Hacked as admin, what can stop me? Options

[Evilness45]

Ok, my character often hack with as an admin, because it's fairly easy.
Once I'm hacked inside, what could trigger an IC?

Like, once I'm the admin, what can stop me?

[Fatum]

IC scans to blow your cover, like those Kitsune IC does.
Performing some actions can possibly cause a predetermined reaction, unless you delete those scripts first, of course.
And there are always patrolling security hackers.

[DireRadiant]

Another Admin

[Dumori]

GOD??

[DWC]

Data bombs attached to honey pots that the real admins have been specifically instructed to not touch.

[AndyZ]

Chuck Norris can stop you.

[FriendoftheDork]

GOD??

Also known as the GM (IMG:style_emoticons/default/smile.gif) So no one except the GM can stop you, which basically mean "everyone except the PCs."

No seriously, other admins and patrolling IC/security hackers can stop you. The system itself cannot stop you unless ordered to do so by another admin.

[DWC]

Also known as the GM (IMG:style_emoticons/default/smile.gif) So no one except the GM can stop you, which basically mean "everyone except the PCs."

No seriously, other admins and patrolling IC/security hackers can stop you. The system itself cannot stop you unless ordered to do so by another admin.

Actually, I think that GOD comment is a reference to the Global Overwatch Division, the Corporate Court's counter-cyberterrorism unit focused on hunting down rogue AIs.

[Dumori]

A power cut.. Or one really unlucky moment as a stray round hits the nexus your hacking shuting it down?
An meat also triggering cyber conditions.
A jammer
A few rounds to the back of your skull
some pre set almarms like any one touching the logs sets of X and one deleting or edit scripts with out doign x

[Fatum]

Actually, I think that GOD comment is a reference to the Global Overwatch Division, the Corporate Court's counter-cyberterrorism unit focused on hunting down rogue AIs.

It's Grid Overwatch Division, and they handle all major trix emergencies, not just AIs.

[rumanchu]

Ok, my character often hack with as an admin, because it's fairly easy.
Once I'm hacked inside, what could trigger an IC?

Like, once I'm the admin, what can stop me?

Well, the biggest thing that can trigger IC would be an active security spider -- they can make Matrix Perception tests (versus your Stealth, of course) to determine that you got admin access without actually having an account.

On top of that (assuming that the security model for the node in question factors this in), a spider running security audits on the system can detect your "probing the target" exploit before you have a chance to log in, if you take too long to take advantage of it.

The ever-popular GM Caveat can always trump you, as well -- one rather creative one that was used against me when I was breathing the heady air of Hubris Mountain was a hacking attempt by a (woefully unskilled) NPC hacker that prompted a (alarm-free) node reboot.

A system that requires a passkey can automatically throw an alarm up if you don't actually possess a valid passkey (regardless of your hacked user access) -- unless you hack the Access Log after every matrix action you have the node take. (Like encryption, this mostly serves to slow you down, rather than actively prevent you from doing things). (As an aside, despite the text in Unwired implying that only the most secure nodes require a passkey, it seems that almost every potentially interesting node I've come across in adventures requires passkey access).

Someone has already mentioned the Kitsune IC...aside from that, a node with sufficient resources could run Analyze on every icon present.



That's all just off the top of my head. Like so many other things in Shadowrun, the main thing that will keep you from being able to take advantage of your admin access is GM/Story caveat. There are ways to make any given node virtually unhackable to anything but the most uber of hackers (the types that FastJack looks up to). "Realistically," probably every node that a runner would be likely to *want* to hack into would be virtually impossible to get into...but that wouldn't be very fun for the sad sack who opted to play a hacker. No matter how challenging it might be for the player, any adventure that *requires* hacking to complete should have some way for the players to complete it, and any adventure that can be completely trivialized by hacking should have some way to prevent that.

(I'm not advocating a blanket cockblockery of a well-planned Matrix assault, BTW. I'm just saying that no run should end right after the meeting with Mr.Johnson by the hacker immediately rolling Hacking+Exploit and beating a threshold.)

[Fatum]

On top of that (assuming that the security model for the node in question factors this in), a spider running security audits on the system can detect your "probing the target" exploit before you have a chance to log in, if you take too long to take advantage of it.

Uh, frankly, it's the first time I hear anything like that can happen - where can the details be found?

There are ways to make any given node virtually unhackable to anything but the most uber of hackers (the types that FastJack looks up to).

Uh, FastJack is used as an example of a genius skill level in the core book. Somehow I doubt there are hackers he looks up to, minding his, what, 60-something years of experience?

[Aerospider]

Uh, frankly, it's the first time I hear anything like that can happen - where can the details be found?

Unwired pages 97 & 98. A security audit won't actually detect someone probing, but it can detect the gaping hole the hacker's looking for before the hacker finds it themselves. If the hacker is probing via AR (though you'd need a damn good reason not to do it in VR) their interval for the extended test is 1 day, so such a hacker may find that his test took so long (or his timing was just so unlucky) that by the time he's found his reusable exploit and worked out how to take advantage of it the spider's already made it secure and he has to start again.

The problem with RAW is that the target number for a spider to spot a reusable exploit is the lowest stealth of all the hackers that have been using it. Does this imply that a spider can't in fact identify a 'gaping hole' before it's been used? The text seems to imply that he can and I don't see why a system can't be made more secure without being broken into first. Another annoyance is that the interval for the spider to find it is also 1 day whether in AR or VR and whilst a whole security audit may well take several days I think it's silly that it would take that long to find just one hole that needs to be patched up.

Maybe you could set him the same threshold as the hacker and make it a race, but the spider would need the same reduced threshold for using VR to make this interesting. Alternatively set him an arbitrary threshold. Another aspect to consider is that spiders work in teams and/or shifts so they can gain from teamwork tests and from being able to work round the clock. In any event, it's mostly down to the GM to make it interesting or just ignore the option.

Uh, FastJack is used as an example of a genius skill level in the core book. Somehow I doubt there are hackers he looks up to, minding his, what, 60-something years of experience?

Rumanchu was using hyperbole to make a point.

[Ascalaphus]

I think the problem is that the exact competences of the various user levels weren't really defined. Sure, settings may be different in different systems, but you're hacking your way in to a level of power "about equal to a typical admin", so that argument's a bit thin.

Unwired does mention something about revoking all the privileges of forged accounts (and booting them without a check), as opposed to someone with forged access equivalent to an account (who must be removed with a lot more force.) In the latter case, as long as you can still perform Admin-level actions, I'd say you could cancel an alert.

Alerts are something triggered by hackers, but also occasionally by legitimate users. A security spider trying to squeeze in an upgrade that's just a bit too newfangled for the Firewall to appreciate. A sloppy admin. A user who innocently does all the wrong things. It needs to be possible to cancel alerts against bona fide users, and hackers should be able to use that.