Help - Search - Members - Calendar
Full Version: Creating a THOR node
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2
Talia Invierno
From the Dragon challenge thread:
QUOTE
Fine, make the node that controls thor shots, I'll give my technomancer 200 karma worth, and we'll see if he can make it thor the lair. Then he'll retire with his millions.

Is anyone willing to make up a node worthy of guarding a THOR shot? complete with all the counter-security that would entail?
Crusher Bob
I guess it depends on what the THORs get classified as. Does the rest of the world simply views them as conventional weapons or as NBC type weapons? If they are view as NBC type weapons, then one likely security setup is for the weapons to be manually fired from a manned platform. I'd assume the actuall weapons would be made on the moon and then return to earth orbit. Shooting big rocks into orbit only to drop them back down again costs way too much (unless you want to build a space elevator or sky-hook first).
Ravor
Assume ( Rating 6 ) programs across the board, as much IC as the node(s) can handle (Which depending on how you view Agents as working might either be near infinate or pitiful.) and Security Deckers with ( Skill 4 ) and ( Rating 6 ) commlinks/programs "on call" the moment an alarm is tripped.
Da9iel
THOR shot platform? Why not go higher than 6 on the ratings? This is a mega's or large government's very security sensitive equipment. I think this would be one of the times where pulling out the GM discretion on exceeding a 6 would be totally called for and acceptable.
Aaron
I think 6's are plenty. And to hell with spiders "on call," they'd be patrolling. As would a bunch of IC programs. All of which would be first encountered in the choke-point node that connects to the actual control node. Same thing with the control node. Plus, both nodes would probably be "ultra-violet," which hasn't been defined yet, but is scary.

This is even assuming that the actual launch mechanism doesn't require two metahumans with keys that have to be turned at the same time, like in "War Games."
sunnyside
You know how a lot of the time the hackers/deckers have to actually go on runs because of isolated systems? This is like that, only moreso.

I think after the whole deuce business any vestiges of "our system is just to badass to ever be cracked" would be gone.

It's an isolated system. linked at most to other sattelites in a group, there are a couple metahumans who need FOB codes or something to fire the things up there somewhere.
Buster
Not to rain on your guys' parade, but despite War Games' claim, nuclear missile silos aren't accessible from the outside world, only the personnel stationed inside have the launch keys and there's a big book of verification protocols to authenticate initiation commands. I've worked at a military satellite subcontractor site and even they were completely cut off from the internet. I doubt very seriously that a Thor control station would have ANY access the matrix. There's no reason in the world it would need it.

These MIGHT succeed:
  • Mind control some inside personnel
  • Sneak some trojan horses in with their manual software updates.
  • Impersonate some high ranking official, spoofing military command codes, retinal scans, voice prints, etc. and call in a strike.
  • The usual blackmail, kidnapping, hostage, etc. gambits.
James McMurray
One node? More like 15. All set up in a mazelike matrix with no signposts. And all constantly patrolled by agents and security hackers. Basically you set it up as deep as you need to in order to ensure almost 100% probability of someone's stealth 12 CF being seen through before they can find the actual node that controls the aiming mechanisms, much less the node that contains the firing commands, the other node that holds the load commands, etc.

Then you turn off all of the power until you need to fire something or run a randomly scheduled test.
Ravor
QUOTE (Da9iel)
THOR shot platform? Why not go higher than 6 on the ratings? This is a mega's or large government's very security sensitive equipment. I think this would be one of the times where pulling out the GM discretion on exceeding a 6 would be totally called for and acceptable.


Because I hate the the very idea of allowing ( Rating 8+ ) programs to exist in the world at all, (I used to make expections for AIs, but seeing that they are handled as Sprites, that is covered via Threading.) and see ( Rating 7 ) as literally being prototypes and experiments. (Or perhaps as belonging in an UV Node.)

<><><><><>

As for the rest, well I guess I see Thor Shot platforms as being unmanned, so it would have to have communications, and figure that there are probably enough of them in the sky that they aren't going to all be crawling with Security Deckers.

