Sorry if this topic's been covered, but I didn't see anything similar in the thread index when I scanned through. Lock if necessary.
Our group's gotten back together after many years away from the game, and we upgraded to 4th edition along with the game. We're just all pretty confused about the 2070 Matrix--implementing the rules, and implementing the omnipresence of AR.
So maybe you folks can help? Here's the two main concerns we have:
1) Where's the limit, as far as using the Matrix/AR? How much can you really do? Anything you can think of? Can every mechanical device with a wireless connection to the Matrix be hacked? Every person's commlink, every place of business's Matrix node? Every vehicle and wirelessly accessible kitchen appliance? Where do you draw the line in your sessions, or do you?
On the same note, how much Matrix interconnectivity do you allow your players to have, in the heat of a run? The 4th ed. sourcebook makes it seem like everyone with even a simple commlink and some AR glasses can have live textual communication, live-updated tacmaps, and the kitchen sink. Where you draw the line here, if at all?
2) As far as implementing the rules for hacking, how many dice rolls should it take for your hacker character to accomplish something meaningful? One dice roll to access a desired node, and one to search for juicy data, and that's it? I'm sure our group is missing some important steps, but we've been away from the game for a long time, the Matrix is totally different in fourth edition, and we were never incredibly familiar with the Matrix in 2nd or 3rd ed. either.
In your sessions, how do you resolve a typical hacking excursion? For example, if the hacker character is armed with a license plate number, how difficult do you make it for him to find out who owns the vehicle, and from that, everything interesting about that person?
My group is anxious to get comfortable with the 4th ed. Matrix, because it's just cool, but we don't feel like we really have a grasp on how to incorporate it into our sessions. Hopefully you guys can share your experiences.
Full Version: Matrix involvement in your sessions: for dummies.
As for what can be hacked... every item, that is accessing the Matrix can be hacked.
That means most commlinks (you can set them to not hook up with the Matrix, but then you can't use them to call someone, obviously).
One *very important* thing to keep in mind, though, not everything that can be hacked gets hacked (all the time), just because it can.
How hacking works...
First you need a way in. There are two option: Hacking on the Fly and Probing the Target. Hacking on the Fly only really works against weak systems, normally you need to take your time (several hours) to find a weak point to exploit. You will find those chapters in the matrix section of the rulebook on page 221. You have to choose a level of access rights (personal, security, admin) with increasing difficulty for the hacking test.
Once inside without sounding an alarm, you can usually go about your business with the access rights you got (there's the Once Inside chapter in the book, which covers some additional things you need to look out for and which might still detect you as an intruder). Some things require higher rights, so you better know what you want beforehand.
For example, you want to download the video from a security camera. To access the camera memory you will probably need security access. So you hack into the system (let's say it works out successfully) and then you need to locate the camera (using Data Search or Analyze probably). Once you got it, you have to edit it to download the data you want (Computer + Edit) and then you surely want to remove your own traces from the system, which requires a Data Search + Browse test to locate the security logs and a Hacking + Edit test to remove the entry with your user id from them. Then you can log out.
Bye
Thanee
That means most commlinks (you can set them to not hook up with the Matrix, but then you can't use them to call someone, obviously).
One *very important* thing to keep in mind, though, not everything that can be hacked gets hacked (all the time), just because it can.
How hacking works...
First you need a way in. There are two option: Hacking on the Fly and Probing the Target. Hacking on the Fly only really works against weak systems, normally you need to take your time (several hours) to find a weak point to exploit. You will find those chapters in the matrix section of the rulebook on page 221. You have to choose a level of access rights (personal, security, admin) with increasing difficulty for the hacking test.
Once inside without sounding an alarm, you can usually go about your business with the access rights you got (there's the Once Inside chapter in the book, which covers some additional things you need to look out for and which might still detect you as an intruder). Some things require higher rights, so you better know what you want beforehand.
For example, you want to download the video from a security camera. To access the camera memory you will probably need security access. So you hack into the system (let's say it works out successfully) and then you need to locate the camera (using Data Search or Analyze probably). Once you got it, you have to edit it to download the data you want (Computer + Edit) and then you surely want to remove your own traces from the system, which requires a Data Search + Browse test to locate the security logs and a Hacking + Edit test to remove the entry with your user id from them. Then you can log out.
Bye
Thanee
One really big concept in SR4 hacking is that you hack a commlink to access the stuff it controls. A parallel, imperfect but similar, would be hacking a DSL router to see what was connected and mess with it.
To make this harder most folks have their wireless set to 'Hidden' mode which is tough to detect ina crowded room if you arent hopping-good at it. [Electronics Warfare to find it]
Once you find it you either use a legit logon to access it with the access restrictions of that login or you hack into it to do things normally restricted. This means a hacker with high Data Search skill could quickly access the remains of the Library of Congress to find a historical record but not quickly find out who was currently standing in a casino's money-counting room.
Its QUITE a flexible world out there and TM's make a mincemeat of it when played properly. Hackers are more flexible but if a TM focuses on drones and sprites they are darned effective.
To make this harder most folks have their wireless set to 'Hidden' mode which is tough to detect ina crowded room if you arent hopping-good at it. [Electronics Warfare to find it]
Once you find it you either use a legit logon to access it with the access restrictions of that login or you hack into it to do things normally restricted. This means a hacker with high Data Search skill could quickly access the remains of the Library of Congress to find a historical record but not quickly find out who was currently standing in a casino's money-counting room.
