Given that a minispydrone is in a location it's not supposed to be, a place with security that should be on the lookout for just this type of thing. Taking an general security hacker with Electronic Warfare 5 and Scan 4, to detect this drone, he'll get two to three hits each IP. Making it easier on the runner, we'll say he's in AR mode and he only gets two hits each combat turn. The test to find hidden nodes in general is EW + Scan (15+, 1 turn). So in eight turns (24 seconds), the security hacker will detect the bug. If we add a Stealth 6 program to the drone and add the Stealth rating to the threshold, the drone will be detected in just 33 seconds.
Doesn't this seem completely wrong to anyone else?
Full Version: Hacking: detecting bugs
Nope it just means that if a Corp has a network and is paying for a dedicated Hacker to maintain security for the site then a spy drone is not going to be the best option for the runners to utilize.
No, it means spy drones are useless... as Lone star watches everypart of a city with A or better sec rating
I assume the drone is operating in hidden mode. What if you instruct the drone to turn off its wifi and only connect once an hour to download any content.
This should limit the exposure to the infiltration, the wifi data burst and the extraction. It's unlikely that EW surveillance will be continuous, so the drone is pretty much invisible.
Then you're into the realms of trying to spot bugs, for which I can't find any rules. But you're looking for, I guess, some sort of opposed roll between searcher and drone with threshold of at least 4 for the size thing. Intuition + perception vs pilot + stealth autosoft for physical search, or intuition + EW + scanner rating vs pilot + EW autosoft for electronic search, the second search stands a much better chance, which mirrors reality as most people use bug hunters not eyeball mk 1.
This should limit the exposure to the infiltration, the wifi data burst and the extraction. It's unlikely that EW surveillance will be continuous, so the drone is pretty much invisible.
Then you're into the realms of trying to spot bugs, for which I can't find any rules. But you're looking for, I guess, some sort of opposed roll between searcher and drone with threshold of at least 4 for the size thing. Intuition + perception vs pilot + stealth autosoft for physical search, or intuition + EW + scanner rating vs pilot + EW autosoft for electronic search, the second search stands a much better chance, which mirrors reality as most people use bug hunters not eyeball mk 1.
| QUOTE (cartoonlad) |
| The test to find hidden nodes in general is EW + Scan (15+, 1 turn). |
Is that the test to find any and all hidden nodes, or just a particular hidden node that you expect to find with some work?
Also, spoof the bugger's ID. if they think it's a poster on the wall, they won't care if it's there.
| QUOTE (Vector) | ||
Is that the test to find any and all hidden nodes, or just a particular hidden node that you expect to find with some work? |
That's to find all of the hidden nodes. Finding a particular one is threshold 4.
Calypso
Well, to find a particular node that you expect to be there, you first have to expect it to be there. if you have no reason to do a sweep, chances are you aren't going to find it.
This is also a good use of the Skill limit on rolls.
This is also a good use of the Skill limit on rolls.
| QUOTE (Nikoli) |
| Well, to find a particular node that you expect to be there, you first have to expect it to be there. if you have no reason to do a sweep, chances are you aren't going to find it. This is also a good use of the Skill limit on rolls. |
Indeed. Lonestar personell, and security deckers are people too. People are sometimes lazy, or distracted. People especialy when working a 8 hour shift and are waiting to go home probably won't look as hard, if at all.
that falls under the distracted penalty.
But remember perception gets a +3 bonus if you are focusing only on finding something. Now, just how many times can a reasonably intelligent (2 to 3 Logic/Intuituin) be expected to focus that hard on something in the 6th hour of a shift?
But remember perception gets a +3 bonus if you are focusing only on finding something. Now, just how many times can a reasonably intelligent (2 to 3 Logic/Intuituin) be expected to focus that hard on something in the 6th hour of a shift?
I think the lesson we learned is that it's better to make your spybot part of the background noise (i.e.: spoofing to look innocent) rather than to outright hide it.
