Hacking bank accounts, Or: Pocket hacker is the best investment money can buy? Options

[FuelDrop]

The commlink is stated to be the hub of your online life. It's how you do your banking, update your facepage, even prove your identity. However, even the best civilian OS and data is looking at about firewall 3 analyse 4 (assuming a top-of-the-range commlink and off-the-shelf OS, plus a pro user suite. Obviously custom gear is going to be better, but how many day-to-day citizens are going to be carrying that?). In RL many people leave their computers and phones on overnight, and it's not unreasonable to assume that the trend has continued in the sixth world.

So what's to stop you parking your van outside of a middle class household and setting your pocket hacker to work making itself an admin account in the householder's 'link while they sleep (Or if they're not running top of the range gear you could even have it hack on the fly when they're across the street from your cafe. analyse 2 and firewall 2 is unlikely to notice the intrusion of even a pocket hacker unless they're unusually lucky or you're unusually unlucky, and with a few upgrades the odds are even further in your favor). Once you have an admin account, authorized a money transfer to a temporary account which then gets picked up by your friendly neighborhood money launderer for 30%.

Obviously not every runner is going to be happy robbing the working classes of their life savings, and once in a while you'll find someone security conscious enough to have set their commlink to powercycle on the hour every hour (which leaves hacking on the fly as your only way in, and a pocket hacker isn't really ideal for getting past higher level security like that).

Thoughts?

[_Pax._]

Those same people aren't going to HAVE a lot in their accounts, for you to steal. Thus, it is (or shuld be) a sideline to a runner's "real job".

(But the option should be considered a cautionary tale for GMs that tend to be stingy with payouts ...)

[SpellBinder]

There's your reputation to deal with. How are Johnsons and other shadowrunners gonna feel about a hacker who spends his/her time robbing the common wageslave? Even such a hacker might be the laughingstock of the community by wasting his time on such rather soft targets.

And as Pax said, those people aren't likely to have a lot in their accounts. Is such nuyen worth the risk of a hacker's bleeding edge commlink & software? Even if it's laundered the nuyen is still going to have a data trail. Maybe very difficult, but not entirely impossible to track down, and all it takes is one FUBR to ruin it all.

[FuelDrop]

That's why I said a pocket hacker. it's an agent program that costs a touch under five grand and can be told to go hack people for your non-hacker character. it's not particularly good and it's dead if they have some active IC, but still...

[tsuyoshikentsu]

I want you to download Uplink: Hacker Elite (if you don't already have it), and try to hack a bank without using InterNIC as a bounce.

Good luck with that.

[Lionhearted]

In my book any transfer above everyday merchandise (like 1000¥) or an alloted daily withdrawal limit would request an authorisation from the bank account, like a pin code/ generated authentication number or a biometric scan.
Banks while maybe not giving two shits about their customers realise that e-theft is bad for biz and would implement cheap but fairly secure roadblocks, heck they do that today

But thats just my two cents

Edit: Just an example, for my online games I got an physical authenticator. It's the size of my thumb, has batteries that last a lifetime, cost about 5$ to make and makes hacking a total bother.
The way that it works is that it's linked to the account via a serial number that serial number serves as a quickhand for the algorithm that it uses to create codes, each time you press the button it generates an 8 digit code that is functional for one minute, after use the code is defunct. What that means is that unless they get access to the physical device it's gonna be a total pain in the arse to crack (not impossible, just way beyond cost effective). There's a good reason banks use them aswell

[FuelDrop]

In my book any transfer above everyday merchandise (like 1000¥) or an alloted daily withdrawal limit would request an authorisation from the bank account, like a pin code/ generated authentication number or a biometric scan.
Banks while maybe not giving two shits about their customers realise that e-theft is bad for biz and would implement cheap but fairly secure roadblocks, heck they do that today

But thats just my two cents

Edit: Just an example, for my online games I got an physical authenticator. It's the size of my thumb, has batteries that last a lifetime, cost about 5$ to make and makes hacking a total bother.
The way that it works is that it's linked to the account via a serial number that serial number serves as a quickhand for the algorithm that it uses to create codes, each time you press the button it generates an 8 digit code that is functional for one minute, after use the code is defunct. What that means is that unless they get access to the physical device it's gonna be a total pain in the arse to crack (not impossible, just way beyond cost effective). There's a good reason banks use them aswell

And that's why I start threads like this: so that people who actually think things through can poke holes in my ideas before I implement them... thus letting me make bigger, better mistakes later!

[Lionhearted]

If cleaning out bank accounts was easy why would anyone ever risk their neck on a run? (IMG:style_emoticons/default/smile.gif)

[FuelDrop]

If cleaning out bank accounts was easy why would anyone ever risk their neck on a run? (IMG:style_emoticons/default/smile.gif)

Because clearing out bank accounts is probably going to call down more heat in the long run? After all, going after the hacker who stole old Granny Johnson's pension is going to be VERY good press and is probably not going to rack up your medical bills as a security corp, where as tracking down some shadowrunners who officially didn't break into a facility that doesn't exist and stole a prototype that never was isn't going to get much public support (cos you can't tell them without risking your contract) and is likely to get some of your guys shot.

[ShadowDragon8685]

I'd call doing this a good way to handwave a hacker getting Cash for Karma, honestly. You're not gonna be able to steal much unless you, yourself, are a hacker rocking six-rated programs and can park in a residential neighborhood in Hot Sim VR and brute-force every Rating < 3 commlink you can find; and even then, if you get a lot, various checks and balances against you doing exactly what you propose to do are going to mean your options for using the money are going to be limited to "right now" and require laundering such that the datatrail stops with someone that ZOG can't just demand the records from. Which, of course, means filtering it through organized crime, and they're gonna want a cut which is likely to be 50% or greater.