Its QUITE a flexible world out there and TM's make a mincemeat of it when played properly. Hackers are more flexible but if a TM focuses on drones and sprites they are darned effective.
| QUOTE (Captain K @ Apr 9 2007, 03:37 PM) |
| [I]f the hacker character is armed with a license plate number, how difficult do you make it for him to find out who owns the vehicle, and from that, everything interesting about that person? |
First off the Hacker/TM has to figure out a way to access the data. One good way is for the Hacker/TM to tell the group he needs to break into an insurance company and run the plate. With a bit of hacking the Hacker/TM can pull up a customer and start the paperwork for a collision and use that to find out the name and registered address of the other driver. Scary but true.
Another way is to break into a police node and run a search. Risky, though. Better off paying a visit to a cop who is a contact and asking for a hand.
How hard? A munchkin TM can do it in about 5 dice rolls. They thread their Exploit, Stealth, and Analyze up to 6 [if not 6 already] then use a rating 6 registered sprite to bring it to 12. They then exploit in as an administrator [+6 to threshold], create a legit account for later, wipe off their resonance signature from the exploiting and edit [erasure], and logout. then 1 sec later they login using the legit administrator login, data search for the stuff they want unmolestable by anyone except another threaded, assisted TM.
Usually after walking a GM through that a few times they will either:
1. Trip you up with honeypots, bouncer nodes, and other tricky matrix things [which is great fun] or
2. Take a majority of commlinks offline such as Fixers that dont want to get hacked, or
3. Use a profuse amount of antiwireless paint so remote hacking is nigh impossible, or
4. Say that moderately difficult things just take X amount of time and that you succeed.
Especially if the Hacker/TM has high edge their 1 or 2 big all-or-nothing hacking attempts per run can produce some silly high numbers that only an equally silly cybercombat can balance.
My 2 nuyen... ymmv...
| QUOTE (Wasabi) |
| One really big concept in SR4 hacking is that you hack a commlink to access the stuff it controls. A parallel, imperfect but similar, would be hacking a DSL router to see what was connected and mess with it. |
One of the differences (and it's one that makes hacking the commlink actually make more sense) is that getting access to a DSL router would let you REACH the nodes behind it, but not actually give you any particular control over them. Most of a 2070 person's personal electronics, though, are /designed/ to be controlled via commlink. It's the universal remote for all the stuff you're carrying. So it makes sense that hacking it would let you mess with everything else.
We're playing tomorrow. Would it be helpful to record a hacking session, just so folks can see how we do it?
| QUOTE (Aaron) |
| We're playing tomorrow. Would it be helpful to record a hacking session, just so folks can see how we do it? |
I'd be very interested.
| QUOTE (dionysus) | ||
I'd be very interested. |
Count me as interested, too.
If it's cool with my group, I'll record a hacking session and post it.
I just wanna chime in, even though I think I understand the system and the rolls involved, I haven't playtested it yet. In my game the hacker hasn't got hacking program yet (and when he will they will be rating 1 or 2 at best because of money shortage).
But I still feel that when hacking I will forget a few crucial rolls, or forgot about what to do.
Example: Often recently the hacker has asked for wireless devices nearby (comlink), and I have made him make elec. warfare+scan checks in order to find them. I don't really know what the threshold would be to find a metalink with crappy OS though, 1?
And what if they are in passive mode? Or even hidden?
Secondly, how hard is it to take someone's comlink and access it? Would you still need to hack it in order to log on and check it out? So far that's what I've used.
But I still feel that when hacking I will forget a few crucial rolls, or forgot about what to do.
Example: Often recently the hacker has asked for wireless devices nearby (comlink), and I have made him make elec. warfare+scan checks in order to find them. I don't really know what the threshold would be to find a metalink with crappy OS though, 1?
And what if they are in passive mode? Or even hidden?
Secondly, how hard is it to take someone's comlink and access it? Would you still need to hack it in order to log on and check it out? So far that's what I've used.
| QUOTE (Aaron) |
| We're playing tomorrow. Would it be helpful to record a hacking session, just so folks can see how we do it? |
I'm interested.
| QUOTE (FriendoftheDork @ Apr 9 2007, 08:07 PM) |
| how hard is it to take someone's comlink and access it? Would you still need to hack it in order to log on and check it out? So far that's what I've used. |
Correct. Its a mystery until the firewall is hacked.
The usual sequence is:
Scan for node
Hack node
Enter node
Observe in Detail (matrix perception, to check for an alert and for any agents/spiders)
Data Search (for paydata) or Edit (camera feeds)
Edit logs to erase signs of passage
Logout
The system is constantly doing Analyze operations if its well designed and if an intruder is spotted the node sets off an alarm which gives it a bonus to whoop the intruders patooty. This only works if they dont log in as an Administrator to later hack in with a permitted account.
Another good step to add in there few use is "List Subscribed Devices". Its handy and easy to get a list of what the firewall doesnt want you to monkey with...
Lastly, check out Pavao's site for hacker cards. you stick em in a baseball card sleeve with a playing card behind them and you have a quick reference for your hacking stuff as well as a way to track what programs a hacker has active:
http://www.pavao.org/shadowrun/index.html
| QUOTE (FriendoftheDork) |
| Example: Often recently the hacker has asked for wireless devices nearby (comlink), and I have made him make elec. warfare+scan checks in order to find them. I don't really know what the threshold would be to find a metalink with crappy OS though, 1? And what if they are in passive mode? Or even hidden? Secondly, how hard is it to take someone's comlink and access it? Would you still need to hack it in order to log on and check it out? So far that's what I've used. |
First, during a game, I believe it's better to just assume that a skilled hacker could find the node he was looking for rather than look up a threshold I don't have on hand at the moment. The real fun is once he's in the node anyway.