As for multiple protected nodes and the like, yeah I agree, and I figure that in order to actually launch two Admin Level Users has to enter the command in the same IP pass.

Oh and forget about using the probing rules, you have to hack-on-fly because the system's connection "flickers" 1-4 times an hour unless an Admin Level user disables the feature in the first node. Of course, doing so is hardwired to send out an alert to the corp.
Talia Invierno
One question to ask in designing these systems, perhaps, is how many successful "hijackings" have happened (every one of which would be documented in canon) -- as opposed to how many runner-level attempts (not necessarily documented)?

The lower the fraction, the higher the level of security which is standard.
James McMurray
I think it's safe to assume that a system which can level nations and multinationals, including that of its owner, is probably protected as much as humanly possible. Moreso if its owner happens to be a dragon.
sunnyside
Only thing I remember from anything remotely cannon was the Lone Eagle incident. Where some native americans manage to take a missle silo long enough to launch an ICBM at russia (which didn't reach it's target). However it looks like they didn't have the capacity to change the missles target or anything. And they got taken out shortly after that.

They may have had access to magic at a time when almost no-one else did. (Daniel Howling Coyote was a powerful shaman, quite possibly an initiate, two years after the incident, the immortal elves were able to do some weak magic decades earlier, and the first known awakened critter appeared seven years prior, so it is quite possible they had a little mojo on their side. )
Ravor
Node X

Reponse 6 / System 6 / Firewall 6 / Analyze 6

IC A 6 / Attack 6 / Armor 6 / Analyze 6 / Trace 6

IC B 6 / Black Hammer 6 / Armor 6 / Analyze 6 / Trace 6

Medic 6 / Attack 6 / Black Hammer 6 / Trace 6 are stored on the Node for the IC to change their payload as needed. (If an AR hacking attempt is detected then IC B will change Black Hammer for Attack, and visa-versa.)

Both the IC and the Node are programmed to use Analyze every IP Pass until an intruder is detected. If the IC believes an user to be legal, they will start a Trace and if an illegal access point is discovered then an alarm is raised.

Also the system is running at ( Reponse 5 ) due to system load, so unless one of the IC is crashed treat everything (Except Firewall) as being ( Rating 5 ).

Note that the Node's Matrix connection "flickers" once every 15 minutes unless deactivated by someone with Admin Level access. However, the system is hardwired to send and alert to it's control station in that event. The system gives routine warnings about the connection flicker to avoid dumpshocking their own people. (So you have to hack-on-the-fly, but at least you'll have warning before you are dumped.)


... Repeat as often as you think the corps would spend on Matrix Security, personally I see 2-5 such Nodes to go through. ...


Node A

Reponse 6 / System 6 / Firewall 6 / Analyze 6

IC A 6 / Attack 6 / Armor 6 / Analyze 6 / Stealth 6

IC B 6 / Black Hammer 6 / Armor 6 / Analyze 6 / Stealth 6

Medic 6 / Attack 6 / Black Hammer 6 / Stealth 6 are stored on the Node for the IC to change their payload as needed. (If an AR hacking attempt is detected then IC B will change Black Hammer for Attack, and visa-versa.)

Both the IC and the Node are programmed to use Analyze every IP Pass until an intruder is detected.

Also the system is running at ( Reponse 5 ) due to system load, so unless one of the IC is crashed treat everything (Except Firewall) as being ( Rating 5 ).

This is the actual control node, in order to fire, two Admin Level users has to issue the command in the same IP Pass.

It's not impossible for a Decker, Technomancer, or an AI to hack into by any means, but it generally shouldn't be worth the effort either.

*Edit*

I didn't stat out any Security Deckers that might be logged on since I figure there are enough Thor Platforms to make paying a Security Decker to sit in each system not cost effective, but if an alarm is raised, or if one happens to be logged into the system at any given time assume that they have Physical Stats ( Rating 2 ) / Mental Stats ( Rating 3 ) / Decking Skills ( Rating 4 ) / Commlink ( Rating 6 ) / Program Load ( Rating 6 ).

