Help - Search - Members - Calendar
Full Version: Hackers unbalanced?
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3, 4, 5
FriendoftheDork
Hei after playing this game a few sessions it turns out our technomancer became the #1 character in the party. Whenever we need to do something its always easier to use the techie than to investigate "manually."

Need info? Hack target system, check cameras.

Need access? The same.

Need sabotage? ...

Need discretion?


Basically although the SR4 system seems alot faster than SR3, in the old game it was still necessary for the team to protect the decker, and physically infiltrate an enemy compund. Now the tecno or any decent hacker can simply hack the comlinks of the guards or vehicles outside, or via the matrix from the comfort of a hideout or just on the streets.

Cameras and turrets protecting facility? No need to locate a security computer, just hack the cameras and/or guns!

Now the character has been dumped, and I find we still miss the hacker abilities, despite the chance we now get to do alternative ways (sneaking, disgiuse, combat etc.).

So the question is: Is wireless hacking unbalanced? Are hackers etc. necessary for a shadowrunner and is there a way to keep em from taking all the GM time?

There is also the problem of difficulty - hacking should be dangerous and hard, but now with only a few dice (7-cool.gif you can hack almost anything and only glitches will cause trouble unless there is active hacker security. And since tests are extended initial failure means nothing. And there is no longer any dumpshock, ICE burning you out and all those dangerous side effects that made hacking the domain of thrill-seeking partly unstable and anti-social hackers, and that most sensible (or cowardly) people stayed away from.

Butterblume
QUOTE (FriendoftheDork)
So the question is: Is wireless hacking unbalanced? Are hackers etc. necessary for a shadowrunner and is there a way to keep em from taking all the GM time?

Try using security systems that are completely hardwired.
The gate may need a security guard pushing a button to actually open it.
The important data is protected from outside wireless access.

The BBB recommends limiting the number of rolls in an extended test.
Jack Kain
Don't forget wandering IC's and enemy corp hackers. When my team did a run againts a corp factory. We had managed to aquire the floor plan as it wasn't to a high security a place. We couldn't hack from the outside the wireless network didn't exend beyond the building.
So my street samurai went into the computer control room and shot each of the four hackers there that night with stick and shock. Took out the primary matrix defense in the meat world. Our hacker and technomacner reeked havoc with there system. We blew up a crap load of equipment then left. No deaths or injuries beyond stun.
FriendoftheDork
First of all I'm not a GM. Secondly, although hardwired is possible, is it common? Isn't wireless the new craze that every corp wants?

Extended tests could be limited, but usually only to the dice pool. Easy still unless you suck.

corp hackers seems like the only real good protection. In our game the only place we failed to infiltrate was a groceries delivery warehouse that was protected by an off-location corp hacker and some ice. After the hacker had a fight with the ice, the corp hacker was alerted and the alarm went off, and then we were gone!
GrinderTheTroll
QUOTE (FriendoftheDork)
Hei after playing this game a few sessions it turns out our technomancer became the #1 character in the party. Whenever we need to do something its always easier to use the techie than to investigate "manually."

I think a lot of the hacking issue is it's become more accessable to everyone not just the select player who took the time to read the decking sections pre-SR4. Even some GMs tending to avoid decking since few seemed interested.

On the other hand, you could make the same argument about Astral Projection or a Covert Ops type that wants to "go the extra mile" at every opportunity.

I spend more time and effort on the critical systems (paydata, resources) than the minor ones. Making sure you have some amount of background information on important NPCs is also in order else you can just return basic non-important facts (if any) about other NPCs in the search.

You can't anticipate all their angles, but at least cover the ones that matter the most in your terms.

QUOTE
Basically although the SR4 system seems alot faster than SR3, in the old game it was still necessary for the team to protect the decker, and physically infiltrate an enemy compund. Now the tecno or any decent hacker can simply hack the comlinks of the guards or vehicles outside, or via the matrix from the comfort of a hideout or just on the streets.