Second, I would say they need a username and password at least. That usually requires a hack. If you can get access to someone's comlink, you can probably get access to the person, though, so I'd say a little bit of tortue and an intimidate test should get the person to access it for you.
In all seriousness, though, a stolen comlink still needs to be hacked. The hacker can probably bypass the electronic warfare test to find the node if he's holding it in his hand and can just apply a direct cable, IR port, or some similiarly more direct means. Besides, that close to his PAN, it should be one of the strongest unknown wireless signals detected.
| QUOTE (cetiah) |
| First, during a game, I believe it's better to just assume that a skilled hacker could find the node he was looking for rather than look up a threshold I don't have on hand at the moment. The real fun is once he's in the node anyway. |
Thresholds like Scan+EW arent resisted so the only point of the threshold is to determine how long it takes. I 100% agree that this should be relegated to "after 20 or so seconds you find..." and then drive on with the Story.
One thing that i made great use of in my first run with my hacker was wireless interception.
The best way to find out who/when/what a person does with the commlink is to find the signal (wheter or not they are connected to the matrix, just be in range) and tap into the signal.
From there I picked up the commcode to a few of the targets contacts and continued to wiretap them as well and having an agent record everything and send me a message as soon as they contacted a commlinks commcode.
We avoided most of the actual runs stupid plots (why break in when you can listen in) and avoided several time consuming tasks.
The best way to find out who/when/what a person does with the commlink is to find the signal (wheter or not they are connected to the matrix, just be in range) and tap into the signal.
From there I picked up the commcode to a few of the targets contacts and continued to wiretap them as well and having an agent record everything and send me a message as soon as they contacted a commlinks commcode.
We avoided most of the actual runs stupid plots (why break in when you can listen in) and avoided several time consuming tasks.
Thanks for answers, but I still wonder if you can just use scan+electronic warfare to find hidden PANS easily.
Oh and BTW, in my game I have allowed people without the relevant program to take computer tests... for example if someone wants to search the matrix, but couldn't afford a browse program, he still can use the programs automatically built into the OS (think Internet Explorer). Of course, lacking good programs you have to default to the skill only (thus Data Search-1 or Computer -1).
Since hacking programs is not common in ordinary OSs, you'll actually need to buy one first in order to attempt to hack.
Oh and BTW, in my game I have allowed people without the relevant program to take computer tests... for example if someone wants to search the matrix, but couldn't afford a browse program, he still can use the programs automatically built into the OS (think Internet Explorer). Of course, lacking good programs you have to default to the skill only (thus Data Search-1 or Computer -1).
Since hacking programs is not common in ordinary OSs, you'll actually need to buy one first in order to attempt to hack.
| QUOTE (FriendoftheDork) |
| Thanks for answers, but I still wonder if you can just use scan+electronic warfare to find hidden PANS easily. |
With EW4 and Scan6 you throw 10 dice to find a hidden pan. Thats 3.333 hits on average so 5 passes to exceed the threshold of 15. In full VR you'd add two more dice so it would only take 4 passes. Thats a few seconds of real time.
Whats more time consuming than finding hidden pans is finding the RIGHT hidden pans. If in AR you might wanna be overlooking the crowd or if in a meeting room reduce signal to only encompass the room to rule out signals farther away. Barring a good position yourself use drones to triangulate camera feeds with the position of the signals you find.
The short answer is yes, its easy. Its unresisted. thats why most GM's just say it takes a few seconds or maybe a minute and boom, you're looking at a node asking to be hacked.
Well, our hacker didn't need to hack into a node this session, so we faked it and made one up at the end, and recorded it. You can find it here.
The audio has been edited, mostly to remove instances of "um" and "you know" and giant gaps, so if we sound professional it's because of that. Also, I wasn't picky about my cuts, so if we sound like Ask a Ninja, that's why.
The audio has been edited, mostly to remove instances of "um" and "you know" and giant gaps, so if we sound professional it's because of that. Also, I wasn't picky about my cuts, so if we sound like Ask a Ninja, that's why.
Just finished listening. This is extremely useful stuff, thanks so much for making the recording. This answers at least 90% of my questions about how to incorporate hacking into your game session.
One of the few things I'm still not sure about: The "I got three hits, so I get to ask three questions" thing--is that from the sourcebook for Matrix perception, or is that just how your handles Matrix perception tests? Or... all perception tests?
One of the few things I'm still not sure about: The "I got three hits, so I get to ask three questions" thing--is that from the sourcebook for Matrix perception, or is that just how your handles Matrix perception tests? Or... all perception tests?
| QUOTE (Wasabi) | ||
With EW4 and Scan6 you throw 10 dice to find a hidden pan. Thats 3.333 hits on average so 5 passes to exceed the threshold of 15. In full VR you'd add two more dice so it would only take 4 passes. Thats a few seconds of real time. Whats more time consuming than finding hidden pans is finding the RIGHT hidden pans. If in AR you might wanna be overlooking the crowd or if in a meeting room reduce signal to only encompass the room to rule out signals farther away. Barring a good position yourself use drones to triangulate camera feeds with the position of the signals you find. The short answer is yes, its easy. Its unresisted. thats why most GM's just say it takes a few seconds or maybe a minute and boom, you're looking at a node asking to be hacked. |
Alright, I think I got it. The hacker in my group only has 3 dice atm though, so he's likely to glitch (cant afford program).
| QUOTE (FriendoftheDork @ Apr 11 2007, 03:22 AM) |
| Alright, I think I got it. The hacker in my group only has 3 dice atm though, so he's likely to glitch (cant afford program). |
Edge.... when you ab-so-lutely have to hack every node in the room... accept noooo substitutes.
| QUOTE (Wasabi) | ||
Edge.... when you ab-so-lutely have to hack every node in the room... accept noooo substitutes. |
Yeah he has edge 6 (those damned overpowered humans
)Since he's in a static (-2) area, he'll need to use edge just to find a single one... at least until he can afford a REAL Scan programme.
| QUOTE (Captain K) |
| One of the few things I'm still not sure about: The "I got three hits, so I get to ask three questions" thing--is that from the sourcebook for Matrix perception, or is that just how your handles Matrix perception tests? Or... all perception tests? |
Just Matrix perception tests, per p. 217 in your hymnal.
