Getting ready for the next game in which some hacking might take place, I'm trying to run through a few scenarios and am unclear about what actually happens in some basic tasks. Jump in any time to point out where I'm going wrong.
We're breaking into a building and want to deactivate the alarm systems while making it look like the alarm system is still on, then want to take over two security cameras in the building, making them display empty hallways.
So the first thing the hacker does is hack on the fly into the building's wireless security node, trying to get in with security access. Assuming he gets in without being detected, the first thing he does is access the alarm system. He doesn't have to hack into this as it's connected to or part of the building's security node.
Once there, he takes control of the alarm system. This is a Hacking + Command (Firewall, 1 IP) test.
Now in control, he edits the feed going out of the system with a Computer + Edit (Firewall, 1 IP) test to determine how long it will take him to edit the feed. Because he's in with security clearance, the only way for the system to determine that it's being hacked is if there's a glitch.
He's done, so he's back in the security system. He accesses camera one, doing the same with the alarm system: Hack + Command, Computer + Edit. Then to camera two. Both times not needing to hack into the cameras as they're attached or part of the overall security network.
Assuming there's no patrolling IC or security hackers, is that pretty much it? Would the security network and alarm system be two separate nodes? Anything completely, totally wrong with the above?
Full Version: Basic hacking questions
I don't spot anything wrong, but things are rarely that easy for MY hacker...
Once I get in the node I do a Matrix Perception Test (simple action) to analyze the node to see if I set off an Alert, then take a look at the other icons to see what they are up to. It buys them time to use Analyze to notice ME, but knowing if there is an Alert active is key.
I'd also do a Matrix Perception on the Feeds to see if they are encrypted (maybe not necessary) and to make sure they were not feeding into a databomb equipped file.
Since everything running Stealth could be hidden, there might even be hidden nodes containing more camera (redundant) feeds or other nastiness so I tend to do lots of Matrix Perception, lol.
Once I get in the node I do a Matrix Perception Test (simple action) to analyze the node to see if I set off an Alert, then take a look at the other icons to see what they are up to. It buys them time to use Analyze to notice ME, but knowing if there is an Alert active is key.
I'd also do a Matrix Perception on the Feeds to see if they are encrypted (maybe not necessary) and to make sure they were not feeding into a databomb equipped file.
Since everything running Stealth could be hidden, there might even be hidden nodes containing more camera (redundant) feeds or other nastiness so I tend to do lots of Matrix Perception, lol.
| QUOTE |
| Assuming he gets in without being detected, the first thing he does is access the alarm system. He doesn't have to hack into this as it's connected to or part of the building's security node. |
You don't mention it here, so it's worth mentioning that before you can hack in, you probably need to decrypt the signal, as no security system worth the name will run without it.
| QUOTE |
| Once there, he takes control of the alarm system. This is a Hacking + Command (Firewall, 1 IP) test. |
Assuming that he's in with his hacked security account, this is a Control Device Matrix action, which is a complex action based on the Computer Skill, not the Hacking Skill. Whether it actually needs a dice roll, and what that roll is is determined by the GM.
| QUOTE |
| Now in control, he edits the feed going out of the system with a Computer + Edit (Firewall, 1 IP) test to determine how long it will take him to edit the feed. |
This is a Computer + Edit roll, with a threshold as determined by the GM as per the "Using Computer Skill" section on page 218.
| QUOTE |
| Because he's in with security clearance, the only way for the system to determine that it's being hacked is if there's a glitch. |
I'd rule that it's possible for another hacker to to detect the hacking if they were specifically looking for it with a Data Search action on the alarm system. After all, the system is off even though it's reporting itself as on. Of course, this would require the hacker have a reason to be checking the system in the first place. Bear in mind though this isn't mentioned or disallowed by the rules. It's just my take on it
| QUOTE |
| Hack + Command, Computer + Edit. Then to camera two. Both times not needing to hack into the cameras as they're attached or part of the overall security network. |
It would be Computer + Command and then Computer + Edit. Control Device is a Matrix action that uses the computer skill. Also, bear in mind that if there are any physical security guards walking around the building using AR to access the camera feeds, they may notice a problem if the feed tells them one thing and their eyes tell them another. If the camera says the door is closed, but you've been through there and left it open, he will be alerted.
| QUOTE |
| Would the security network and alarm system be two separate nodes? Anything completely, totally wrong with the above? |
I would rule that they are both part of the same node, unless the security network has no ability to directly trigger an alarm (which would be strange). But the exact system design would depend on the GM, and I imagine there are as many variations out there as there are computer networks
We really should have a "Hacking step by step"-thread like there was in the main SR3 forum. I know I would bookmark it.
| QUOTE (NightRain) |
| Also, bear in mind that if there are any physical security guards walking around the building using AR to access the camera feeds, they may notice a problem if the feed tells them one thing and their eyes tell them another. If the camera says the door is closed, but you've been through there and left it open, he will be alerted. |
Which is another good point... it doesn't matter if there's no sec goon at the desk, he could be in the bathroom and still keeping an eye on the camera feeds.
