Questions about traces Options

[Odsh]

I would have some questions about tracing and redirecting traces in the matrix.

First, it is written that you can trace an icon or a subscription back to its originating node. But is it possible to find someone based on his Access ID only, as long as he is online? If not, why not only log off to avoid the trace (granted, if you are jammed by a black IC, it's not that easy)? In the second Shadowrun Mission of the Denver Campaign, it is possible to track the location of an RFID tag based on its emitting frequency with a Data Search. Maybe something similar can be done to find a hacker based on his Access ID?

Second, about the Redirect Trace action: it seems very unlikely that a hacker will detect that a trace is running on him. This is done by making an Analyze Icon action (SR4A p.228): does that mean you have to actively analyze an icon in order to realize that it is tracing you? Is there no other way? Or can you analyze your own icon to see that you are being traced? The Analyze program can be set to run in the background, but only to detect the presence of other icons in a node.

[Karoline]

I swear it seems like this question comes up every month or so.

Prepare for a long debate on what you can and can't trace and such.

One thing I can say for sure, is that logging off is the main way to avoid a trace, and the main way to stop someone doing that before you've finished the trace is to jam them with IC.

I don't think you should be able to trace someone based on their Access ID if only because it means that anyone can trace anyone anytime. Someone's commlink number is basically their phone number, and is almost certainly publicly available. Combine that with the fact that you can easily trace someone as long as their commlink is online (which is 24/7 by all accounts), and you create stupid easy levels of stalking and tracking people.

I believe you have to analyze your own icon to see that someone has stuck a trace onto it. Not a bad idea to have an agent running along with you constantly scanning you for a trace so if you get tagged by one you can just redirect it, or the agent can redirect it for you.

[Odsh]

I just read this, Unwired p.100:

Botnet programs contain access IDs for their handlers, theoretically allowing others to trace you

[tagz]

I just want to point out with that statement there, that it's saying "trace" not "Trace Action". Two different things.

Though, that said, I'm not sure if they did in fact mean a trace action can be used or if it's just an ID data trail.

[LurkerOutThere]

I am AWB but just logging off is not enough to prevent a trace as anyone with access to the logs can still run a trace on you. The old rule still applies. "Never hack from home, never hack from any place you are attached to. It Is also a good idea to move after you hack."

[Neowulf]

The mesh network topology of the matrix 2.0 plus the explicitly stated fact that the data stream itself does not contain access IDs, makes trace an interesting problem.

In a non-mesh topology the access ID would be tied to a geographically stationary piece of hardware at either the endpoint or the last hop. Find that location, and you have the physical address you need.
But with a wireless mesh and no clear indication of path IDs, you have to actually trace the path back hop by hop until you get to the last hop, then have that device report back the physical location you need. One method would involve viral-like self executing code, send a packet to the first hop you know and have it report back the next hop, and repeat until you have the last hop.


Tracing an ID you know but doesn't have an active data connection you can perceive should be possible, but at a ridiculous amount of time. You're basically walking around downtown LA asking "Hey, have you seen Bob?" and hoping the question eventually reaches someone who sees him.

[Odsh]

The mesh network topology of the matrix 2.0 plus the explicitly stated fact that the data stream itself does not contain access IDs, makes trace an interesting problem.

Are you sure about that? Isn't the Access ID required for routing information accross the matrix to the right destination? It is also written that more than one connection to a node with the same Access ID is not permitted. Or that you only need one hit on an Analyze Icon action to get its Access ID. I wonder how all that is possible if the information about your Access ID never makes it to the node you are accessing.

This quote from Unwired (p.65) is quite interesting:

A spider can use the information in the access log to Track an intruder through the Matrix (p. 219, SR4) even if the intruder’s icon is no longer in the node. Unfortunately for the spider, hackers tend to change both their location and their access ID on a regular basis, so this information is usually dated and no longer accurate. A successful Track Test using access log information will only give the location from which the hacker performed the last action recorded in the access log, and the access ID that she used at the time.

EDIT: another quote, p.104:

In order to spot a trace, you must be in the same node that the track attempt is launched in

[Neowulf]

The icon of the hacker's presence contains their access ID, which is why you can get it when analyzing their icon (and why the access logs will contain it). But the data streams do not for some reason, which is why you have to analyze a drone rigger's icon to get their ID for spoofing instead of just pulling it from the intercepted data packets.