Cameras and turrets protecting facility? No need to locate a security computer, just hack the cameras and/or guns! <SNIP>

Consider also that paranoid systems run harder security than less paranoid ones, which in my terms equates to more Black IC and less tolerance on triggering alarms or hackin in the first place. More secure logins (passkeys, AccessID, etc.), chokepoint matrix systems and hard-wire-only help make a "regular" system require a physical presence inside to get the paydata.
Fortune
QUOTE (FriendoftheDork)
And there is no longer any dumpshock, ICE burning you out and all those dangerous side effects ...

I think this might be part of the problem as well. What makes you think these things no longer exist?
Cain
What he means is that Trace-and-Burn and Psychotropic IC don't [currently] exist. There's no way to cause damage to a commlink, only to an icon or decker; and there's no rules to affect someone's mind short of a sadistic GM saddling someone with the Scorched flaw.
redwulf25_ci
QUOTE (FriendoftheDork)
Hei after playing this game a few sessions it turns out our technomancer became the #1 character in the party. Whenever we need to do something its always easier to use the techie than to investigate "manually."

Need info? Hack target system, check cameras.

Don't forget wireless inhibiting paint/wallpaper. The TM might need to be INSIDE the target you want survailence on to access their wireless network and thus their cams . ..
Jack Kain
Corps want wireless so they can access there computer from anyware in the building. Not from down the street.

You also underestimate difficulty,

If you want to actually do some damage in a corp's system you need admin access, which +6 to the threshold.

A system 5, fire 5, would have a threshold of 16 to get admin access. When hacking on the fly, every time the hacker makes a check the computer makes a check to beat his stealth.
Its a little known fact that extended tests can be limited to a number of rolls equal to your skill.


Even when the hacker breaks into the system and gains admin access, corp hackers and wandering IC's can easily spot him.

GrinderTheTroll
QUOTE (Jack Kain)
Even when the hacker breaks into the system and gains admin access, corp hackers and wandering IC's can easily spot him.

Easily? Not unless they do things Admins aren't supposed to (Hacking) or if they are checking for required AccessIDs, Passkeys Modules, or some other ID verification method.
RunnerPaul
QUOTE (GrinderTheTroll)
or if they are checking for required AccessIDs, Passkeys Modules, or some other ID verification method.

I wasn't aware that there were actual game rules for these. Neither Hacking on the Fly or Probing the Target have any modifiers for cracking systems that require these. I suppose you could use a matrix perception test to tell if someone who's logged in on a system logged in using a linked passcode or a passkey, and sound an alert if you find someone who didn't use the required login protocol, but that's about it.
FriendoftheDork
Interesting guys... I need some time to read and think, but it may be that we or the GM has overlooked a few things...

That thing about dumpshock was the fact that hackers in AR are not affected by it, only those in hot sim. Right? Not being hot means you lose out on +2 to the check, but it may be worth the safety. If you fail to hack there is usually very little consequence (except possibly blowing the mission by alerting security).

jack you don't always need to hack on the fly. And if you need 16 hits, that's hardly extreme. Limiting number of rolls to your skill (i said dice pool but that can't be right) is an optional rule. And even so, 5 tries with skill 5, ability (or program)6, and lets say +2 for being a technomancer. 13 dice=3 hits, thus only one hot away from automatically succeeding. Average would be total 20 hits, well exceeding 16.

And if you throw in 3-4 dice of edge as well, making you reroll about half your hits for more potential hits... ok I'm no probability mathematician but it's no brainer that this is not very hard for a focused starting hacker or techie.
Lord Ben
QUOTE (GrinderTheTroll)
QUOTE (Jack Kain @ Nov 27 2006, 01:57 PM)
Even when the hacker breaks into the system and gains admin access, corp hackers and wandering IC's can easily spot him.

Easily? Not unless they do things Admins aren't supposed to (Hacking) or if they are checking for required AccessIDs, Passkeys Modules, or some other ID verification method.

Not quite. IC still patrols and checks users. If the node was a building with hallways then IC would be the security guard wandering around inside. Just because you opened the door doesn't mean the IC doesn't still check you out.
Lord Ben
IMHO, the biggest mistake new people make when designing wireless security is that they don't put devices on the subscription list.

