Help - Search - Members - Calendar
Full Version: Hacking, it is really that simply?
Dumpshock Forums > Discussion > Shadowrun
Smity
Hi again. Question again ^^
While playing our first run and testing the new rules for the matrix, we came to the conclusion that it is really easy to hack almost anything and in a short interval of time.

According to the manual, to hack something you make an extended test with Hacking+exploit program vs the Firewall of the target, with a test in each iniciative pass.
And I ask my self: is it really that simple?
I mean, almost all the things in the new wireless world have a firewall of 1-3, security systems use to have it at 4, and militar at 5. So, an average hacker can normaly break in any of this systems with a security account (+3 to the threshold) in a round of combat (He don't even need to be in hot sim, just cold sim to have 2 iniciative passes and 2 test)

You know, as a player, I see the edge we have with this, to hack the security on the fly with a pair of test and so. But, that means that it is the same difficult for the bad guys who come looking for us sonner or later.
And more importantly, (and my real point about this) comlinks.
Even if you have a stealth program at a good level, it is not really complicated to hack a comlink and have complete access to a person's life nyahnyah.gif and his ciberware.(what about of hacking his cibereyes so He cannot see you or your pals, or hack his ciberlimb and force him to shot his comrades or even himself...)

My request is that you tell me if I'm mistaken about this, or if it is not so simple to hack anything (maybe I misunderstud the rules, or we are making something
wrong,etc)
Dashifen
Nope, that sounds about right. Don't forget, if you're hacking on the fly, that the system makes a test (Analyze + Firewall) to detect the intrusion. The hard part isn't getting in, it might be dealing with the IC that's waiting for you when you log onto the host

vegm.gif
Serbitar
Signature: SGM

Hacking is not easy.
Aaron
Serbitar, I think it's unfair to make blanket statements about a game and then refer to one's own house rules. It actually is easy, sort of. To be fair, there is a germane part of Serbitar's document, and that is the way to set up good security. I'm getting ahead of myself, though.

There is a false assumption going on with this question, and both Serbitar and I, along with others, have beaten our heads against it repeatedly. That assumption is that computer security in 2070 is like computer security today, that it is arcane, requiring special equipment and knowledge that is beyond the grasp of the average joe.

In fact, the electronic landscape of 2070 is a lot more mundane than that. Everybody has a commlink; you can buy one for less than tickets to a Nabo concert. Electronic security in The Future is a lot like physical security now: if you wanted to get into somebody's house, you could. The question is whether or not you could get caught.

Allow me to illustrate with the following nigh-identical sentences.

Modernly, people that want to keep other people out of their homes buy bigger locks and stronger doors, sure, but if they really want to keep people out, they also get guards, dogs, and a good surveillance system.

In 2070, people that want to keep other people out of their nodes buy bigger Firewalls, sure, but if they really want to keep people out, they also get spiders, agents, and a good Analyze program.

Make sense?
Demerzel
Consider also signal rating. Cyberware is low signal, and it only connects to your pan. Now, if you keep your PAN seperate from the matrix at large (say two commlinks) one with low signal similar to cyberware, then anyone who want's to hack your PAN has to get into your low signal range. What's that a couple meters?

You give up some stuff, you won't be able to send your fellow runners your eyecam data, or a variety of other things for example.
Samaels Ghost
How common do you think hacking is? This is directed to everybody, btw. Hacking requires several tests to get in and if you impose the limited number of rolls on extended tests, you may outright fail. I think that this is where a majority of people in 2070 should be categorized. Sure, hacking is pretty easy. Not getting caught, less so. But that's from a runner's point of veiw. Most people won't even attempt hacking due to lack of decent programs or lack of confidence.

Hacking for joe average is pretty hard. Hacking for a decker/hacker should be easy enough to be a viable archetype. I don't think, however, that it is too easy. Most systems a runner deals with (Corporate, runner/criminal commlinks, security areas) are going to be running Firewall 5-6. Every runner out there should so long as the team hacker isn't stingy. Corps can make their own and smaller businesses can lease the rights to use a copy on all of their nodes (i think). There's very little reason why you can't get a hold of good Matrix security. Programs are easy to come by. Every runner should beef up their comm's security.

OH, and you don't have to have your cyberware wire-less enabled. It's silly to think that it's the standard. Turning off cyber via wireless shouldn't be allowed period. People are paranoid, runners even more so. No one is going to allow their own arm to kill them or some hacker blind their cyber eyes. No one would buy the versions of cyber that are capable of being hacked in such a way. They just wouldn't sell
Samaels Ghost
QUOTE (Demerzel)
You give up some stuff, you won't be able to send your fellow runners your eyecam data, or a variety of other things for example.