Incidentally, I should also mention that I'll switch back and forth a lot if there are other players present, and not just standing by making snarky comments. All those times where I'm saying "while you're doing that I should mention ..." is when I usually cut to somebody who isn't in cyberspace and give them a bit of time (I cut a lot of hit-counting time in the audio; we're not dice-counting savants).
Another couple of uncertainties for our group--
1) how big/encompassing is "a node"? We haven't been sure how many steps a hacker would need to take if he was trying to access useful data remotely. Something like a small building might be controlled by one node, as in Aaron's recorded hacking session, but what about a large facility? What about a corporate/governmental info database, where a hacker might be looking for vehicle records or SIN information?
In other words, before a remotely located hacker gets into the important node where he can do whatever it is he wants to do, how many steps are there? Just one dice roll to gain access (either hacking on the fly or probing the target) and that's it? Or does he need to hack through many different nodes to get to the one he wants?
2) How do you differentiate between "normal access", "security access", and "admin access"? What kinds of stuff do you allow/disallow for your players at each access level? In our last session, when our hacker character was trying to match a license plate number to a registered owner, we couldn't think of anything that a legitimate user with security access could do on the node in question that a user with only normal access couldn't do, which felt (to me, the GM) like it made the job too easy for the player.
3) How do GMs out there come up with device ratings for their nodes? I know it's pretty much arbitrary, but if you could throw out some examples I'd feel more comfortable doing it myself.
1) how big/encompassing is "a node"? We haven't been sure how many steps a hacker would need to take if he was trying to access useful data remotely. Something like a small building might be controlled by one node, as in Aaron's recorded hacking session, but what about a large facility? What about a corporate/governmental info database, where a hacker might be looking for vehicle records or SIN information?
In other words, before a remotely located hacker gets into the important node where he can do whatever it is he wants to do, how many steps are there? Just one dice roll to gain access (either hacking on the fly or probing the target) and that's it? Or does he need to hack through many different nodes to get to the one he wants?
2) How do you differentiate between "normal access", "security access", and "admin access"? What kinds of stuff do you allow/disallow for your players at each access level? In our last session, when our hacker character was trying to match a license plate number to a registered owner, we couldn't think of anything that a legitimate user with security access could do on the node in question that a user with only normal access couldn't do, which felt (to me, the GM) like it made the job too easy for the player.
3) How do GMs out there come up with device ratings for their nodes? I know it's pretty much arbitrary, but if you could throw out some examples I'd feel more comfortable doing it myself.
( 1 ) Its a matter of debate and the answer depends on how different people tend to view the Matrix. Personally I'd say that as a good rule of thumb the more secure/important the data was the deeper the node it was on will be buried inside the network...
( 2 ) Well, in my games is goes like this:
Normal Access lets you do anything that a typical employee is allowed to do on that Node. You can access data, run 'worksafe' programs freely, ect...
Security Access is usually reserved for the Security Deckers/IT Guys, they can help Normal Users reset their Password, scan the security logs, ect...
Admin Access is basically big brother, they can do everything, including changing the internal settings of the physical computer that runs the Node.
So if all a Decker wants to do is look up a plate number then yeah, Normal Access will do just fine, but if he needs to start turning off security camera, motion sensors, ect then he'd need at least Security Access if not Admin...
( 3 ) Well personally I use the Stat & Skill tables as a guideline, with 3 being 'average' and 7-8 only appearing in nova-hot R&D milspec labs, or in an AI's personal mainframe...
( 2 ) Well, in my games is goes like this:
Normal Access lets you do anything that a typical employee is allowed to do on that Node. You can access data, run 'worksafe' programs freely, ect...
Security Access is usually reserved for the Security Deckers/IT Guys, they can help Normal Users reset their Password, scan the security logs, ect...
Admin Access is basically big brother, they can do everything, including changing the internal settings of the physical computer that runs the Node.
So if all a Decker wants to do is look up a plate number then yeah, Normal Access will do just fine, but if he needs to start turning off security camera, motion sensors, ect then he'd need at least Security Access if not Admin...
( 3 ) Well personally I use the Stat & Skill tables as a guideline, with 3 being 'average' and 7-8 only appearing in nova-hot R&D milspec labs, or in an AI's personal mainframe...
| QUOTE (Captain K) |
| In our last session, when our hacker character was trying to match a license plate number to a registered owner, we couldn't think of anything that a legitimate user with security access could do on the node in question that a user with only normal access couldn't do, which felt (to me, the GM) like it made the job too easy for the player. |
It sounds like you're coming at it from the wrong direction, IMO.
Then eliminate user level access and require them to get security level, not the other way around.
Lots of devices have admin level access only. Most devices that are designed to have only one user/operator, for instance.
Many devices will also have security level access, for those times when you want the user(s) to be able to do mostly everything, except for a few features you want to restrict to just one or two admins.