[Halinn]

Don't forget that the 6th world is saturated with wireless nodes. When you're just doing a general scan for every rating < 3 thing you can find, you'll pick up tons of random stuff to sift through.

I think you might want to look at setting that pocket hacker up to Mass Probe (unwired p 99). That should get you admin access to around 200 nodes in a month, of which you at least should be able to make rent, even when unlucky with which ones you hit.

[NiL_FisK_Urd]

Just use the "spoof lifestyle" rules for it ^^

I think you might want to look at setting that pocket hacker up to Mass Probe (unwired p 99). That should get you admin access to around 200 nodes in a month, of which you at least should be able to make rent, even when unlucky with which ones you hit.

That's why you use the degrading dice ppol rules - then your pocket hacker won't hack anything.

[Mantis]

Also, if the average wage slave is anything like the average person today, they don't actually have all that much money. What they have is credit and debt. They work to pay the interest on the debt they incurred to get the stuff they want. So at best, you would be hacking their credit account and credit card companies tend to take that sort of thing pretty seriously. Not to mention the itemized data trail of what you bought with the credit, daily credit limits, etc, etc, etc.
I'm not saying you can't do it but much like stealing cars for a living, it isn't really a shadowrun thing to do. The hassle and the actual payout should be less than what you make running otherwise the game would be cartheftrun or creditcardrun.

[Halinn]

I'm not saying you can't do it but much like stealing cars for a living, it isn't really a shadowrun thing to do. The hassle and the actual payout should be less than what you make running otherwise the game would be cartheftrun or creditcardrun.

And indeed, if you want to do non-shadowrunny illegal things to make a living, other threads have explored that option thoroughly. I won't go over the details for fear of starting the arguments again, but stuff like chemistry can mass-produce items with a high street value.

[Tymeaus Jalynsfe...]

And indeed, if you want to do non-shadowrunny illegal things to make a living, other threads have explored that option thoroughly. I won't go over the details for fear of starting the arguments again, but stuff like chemistry can mass-produce items with a high street value.

Which, like Mantis alluded to above, makes the game ChemistRun rather than Shadowrun. (IMG:style_emoticons/default/smile.gif)

[ShadowDragon8685]

Which, like Mantis alluded to above, makes the game ChemistRun rather than Shadowrun. (IMG:style_emoticons/default/smile.gif)

At least until you have to start breaking bad just to turn your profit. Then it turns into Shadowrun: Fun with Chemistry.

[Tymeaus Jalynsfe...]

At least until you have to start breaking bad just to turn your profit. Then it turns into Shadowrun: Fun with Chemistry.

*shrug* Sounds boring to me.

[Sengir]

Welcome to one of the fundamental problems of the Matrix: Hackers should have a reasonable probability to get into an R. 4 security cam, but the average personal commlink has a far laxer security...

A houserule I'm currently tinkering with is to let devices block everything coming from the outside, which translates into +X (yet undetermined) on the Firewall. The average private commlink has no need for external access, therefore can claim this bonus. A security cam or corporate system needs to be accessed remotely, which also makes it easier (or rather, not more complicated) for hackers.

[NiL_FisK_Urd]

Or just requiring transactions above 10nY to confirm with a biometric scan on the comlink.

[SpellBinder]

Or just requiring transactions above 10nY to confirm with a biometric scan on the comlink.

Which can be bypassed if the hacker first edits the bit of code of the requirement to make it think it got the biometric scan for the transaction when in actuality it didn't (though, assuming said hacker finds or thinks to look for such code first).

In "Anatomy Of A Shadowrun", a hacker edited a program that monitored for blowing dust and patterns in a security camera so that they could feed it a looped video without setting off an alert; a simple edit of a true/false statement so it was always true/true.

[NiL_FisK_Urd]

Which can be bypassed if the hacker first edits the bit of code of the requirement to make it think it got the biometric scan for the transaction when in actuality it didn't (though, assuming said hacker finds or thinks to look for such code first).

Well, if you can hack the node this bit of code is on, you deserve the money ... have a look at Unwired, p. 78/79: "Zurich Orbital Terrestrial Substation".

[Sengir]

Or just requiring transactions above 10nY to confirm with a biometric scan on the comlink.

Just wait for the next time the user makes a scan, record the biometrics, problem solved. And in either case, it does not protect sensitive data on the device.

[ShadowDragon8685]

Well, if you can hack the node this bit of code is on, you deserve the money ... have a look at Unwired, p. 78/79: "Zurich Orbital Terrestrial Substation".

So to make any transaction larger than 10 (IMG:style_emoticons/default/nuyen.gif) you have to walk to into a Zurich Orbital bank and put your thumbprint on a machine?

Yeah, somehow I think ZOG would suddenly become the least popular bank in the world.



You're hacking the guy's commlink. It's only going to be like, Rating 3, 4 at the most, if he's an average joe schmoe. You can make the commlink believe it has received the biometric authorization.

[Shemhazai]

You can use an AI to hack. Don't you think the bank will have an AI that would notice the weird account-emptying behavior? You had better hope that your security is strong. They might quickly find out where you're parked.

[Halinn]

You're hacking the guy's commlink. It's only going to be like, Rating 3, 4 at the most, if he's an average joe schmoe. You can make the commlink believe it has received the biometric authorization.

Probably it sends the biometrics from him to the bank's nexus to ask "Hey, does this match what's on file?". It would still be easy, but the process would be more like "send the same biometric data you sent last time, with the following changes..." (changes in the metadata, i.e. time, location and the like).