*Edit 2.0*

Made a few error corrections.

*Edit 3.0*

I made a few more changes to bring the Node more in line with what I was envisioning. Oh, and assume that in order to even gain access to the Node in a first place, you have to first crack a dedicated communications net as well as per Buster's suggestion.
Tarantula
QUOTE (James McMurray)
One node? More like 15. All set up in a mazelike matrix with no signposts. And all constantly patrolled by agents and security hackers. Basically you set it up as deep as you need to in order to ensure almost 100% probability of someone's stealth 12 CF being seen through before they can find the actual node that controls the aiming mechanisms, much less the node that contains the firing commands, the other node that holds the load commands, etc.

Then you turn off all of the power until you need to fire something or run a randomly scheduled test.

It can get higher than 12 with submersion.
Buster
QUOTE (Ravor)
As for the rest, well I guess I see Thor Shot platforms as being unmanned, so it would have to have communications...

True, if they are unmanned then they would definitely be remotely accessible, however that doesn't necessarily mean that those comm lines have any connection to the matrix.

If I owned a weapon like that, I'd communicate with it via a chain of dedicated direct-line-of-site microwave/laser comm lines that have no connection to anything else. I would have a dedicated stream from ground-base to geosynchronous relay-satellite, then dedicated streams to relay-satellites around the globe until reaching the actual weapon platform. To bust into that system you'd need to fly a drone right into one of its streams and spoof it with a (literal) man-in-the-middle attack.

Also, if I was a country with a megabillion-nuyen weapon that can take out any of my hardened bunkers and make a mess of any of my cities, I would spend a huge chunk of my national budget on security. I would have at least a few security deckers online 24/7 on the platform and each of the dedicated relay nodes and have hordes of agents on top of that just in case someone spoofed the comm lines with a drone-based man-in-the-middle attack.
Ravor
Aye, with the exception of Security Deckers I agree with everything you just said. cyber.gif
Tarantula
But then all I have to do is get a hold of a microwave/laser transmitter, and spoof commands to it. Even easier.
Buster
QUOTE (Ravor)
Aye, with the exception of Security Deckers I agree with everything you just said.  cyber.gif

True, on second thought: never send a human to do the job of a machine. As an aspiring supervillain, I would never trust my superweapons in the hands of mere mortals, I'd go agents/IC all the way.
Ravor
I don't think Spoof actually works like that Tarantula, because even with a dedicated communications network you could still pile on the Node System I posted on top of that, so spoofing your way into the communications grid would only allow you a crack at hacking your way into the platform itself.
Ryu
If it has to be a matrix node, I´d have a rather simple device check the list of accounts vs. an offline list every round (every IP if you are even more paranoid). If the online list contains unknown entries, the node is SWAMPED by IC and the THOR controller taken offline.
Ravor
Ok, question, exactly what type of device are you using to check an offline list against an online list in orbit? And how exactly do you update the ofline list which you would want to do on a regular basis?
Eleazar
All of these fail-safes people keep mentioning could all be worked around by a simple hacking+exploit or hacking+spoof test. You have to remember that hacking in SR4 is very abstract.

One last thing, for those of us that don't know what a THOR platform is, what is it?
Ravor
Sure, a ( Hacking + Exploit Test ) gets you into the node, but you still have to deal with it's defenses, including IC, hacking isn't quite that abstract.

And basically a THOR Platform is an orbital railgun that launches metal rods at ground based targets.
Fix-it
something like a THOR or nuclear weapons would not be controllable via the matrix.

period. end of story.

you don't put the security of something like that in the hands of a system that can be manipulated maliciously.

I'm pretty sure everyone in SR has seen the Terminator trilogy.
Ravor
Ok, then how do you control your unmanned orbital rail guns?
Buster
QUOTE (Ravor @ Jul 19 2007, 12:23 PM)
Ok, then how do you control your unmanned orbital rail guns?