Also, keep in mind there are random IC patrols. They may query any icon they come across. Another option would be to load your agent into the security system and edit the team out of every frame something completely within the real of possibility. However, there is the chance of a glitch and I don't think you can fix it with edge as if it were you doing it. The benefit is that when the footage is analyzed later, they never see the cameras as off. Then your agent can zip out taking the information it used to edit you out with it.
| QUOTE (Dogsoup @ Oct 6 2005, 06:07 AM) |
| We really should have a "Hacking step by step"-thread like there was in the main SR3 forum. I know I would bookmark it. |
I'm willing to do this. I can act as either hacker or the hacker's opposition. If anyone else wants to team up and work our way through it, it could be very handy. Frankly, I'd rather pull te hacker's duty rather than the oppositions, since I haven't had the opportunity to think my way through any major nodes, but perhaps there's no time like the present.
I would love to see a thread like that as well. Unfourtunately, I haven't had a chance to actually play through the rules yet to be enough help. 
Okay, just got an idea.
Hacker's Challenge
We get a small panel of folks to act as GM's, preferably developers from the computing section, but not necessarily. i'm thinking 3.
We then post what the build requirements are and then when we have contestants in place, preferably around 10 or so, ideally 50/50 Hacker/Technomancers.
We then post the scenacrio and run each contestant through it on the boards, hence why 3 GM's, to be sure everything is straight. The Winner would be posted each month.
Runs would be like infiltrate airport computers and reroute a package for alternate pickup with points on contingencies and unusual methods. Of course we could pair folks off and have defend/attack contests.
Hacker's Challenge
We get a small panel of folks to act as GM's, preferably developers from the computing section, but not necessarily. i'm thinking 3.
We then post what the build requirements are and then when we have contestants in place, preferably around 10 or so, ideally 50/50 Hacker/Technomancers.
We then post the scenacrio and run each contestant through it on the boards, hence why 3 GM's, to be sure everything is straight. The Winner would be posted each month.
Runs would be like infiltrate airport computers and reroute a package for alternate pickup with points on contingencies and unusual methods. Of course we could pair folks off and have defend/attack contests.
RE: Hacking step-by-step
Yeah, that's pretty much were this question (and the one about the minispydrone busted in 30 seconds) came from. I've got a short file which also has this example in it:
Examples use standard Hacker archetype.
Your average high-end commlink is a standard Novatech Airwave (Resp 3, Signal 3) running Iris Orb (Fwall 3, Sys 3). Would probably be running Analyze 2; house rule: all commlinks come with common use programs with rating 1.
Task: hacking into a commlink, getting information on the owner, listening in on an encrypted call owner makes, finding out information on who he is speaking to, tracking the other party's physical location.
1. Use a free action to locate an active or passive wireless node within range -- no test required unless looking for a particular one in a crowded area. This is Electronic Warfare + Scan (variable, 1 turn). 5 + 5 (2, 1 turn), would be three successes so would find it on the first turn. See p. 225.
2. Hack in on the fly (p. 221): Complex Action -- Hacking + Exploit (Firewall, 1 IP). Each attempt gives the commlink a free Analyze + Firewall (Stealth) Extended Test. Example hacker gets 5 + 4 (3, 1 IP), would take about two IPs to succeed. Commlink makes two 2 + 3 (5, each attempt) extended tests, or two successes before the hacker gets in.
3. Get information on owner is making a Data Search + Browse (var, var) Extended Test. In this case, that's a 4 + 5 (4, 1 IP) test, so that's probably two initiative passes. See p. 220. Download that info with one simple action (on IP 3).
4. The owner makes a call, so that's intercepting traffic (p. 224). Hacking + Sniffer to eavesdrop, this is the threshold for someone finding your tap. Hacker has 5 + 4, and gets 3 successes. When the commlink creates the connection, the commlink that has been compromised has a chance to detect if there is anything abnormal about the call (ie, a tap). [Although not explicitly stated in the rules, I think this would be a standard procedure when creating a call.] So the commlink attempts a System + Analyze (3) test, which is 3 + 1, which is 1 success, so the tap is not detected. Each time the commlink does another connection, it gets to make the same test. This is not an extended test.
5. Hacker decrypts the call signal by doing a Decrypt + Electronic Warfare (4, 1 turn) test. This is 3 + 5 (4, 1 turn), or 2 successes a turn, so it will take 6 seconds.
6. The Hacker tries to get info about the person on the other end of the call. Track to find the other person's commlink -- Computer + Track (10, 1 IP), which is 4 + 4, so he would track the guy after five initiative passes. In VR, this would be after 6 seconds. In AR, this would be after 15 seconds. Hacker now knows where the target is.
