Hacking proof Metalinks?, The advantages of subscription limits. Options

[Hamsnibit]

Last session i had an idea which might provide an absolute hacksafe link.
Setup would be the following:
Set up a favoured number of proxies.
Let one of them be a Meta Link or any other Standard Node with System 1.
A Sys1 Node can only support 2 subscriptions one would be your own, the other could be filled with a drone idling in the node a another link you have so that the subscription limit is reached.
Any attempt to access the node without above data request level requires a subscription, hacking attempts require a subscription.
So any attempt to hack this node would incredibly slow down any matrix traffic or completely crash it by RAW so there would be no way to slip into it unnoticed.
Any hooks or flaw i might have overseen?

[_Pax._]

(1) Capture Wireless Signal on the Metalink, determine which subscriptions are which.

(2) Spoof a "log off and unsubscribe" command from the Drone. Note that you can Spoof a command without an account on either node.

(3) Hack the metalink at your liesure.

...

I'm assuming your "real" comlink it directly wired to the "bottleneck" link, or that the hack is coming from beyond your "real" comlink's signal range.

...

Really, there's no such thing as a "hack proof" system, if it EVER connects to ANYTHING outside itself. What there is, however, is "sufficiently protected" or "hack resistant". And it doesn't have to cost a zillion Nuyen, either.

Start with a Hermes Ikon (Response 4; Signal 3; 3,000 (IMG:style_emoticons/default/nuyen.gif) ).

Add the Novatech NAVI operating system (System 4; Firewall 3; 1,500 (IMG:style_emoticons/default/nuyen.gif) ).

Upgrade the firewall all the way to 6 (3,000 (IMG:style_emoticons/default/nuyen.gif) ).

Install Analyze 4 (400 (IMG:style_emoticons/default/nuyen.gif) ) and Encrypt 4 (400 (IMG:style_emoticons/default/nuyen.gif) ). These will be running always.

If you have access to Unwired, have the comlink "Optimised" for Frewall (500 (IMG:style_emoticons/default/nuyen.gif) ).

Finally, set the number of User and Security accounts to zero. You've spent 8,800 (IMG:style_emoticons/default/nuyen.gif) so far (and may want to buy a few additional useful programs - Browse, Edit, Command, and so on).

...

Anyone trying to Hack on the fly to get in, will face a threshold of 12 (Firewall 6, +6 for an Admin account). They also face the problem of the entire node being encrypted - hence that rating 4 Encryption program you paid for. That adds another couple of combat turns, maybe 2 or 3, before they can DO anything with their shiny new Admin account, once they manage to get in.

And your 'link will be trying to otie them, too - that's what the Analyze 4 progam is for. If they hack on the fly, then EVERY COMBAT TURN, the 'link gets to roll Firewall + Analyze (+1 due to optimisation) to detect them, against a threshold of the Hacker's Stealth program, if any. If they take a slower approach, the 'link gets only one roll ... but, the hacker needs TIME to do it that way, and you can just habitually reboot your link at semirandom intervals to voil THAT.

If and when the Hacker is detected, the 'link can simply be scripted to automatically disconnect them. That's a Firewall + System (again, +1 for Optimisation) roll. And almost certainly, +4 more due to a Restricted Alert being triggered against the Hacker!

...

What it boils down to is this: for under 9,000 (IMG:style_emoticons/default/nuyen.gif) , you've got a 'link that will take at least 3 to 5 combat turns to hack into. Combat turns during which you can be shooting at the hacker, if you're in combat. (IMG:style_emoticons/default/smile.gif)

[CanRay]

Daisychain Commlinks. Use a bunch of MetaLinks with random "Paydata" (virus filled POS files that Fixers will hate the person they bought them from), until you get to your REAL commlink. (IMG:style_emoticons/default/nyahnyah.gif)

[SpellBinder]

Either people forget it, overlook it, or just plain ignore it from Unwired, page 55: "... A persona can only maintain a number of subscriptions equal to the size of its subscription list (System x 2). If more subscriptions are assigned, each additional subscription over the limit counts as an additional program run on the node and may lead to Response degradation."

But I like CanRay's idea of infected paydata. Also, you don't need to habitually reboot your commlink as Pax suggested. Install a spoof chip (found in Arsenal, page 105), and use it to change your access ID, which will sever all connections (Unwired, page 53, "Behind The Scenes"), and is substantially much faster.