If you think you've been discovered, THEN go into hidey mode and attempt to relocate the drone to a safe retrieval position before shutting it down. As illustrated above, you have maybe half of a minute (on average) for the cops to tag your toy once they start looking.
If you think you've been discovered, THEN go into hidey mode and attempt to relocate the drone to a safe retrieval position before shutting it down. As illustrated above, you have maybe half of a minute (on average) for the cops to tag your toy once they start looking.
| QUOTE (Azralon) |
| I think the lesson we learned is that it's better to make your spybot part of the background noise (i.e.: spoofing to look innocent) rather than to outright hide it. If you think you've been discovered, THEN go into hidey mode and attempt to relocate the drone to a safe retrieval position before shutting it down. As illustrated above, you have maybe half of a minute (on average) for the cops to tag your toy once they start looking. |
Ya, this is similar to the thread about teams using commlinks during an operation. Only run Hidden mode if there are other IDs around that you can spoof as that would normally be Hidden. Basically hide by fitting in.
The scan program doesn't list "all nodes" in a radius. It search for a PARTICULAR node... So, if you're running a spy drone in an area, the lone star patrol will have to KNOW that you're running that drone if they don't spot it with their eyes!
However, if they spot it with with their eyes, they will have to launch scan program if they want to locate the wireless network to then track it. And only THEN it will take 33 seconds.
However, if they spot it with with their eyes, they will have to launch scan program if they want to locate the wireless network to then track it. And only THEN it will take 33 seconds.
Which is why you give it a dummy Security RFID that is connected to a fake commlink ID that has a legit purpose for the Flybot to be there. Meanwhile your upgraded flybot response, pilot and firewall are connected to yours. would you really continue looking once you found something remotely plausible? Lonestar is like most cops, if it looks like a duck, smells like a duck and quacks like a duck but the ID says Mallard, they probably aren't going to call for an expert to see if it's really a Baikal Teal, they'll call it a Mallard and leave it at that.
| QUOTE (JesterX) |
| The scan program doesn't list "all nodes" in a radius. |
| QUOTE (SR4 p. 225 Detecting Wireless Nodes) |
| If you’re just scanning for hidden nodes in general, or trying to pick the hidden nodes out from the non-hidden one, make the same Extended Test noted above but with a much higher threshold: 15+. |
Right. So it looks like you get a list of all hidden nodes in the area, then just have to make that EW+Scan (4) test to isolate the suspicious one. So make that subtitle "Busted in 33 seconds"
But how do you decide which hidden node is suspicious? I mean, since almost all gadgets are wireless (and online), you will get thousands/millions of active, passive and hidden nodes.
SYL
SYL
Hidden Nodes are always suspicious - they are unusual and sometimes illegal.
or just someone that value their privacy...
Yeah, thats unusual.
so, the best way to hide a transmitter in SR4: leave it in active mode but have it fake what it is (like say a temprature monitor or something).
| QUOTE |
| But how do you decide which hidden node is suspicious? |
If you're scanning the interior space of a building every twenty mintues or so, always come up with 57 hidden nodes, and all of the sudden you get 58 nodes on this sweep, you take the log of the prior sweep, compare it to the hits you get on this one, and find out what the new one is. Then do your EW+Scan(4) test to locate the anomaly, radio the security station on that floor, and they walk into the conference room to find the bug.
I think hobgoblin has it correct: "Hi, I'm just a motivational poster!" With all the broadcasting nodes moving in, out, and around an office building, it's easier to disguise the bug in all that clutter than to hide it.
Actually, original posting credit for that idea goes to Nikoli.
So nice to be recognized.
I use that for my character, carrying two commlinks. One decoy with nothing useful in standard mode or passive, as is appropriate for the area, never hidden. the main comm is always hidden and has firewall & stealth out the wazoo.
I use that for my character, carrying two commlinks. One decoy with nothing useful in standard mode or passive, as is appropriate for the area, never hidden. the main comm is always hidden and has firewall & stealth out the wazoo.
| QUOTE (Rotbart van Dainig) |
| Hidden Nodes are always suspicious - they are unusual and sometimes illegal. |
In a world of corporate espionage and assassinations? In a world war fought in the shadows? Millions of people will have only hidden nodes: bodyguards, peacekeeping soldiers, police officers, execs ... and of course the professional criminal.