Your quote from page 65 unwired seems to say that not only is the return datapath encoded into the packets, but that path is persistent across a reasonably long timeframe.
For that to happen without just encoding the access IDs of the hops directly into the packet (making a trace laughably easy), packets probably contain a hash of the path that works as an identifier for a unique path. When a node on a route reads the incomming packet, the packets tells it "please send me along path 7reygkuy765885ukjy7", which the node just knows the next hop is over to node carl.
Say nodes A, B, C, D, and E. A is a hacker, E is the paydata node, b, c, and d are the nodes making the path between A and E. A accesses E, creating path ae1 through B, C, and D. A knows the path hash and access IDs for both ends, as does E. B knows that hash ae1 means pass data between neighbors A and C without knowing A is an endpoint and C isn't an endpoint. For security the hash's would only be valid for data comming from either node locally associated with the hash. So if E sent a packet to B telling it to route along ae1, B would ignore it because it only knows ae1 as associated with A and C. If security hacker F jumped on E and tried tracing A by sending the self executing code packet I stated earlier, D would ignore it because it's not comming from E, so F has to spoof the packet to D to claim it came from E, which A's analyze program has a chance of catching and alerting him to (spotting the trace).




Of course it could all be quantum routing, and works on the idea that if you model the interaction of cheese with a random falling object you can extract the address of the closest italian/thai/australian fusion restaurant to the target node and can route via simulated drunken butterfly left wing flaps from there...

[hobgoblin]

those hashes may well be the way, as i think a real life problem with mesh networks are the routing table sizes. They grab very large very fast, iirc.

[Malachi]

A Trace can be run on Access ID alone, this is clearly stated. If the device tied to that Access ID is no longer online, the Trace will report the last node that the device was online. Your Commcode is not your Access ID. Giving someone your comm number is not allowing them to trace you. There is a deliberate break between the two so that a person can switch interface devices (eg. get a new commlink) and still have the same Commcode - equivalent to their phone number and email address. Tracing someone via their Commcode alone would involve first hacking into the MSP that handles the routing of their calls and finding their Access ID there.

To determine if a Trace is running against you, you must Analyze the icon that is performing the Trace, not your icon. All of this is why changing your Access ID is so simple, and should be done all the time by a security conscious shadowrunner.

[Neowulf]

Who said anything about a commcode?

[Malachi]

Who said anything about a commcode?

I was addressing this:

I don't think you should be able to trace someone based on their Access ID if only because it means that anyone can trace anyone anytime. Someone's commlink number is basically their phone number, and is almost certainly publicly available. Combine that with the fact that you can easily trace someone as long as their commlink is online (which is 24/7 by all accounts), and you create stupid easy levels of stalking and tracking people.

Yes, someone's "commlink number" is their phone number, and probably is publicly available, but it is not their Access ID and you cannot trace someone by Commcode alone.

For the "techies" out there: a commcode is a combined email address and phone number, and the Access ID is the MAC Address of your commlink.

[hobgoblin]

given the direction google seems to be heading with gmail, gtalk and google voice, i would say that they would be one of the first commcode providers. And if skype got some kind of email service going, they would have pretty much the same.

and i pondered the use of a hash to id a data route, and it makes a fair bit of sense.

when things are initially set up, your comlink fires of a generic "connect me to access id xyz" with a attached hash. Then every other comlink in range repeats that, unless they have already seen the hash before. With enough repeats, this will hit the comlink with the requested access id. Then that comlink replies, with the same hash attached, saying "hi". While this is going on, if the initial connection request should come in from a alternate route at any point in the chain, the routing comlink would keep the source on list as a potential alternate route should the primary route fail.

[Odsh]

A Trace can be run on Access ID alone, this is clearly stated.

Could you please tell me where this is clearly stated? I have read that you can trace someone from an icon, a subscription or an access log. But nothing says that the Access ID is used for that in any of those cases. Moreover, it is written that a successful trace reveals a user's Access ID, which is quite confusing if it is used to initiate the trace in the first place.

[SpellBinder]

... All of this is why changing your Access ID is so simple, and should be done all the time by a security conscious shadowrunner.

Or just have a spoof chip installed in your commlink to change your ID as often as you feel like it. Probably the best 500 (IMG:style_emoticons/default/nuyen.gif) you'll ever spend in this regard.

Spoof Chips: Spoof chips are small firmware add-ons that automatically generate a new access ID for a vehicle node (or any device) on a regular basis, or as instructed (see Spoofing the Datatrail, p. 224, SR4). Integrating a spoof chip into a device requires a Logic + Hardware (2) Test.

Any device. So your commlink, your gun, or whatever that is dependent on an access ID can have a spoof chip installed to scramble the ID whenever you want.

[Neowulf]

Bio-monitor linked to your spoof chip. If black ice knocks your out it spoofs your access ID automatically, instantly cutting the connection.

[LurkerOutThere]

Possibly killing you with the dumpshock, although the question would be whether or not simply changing the access ID offlines you. Perhaps a better option might be an IC on your home comlink that unloads on your icon with a regular matrix attack if it notices you pass out thereby disconnecting you or one that just shuts off your comlink which would certainly disconnect you.

[Neowulf]

You're down anyway, resisting dumpshock is generally a better prospect than letting the IC have free reign over your link. Especially if it leisurely loads a trace and reports your physical location to on site security.
You've got a better chance of getting first aid and a heal spell if there aren't a dozen security professionals breathing down your team's necks.