Finally, large systems, such as hosts, that need limited access for lots of users have the user level.
*This is all in my game, of course, and by no means official. I have no book quotes to back this up, it's just the way I do things.*
So if the system involved is, for example, a dedicated security network, it will have no user access. It's not designed to have lots and lots of users, and the restrictions that go along with that make it harder to crack. Thus, there is only security and admin levels. Just about everyone who uses this system has security access. It lets them look at cameras, lock and unlock doors, command drones, etc. One or two people have admin level access that can lock out security level users and change fundamental system configuration.
Another example: Commlinks. The primary user of commlinks have admin-level access. There are security and user level accounts, but they do almost nothing. They let you look at your commlink's "myspace" page, and whatever other little bits you want to show any random person that finds you interesting. The security level account lets the cops check your ID, but neither account is very useful for a hacker, so for commlinks the admin account is the only one that matters.
Another example: Smartgun system. Admin only. There is no security or user level.
Note: these are my answers to these questions.
| QUOTE (Captain K) |
| 1) how big/encompassing is "a node"? |
However the GM wants the node to be designed. For example, the devices in a person's PAN are generally subscribed to her commlink. In a recent adventure, there was an NPC who was wearing fake cyberware, which was subscribed to a commlink (full of nasty) which was in turn subscribed to the guy's commlink (which was normal). In our example, the run was on a small business, so everything was subscribed to the same node.
I like to use the metaphor of a node being a secure building, where the guards are the IC, and the Firewall and Analyze are the security systems. Choosing how much one node has in it is like deciding how many layers of physical security you want in your building. The NPC above is like a castle with an outer and inner curtain. The small business was more like an ATM shelter in a mall parking lot.
| QUOTE (Captain K) |
| 2) How do you differentiate between "normal access", "security access", and "admin access"? |
Again, it's up to the GM as the designer of the node. Permission to do different things with the commlink is different for each device, depending on its design goals. For example, a fixer's commlink may require admin access for sending messages, but a public access terminal would allow it at user access.
| QUOTE (Captain K) |
| 3) How do GMs out there come up with device ratings for their nodes? |
I use the cost jump for electronics that exists between Rating 3 and Rating 4 and the table on page 214 of your hymnal as a base. If the node is "more secure," I add 1, and if it's "a lot more secure," I add 2. I remember that only hardcore, Kuang-level scary stuff is Rating 7, and most military-grade stuff is 5. Even a rating 3 node can be effective if it's got IC patrolling, and downright impenetrable if there's a spider in the web.
Remember that hacking a node is mostly a stealth game, for nodes that are worthwhile. Back to the building metaphor, one could easily storm and control a village cottage (Rating 2 or so), but the same trick wouldn't work at a military base (Rating 5).
Another thing to remember is that anything you throw at players can be thrown back. When we first took SR4 out for a spin, I played a hacker. The GM took one look at my Rating 5 everything and made the first node we bumped into Rating 6. I "probed the target," and got in with admin access after a number of hours. Then, after a long stretch of breaking of copy protection, I took copies of all the nice Rating 6 programs the node was running, netting me tens of thousands of nuyen worth of software.
| QUOTE (Captain K) |
| Another couple of uncertainties for our group-- 1) how big/encompassing is "a node"? We haven't been sure how many steps a hacker would need to take if he was trying to access useful data remotely. Something like a small building might be controlled by one node, as in Aaron's recorded hacking session, but what about a large facility? What about a corporate/governmental info database, where a hacker might be looking for vehicle records or SIN information? In other words, before a remotely located hacker gets into the important node where he can do whatever it is he wants to do, how many steps are there? Just one dice roll to gain access (either hacking on the fly or probing the target) and that's it? Or does he need to hack through many different nodes to get to the one he wants? 2) How do you differentiate between "normal access", "security access", and "admin access"? What kinds of stuff do you allow/disallow for your players at each access level? In our last session, when our hacker character was trying to match a license plate number to a registered owner, we couldn't think of anything that a legitimate user with security access could do on the node in question that a user with only normal access couldn't do, which felt (to me, the GM) like it made the job too easy for the player. 3) How do GMs out there come up with device ratings for their nodes? I know it's pretty much arbitrary, but if you could throw out some examples I'd feel more comfortable doing it myself. |
1) Honestly, that is all up to you, as the GM. I've had buildings all run off one node and other buildings run off a node for each floor. I've done runs where there was a dedicated node for security access (doors, elevators, temperature controls) and a separate node for data storage. I like to keep changing things for my players so they don't always do the same things in every matix run. Sometimes I might make a node only accessible from a certain location or force the hacker to directly access it via wires...so really, those choices are all up to you and the specific system. I'd recommend keeping it changing just so you are not boring the players or yourself with every matrix run.
2) Again, I think this is all individual, to both the GM and the system. Realize, that with any type of access, a hacker can do anything, its just a matter of whether it is a legitimate action that won't cause the system to think twice or an illegimate action that may cause the system to take actions. Most of the time, if I put a system into a run, I know ahead of time the types of information that I will allow/disallow for certain access types. The rest of the time, I just judge based on my own reasoning. You never have to worry about admin, as they have access to the entire system (granted, that doesn't mean every node can do EVERYTHING, so there could be limitations on a node and no matter what access, the hacker just can't do something). So really, you are just wanting to decide what the difference is between normal and security users. Sometimes one or both of them will not even be available...again, it comes down to how you want to handle it and will differ in each system/node, so there really isn't a wrong answer!