----------------------------------
LINKING AND SUBSCRIBING
Now, just because all of your devices can talk to other devices doesn’t mean that they will. For simplicity, privacy, and security, you may confi gure your devices so that they only interact with another specific device (usually your commlink, as your PAN’s hub) or a specific network (your PAN). Th is prevents confusion between users (am I accessing my guncam or yours?) and also off ers a degree of protection from snoopers and hackers. Rather than allowing any stranger access to all of your electronics, anyone that wants to interact with your PAN must connect to your commlink first
----------------------------------

Have a facility with wireless access? The cameras, doors, etc are all subscribed to other things which are subscribed to others, etc in a giant pyramid fashion. Agents monitor logs for changes and constantly report back to the next level. At some point a guy with 3 computer 3 electronic warfare (and 4 data search with a specialization in free porno) using AR instead of full submersion monitors them for changes and to put some human AI into it.

Then you can't "hack" into a device without hacking the node that controls it (or possibly the node that controls that). The best you can do is spoof a command to the camera to turn the other direction. But then it's in the log of the camera to turn one way, but the logs don't match with the log of commands given. Perhaps every 5 minutes the logs are compared for discrepancies? Then the change is reported to a hacker who'll look into it. Maybe ASAP in hot sim with agents riding shotgun, maybe after his lunch break is up.

With the right datachecks and comparing the right logs it's VERY hard for a hacker to "hack into a door and open it" without risking a bust on the whole mission.

I work in a datacenter and reduntant systems checks is a big part of my job. Maybe sometime I'll write up a sample building with various methods of physical entry and how the site would be configured.
GrinderTheTroll
QUOTE (Lord Ben)
QUOTE (GrinderTheTroll @ Nov 27 2006, 05:27 PM)
QUOTE (Jack Kain @ Nov 27 2006, 01:57 PM)
Even when the hacker breaks into the system and gains admin access, corp hackers and wandering IC's can easily spot him.

Easily? Not unless they do things Admins aren't supposed to (Hacking) or if they are checking for required AccessIDs, Passkeys Modules, or some other ID verification method.

Not quite. IC still patrols and checks users. If the node was a building with hallways then IC would be the security guard wandering around inside. Just because you opened the door doesn't mean the IC doesn't still check you out.

Right, but how to you really know who's supposed to be there or not? If they have a valid account (Admin, Security, Personal) and they aren't doing things they aren't suppose to or trying to do things that arent allowed (Hacking), they how do you tell who is legit?

I've used a few things like checking for Access ID, Passkey Modules, having IC scan Personas for Hacking programs or combinations of these to determine if an Account is being used by the legit user.

If someone has other ideas, please share!
GrinderTheTroll
QUOTE (Lord Ben)
Then you can't "hack" into a device without hacking the node that controls it (or possibly the node that controls that). The best you can do is spoof a command to the camera to turn the other direction. But then it's in the log of the camera to turn one way, but the logs don't match with the log of commands given.

This is a great point about hacking any Node/Device/System.
Lord Ben
Hacking via "on the fly" or "probing the target" looks for exploits in the programming or other "mistakes" that give it an exploit allowing it effective admin level access. It's still not an administrator account, it just allows you to do what an administrator does.

So IC "runs into" a hacker in a hallway and finds out that it's not a real adminstrator but some hacker who used some RPC Overflow error to issue admin level commands. System goes on alert, etc.
GrinderTheTroll
QUOTE (Lord Ben)
Hacking via "on the fly" or "probing the target" looks for exploits in the programming or other "mistakes" that give it an exploit allowing it effective admin level access. It's still not an administrator account, it just allows you to do what an administrator does.

So IC "runs into" a hacker in a hallway and finds out that it's not a real adminstrator but some hacker who used some RPC Overflow error to issue admin level commands. System goes on alert, etc.

I dont know about "getting admin access without having an account".