Yes, in SOME areas they are illegal. Or better: suspicious.
SYL
Those folks with legit reasons for hidden mode in high security areas will present their license or other pertinent information when requested by an authorized Agent of the Law (Drone or otherwise).
| QUOTE (Nikoli @ Sep 27 2005, 09:58 AM) |
| This is also a good use of the Skill limit on rolls. |
BTW: isnīt the recommended limit for extended rolls the dice pool, not just the skill level?
For the main topic: IIRC the threshold was 15+ ... now we can speculate what the " + " means in an urban environment with a fast changing mixture of passive, active and hidden nodes.
I assume that you can only detect active hidden nodes (they must send data). Would it be possible to kill and re-establish the connection after a specific time span, so that the security hacker has to begin an new detection round?
And: what about micro transceiver? Do they count as nodes too (regarding electronic warfare and detection)? I would say yes.
SYL
apple, what makes you think that police would not have active or passive PANs? If nothing else so that the SINful can immediately call them for help without having to search them out.
Whicn brings a side point, when a guard, cop, or target can send out an SOS with a simple button press or thought it makes keeping things quite that much harder.
Whicn brings a side point, when a guard, cop, or target can send out an SOS with a simple button press or thought it makes keeping things quite that much harder.
Which is why jammers are so important as well as ECCM. However, a rating 5 signal and SCCM basically renders jammers moot. I thin you should be able to use Logic+E. Warfare to up the "DV" of the jammer to make it more effective. with E. Warfare+ECCM to counter or "dodge"
| QUOTE (Vector) |
| apple, what makes you think that police would not have active or passive PANs? If nothing else so that the SINful can immediately call them for help without having to search them out. Whicn brings a side point, when a guard, cop, or target can send out an SOS with a simple button press or thought it makes keeping things quite that much harder. |
For example because of this:
| QUOTE ("SR4 224") |
No covert ops team worth its rep is going to sneak up on a target with their PANs active—they’d be toast to anyone keeping an eye on the airwaves. |
Simple security. A normal street cop on patrol perhaps have an active commlink (in this case you are right, on the other side: given the high technological standard, every call to Lone Star could be automatically routed to the next cop, after all, your commlink acts as a GPS, too), an undercover cop, a SWAT Team, a civilian cop could be a different story.
SYL
Problem is - those would be perhaps operationg some things in Hidden Mode, but in most circumstances, it would respond to verification requests appropriatly.
BTW - the quote does state 'Thou shalt maintain complete radio silence'
BTW - the quote does state 'Thou shalt maintain complete radio silence'
| QUOTE (Rotbart van Dainig @ Sep 29 2005, 04:42 AM) |
| Problem is - those would be perhaps operationg some things in Hidden Mode, but in most circumstances, it would respond to verification requests appropriatly. BTW - the quote does state 'Thou shalt maintain complete radio silence' |
That might be the answer. Whenever you don't need realtime have your bugs stay radio silence for periods of time, and turn on their radios and connect to the Matrix mommentarily to fire off data collected. There is a history of such bursts of radio activity beening used for espionage transmissions to avoid detection. It would be rather rare to complete the Extended Threshhold within 1 Combat Turn. With 3 IP that should be enough time to to turn on, connect, transmit a packet of data, and turn off?
EDIT: That of course does open another of those cans of worms, how do you treat commlinks that are turned on in the middle of the scan?
| QUOTE (blakkie) |
| That of course does open another of those cans of worms, how do you treat commlinks that are turned on in the middle of the scan? |
Count the hits against them seperatly?
as in, from the first test that they showed up in?
| QUOTE (Rotbart van Dainig @ Sep 29 2005, 09:01 AM) | ||
Count the hits against them seperatly? |
But then you have to keep two (or more) separate totals, and wierd end conditions where they (the scanning people, possibly players) are still rolling (or choose to still roll?) past hidden nodes being revealed. Also if scanning starts, then the commlink shutsdown and leaves, but comes back while the scanning is still occuring does the count reset to zero against that commlink?