3) Personally, I start everything as a rating 3...programs, IC, everything. If I have a special node for a specific run and pre-plan everything, then I will vary things, but for most on the fly hack jobs my group will throw at me, I just stick to 3s across the board. If I feel the node is really insignificant, with little to no paydata, I'll drop it to 1. And if its something that I think is important, then I will up it to a 4, 5 or 6, but the vast majority, unless I have something specific planned, I stick it at 3.
This is a great topic. It has helped clear up some things for me. I do have some questions about the PAN though.
There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case.
Someone tries to hack into commlink A. Obviously commlink A gets to analyze for any hacking attempts, but does the hacker's commlink as well. Would he be considered a security spider on this network. What about the other commlinks on the PAN? If all of the commlinks were instead subscribed to each other would they get to analyze as well? What about any IC that is running on someones commlink? Could it patrol the whole PAN, or just the commlinks? Would the whole PAN of shadowrunner's commlinks be considered it's own node?
There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case.
Someone tries to hack into commlink A. Obviously commlink A gets to analyze for any hacking attempts, but does the hacker's commlink as well. Would he be considered a security spider on this network. What about the other commlinks on the PAN? If all of the commlinks were instead subscribed to each other would they get to analyze as well? What about any IC that is running on someones commlink? Could it patrol the whole PAN, or just the commlinks? Would the whole PAN of shadowrunner's commlinks be considered it's own node?
| QUOTE (Eleazar) |
| This is a great topic. It has helped clear up some things for me. I do have some questions about the PAN though. There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case. Someone tries to hack into commlink A. Obviously commlink A gets to analyze for any hacking attempts, but does the hacker's commlink as well. Would he be considered a security spider on this network. What about the other commlinks on the PAN? If all of the commlinks were instead subscribed to each other would they get to analyze as well? What about any IC that is running on someones commlink? Could it patrol the whole PAN, or just the commlinks? Would the whole PAN of shadowrunner's commlinks be considered it's own node? |
The way I run it is the team's commlinks become part of the hacker's PAN, assuming that they are all set to send and receive no traffic except to and from the hacker's commlink. Each team member's commlink counts against the hacker's subscription limit, and the connection to the hacker's commlink counts against a team member's subscription limit.
This is basically a form of slaving that my group has come up with. The concept is mentioned in the FAQ, but is neither elaborated upon nor put forward as an official rule, only acting as a foreshadowing of content in upcoming material. The official rules as currently written state that any device can be hacked if one is within Signal range, regardless of subscription or slaving (as it stands, subscription merely means that one need not spend a complex action to log on). As such, I personally only use the house rule for slaving above in home games, and leave it at home when I'm running games at conventions or at my FNGS.
| QUOTE (Eleazar) |
| There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case. |
It's wireless though, all a hacker has to do is spoof as commlink A in order to Hack B. Regardless of how kickass commlink A is, Commlink B only has it's rating and programs to use to defend itself. And the only way to get around this problem is to do callbacks, which increases the traffic enormously. So you can be secure, but at the expense of slowing down your system tremendously.
Which is why smart runners will only network their PANs when they absolutely have too and otherwise will run silent. After all, a the best Decker in the sprawl can't deck his way into a PAN that is only answering via skinlink...
| QUOTE (Captain K) |
| Another couple of uncertainties for our group-- 1) how big/encompassing is "a node"? We haven't been sure how many steps a hacker would need to take if he was trying to access useful data remotely. Something like a small building might be controlled by one node, as in Aaron's recorded hacking session, but what about a large facility? What about a corporate/governmental info database, where a hacker might be looking for vehicle records or SIN information? In other words, before a remotely located hacker gets into the important node where he can do whatever it is he wants to do, how many steps are there? Just one dice roll to gain access (either hacking on the fly or probing the target) and that's it? Or does he need to hack through many different nodes to get to the one he wants? 2) How do you differentiate between "normal access", "security access", and "admin access"? What kinds of stuff do you allow/disallow for your players at each access level? In our last session, when our hacker character was trying to match a license plate number to a registered owner, we couldn't think of anything that a legitimate user with security access could do on the node in question that a user with only normal access couldn't do, which felt (to me, the GM) like it made the job too easy for the player. 3) How do GMs out there come up with device ratings for their nodes? I know it's pretty much arbitrary, but if you could throw out some examples I'd feel more comfortable doing it myself. |
1) Its virtual, so up to the designer. Any time you have something super sensitive you may want to alter the signal strength, hardwire it, etc. Each layer of this security onion, so to speak, should be a seperate node for best effectiveness.
So in the examples above where the security node is should be hardwired, not wireless, and on a node. The data should be on a hardwired node, and the wireless access should be on a regular wireless node with only as much signal rating as appropriate... and using antiwireless paint as appropriate to contain the signal. Will that stop a determined hacker/TM? Heck no, but it'll make them WORK for it...
| QUOTE (Eleazar) |
| This is a great topic. It has helped clear up some things for me. I do have some questions about the PAN though. There is a group of 5 Shadowrunners. They each have a commlink and there is one hacker in the group. All of the Shadowrunners subscribe only to the hackers commlink and the hacker's commlink is set to forward traffic to the other shadowrunners commlinks that are subscribed to his. So in order for commlink A to speak to commlink B it first must talk to the hacker's commlink and then the hacker's commlink forwards the traffic to commlink B. The hacker's commlink is working like a centralized server or router in this case. Someone tries to hack into commlink A. Obviously commlink A gets to analyze for any hacking attempts, but does the hacker's commlink as well. Would he be considered a security spider on this network. What about the other commlinks on the PAN? If all of the commlinks were instead subscribed to each other would they get to analyze as well? What about any IC that is running on someones commlink? Could it patrol the whole PAN, or just the commlinks? Would the whole PAN of shadowrunner's commlinks be considered it's own node? |
The way I have run this, is basically, the group ends up with one node. So, I am abstracting the whole situation due to the subscriptions. So, no one really could hack any of the non-hacker's comms because they are all subscribed to the hacker's commlink. And therefore you end up with not 5 separate nodes, but one node, based on the hacker's comm and then after hacking into it, gain access to the other commlinks...