Exploits let you do things like trick the system into letting you login as a guest and change your permissions to admin or get passwords and use another's account. The most important part is erasing your tracking (logs) so they do track-back to your invallid point of entry.
Jack Kain
QUOTE (FriendoftheDork)
Jack you don't always need to hack on the fly. And if you need 16 hits, that's hardly extreme. Limiting number of rolls to your skill (i said dice pool but that can't be right) is an optional rule. And even so, 5 tries with skill 5, ability (or program)6, and lets say +2 for being a technomancer. 13 dice=3 hits, thus only one hot away from automatically succeeding. Average would be total 20 hits, well exceeding 16.

Usually when hacking a corp building its on the fly, its a rare to get access to the security network from outside the building. I've found its the rule of thumb that the security network can't be accessed from the outside.

How long do you think it take the rating 5 system with scan 5 to overcome the hacker's stealth? Especially if you throw in some floating IC's and corp hackers.

Hot-Sun also grants you more initiative passes, a shadowrunner in who isn't in hot-sim might get hammered to unconciousness by the agents and corp hackers that count as running hot.

Also as I understand it technomancers have +2 because they are always in hot-sim.

Once inside, they haven't won, remember there is that whole chapter hacked once inside. They have plenty of chances to be detected each time they effect a cameria or a maglock (assuming your lucky enougth to find maglocks controlled by the network)

Remember a hacker can't defend from multiple foes in the matrix easily as the street samurai in the meat world.


Also the hacker has to think about what he shuts off, he if simpyl shuts down the camerias someone will notice and alert security. Shuting down or sending false data to each camera one at a time as the team goes by means more rolls/ more chances to glitch and more chances for the roving IC to scan and detect him.
Lord Ben
It's specifically unauthorized access:

Exploit (Hacking)
Exploit programs are constantly-evolving hacker tools specifi
cally designed to take advantage of security fl aws and weaknesses
so that a hacker can gain unauthorized access to a node.
Exploit programs are used for hacking in without authorized access
(p. 221).
GrinderTheTroll
QUOTE (Lord Ben)
It's specifically unauthorized access:

Exploit (Hacking)
Exploit programs are constantly-evolving hacker tools specifi
cally designed to take advantage of security fl aws and weaknesses
so that a hacker can gain unauthorized access to a node.
Exploit programs are used for hacking in without authorized access
(p. 221).

So then just perform a Matrix Perception Test (?) for checking Authorized/Unauthorized user?
Jack Kain
Its the scan program opposed by the targets stealth.
GrinderTheTroll
QUOTE (Jack Kain)
Its the scan program opposed by the targets stealth.

Analyze, but what's the Threshold to know if they are authorized or not? Just 1?
yesman
I second the sentiment that hacking doesn't take any more time than astral recon does. It's just that people aren't used to it happening on the fly.
Jack Kain
QUOTE (GrinderTheTroll)
QUOTE (Jack Kain @ Nov 27 2006, 04:48 PM)
Its the scan program opposed by the targets stealth.

Analyze, but what's the Threshold to know if they are authorized or not? Just 1?

Depends on whos watching I believe and what the person is attempting to do, its largly up to the GM. The standard is the IC sends a message to the corp hackers who then make the call. If the hacker detects them, well then red alert.
Stealth failing in the matrix is similar to stealth failing in the corp building.
GrinderTheTroll
QUOTE (Lord Ben)
It's specifically unauthorized access:

Exploit (Hacking)
Exploit programs are constantly-evolving hacker tools specifi
cally designed to take advantage of security fl aws and weaknesses
so that a hacker can gain unauthorized access to a node.
Exploit programs are used for hacking in without authorized access
(p. 221).

General questions about the definition of Exploit: So then you choose to "exploit" the system to get "admin, security or personal" account-like previlidges but regardless aren't Legit right?

So the safest route would be to grab a legit account then you'd be subject to detection as I mentioned earlier, yes?
Lord Ben
It'd be a standard matrix perception opposed by the stealth (whatever the full dice pools are composed of), and whether it's an authorized user or not would be one of the peices of info you could ask for.