[CanRay]

Hit the people who hack you where it hurts: Their Connections.

[toturi]

Hit the people who hack you where it hurts: Their Connections.

If they have any.

[CanRay]

If they have any.

People, even E-Ghosts, don't exist in a vacuum. The viruses I think of would affect contact lists.

Or, even worse, turn a high-end Commlink into a Spam Bot that has the user locked out. He has to hack his own 'link with a POS from Stuffer Shack just to get it back. (IMG:style_emoticons/default/biggrin.gif)

Meanwhile, that really big troll coming his way is really, really upset about all the Humanis Policlub spam that's flying out of his Commlink, and wants to have a few "words" with him as they take a trip "around the block".

[Thirty Second Ar...]

Every time the subject of defending against being hacked is brought up, I always remember SR4A p.314.

Any device's wireless capability can be turned off with a simple command. Of course, that means it needs to be turned back on manually, unless you set it to reactivate at a specified time.

Why bother loading your commlink with a bunch of specialized software when you can just turn your wireless off entirely and make the opposition have to plug an optical cable into your datajack to hack you? Just run a second, cheap-as-hell commlink for your fake SIN, check your messages on your personal 'link once a day or so, and you're golden.

[SpellBinder]

Because you can't always run your SOTA commlink with the WiFi turned off all the time, and you could alienate your fixers (and other contacts) if they can't get in touch with you on their schedule.

[Umidori]

@Thirty Second Artbomb

Well having a wireless enabled commlink really helps on runs and in combat. Unless you wanna carry around old fashioned walky-talkies to communicate during a running gun battle, I guess. (IMG:style_emoticons/default/nyahnyah.gif)

~Umi

[kzt]

Well having a wireless enabled commlink really helps on runs and in combat. Unless you wanna carry around old fashioned walky-talkies to communicate during a running gun battle, I guess. (IMG:style_emoticons/default/nyahnyah.gif)

Do your players also run around with DocWagon's tracking devices clamped to their wrists too? The ones that continually feed DocWagon your location in real-time? Just like you can trust DocWagon promises that it won't make use of any of that data, nor allow anyone else access to it, I'm sure the nobody in the company that you are buying your wireless service from won't do any correlation between their hi-resolution location data and news reports of "terrorist incidents" for which sizable anonymous rewards are offered. (IMG:style_emoticons/default/sarcastic.gif)

[Umidori]

I was under the assumption that they didn't transmit anything until they were triggered by severe wounding? I've never actually bothered to get any of my characters a DocWagon subscripton anyway.

~Umi

[SpellBinder]

Well, if you're really that concerned about the WiFi of your possessions, don't forget to kill the tags in your underwear (IMG:style_emoticons/default/wink.gif)

And I too was under the impression that tags from DocWagon included a biomonitor that signaled only after the bearer was severely hurt.

[Koekepan]

You can't really get an entirely hacking-proof system. Even if the commlink is somehow inaccessible, links to and from it can be spoofed, jammed, or generally interfered with. Anything which reduces it to a state in which it doesn't do what you got it for is a meaningful attack on some level. If you're a hacker feeding tactical data to your team, or waiting for tactical data from your hacker, that can be a major problem.

If you really want to interfere with attackers, you need to employ all of the classic approaches: defence in depth, misdirection, counterattack and alternative plans. Can your commlink communicate via visible light? Ultrasonics? Steganography? Tunneling through a link to a waveguide? Highly directional antennae? Probably, you just need to find a way to hook it up. Have two extra commlinks: one which is cheap and nasty (the obvious fake) and one a little more serious-looking (the honeypot). Monitor the honeypot and you know that any connections into it are uninvited. Work something out for virtualisation, whether physical (a directly attached extra operational system, running code under supervision) or a true virtual system. Use a client/server approach with your real heavy lifting happening remotely. Have alternative remote systems.

Really, you don't have to go too far down the rabbithole to totally frustrate most attackers, and if what you're buying is time, you usually don't need much. If what you want is a dedicated, single-purpose system then removing all nonvolatile writable storage (or removing the write functions in hardware) means that a power off/on cycle is all that's needed to restore it to a known state, and this is the sort of thing a creative player of a hacker could absolutely find a way to do within the rules.

[kzt]

And I too was under the impression that tags from DocWagon included a biomonitor that signaled only after the bearer was severely hurt.