I don't think there is anything specific in the book about this, but it did seem to make me think that subscribing to devices really changed the way the network reacted. It has worked for me so far and I have even considered having individual nodes inside the group node for each comm, which still needs the spoofing and so forth to access it, but that is just adding another layer (and difficulty), which may or may not be needed for each situation.
But, I think by abstracting the groups comms into one node, stays in line with the rest of SR4 and just keeps it all simple.
Little old barely useable Commlink B has been told to slave itself to Super Cool Hacker Commlink A and only listen to remote connections and commands from Super Cool Commlink A. Evil Hacker Commlink C sniffs the wireless traffic, and through it's super spiffy Decryption, Scan and assorted nasty tricks figures out enough information to Spoof.
Commlink B gets a message! "Hi, I'm Super Cool Hacker Commlink A, could you please shutdown device X ?"
How does Little old barely useable Commlink B tell whether or not the wireless message is really from Commlink A, or Commlink C? Especially if Commlink B has received in that message the appropriate passphrases and codes, which is what a successful Spoof does (As well as a perfectly normal message from a subscribed device).
Commlink B gets a message! "Hi, I'm Super Cool Hacker Commlink A, could you please shutdown device X ?"
How does Little old barely useable Commlink B tell whether or not the wireless message is really from Commlink A, or Commlink C? Especially if Commlink B has received in that message the appropriate passphrases and codes, which is what a successful Spoof does (As well as a perfectly normal message from a subscribed device).
A somewhat important note regarding the ever popular ”Spoof” command. The ONLY thing one can spoof are Agents and Drones – Devices like commlinks are right out. See page 224 SR4.
This means that spoofing a commlink that you have legal access won’t work.
This means that spoofing a commlink that you have legal access won’t work.
Ah, almost forgot. Subscriptions. Although someone might hack a hackers commlink and gain access to it that does not mean that the attacker has access to the subscribed commlinks that the hacker has connected in his subscription list. Remember, the subscription is two-way in the list and the team might not want the hacker to snoop in their commlinks.
Hacker A has a commlink for pure team communications with “Group” as subscription slot 1 for the entire teams communication – this is a user level access that only allows the teams commlinks to use the commlink as a secure relay for commnications.
Each member of the team has a user access as well towards the team commlink which means that none of them have any access to tamper with each others commlinks through the central commnications node.
So, if someone hacks one of the members comms they can only gain user access and listen in on the teams communications. If they hack the communications link they can listen in on all the commlinks as one since it functions as a hub but not access to the actual commlinks.
Hacker A has a commlink for pure team communications with “Group” as subscription slot 1 for the entire teams communication – this is a user level access that only allows the teams commlinks to use the commlink as a secure relay for commnications.
Each member of the team has a user access as well towards the team commlink which means that none of them have any access to tamper with each others commlinks through the central commnications node.
So, if someone hacks one of the members comms they can only gain user access and listen in on the teams communications. If they hack the communications link they can listen in on all the commlinks as one since it functions as a hub but not access to the actual commlinks.
How do you hack someones bank account? Do you A need his security key (with biometric data) or B hack the bank's system and pretend you got it?
In any case, how hard is it?
In any case, how hard is it?
| QUOTE (The Jopp) |
| A somewhat important note regarding the ever popular ”Spoof” command. The ONLY thing one can spoof are Agents and Drones – Devices like commlinks are right out. See page 224 SR4. This means that spoofing a commlink that you have legal access won’t work. |
Perhaps the Intercept Traffic option to insert faked traffic will work instead.
What about the other question regarding the analyze. Do all devices in the PAN get to analyze a hacker trying to hack another commlink in the PAN. If not by default, could I set my commlink to analyze other commlinks on the PAN.
Just found this SR4 pg. 208
"Many parts of the Matrix are open to public access, just
like a web page—anyone can go there and view the contents.
In order to enter some nodes (devices or networks), however—
especially private ones—you must actually log in to an
account."
Notice how nodes are devices or networks. A PAN is a type of network. I am thinking it works exactly the same as if your were in a corporate facility. There is the network the corporate facility has and it consists of it's own node or multiple nodes. Then there are also the individual commlinks of the guards, wageslaves, and security spiders.
Why would a network a hacker sets up be any different from one in a corporate facility? He definitely has the know-how and the tools to do it.
Can a hacker in a corporate facility individually hack the commlinks of the guards, wagesavles, and security spiders? I do not know the answer to this question. If yes, then that makes things rather simple. If no, then why would a network setup by the team's hacker be any different?
Just found this SR4 pg. 208
"Many parts of the Matrix are open to public access, just
like a web page—anyone can go there and view the contents.
In order to enter some nodes (devices or networks), however—
especially private ones—you must actually log in to an
account."
Notice how nodes are devices or networks. A PAN is a type of network. I am thinking it works exactly the same as if your were in a corporate facility. There is the network the corporate facility has and it consists of it's own node or multiple nodes. Then there are also the individual commlinks of the guards, wageslaves, and security spiders.