But you can still buy cameras and mics to give your teammates info. Truth be told, hackers are rarely sent to assassinate other runners. Combat hackers in SR4 are viable but not common. I wouldn't worry so much about getting your stuff hacked. The benefits of team communication outweigh the cons of keeping radio silence in MOST situations.
hobgoblin
p 304, "turning it off", have every player read it, and the GM should memorize it. hell, i have bluetooth on my mobile phone today, but i only turn it on when i need to use it (or when im bored in a public area and go looking for other active bluetooth devices).

i would expect most cyberware to have a mental (or for the larger stuff, physical) switch, so that you can turn wireless on or off as a free action.

but, lets try to think like joe wageslave for a moment (he is after all a member of the biggest social group of metahumans on the planet). for him, if he sticks to the corp enclaves, will at worst fear the pranks of the neighbors kids.

there is allso a unanswerd question, what can the hacker do when he have hacked a picece of cyberware? can he take full control over it, or can he basicly turn it of or run diagnostics (a issue in itself if your cyberlimb starts going thru the motions and it cant be stopped. or maybe the cybereye is blinking test patterns).
The Jopp
As a player who is gonna play a hacker I will give a small example as well. I’m having an above the average level of programs (4) and can then run 9 of them on my rating 5 commlink, sure, I get response decrease to 4 but I can have several commlinks and one of them is the defacto firewall for my runner. It has 1 analyze program and 5 agents – all of them have 3IP’s. That’s 18 Analyze tests with 8D6 each…every 3 seconds…

Very few people will get through that and that is probably what a lot of people will face – LOTS of tiny things that makes you think twice of hacking everything you see.

Also, what about security firms – not the one you hack, the ones who you pay to manage your matrix security.

What if joe average pay 100Y a month for having 4 rating 4 agents constantly scanning his connection for intrusions? I’d say that just like any other security computer security have become cheaper.

If security corps can watch the door they can watch the nodes as well.
deek
Yeah, I guess I have two points on security. 1) The exploit test alone isn't the end-all be-all of hacking. It doesn't magically create a passkey if one is needed, or get you access to EVERYTHING via the matrix or even your signal...this is where the GM has to step in and make things more secure. If a system needs a physical passkey in addition to a login, then the hacker needs to get it, or a copy. I don't allow exploit tests to automagically break into everything...signals can be blocked and the matrix doesn't touch everything, all the time...generally, it does, but if something is important and you need more security, you have the ability to make it harder.

And for cyberware or hacking PANs...its still a proximity thing in my opinion...and a gun to the face of a hacker can always be effective:)

2) Just because a hacker does get into a node, doesn't mean that they are home free. Again, I go back to the GM...if your nodes are getting hacked all the time and hackers are having free reign in a system, do something about it...even with admin access, there can be silent alerts raised or emails sent security teams for certain actions. I mean, an admin still ends up having all actions written to a log file, and if some very secure data is being accessed, I am sure there are alerts sent out whether it is legit access or not...

Again, getting into a system could be fairly easy, but running amok, even with admin access, could still get some attention drawn to you...
RunnerPaul
QUOTE (Samaels Ghost)
But you can still buy cameras and mics to give your teammates info. Truth be told, hackers are rarely sent to assassinate other runners.in MOST situations.

What's to say corporate security response teams won't include a white-hat hacker specialized in electronic warfare and countermeasures?

If it makes sense for a penetration team to use a hacker to provide the benefits that AR datasharing can provide, then it makes just as much sense for security to have the means of neutralizing those benefits.

Sure, they already have the option of using high velocity lead, but if the hacker isn't directly with the other intruders, it's kind of hard to get shot (I know SR4 promotes the idea of the Hacker being right there in the thick of things, but there are still times when that's not the best option, and besides, teams sometimes split up, and the intruding hacker may be with the team that security doesn't have in their iron sights).

There's the option of jamming the wifi frequencies, but if security goes that route, they lose the benefits of their own toys.

Just as it is with mages, sometimes the best solution to a hacker, is another hacker.
thephoenix
If you know how to hack, you should be able to hack most systems without any trouble. Its when you get to the corp and military ones that you should have the problems. Also you can always have the hacker come across an especially tough computer system if things are going to easy.
GrinderTheTroll
QUOTE (thephoenix)
If you know how to hack, you should be able to hack most systems without any trouble. Its when you get to the corp and military ones that you should have the problems. Also you can always have the hacker come across an especially tough computer system if things are going to easy.

It's interesting how if you spend the time to probe the target system, you "auto-hack" the system, and although the target still gets one-roll it's still a free-pass inside.