I don't think they actually say that, now do they? Are you willing to bet your life on that? Any system like this needs to be sending data whenever it sees anything "interesting", or when the central system polls it to see if it's properly operating, and it needs to know exactly where it is all the time so it can send that immediately.

So I suspect it's like Lojack in cars. Which is actually transmitting the tracking signal all the time, not just when it gets reported stolen. (Though it transmits a lot more when remotely activated by the company).

So yeah, don't take that on a run.

And tracking your comlink is easy. Given that people calling you have to get routed to the right transmitter to talk to you, your communications provider knows precisely where you are. It's exactly like the cops tracking your cell phone, though with much higher precision. Your cell phone carrier maintains at least a 90 day track of your movements every few seconds based on the cell towers it hits, so you can be tracked to a minimum of 50 meters in cities and a few miles in the sticks. With more modern gear it's more like 10 meters in cities and 50 meters in the sticks. I suspect in SR it's meter accuracy.

So don't take a comlink that you actually use outside of runs on runs either. (After all, do you really need or want to have your fixer call you as you are hacking the target's security system?) Because the cops will pull the records to find all the comlinks that were present during the time of the crime, subtract all the ones that belong to people who were supposed to be there, and then see where the comlinks that they can't explain are right now.

[SpellBinder]

Just checked, and actually it does say there's a biomonitor with the tag (along with other important info). However I never said I had characters (or players, for that matter) who had DocWagon contracts. No bets made.

As for tracking your commlink, well, there's already been posts saying to have multiple, so what if you have your day-to-day use commlink in public mode (as is likely required in many parts of the city), but your SOTA commlink (which you may carry as you have no idea when a job calls) is in hidden mode? Simple cursory scans are gonna turn up your publicly active commlink, and unless you're doing something rather stupid (like carrying around a Panther XXL), the local LEOs aren't likely to give you a second look. When you're going to meet the Johnson, just switch that D2D commlink off completely, or edit the data later.

At this point it boils down more to "don't look like you're trouble and the cops won't give you trouble" and what should be a standard CYA policy regarding the data in any/all commlinks (and other wireless devices) you possess.

[Aerospider]

I don't think they actually say that, now do they? Are you willing to bet your life on that? Any system like this needs to be sending data whenever it sees anything "interesting", or when the central system polls it to see if it's properly operating, and it needs to know exactly where it is all the time so it can send that immediately.

So I suspect it's like Lojack in cars. Which is actually transmitting the tracking signal all the time, not just when it gets reported stolen. (Though it transmits a lot more when remotely activated by the company).

So yeah, don't take that on a run.

The description does specify that it needs to be activated. Honestly, if DW wasn't throwing straight dice with these things it would be public knowledge in short order and both sales and market confidence would fall through the floor. What kind of runner doesn't very quickly realise he's constantly feeding incriminating evidence wirelessly from his own person?

And tracking your comlink is easy. Given that people calling you have to get routed to the right transmitter to talk to you, your communications provider knows precisely where you are. It's exactly like the cops tracking your cell phone, though with much higher precision. Your cell phone carrier maintains at least a 90 day track of your movements every few seconds based on the cell towers it hits, so you can be tracked to a minimum of 50 meters in cities and a few miles in the sticks. With more modern gear it's more like 10 meters in cities and 50 meters in the sticks. I suspect in SR it's meter accuracy.

Nope, 50 metres.
P.232 Track User

[Aerospider]

And your 'link will be trying to otie them, too - that's what the Analyze 4 progam is for. If they hack on the fly, then EVERY COMBAT TURN, the 'link gets to roll Firewall + Analyze (+1 due to optimisation) to detect them, against a threshold of the Hacker's Stealth program, if any.

Better than that - the node rolls once for every Hack on the Fly action. So could be multiple times a turn and some turns it might not roll at all.

If they take a slower approach, the 'link gets only one roll ... but, the hacker needs TIME to do it that way, and you can just habitually reboot your link at semirandom intervals to voil THAT.

I would dispute this notion. The probing method does not have to be done in one continuous sitting (nor does on the fly, really, but why not probe if you have the time?), so can you offer sound logic or citation that indicates a reboot will undo all the hacker's progress?

[hobgoblin]

Either people forget it, overlook it, or just plain ignore it from Unwired, page 55: "... A persona can only maintain a number of subscriptions equal to the size of its subscription list (System x 2). If more subscriptions are assigned, each additional subscription over the limit counts as an additional program run on the node and may lead to Response degradation."