If it does reset then what the crack team does is shuts down their Matrix connection and then restarts every 15 seconds or so. Very hard for the scanner to pick them up in 2 turns.
| QUOTE (blakkie) |
| But then you have to keep two (or more) separate totals |
Oh, yes - take notes.
| QUOTE (blakkie) |
| and wierd end conditions where they (the scanning people, possibly players) are still rolling (or choose to still roll?) past hidden nodes being revealed. |
As the Threshold is 15+...
| QUOTE (blakkie) |
| Also if scanning starts, then the commlink shutsdown and leaves, but comes back while the scanning is still occuring does the count reset to zero against that commlink? |
When he comes back with the same Access ID, continue - when he doesn't, reset?
| QUOTE (Rotbart van Dainig @ Sep 29 2005, 02:58 PM) | ||
When he comes back with the same Access ID, continue - when he doesn't, reset? |
So spoofing a new ID in the middle of the scan can totally evade the scan?
Why not? That would be activly playing hide & seek with the scanner... but that would reset subscriptions, too - they are based on an Access ID.
| QUOTE (Rotbart van Dainig @ Sep 29 2005, 03:17 PM) |
| Why not? That would be activly playing hide & seek with the scanner... but that would reset subscriptions, too - they are based on an Access ID. |
That'd be a crappy spoof job. As part of the spoof you should be updating all the subscriptions with the new ID you can be found at.
As part of one Complex Action?
| QUOTE (Rotbart van Dainig) |
| As part of one Complex Action? |
Ya. It isn't like the hacker would be creating and sending out a specific individual message to each subscriber themselves. There must be some sort of reason for it to be Threshhold 2 instead of 1? There certainly isn't anything in the rules that i can see that spoofing the datatrail breaks subscriptions, causes you to loose control of your drones, etc. (or reset scans Extended Test counts for that matter).
| QUOTE (blakkie) |
| It isn't like the hacker would be creating and sending out a specific individual message to each subscriber themselves. |
In fact, it is - it takes another Complex Action to connect, aka actively subscribe a Node.
| QUOTE (blakkie) |
| There must be some sort of reason for it to be Threshhold 2 instead of 1? |
Well... perhaps?
| QUOTE (blakkie) |
| There certainly isn't anything in the rules that i can see that spoofing the datatrail breaks subscriptions, causes you to loose control of your drones, etc. (or reset scans Extended Test counts for that matter). |
There are neither explicit ruling for, nor against it, indeed - seems like we have until Unwired for that, considering that Rules on spoofing Access IDs are pretty... slim.
But, considering that spoofing Acees ID does explicitly just that, that everything in Matrix knows whom to talk to on the Basis of an Access ID, this does not only implicate that you may be forced to reestablish your connections - it requires you to, otherwise it would have done no good.
The most interesting question here is... does this happens automated or by hand?
Warning: not Backed up by any actual reading
With that above warning, i'm gonna have to go with Blakkie on this, just by "common-sense". Lets think back to the poor days where most of us were on dial up, and, alot of people were still using AOL (shudder). Now, in the world of Dial up, you get a new IP address every time you connect (Read:Access ID), However, just because that changes, AOL (read: Subsrcibed Lists) Still knows who all of your account buddies are, and they all know you. Now, if in 1994, AOL can manage to keep an account name with a varying IP afddress, i would think the hackers of 2070 would manage to say "ok, find new access ID, inform all subscribed objects of new id change... change ID..NOW... blip blop, maybe a moment while their Doorway™ OS hot connects everything (Doorway™ has detected a new subscription) but beyond that, i dont see a problem...