If IC detects the system automatically goes on alert.
Wakshaani
I'd give my right pinky for a "Quick and Dirty Decking" primer.

Two pages, with "If you want to do X, roll Y", some minor notes on each action, and done.

Stuff that a Hacker can do on the fly via AR, rather than multi-step VR whatever.

GM: "Samurai?"

Sammy, "Hold for the Hack."

GM: "Wizbang?"

Wizzer, "Hold for the Hack."

GM: "Sir Hacksalot?"

Hax, "Quick and Dirty, spoof teh camera for the round to show nothing happening."

GML "'Kay. Gimmie Electronic Warfare + Edit, needs 3(?) hits to pull it off."

Hax, *roll* "Bingo! Three it is. Alright guys, do it."

Wizzer, "I Sleep the guard."

Sammy, "I chuck a Pepper Punch grenade."

One roll, handled on a normal initiative pass... my life would be *glorious*.
Lord Ben
Get a legit account and forge the matrix ID of the legit user (or steal her comlink?) and you'd be very hard to detect.

But just because a person has authorization to turn off security guns or cameras does not mean it's not suspicious of them to do so and a hacker might not ask her why.

Example: Your Elven face seduces a hacker and while they're "busy" your teams hacker borrows the commlink (from one room over) and logs into work from whatever hotel they're at. They quickly copy a few files and download a few floor plans and log off leaving a backdoor into the commlink behind. However while on the run the hacker is monitoring the "stolen" commlink and reads an email exchange between another hacker and the seduced one. They ask why they downloaded floor plans and elevator access keys to the R&D lab. The other says he never did and he was at a meeting at a hotel during that time. Uh-oh says the group who's currently inside the R&D lab as they scramble to find out if security is on their way and how to escape because the access codes were instantly changed.
Lord Ben
Wakshaani, I'll work on something. First I'll write up how I would design a facility including some procedures using SR tech into the existing security procedures like at where I work. Then I'll write up what options the hacker has available to himself to get into that facility and if you or others have questions after that I can change it around a bit or write up a new example.
ixombie
SR4 gives you a really easy way for a hacker to be included on your runs as part of the team, not as a time hog. Just make the place you need to go wireless shielded, so you can't access its network from the outside. That way, your hacker goes in with the team and generally stays in AR, doing his matrix actions in time with everyone else.

Also, there's no more constant rolls and tallying security sheaf in "overwatch" mode. Used to be the hacker rolled to hack into the system and every single thing he did required a roll. And a contesting roll from the system. And a comparing of the successes and adding the result to the security sheaf. And a checking the security configuration of the host to figure out if he triggered anything. And a referring to the book to remember what a system alert did. And then a battle with some probe IC. And then more nothing. And then a battle with some attack IC.... dead.gif

Now: Find out where your team needs to get to. Run an exploit in hot sim VR, takes a matter of hours of off-camera time, and a quick extended test to see how long it takes. Now the hacker's in the system with his admin account, watching the team from offsite through the facility's security, opening doors and fooling sensors and so on at will. No rolls, you're an admin! Your word is the system's command. A single extended test replaces ALL of the usual overwatch stuff you'd have to deal with in SR3. And you can still keep it interesting by having enemy IC or hackers running analyze against his stealth to see if they find him, and then having a good ol' matrix brawl if they do. Except the brawl doesn't necessarily suck up time devoted to other runners, since matrix actions happen in the same initiative hierarchy as meatside.

I can see how people might feel like hackers, with their incredible utility, suck up a lot of game time. But if you never played with hackers in SR3, you have no idea what sucking up game time is nyahnyah.gif
Lord Ben
Here is how I'd set up a basic run into a secure facility. I focused on what devices and how the nodes were set up.

The example is a high security door at a large corp office (lets say Ares for the sake of giving it a name) with solid security procedures, but keeping it by the book and within the spirit of the "nearly everything is wireless" 4th edition.