So given enough time, nothing (so far as per Core) is un-hackable.
Moon-Hawk
True, so long as you're not using the optional rule to limit the number of rolls in an extended test.
Lazerface
QUOTE (GrinderTheTroll)
It's interesting how if you spend the time to probe the target system, you "auto-hack" the system, and although the target still gets one-roll it's still a free-pass inside.

So given enough time, nothing (so far as per Core) is un-hackable.

I like to think that for such a reason, to corporate, military, and government systems aren't all one node but a tangled mass of separate closed networks hidden behind wireless blocking paint and heavy security.

How long do you want to probe that system? A day? A couple days? A week? You know you have to do it on site, right?
Geekkake
QUOTE (Lazerface)
You know you have to do it on site, right?

Not necessarily the case, sir. I see no reason a hax0r couldn't simply relay over the Matrix to the target, old decking style, provided there's a constant Matrix connection maintained by the target.
Lazerface
What if there isn't any matrix connection? Like I said separate closed networks. Emphasis on the closed part. It seems quite smart to me for really important extreme maximum super duper top creamy coco puff secret data to be physically hidden away.

On the other hand. What happens when this data needs to be transferred to other networks? I'm guessing that's where your probing really pays off. Hey, remember that vanishing SAN thing? Where the network is only connected to the matrix for a set period of time. This might be where your probing dealy would pay off.
GrinderTheTroll
QUOTE (Lazerface)
What if there isn't any matrix connection? Like I said separate closed networks. Emphasis on the closed part. It seems quite smart to me for really important extreme maximum super duper top creamy coco puff secret data to be physically hidden away.

On the other hand. What happens when this data needs to be transferred to other networks? I'm guessing that's where your probing really pays off. Hey, remember that vanishing SAN thing? Where the network is only connected to the matrix for a set period of time. This might be where your probing dealy would pay off.

All valid points and all the better reason for some systems to be ultra-paranoid and not always connected to the Matrix.
deek
I still think there is the point that no matter what sort of exploit you may be using, sometimes there just needs to be a physical pass of sorts. I mean, I just don't assume that every single system has a "hackable" exploit and some systems you really do need a valid keycard or random ID...sometimes a system is going to need you to do some legwork and gather some stuff before simply putting the test to the hacking on the fly or probing test...

Granted, that's all campaign specific and I do use skill limited extended tests, but I am not letting all my hackers just find every connected or within range system and allow them to take their dice pools and hack them all...obviously, I don't prevent them from trying, but sometimes a successful hack exploit fails because the hacker still needs another piece of data to complete entry...

All I know, there are plenty of ways to be creative to let the hackers of the group run wild and have fun, but also keep important systems secure without dumping tens of always-analyzing IC or a handful of corporate hackers at every turn...
Serbitar
QUOTE (Aaron @ Aug 29 2006, 09:44 AM)
Serbitar, I think it's unfair to make blanket statements about a game and then refer to one's own house rules. It actually is easy, sort of.  To be fair, there is a germane part of  Serbitar's document, and that is the way to set up good security. I'm getting ahead of myself, though.

These are nothouse rules.There is exactly one houserule in it (That full blown matrixhosts arenot affected by response degradation). The rest is 100% cosnsitent with RAW. No contradications.

AS per RAW hacking is not easy when you use everything that is in the book. In fact, the chance of getting detectedare pretty high.
Cabral
Actually, something that is a little odd is that if you hit a node fast and hard, your chances of being detected are less than if you try a more subtle approach first.
Clyde
Not so! The "slow and careful" hacking only allows the target to make one Firewall+Analyze(stealth) test to detect the hacking. The "hacking on the fly" method allows the target to make the same test every initiative pass. Worse, with hacking on the fly that Firewall + Analyze test is an extended test, which means that when the target system gets up to your Stealth program rating in total hits it's going to spot you. Hacking on the fly is only for weak little systems, and then probably only if you want user access. Security or Admin access calls for the slower method.

In my games, I've noticed that time is also a significant limiting factor on the Hacker. Nobody wants to sit around for 48 hours while you hack everything in sight. Sure, in an ideal world you take all the time you need and do it right, but in the real world other pressures often seem to get in the way.
Cabral
Ah. I had overlooked Probing the Target. However, I meant in short term sense. Ie, when you are in the area and hacking the local security as on a run taking several minutes, as opposed to a quick smash and grab access taking a a few turns.
GrinderTheTroll
QUOTE (Clyde)
In my games, I've noticed that time is also a significant limiting factor on the Hacker.

My first dealings with this made me finally see the need for a Sleep Regulator. So the cyber Hacker *does* have an advantage. wink.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012