See my posts above.
QUOTE (buster)

If I owned a weapon like that, I'd communicate with it via a chain of dedicated direct-line-of-site microwave/laser comm lines that have no connection to anything else.  I would have a dedicated stream from ground-base to geosynchronous relay-satellite, then dedicated streams to relay-satellites around the globe until reaching the actual weapon platform.  To bust into that system you'd need to fly a drone right into one of its streams and spoof it with a (literal) man-in-the-middle attack.
Moon-Hawk
QUOTE (Ravor)
Ok, then how do you control your unmanned orbital rail guns?

There is no control system. It's a bluff that you hope nobody is crazy enough to call. biggrin.gif
Ravor
Aye Buster, I liked your idea of a dedicated communications network enough that I made mention of it in an Edit of my Node writeup, but even with such a network, it's still possible, albeit harder to hack your way into a Thor Platform.
Ryu
The device is located on the orbital platform and the list does not require regular updates. It´s more like a single code in an envelope in the CEOs personal safe anyway.
Ravor
Umm, oookkk. The idea of not being able to change your launch-codes as needed and quickly is just scary to me. And still, exactly what type of device are you using to check in the first place?
Lilt
Well, first you need to consider the price of the various hardware and software you're talking about, and consider the price of making them manned with the normal security parameters against normal attack.

If they're connected somehow, it'd be via direct connections, and wouldn't be via one direct connection. There would be multiples that would all need to be hacked simultaneously.

If they're manned, employees would be screened psychologically and physically at delta clinics and would be initially chosen for their loyalty. As the Thor systems are in space, they've already got protection against magical interference that ground-based operations do not have.

Note: Making them turn themselves off at the first sign of danger is not an option. Otherwise, the opponent might just send a bunch of hackers at the target and watch as they get creamed but the attack is prevented.

I think that any rating beyond 7 represents ahead-of-the game stuff, and I'd happily give key stuff in military environments ratings of 7 or above. Sure, it can be experimental or task-centric, but when military budgets are involved and teams of scientists work on something dedicated you get a lot out of it. Weren't the Colossus code-cracking machines from WW2 supposedly still better than some modern computers at cracking codes, even though they were running on valves? That's an old story, I wouldn't be surprised if it had been surpassed nowadays, but IMHO ratings of 7 or above are fair game for 'unreasonable' hardware and software.

If you must, consider what multiple rating 6 machines would be like working together towards the same task, or make the hacker make their rolls twice and say they're having to hack-in both ways simultaneously. Stack the odds against the hacker, it is possible.
Ryu
A ROM+RAM-device that has the list in ROM and requires a copy of the "user-list" written into its RAM once per round. If that doesn´t happen or results in a different copy, alert is triggered.

The basic limitation is "a matrix node". I´d have the sattelite on a PAN with a group of comlinks that are hardwired to each other and connected to the sattelite via LASER. The comlink-network is NOT connected to the matrix and sitting in a secure room in corporate HQ. Straight out forget entering this system without admin-accesscodes known beforehand. Any activity on the datajack-ports has to be legitimated in the first round else it is considered an attack. No probing the system.

Remember the list of THOR owners and think about the security involved at HQ itself.
Coren
Actually, I'd probably just have it non-wireless accessable (on site only and only at one terminal), and make it so you would need a special socket in your datajack along with the datajack needing specific hardware (think Omega cyberdeck from 3E Shadowrun Companion).
Ravor
Well personally I figure that any corp big enough to even think about owning a Thor Platform is big enough not to worry about little things like copy protection (I figure that they have access to a copy of the Source Code used to make the software that everyone else is buying.), so you are basically looking at hardware costs plus whatever salary a Decker capable of coding non-copy protected ( Rating 6 ) software brings in. *Edit* And they would already want to have the Decker on staff even without worrying about protecting their Thor Platforms so that isn't really an added cost. */Edit*

<><><><><>

Ryu, if the list isn't in orbit then you are leaving your system open to Buster's "drone-in-the-middle" attack. And you know that you simply can't have a direct laser connection from Corp HQ to your Thor Platform, you have to also have relay stats in orbit that can also be spoofed.

No, although you will want some decent ground-based security, you also need to make sure that everything in orbit is capable of standing on it's own two feet.