I'm leaving out device ratings randomly, mentioning them only when I think they're important or because I had to cross check something instead of going from memory. Also I'll use RL terms where I find it easiest to describe instead of hacker or technomancer, etc.

First this is a large facility doing something important that has a 24x7 IT team. Day shift is thousands of people working on files in real time and constantly traveling the nodes and an IT department of hundreds with varying levels of computer skills. Maybe 15 "administrators" of varying skill levels, they mostly monitor the data flow and user support via AR and can all initiate countermeasures but don't engage in cybercombat or even have the skill. Probably two true hackers. Upside = not a high risk of encountering IC because of the volume of users, downside = someone might try to use the blueprints file while you're in it and call the IT dept when it's in use and nobody should be using it. Too much time between it and the actual run. At night there is say 3 people on duty. Two who monitor systems (like the other 15), and one true hacker. Figuring 3 shifts that leaves 4 true hackers and around 20 assistants total, and lots of IC. This is onsite people, they could maybe call the Ares HQ for backup, but they're built to be self-sufficient and while HQ would help they're not of immediate help. IE, you won't have to fight off elite Ares prime runner hackers if you're quick about your business.

The IT team of hackers/assistants is located in a wireless proof room within the facility in a very physically secure room (Hacker Node). They're connected to the rest of the facility via wire to a wireless node on the outside (Comm Node). It's subscibed so you'll have to be in the room or tap into the wired connection to hack on the fly or probe the target to give out commands to the whole facility. This wireless node subscribes other nodes located on various areas throughout the company who subscribe devices in their given location (1st Floor Node, Parking Garage Node, etc)

This is a door to enter a secure area. The door is off of a fairly large room. On the opposite wall there is a motion sensor (subscribed to a camera and 4th floor Node, or Node4, that when triggererd sends a wireless transmission to a camera to record the 2 seconds previous to the motion until 2 seconds after. It also notifies Node4 that there was activity. The camera uploads the data to Node4. A log file exists on all 3 devices recording these transactions. The camera has a datachip slot that holds an offline copy of both the camera recordings as well as the activity log. Once per shift/day they are brought to a data center and compared to the online

In front of the secure door (Door1) is a tiled floor with pressure plates. The pressure plates activate a 2nd camera that records the door. Same procedures as the motion camera previously.

The door itself has a card reader (maglock passkey) connected to the door. If swiped it wirelessly talks to Node4 to find out if successful or not and to log the transaction. If successful it does whatever they do to remove the bolt mechanically.

On the other side of the door there is another short hallway, when Door1 opens a light and camera go on (wirelessly activates them), when Door1 is shut it locks again. If Door1 stays open for 10 seconds or more it triggers a silent alarm wirelessly to Node4 (a low level code, but looked at by a RL person). When Door1 is shut and locked then Door2 activates and is opened by a biometric lock that measures the fingerprints and voice code of the user. It's measured against a local copy and it records the activity on the biometric lock and sends a note to Node4. If this is wrong it locks down both doors and shuts out all authorized users except for a few security ID's.

After Door2 is opened there is a T shaped hallway with additional security. It's set up so if there is an explosion (various chem/sound/presure, etc) by someone physically forcing their way past Door2 it will activate a security gun (and camera) on the other side. GM has choices here but my preference would be twin gun with grenade launchers. One does suppressive fire, one identifies individual targets, and the GL shoots into the Door1/Door2 room. It just detects explosions, etc but it works in both directions. PC's who are trying to escape via this route and blow up door 2 will be under constant fire while trying to bypass Door1 until the gun can be dealt with. The gun records everything from the moment of activationg and wirlessly alerts damn near everyone. Assuming there are no explosions or gunfire the gun is silent and does nothing. Don't want to risk shooting your best scientists after all.

Past the T intersection is a room with whatever in it. All activity in the room is recorded by a camera with motion sensors. Individual lockers are locked by keypass but are not hard to bypass (although time consuming during a firefight) if you just rip open the locker and pull out the data chips or samples or whatever manually.