[SpellBinder]

If changing the access ID while you're online doesn't log you off, just set the spoof chip to cycle it as soon as the bio-monitor catches that you're unconscious, though this then makes the spoof chip a much, much cheaper and way more reliable alternative to the spoof software. Probably would get errated as saying you can't use a spoof chip to change your access ID while you're actually in the middle of using it (like in a great hack).

Could, though, set something else to get you logged off once you've been knocked out by a blackhammer or such, and as soon as you're logged off the spoof chip cycles your ID. Just hide out at a coffin motel when you do a hack, and now you've got potentially dozens of other people who could also be the hacker if things turn south.

[LurkerOutThere]

This is my take on it as a GM take it with a grain of salt. I would conclude that changing your access ID does not log you off automatically. The system would treat it as if you access path had changed. Now you could build a chip or modify your comlink to sever the connection when your bio signs flatline and I'd certainly allow that sort of solution. But as I have mentioned above they can still trace you to where you last connected via the access logs.

[Neowulf]

Unwired page 99, Spoofing a datatrail online: States that not only can you spoof and change your access ID online, but this severs all your connections quickly.


Access IDs are your commlink's unique identifier, all actions you take online are tied to it. If you change your access ID, you suddenly become a whole different icon in the eyes of your subscribed nodes, an icon without any registered login events to give you any permissions.

It's time for, Tossed Together Explanation Theater!
Starring Mr Hacker, Mr Nexus, and Mr Security!
Act 1, Scene 1:
Hacker commlink, access ID "carl": "Hello mr paydata nexus, I'm carl, I'd like to login as administrator account butterface, password purple purple squiggle fuzzy-triangle."
Paydata nexus: "Why hello there carl. Password accepted, you now have access to account butterface."
Carl: "Yay. Ok, lets find some files, shall we?"
Paydata: "Certainly."
Security hacker "guido67": "Hrm, odd, butterface is on vacation and should be sipping margaritas right now, not looking at files. I better make sure this "carl" node is realy in the carribean." *starts trace*
Carl: "Oh no, he is tracing me! I can't let him find my location, my low orbit satlink will rat me out here in the barrens! I better spoof my access ID, so he can't trace me." *spoof!*
Bob, formerly known as carl: "Haha, now that I am access ID bob, that security hacker will get a dead end when he asks the satellite to triangulate carl's position."
Guido67: "Hrm, carl is gone and the trace can't find hide nor hair of him."
Bob: "Haha, I'm safe. Ok now mr paydata, send me that file with the secret blueprints of next season's designer chihuahua booties. I can already taste the job's payoff."
Paydata: "No."
Bob: "What?"
Paydata: "No. You have no permissions for that file, how do you even know where it is?"
Bob: "But you gave me admin permissions earlier, under the account butterface!"
Paydata: "No I didn't, I didn't even know you existed until 3 packets ago. You're name is bob and I don't know anyone called bob, especially not tied to admin account butterface. Infact that account is already in use by someone with a different access ID that isn't yours, so even if you tried logging in I won't let you because butterface is already in use."
Bob: "... Please?"
Paydata: "No."
Bob: "Aww, c'mon, you know me, I'm bob, I logged in with butterface not 3 seconds ago. You remember, bob?"
Paydata: "No, you are bob, and bob is not butterface, carl is butterface, and you are definitely no carl. Now stop bothering me while I alert guido67 of your attempts to access files you have no permissions for."

*curtain draw* Fin.

[AngelisStorm]

Fun example.

Bonus points for the fun to read example. (IMG:style_emoticons/default/cyber.gif)

[Odsh]

Even if Carl changes his Access ID, he can still be traced based on the access logs to the last known location where he still had that Access ID. So I don't think Carl is safe by simply changing his Access ID to Bob. Moreover, this action would automatically kick him out of the Paydata nexus. He could, however, still log on with the account butterface.

[Odsh]

About tracing someone based on his Access ID alone, if this was indeed possible, then AI characters would be really screwed:

Artificial intelligences all have their own access ID (p. 216, SR4). This access ID is more entrenched in the core of the metasapient’s being than it is in a more mundane device or program. As a result, it takes longer for an AI to alter its access ID with a Spoof program, as it must alter and rework a part of itself. To spoof its own access ID, it must succeed in an Extended Software + Spoof (AI’s Rating, 1 day) Test.

[Neowulf]

Location of last hop, not last known location. Mr hacker was atleast smart enough to use a satlink, so the last hop is kilometers above and covers a huge geographic area. If he were to have done it from downtown megamall foodcourt, his last hop would probably end up being 10m away at the McStufferking's Taco Shack.
And yes, it did kick him out of the paydata nexus. That part about the nexus telling him no?