With that above warning, i'm gonna have to go with Blakkie on this, just by "common-sense". Lets think back to the poor days where most of us were on dial up, and, alot of people were still using AOL (shudder). Now, in the world of Dial up, you get a new IP address every time you connect (Read:Access ID), However, just because that changes, AOL (read: Subsrcibed Lists) Still knows who all of your account buddies are, and they all know you. Now, if in 1994, AOL can manage to keep an account name with a varying IP afddress, i would think the hackers of 2070 would manage to say "ok, find new access ID, inform all subscribed objects of new id change... change ID..NOW... blip blop, maybe a moment while their Doorway™ OS hot connects everything (Doorway™ has detected a new subscription) but beyond that, i dont see a problem...
actually, your analogy is off. AOL you still have to sign in, that is your Access ID and how your subscriptions are maintained. While part of the ID is the machine address and that is likely changed in the hardwar ebased spoofing, you also are telling the network you aren't really Dr. Johansen but rather Mrs. Kettlebum.
While you could probably send out a command to all of your subscribed nodes saying, my Access ID changed and get all of them at once (sending the same command to a fleet of drones works so why not this?), I have to imagine that most hosts would not accept a command to change the Access ID. Legal devices/users would never change Access IDs, that is something only illegal users do. From that point, Spoofing should invalidate all of your existing subscriptions and start you over again. Otherwise someone could Spoof your Access ID just as easily and all of those nodes/devices would be very vulnerable to a man-in-the-middle attack.
Granted, there's nothing in the rules that says anything about this one way or the other.
Granted, there's nothing in the rules that says anything about this one way or the other.
Actually, there are such rules - Spoofing Commands.
I was referring to spoofing your Access ID forcing (or not) you to re-subscribe to all your nodes.
EDIT: Sorry for being unclear.
EDIT: Sorry for being unclear.
| QUOTE (Rotbart van Dainig @ Sep 29 2005, 05:39 PM) | ||
In fact, it is - it takes another Complex Action to connect, aka actively subscribe a Node. |
Not connecting, but patching up the layer underneath. With the subscriptions remaining intact.
There are lots of messages that pass through hither and fro. The ID -in- the message doesn't have to have the same ID as the node the message is coming from, otherwise you'd get no bouncy, bouncy around the Matrix. It's the ID in the message that is important to defining ownership.
Now we start entering the place where you have to try figure out how data is flowing in the Matrix between interacting sprites, agents, personas, and black ice (and if any black ice was occuring, or attacks for example, and if nodes looked in packets they could block any incoming attacks on the system).
Told you it was a can of worms.
Ok, let me get this straight. There is a new version of car jacking: spoof jacking.
You're on a run and you've got a surveillance drone picking up vital information, when it suddenly vanishes off your subscriber list. A few minutes of searching later and there's still no sign of it. A few hours of investigation later and you've found out it was a bunch of 'jackers who specialise in stealing drones by spoofing their commands and taking them over for black market resale. And now you've got to get it back as Johnson's deadline is approaching fast.
Or you buy a drone off the black market and suddenly there's a lot of heat coming down, what have you done this time? (bought a stolen drone with a very important data onboard is what).
I like the new system its bringing out some really cool adventure ideas.
You're on a run and you've got a surveillance drone picking up vital information, when it suddenly vanishes off your subscriber list. A few minutes of searching later and there's still no sign of it. A few hours of investigation later and you've found out it was a bunch of 'jackers who specialise in stealing drones by spoofing their commands and taking them over for black market resale. And now you've got to get it back as Johnson's deadline is approaching fast.
Or you buy a drone off the black market and suddenly there's a lot of heat coming down, what have you done this time? (bought a stolen drone with a very important data onboard is what).
I like the new system its bringing out some really cool adventure ideas.
| QUOTE (blakkie) |
| Not connecting, but patching up the layer underneath. With the subscriptions remaining intact. |
It is not a question whether or not you will loose your connections when changing your hardware's address - you will.
The only question is whether active subscriptions will automatically be re-established as long as one side keeps it's Access ID... and this seems to be a question of configuration:
Good for your Drones, bad while trying to hide your presence.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.