Procedures:
Every 10 minutes the logs are checked by Node4 to ensure that there have been no unreported errors (so spoofing it to say everything has been normal would be rechecked). Every hour it compares the logs of the various devices to ensure that they match. Once at the end of every shift a guard checks the offline security logs on the datachip of the various devices. He plugs in and it's compared to his online files.

If there are confirmed problems the IT people check out the cameras and maybe manually control the doors via AR instead of the auto systems. The hacker or two will jump into various systems and cameras to check things out manually. The system goes on lockdown and only certain ID's are allowed through doors.
Jack Kain
Now thats a high security,
Lord Ben
Here would be a flowchart showing the various devices in the example and what they're subscribed to. This will show you who you'd need to spoof from to spoof the various commands. It also shows the complexity for just searching for "the wireless signal" there would literally be hundreds of wireless signals to sort though.

1. Main Control Node (wireless)
a. Main Communications Node
i. Node1
ii.Node2
iii.Node3
iv.Node4
1. Camera 1
a. Motion Sensor
2. Camera 2
a. Pressure Plates
3. Door 1
a. Maglock reader
4. Door 2
a. Fingerprint reader
b. Voice analyzer
5. Security Gun
a. Chem sniffer
b. Sound detector
c. Light detector
d. Pressure plates
e. Ammo bin
f. Smartlink
6. Node4B
a. Keypad protected lockers
Lord Ben
Well, it doesn't format right without the spaces, but it would look more table of contextish.
Lord Ben
QUOTE (Jack Kain)
Now thats a high security,

It's not even that expensive though. Camera+motion sensor+data chip is about 150y. Maglock + 2 bioreaders + antitamper is 1250 approx.

"nodes" are just commlinks essentially. Although probably with hefty anti-tamper and mounded.

The gun system too would only be around 7500y or so. You could do the whole security setup to guard the data for FAR less than what the runners are getting paid to do the run.
Lord Ben
How to hack it:

Your best bet would be to act with speed before the system compiles data and realizes something is amiss. Fortunately 5 minutes gives you roughly 150 combat rounds and probably 450 initiative passes... smile.gif

Hacking on the fly or probing the target are nearly impossible without getting into the main control area. And getting in there and greasing the guards would be just as hard as getting into the secure area I detailed. Hacking on the fly and probing the target are overly abused IMHO and this solves that little problem. Those rules I never liked because a good pickpocketing scene or a seduction attempt are always way more fun and a more realistic way of gaining access.

However the hacker is still not useless while on the run. Most of the sensors are going to be rating 2 or less so the hacker will need to run with the group to accomplish his mission. He can do the matrix perception of Node4 or the main communication node and send spoofed commands to nearly every device in the system to look the other way, edit logfile, shut down, etc. He just can't get admin access and run the system as his own.

Getting out of dodge isn't that hard either.

The main problem is erasing your datatrail. Fortunately stealth does that to a degree for you while on the run, but after they realize it's missing you're going to leave a whopping data trail assuming you don't plan carefully. But while the gunbunnies are having fun planning their part of it the hacker is wiping data chips and erasing memory on the cameras, sending "all is okay" spoofed signals every couple minutes to the nodes, monitoring for traffic alerts, etc.

It gives the hacker lots to do because the hacking environment is a dynamic place that changes constantly. It's still possible to do, but hacking should never be as simple as hanging out in the parking lot for 5 hours and then having your way with the system during the run.
Mistwalker
Another way of making it a little harder for hackers to run rampant, is to :

Have all admin level users, when logging in using admin level powers, have to use a dongle (USB datastick like device) when they log in. This dongle has hardware and software that must match up to the user ID and password. If all 4 do not match, an alert is sounded.
This system is currently in use today.

Another possible wrinkle, is to have the system match the sign in registry, to make sure the person who is trying to log in, is actually in the building.
hobgoblin
also known as a passkey in SR4 lingo (p215).

and that setup of cameras and nodes makes me think of the old "dungeon crawl" of SR1-2 fame...
Lord Ben
It's 4 cameras and two doors!!

