post
#30
|
|||
|
Moving Target Group: Members Posts: 413 Joined: 20-November 03 Member No.: 5,835 |
Better than "email" -- given the problems with the hackability of such accounts -- is to incur a high signal to noise ratio (like someone mentioned with the 50k porn emails, lol! GOOD idea!), and write out data that doesn't look like account information. First, you'd want to encrypt the data. Then, you'd want to obfuscate it by including it in some small subset of data, like a "debug dump" or somesuch. This data can then be : (a) stuck in some commonly used holding area on the host (equivalent of /tmp/ on a modern unix host), to be later downloaded manually by you -- you deck in, grab a file with 5-10 valid accounts in it, and log out -- even better if you use a valid login for THAT, and not be a nuisance to the system... (b) uploaded to a dead drop - similar to a "mail" account, but rather than having a canonical "inbox" or anything like that, it is spooled through another process that does even more obfuscation and then sends it on to someplace else you can pick it up. Note that this can be strung together to several levels (just like you might with a redirect-datatrail operation, for example). Make the initial process (that gathers/creates/whatevers valid account information) send to multiple destinations. Make some of those do the same. Obfuscate the purpose of some of these by making it look like they do something harmless with it (like dump the message to a log as a "received error", or somesuch). Make some of them look like a poorly written university project. The security deckers will find your original stuff. They might shut it down, or they might be confused as to what it does (even better if the program looks like it's supposed to do something USEFUL (to them) there. Bonuses if you can make them think that one of the other deckers wrote it as a quick onetime knockoff utility. ;) If they follow it on and see what it does, they might find that it writes a log. They'll examine it, but if you've been careful, they shouldn't be able to realize that the file that's dumped contains any Information, but rather is junk. (Hell, make it look like a debug/coredump, or something. Even better, have your program ACTUALLY crash and send that data to the system's NORMAL error logging function - so that it looks like a legitemate death.) If they realize that your utility sends data elsewhere, they might hack in to THOSE places. Or, they might think that it's correspondence between two researchers, or something. If you've been careful about hiding the information. The security deckers have finite time and resources - more than you, yes, but you can easily make the job look like it's of low importance/threat. If they either don't recognize what your program Really Does, or can't figure out where it sends it (or why), you're pretty much scot free. If they DO figure out what your program does, they will probably just shut it down so it won't run again, but will probably not expend the resources to develop an agent to send looking for you. Skills needed: Encryption knowledge skill, probably: so that the data you hide will not be obviously acocunt information. Steganography, so that you can hide Real Data inside other harmless looking data. :-) Forgery: to enable you to write convincing-looking Fake Stuff, perhaps - like emails between department heads, or bad spam responses, etc. |
||
|
|
|
||
|
Feb 11 2004, 12:25 PM
Post
#31
|
|
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
ye gods.
|
|
|
|
|
Feb 11 2004, 05:45 PM
Post
#32
|
|
|
Target Group: Members Posts: 7 Joined: 8-July 03 Member No.: 4,893 |
It seems to me that any security personnel capable of back-decking a connection is probably savvy enough to notice a new account being created every 24 hours on the mark. Even if the program waited a random amount of time and made a new account, new accounts should be pretty obvious.
The rules are the problem. The minimum time it takes to find a fake account is 24 hours? Maybe for the first one or two, but that rule is much too static for any serious security procedure. Possible Motto: Static rules are inherently unrealistic and can be exploited by players to great gain. Worry more about the dynamic reactions of the parties involved. |
|
|
|
|
Feb 11 2004, 09:09 PM
Post
#33
|
|||
|
Shooting Target Group: Members Posts: 1,685 Joined: 17-August 02 Member No.: 3,123 |
My first idea was to have it emailed to a local paper, one that offers free personal ads. That way you can't possibly be traced when you go to the corner and pick up a paper. The accounts are only around for 24 hours, though, so I scrapped the idea. A better one would be to post to a public forum ("HOWRD STERN RULZ!!!!!!!!!jiogfjei943urui3/j842rj8f934jr!!!!! BA BA BOOOOEY HAHAHAHAHAHA U SUK!!!!!!!1121@!2!@!"). |
||
|
|
|
||
|
Feb 11 2004, 10:46 PM
Post
#34
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
i've always assumed that the Validate Account operation includes making the account appear to have a history--that is, changing the dates and adding some logs so that the account doesn't look new. any actual new account would get a thorough check by the system, but if you manage to fool the system into thinking the account has been there all along, you avoid that. you also end up avoiding the pattern of having a new account show up every 24 hrs.
|
|
|
|
|
Feb 12 2004, 04:00 PM
Post
#35
|
|||
|
Target Group: Members Posts: 7 Joined: 8-July 03 Member No.: 4,893 |
Being that people are aware that Validate exists, you'd think they'd have a printout in their office of all the accounts on the system, or on some sort of write-once media, and simply compare with the known-good copy. The first rule of security decking is never trust anything, not even your own system. If target matrix sites don't adhere to that, then yeah, they're pretty much screwed. |
||
|
|
|
||
|
Feb 12 2004, 04:59 PM
Post
#36
|
|||||
|
Technomancer Group: Retired Admins Posts: 4,638 Joined: 2-October 02 From: Champaign, IL Member No.: 3,374 |
Agreed. I usually concider the office I work for. We do a daily backup, on Fridays it's a weekly backup, on a two-week rotation. That means that every day we have 14 days to backup our data just in case of a problem. So, that means that if something strange happens one would have a record of the valid accounts on the system and could compare them to the current accounts on the system. Plus, if the sec. deckers missed the problem, then they might have quite a lot of temporal information to find out when the validation took place. Therefore, they might be able to notice the actions of the command set that started out this whole conversation. Basically it still comes down to this point: Deckers can easily fool the system into thinking they're legitimate, and they can obfuscate that fact from other deckers. But, they can never completely eliminate every trace of information concerning that account. Otherwise, you'd have deckers with a Validate 8 or 9 utility that they program themselves (to avoid the cost on purchasing such a program) who do nothing but log on and try to validate a super user account. If they fail, log off, waith 24 hours for your tally to drop to zero and then try again until they succeed. Only time and the ability of a sec. decker to notice patterns in the system that the system itself cannot prevent this. |
||||
|
|
|
||||
|
Feb 12 2004, 06:45 PM
Post
#37
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
hence the reason validated accounts don't last forever. deckers don't usually pull the kind of trick you describe in your last para, dashifen, because once they manage to forge an account, it's only going to last a maximum of (1d6 x succs) days.