Why would a network a hacker sets up be any different from one in a corporate facility? He definitely has the know-how and the tools to do it.
Can a hacker in a corporate facility individually hack the commlinks of the guards, wagesavles, and security spiders? I do not know the answer to this question. If yes, then that makes things rather simple. If no, then why would a network setup by the team's hacker be any different?
| QUOTE (Eleazar @ Apr 12 2007, 11:49 AM) |
| What about the other question regarding the analyze. Do all devices in the PAN get to analyze a hacker trying to hack another commlink in the PAN. If not by default, could I set my commlink to analyze other commlinks on the PAN. Just found this SR4 pg. 208 "Many parts of the Matrix are open to public access, just like a web page—anyone can go there and view the contents. In order to enter some nodes (devices or networks), however— especially private ones—you must actually log in to an account." Notice how nodes are devices or networks. A PAN is a type of network. I am thinking it works exactly the same as if your were in a corporate facility. There is the network the corporate facility has and it consists of it's own node or multiple nodes. Then there are also the individual commlinks of the guards, wageslaves, and security spiders. Why would a network a hacker sets up be any different from one in a corporate facility? He definitely has the know-how and the tools to do it. Can a hacker in a corporate facility individually hack the commlinks of the guards, wagesavles, and security spiders? I do not know the answer to this question. If yes, then that makes things rather simple. If no, then why would a network setup by the team's hacker be any different? |
Only things running Analyze get to Analyze. I usually run corporate nodes as running multiple agents that are all actively analyzing and subscribed to each other. They are instructed as a group and if one is spoofed and not the others the others set off an alarm.
If you want to analyze in multiple nodes yourself you would need to be inside each of the nodes and spending actions to scan each node individually. This comes at great risk though because if you get attacked in multiple nodes you're screwed.
Each commlink is a seperate node. A node can contain multiple devices such as wireless cameras, door locks, etc, and all are behind one commlink. Commlink == node. When two nodes are subscribed they trust each other and allow the exchange of info so a shadowrunner team that has one member with cruddy commlink can get hacked and then all the communications the cruddy one is subscribed to can be messed with, recorded, etc, from the cruddy commlink.
Yes, individual commlinks can be hacked. Hacking from the hacked commlink to another one is not the path of least resistance necessarily but it works. This also means running a low signal commlink to hide from corpsec and having high signal drones near you can allow them to hack you through the commlink built into the drones.
Hope that helps!
Which is why the few times I do get to play as opposed to being the DM my Mage makes it a point to geek anyone stupid enough to insists that just because they aren't a Decker they can get by with a crappy link...
Quick note on slaving devices. I just noticed a reference to slaving devices on page 304 of the BBB. My guess is that the concept was intended to be included in the core rules, but was probably edited for space and/or intentionally saved for later books.
| QUOTE (Wasabi) | ||
Only things running Analyze get to Analyze. I usually run corporate nodes as running multiple agents that are all actively analyzing and subscribed to each other. They are instructed as a group and if one is spoofed and not the others the others set off an alarm. If you want to analyze in multiple nodes yourself you would need to be inside each of the nodes and spending actions to scan each node individually. This comes at great risk though because if you get attacked in multiple nodes you're screwed. Each commlink is a seperate node. A node can contain multiple devices such as wireless cameras, door locks, etc, and all are behind one commlink. Commlink == node. When two nodes are subscribed they trust each other and allow the exchange of info so a shadowrunner team that has one member with cruddy commlink can get hacked and then all the communications the cruddy one is subscribed to can be messed with, recorded, etc, from the cruddy commlink. Yes, individual commlinks can be hacked. Hacking from the hacked commlink to another one is not the path of least resistance necessarily but it works. This also means running a low signal commlink to hide from corpsec and having high signal drones near you can allow them to hack you through the commlink built into the drones. Hope that helps! |
If one of the agents is spoofed, how would the others notice unless they succeed in a test to notice the spoof? This isn't something one just automatically knows. Also, to my knowledge there is no possible way to spoof multiple agents at the same time. A spoofed command given to an agent would look as if someone with all of the necessary rights gave the command. Why would an agent put out an alarm against the node itself or a user that gave a legitimate command?
| QUOTE |
| Why would an agent put out an alarm against the node itself or a user that gave a legitimate command? |
It wouldn't. To prevent an alarm in the event of multiple agents watching each other the spoofed command would also need to go to the other agents as if a group of people were bouncers at a club and a con man had only succeeded against one of the group.
FURTHER LOGIC:
If all the agents are subscribed to each other they can be assumed to transfer information freely. Otherwise a camera on a smartgun would only have a chance of projecting crosshairs to the image link and an agent ferrying a data stream in courier fashion might be incomplete in its transmission.
If the agents have instructions to monitor each other, do not hide from each other, and are transmitting their status to each other then the odd-man-out becomes apparent.
THE COUNTER:
To spoof multiple agents use multiple agents. Instruct them as to what they are to do and point out their targets then tell them to begin. Swarm on swarm. Using Sprites and having the Sprites suppress an alarm is even more effective since a high enough Data Search and Analyze can make it so blitzing is possible without fear of an alarm... unless the Sprite suppressing the alarm is de-rezzed.
Just remember the having all those agents talking to each all the time eats up lots and lots of IPs.
Usually enough to effectively make them useless for anything else.
Usually enough to effectively make them useless for anything else.
| QUOTE (DireRadiant) |
| Just remember the having all those agents talking to each all the time eats up lots and lots of IPs. Usually enough to effectively make them useless for anything else. |
I agree with this 1000%.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.