At any rate, when you don't have the passkey you can still probe the target and hack on the fly. Not having the pass key is not a problem for the hacker.
Mistwalker
That was why I was talking about a dongle, you need the hardware for it to work.
I suppose that it is a software piece that reports if something is missing, so could be hacked, if you take that route, but I would add to the threshold if you have to intercept and modify 4 things on the fly.

shrugs
for a really secure place, make it so that the admins have to login at specific terminals only, otherwise they only get normal access.
Lord Ben
The two listed ways of hacking though are specifically for when you DON'T have the card. Cards aren't a way around the hacking attempt, the hacking attempt is a way around the cards.
Butterblume
QUOTE (Lord Ben)
The two listed ways of hacking though are specifically for when you DON'T have the card.  Cards aren't a way around the hacking attempt, the hacking attempt is a way around the cards.

Just what I wanted to say. The need for a dongle might just mean you need one or three more successes on your extended test... At least that's the way I would handle it, for now.
Lord Ben
You can handle it how you want and I fully support liberal house rules to make a hacking encounter more interesting. But the probing the target and on the fly rules are written specifically with bypassing the need for passwords, maglock keys, and dongles. So make sure and let your hacker know ahead of time.
GrinderTheTroll
QUOTE (Lord Ben)
You can handle it how you want and I fully support liberal house rules to make a hacking encounter more interesting. But the probing the target and on the fly rules are written specifically with bypassing the need for passwords, maglock keys, and dongles. So make sure and let your hacker know ahead of time.

Right again.

There are rules listed for dongles for using Accounts. The Exploit (as Ben has pointed out) circumvents the need to legally gain system/device/node access using regular system accounts.

It's a fine line you walk once inside Unauthorized.
Dantic
QUOTE (Jack Kain)
Also as I understand it technomancers have +2 because they are always in hot-sim.

When running in full VR, yes.
Wakshaani
QUOTE (Lord Ben)
Wakshaani, I'll work on something. First I'll write up how I would design a facility including some procedures using SR tech into the existing security procedures like at where I work. Then I'll write up what options the hacker has available to himself to get into that facility and if you or others have questions after that I can change it around a bit or write up a new example.

The facility's fairly simple, so no big.

What I want is an easy resolution method.

Samurai wants to shoot a guy, I can say roll this + this, see if the guys dodges, then the game rolls along.

Mage wants to Banish a spirit, I say roll this + this, Spirit resists, then the game rolls on.

I want the same for the Hacker, where he can say, "I want to jam the camera," I say "Roll this + this," oppose with something, then move on.

I do *not* want "Alright, this round roll to find a wireless node. Nextround, roll to get into the node. Next round, try to find the file. The fourth round try to command teh file. The round after THAT, try to log out."

Just a quick, easy resolution method on par with everyone else.

Heck, even the Rigger has "My drone strafes with my MG," or "I drive the van through the glass window and into the Mafia retaurant."

This + this, opposed by that, done.

That's all I'm askin' for.
Lord Ben
#1 in every run is to know how the system works. In my example Node4 gives commands to the security devices on the 4th floor. Hacker makes a matrix perception test to get the accessID of NODE4. This should not change often so he'll have it throughout the run (as standard).

Since he likely got the access ID and that info before the "I quick turn off the camera" it becomes a simple roll. Hacker rolls Hacking+Spoof, camera rolls pilot+firewall. If he's successful the camera thinks node4 asked it to turn off and it complies.

This would be your simple shootout in hacking terms. However similiar to leaving bodies behind after the shootout you'll also have to deal with log files.
djinni
QUOTE (Jack Kain)
A system 5, fire 5, would have a threshold of 16 to get admin access. When hacking on the fly, every time the hacker makes a check the computer makes a check to beat his stealth.
Its a little known fact that extended tests can be limited to a number of rolls equal to your skill.

I didn't see that in the errata, are you sure it's System+Firewall, and not just Firewall?
where is it listed that extended tests can be limited?
eidolon
Lord Ben, if you need something to retain its formatting when you post it, you can wrap it in [code] tags.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012