and if your command set gets deleted, who cares? you've got fifty more, on fifty other RTGs. |
|
|
|
 Feb 12 2004, 07:11 PM
Post
#38
|
|
|
Chicago Survivor Group: Dumpshocked Posts: 5,079 Joined: 28-January 04 From: Canton, GA Member No.: 6,033 |
Well, I have a solution for the anonymous, untraceable email drop-box. The pager listed in the BBB basically receives email, voice messages and even faxes (why faxes still exist in SR is beyond me though), up to 5mp if I remember correctly. So, hop into a stuffer shack, snag a :nuyen:10 to :nuyen: 50 pager and plug it into an open port on the ol' deck. No big deal.
|
|
|
|
|
Feb 13 2004, 02:15 AM
Post
#39
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
yeah, but it's a cellular device, which can be easily triangulated. since they can't get your email address, they'll just have to make do with your physical location!
|
|
|
|
|
Feb 13 2004, 02:32 AM
Post
#40
|
|
|
Beetle Eater Group: Dumpshocked Posts: 4,797 Joined: 3-June 02 From: Oblivion City Member No.: 2,826 |
Pagers only receive data in SR, they don't broadcast (a lot). Meaning they would have to be damn good to get a lock when the pager goes ping every few hours.
|
|
|
|
|
Feb 13 2004, 02:46 AM
Post
#41
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
right, but the pager's number would necessarily be included in your command set. once they have that, the sec decker can just hack your service provider and force it to query your pager.
|
|
|
|
|
Feb 13 2004, 02:52 AM
Post
#42
|
|
|
Beetle Eater Group: Dumpshocked Posts: 4,797 Joined: 3-June 02 From: Oblivion City Member No.: 2,826 |
Wait, wouldn't your first trick work for the pager provider too? You could have your pager switching id everytime it* detects a suspicious set of queries. You could even have various pager numbers - thus you know which security system discovered you and which passwords are now worthless.
*I obvioulsy assume one can hack their own pager. |
|
|
|
|
Feb 13 2004, 11:18 AM
Post
#43
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
indeed.
|
|
|
|
|
Feb 13 2004, 04:08 PM
Post
#44
|
|
|
GM of DOOM! Group: Members Posts: 3,893 Joined: 20-March 03 From: San Diego Member No.: 4,296 |
Since we're tossing up cool decker tricks, does anyone else think the drawbacks for a satellite hookup are more then worth the benefit of the fact that you can't be traced back to a meat body?
|
|
|
|
|
Feb 13 2004, 04:42 PM
Post
#45
|
|
|
Chicago Survivor Group: Dumpshocked Posts: 5,079 Joined: 28-January 04 From: Canton, GA Member No.: 6,033 |
That is in fact very smooth. Just love satellite jumping.
|
|
|
|
|
Feb 14 2004, 07:51 AM
Post
#46
|
|||
|
Shooting Target Group: Members Posts: 1,512 Joined: 16-August 03 From: Northampton Member No.: 5,499 |
Myself, Grey, Lindt and Dash, had a disscussion on this in our game (Misfits) and although it is canon that you can't be traced if your satlinking, i do agree with grey on the fact that you should be able to interrogate the sat into where it's uploading/ download from, because the matrix is a 2-way connection. Side note: techincally you don't actually need a satlink uttilaty, hack into somewhere that use's satlinks them selfs and borrow theirs. |
||
|
|
|
||
|
Feb 14 2004, 09:09 AM
Post
#47
|
|
|
Moving Target Group: Members Posts: 402 Joined: 23-April 03 From: London, UK Member No.: 4,491 |
I was looking at Virtual Realities 2.0, and it shows Ares' hottest decker, Pyro with a custom-built attack program called "Napalm Blast"! Could it be an attack program that can hit more than one target?
|
|
|
|
|
Feb 14 2004, 01:16 PM
Post
#48
|
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
attack progs that attack multiple opponents are possible with Matrix. i thought program options were included in VR 2.0 as well, but i guess i was mistaken.
determining one's physical location by querying the satellite is only possible if the satellite has some means of determining the direction that a given signal is originating from. most satellites, as far as i'm aware, do not have this capability; there's simply no reason to have it. |
|
|
|
|
Feb 14 2004, 01:26 PM
Post
#49
|
|
|
Shooting Target Group: Members Posts: 1,512 Joined: 16-August 03 From: Northampton Member No.: 5,499 |
The matrix is a2-way thing no? you send a siganl telling it you want to do, it sends a return telling you to frag off. The satalite needs to know where to send that frag off to.
|
|
|
|
|
Feb 14 2004, 02:31 PM
Post
#50
|
|
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
a sat works by basicly bombarding a big area with a signal, its not tightbeam at all. so while you can get the general area this area can be say they size of europe :)
program options where in virtual 2.0, you are looking at the area option for multitarget effects. |
|
|
|
|
|
Lo-Fi Version | Time is now: 4th February 2025 - 08:05 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.