7. Hacker hacks into that commlink, taking another 3 seconds. (Step 2)
8. Hacker then gets info on target, which would take an additional 3 seconds. In AR mode, this would take 6 seconds for each.
Time taken, assuming the call was being made as the Hacker starts looking for the intital target's node:
3 seconds -- finds target's commlink
9 seconds -- hacked in
12 seconds -- has basic data on target and downloaded
15 seconds -- tap in place
21 seconds -- encryption is busted open
27 seconds -- traced to other party on phone call
30 seconds -- in other party's commlink
33 seconds -- has basic data on target and downloaded
Yeah, that's pretty much were this question (and the one about the minispydrone busted in 30 seconds) came from. I've got a short file which also has this example in it:
Examples use standard Hacker archetype.
Your average high-end commlink is a standard Novatech Airwave (Resp 3, Signal 3) running Iris Orb (Fwall 3, Sys 3). Would probably be running Analyze 2; house rule: all commlinks come with common use programs with rating 1.
Task: hacking into a commlink, getting information on the owner, listening in on an encrypted call owner makes, finding out information on who he is speaking to, tracking the other party's physical location.
1. Use a free action to locate an active or passive wireless node within range -- no test required unless looking for a particular one in a crowded area. This is Electronic Warfare + Scan (variable, 1 turn). 5 + 5 (2, 1 turn), would be three successes so would find it on the first turn. See p. 225.
2. Hack in on the fly (p. 221): Complex Action -- Hacking + Exploit (Firewall, 1 IP). Each attempt gives the commlink a free Analyze + Firewall (Stealth) Extended Test. Example hacker gets 5 + 4 (3, 1 IP), would take about two IPs to succeed. Commlink makes two 2 + 3 (5, each attempt) extended tests, or two successes before the hacker gets in.
3. Get information on owner is making a Data Search + Browse (var, var) Extended Test. In this case, that's a 4 + 5 (4, 1 IP) test, so that's probably two initiative passes. See p. 220. Download that info with one simple action (on IP 3).
4. The owner makes a call, so that's intercepting traffic (p. 224). Hacking + Sniffer to eavesdrop, this is the threshold for someone finding your tap. Hacker has 5 + 4, and gets 3 successes. When the commlink creates the connection, the commlink that has been compromised has a chance to detect if there is anything abnormal about the call (ie, a tap). [Although not explicitly stated in the rules, I think this would be a standard procedure when creating a call.] So the commlink attempts a System + Analyze (3) test, which is 3 + 1, which is 1 success, so the tap is not detected. Each time the commlink does another connection, it gets to make the same test. This is not an extended test.
5. Hacker decrypts the call signal by doing a Decrypt + Electronic Warfare (4, 1 turn) test. This is 3 + 5 (4, 1 turn), or 2 successes a turn, so it will take 6 seconds.
6. The Hacker tries to get info about the person on the other end of the call. Track to find the other person's commlink -- Computer + Track (10, 1 IP), which is 4 + 4, so he would track the guy after five initiative passes. In VR, this would be after 6 seconds. In AR, this would be after 15 seconds. Hacker now knows where the target is.
7. Hacker hacks into that commlink, taking another 3 seconds. (Step 2)
8. Hacker then gets info on target, which would take an additional 3 seconds. In AR mode, this would take 6 seconds for each.
Time taken, assuming the call was being made as the Hacker starts looking for the intital target's node:
3 seconds -- finds target's commlink
9 seconds -- hacked in
12 seconds -- has basic data on target and downloaded
15 seconds -- tap in place
21 seconds -- encryption is busted open
27 seconds -- traced to other party on phone call
30 seconds -- in other party's commlink
33 seconds -- has basic data on target and downloaded
Would the second target be able to be hacked in with AR if he is out of the Hacker's LOS?
I would think that if you have their access Id you should be able to attempt to connect to them no matter where they are as long as both you and they have access to wireless connections.
| QUOTE (cartoonlad) |
| Task: hacking into a commlink, getting information on the owner, listening in on an encrypted call owner makes, finding out information on who he is speaking to, tracking the other party's physical location. 1. Use a free action to locate an active or passive wireless node within range -- no test required unless looking for a particular one in a crowded area. This is Electronic Warfare + Scan (variable, 1 turn). 5 + 5 (2, 1 turn), would be three successes so would find it on the first turn. See p. 225. |
What if you're in full VR?
It just dawned on me that having your phone on a 'do not disturb' mode by hiding the node and only subscribing your friends to it so they can call you would pretty well solve this type of thing. It'd be short range (signal rating dependant) but effective.
I just never thought about it for telephones since they used to be seperate from radios...
I just never thought about it for telephones since they used to be seperate from radios...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.