There is also the issue that subscriptions are persona related, not node related. As such, it appears that they only count for outgoing connections, not incoming.

[_Pax._]

I would dispute this notion. The probing method does not have to be done in one continuous sitting (nor does on the fly, really, but why not probe if you have the time?), so can you offer sound logic or citation that indicates a reboot will undo all the hacker's progress?

*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. (IMG:style_emoticons/default/smile.gif) Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.

[hobgoblin]

*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. (IMG:style_emoticons/default/smile.gif) Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.

Probing or on the fly hacks do not provide access to a pre-existing account, just rights equivalent to the desired level set before starting the hack.

[Aerospider]

*shrug* Set the link to completely purge all accounts except the root account accessed by physically holding the 'link. Also set it to refresh/replace every password, security code, etc. Voila, all their probing is for naught. (IMG:style_emoticons/default/smile.gif) Doubly-so, if you have Spoof Chips, which would even generate a new AccessID upon rebooting the 'link.

That won't work either. As hobgoblin rightly said, no account is provided either during or after hacking either way. When probing the hacker is laboriously traipsing through the code to find a re-usable exploit. You can reboot as often as you like and mess around with any and all settings and passcodes, but you can't make the hacker forget what he's already learned and ruled out. Nor can you plug the gap before he finds it because there will always be other gaps to find.

[Koekepan]

That won't work either. As hobgoblin rightly said, no account is provided either during or after hacking either way. When probing the hacker is laboriously traipsing through the code to find a re-usable exploit. You can reboot as often as you like and mess around with any and all settings and passcodes, but you can't make the hacker forget what he's already learned and ruled out. Nor can you plug the gap before he finds it because there will always be other gaps to find.

Not entirely true. If you have offline logging (or logging to a separate system) as would be the case if you'd set up a honeypot, then you have the hacker's attack vector. In other words, you know where he's coming from, in terms of direction, ID or whatever. An immediate approach to a defence against that is to lock out those sources. Bam, doesn't matter what he learned or how he wrote it on his cortex in words of fire, he now needs a whole new connection vector or he's wasting his time.

You can even pre-emptively sort that out, in a fire team control scenario, by locking acceptable input and output vectors to pre-arranged connections, i.e. your team's commlinks. Your attacker is forced to start with the inherent challenge of finding an ID, medium and other combination to which your commlinks will even listen. Even if he's a complete stud who somehow manages to force one of the systems to accept his communications by insert-deus-ex-machina-here, that at best gives him a door through which to try hacking and hope he doesn't get identified. If everyone in your team has a throwaway and a honeypot, he can savagely dominate every single honeypot the team has, forcing them to do his bidding and play the macarena ... while your boys get their jobs done.

And frankly, if you're stupid enough not to have a go-dark-protocol because you just assume that all your gear will work perfectly and never suffer interference, you deserve to lose, and lose hard. After all, at worst the hacker of the team shuts off his gear and pulls out a medkit, while the sammie laughs, tosses off the broken electronics, and prepares to bring the real pain.

I mean, I hope teams make contingency plans. I certainly plan for them when I lay out corporate security teams. This isn't speculation, this is standard real world stuff.

[Aerospider]

@Koekepan
interesting. Doesn't contradict anything I've said, but still interesting.

[LurkerOutThere]

*sigh*

Ok here's the deal kids, hacking is an abstract system for what is ultimately a very complex process. As a GM when a player wants to start futzing around with subscription limits, processors, honeypots, proxies, etc the very first thing i'm going to do is look at your character sheet and see if you have pretty significant levels of in the related computers and hacking skills. If you don't your attempts automatically do nothing. If you do i'm going to apply some level of situational modifiers or reasonable hoops to jump through for my incoming hack roll and then succeed or fail using the existing system. That is the whole point of hacking, you find a way through the other guys systems. If Joe on the street Hacker can find a way to make his teams comms "unhackable" then you can certainly believe that the corps with orders of magnitude more resources can do the same. A whole section of the game shuts down and more people end up playing mages.

TLDR Version:
1) Hacking must be possible, always. It's a basic facet of the game world and the system.
2) Nothing your character can do is completely to them. Therefore any nifty trick that you can come up with other people can use or discover independantly. When many people do this it becomes a new standard and then ways are invented to beat it.
3) Play the game, don't game the game.