<><><><><>

Coren, sure but unless your Thor Platforms are manned then a signal has to be sent to orbit at some time.
kzt
QUOTE (Ryu)
A ROM+RAM-device that has the list in ROM and requires a copy of the "user-list" written into its RAM once per round. If that doesn´t happen or results in a different copy, alert is triggered.

The basic limitation is "a matrix node". I´d have the sattelite on a PAN with a group of comlinks that are hardwired to each other and connected to the sattelite via LASER. The comlink-network is NOT connected to the matrix and sitting in a secure room in corporate HQ. Straight out forget entering this system without admin-accesscodes known beforehand. Any activity on the datajack-ports has to be legitimated in the first round else it is considered an attack. No probing the system.

Remember the list of THOR owners and think about the security involved at HQ itself.

The other element could be you store the rounds without their operating code. If you access the system you can fire it, but it's inert. It just fall out of the launch canister. To effectively deliver the round you need to access the totally seperate system that takes a northing, easting and elevation and produces a cryptographically sealed guidiance program that is good for 10 seconds.

This is generated in a totally seperate system that is equally hardened, and if an alarm is detected on either they are both shut down until it is resolved and all the nodes and weapons are verified clean.
James McMurray
QUOTE (Lilt)
Note: Making them turn themselves off at the first sign of danger is not an option. Otherwise, the opponent might just send a bunch of hackers at the target and watch as they get creamed but the attack is prevented.

True, they probably shouldn't be set to turn off the instance any trouble is detected, but should almost certainly be set to turn off the instant trouble is detected at or beyond node 5 out of 100 (or whatever arbitrary number of intervening nodes you pick). Since all of those nodes have top notch security, any trouble past that is a definite sign of a persistent and extremely capable enemy.
Ravor
Hmm, very interesting point kzt, but what workaround do the corps have in place for the next corp war? Surely they aren't going to allow a rival corp the ability to shut down their Thor Platforms by purposely tripping alarms in either system?
Ryu
I have the list in orbit, have fun getting there. And I´m willing to have a dedicated relay network in orbit, guarded as before and communicating via directional channels with individual THORs. I like that even better than linking straight to a THOR.
Ravor
Yeah, and I'm back to;

QUOTE (Ravor)
Umm, oookkk. The idea of not being able to change your launch-codes as needed and quickly is just scary to me.


Because even if they are locked up in your CEOs personal safe or in a secure room at Corp HQ, people still have to be able to actually get to them when needed, and any security system that is actually usable is also exploitable by nature.
Eleazar
QUOTE (Buster)
QUOTE (Ravor @ Jul 19 2007, 12:23 PM)
Ok, then how do you control your unmanned orbital rail guns?

See my posts above.
QUOTE (buster)

If I owned a weapon like that, I'd communicate with it via a chain of dedicated direct-line-of-site microwave/laser comm lines that have no connection to anything else.  I would have a dedicated stream from ground-base to geosynchronous relay-satellite, then dedicated streams to relay-satellites around the globe until reaching the actual weapon platform.  To bust into that system you'd need to fly a drone right into one of its streams and spoof it with a (literal) man-in-the-middle attack.

Why wouldn't a spoofing test work for this? The most difficult thing it would require me to do is hijack one of these relay satellites. I don't even think scenarios like this were even meant to be covered by the SR4 rules. As far as SR4 goes, the only option would be a satellite link which is just a wireless signal 8. People are giving some great solutions but they actually have to be feasible within the rules since this is meant to be for SR4.
Ravor
Well the way I see it, a simple spoofing test wouldn't work because a Thor Platform isn't the same as a drone which is designed to accept and execute commands instantly, in my example, spoofing would allow you to access the platform's node, but you still have to hack the nodes themselves in order to fire the weapon.

Basically it's the same reason I can't just spoof a corp system into giving me all of it's paydata as well as shuting down the security systems and opening the elevator doors for my team, I ahve to actually hack the systems and be able to Stealth (Or Crash) whatever IC/Security Deckers are standing in my way.
kzt
QUOTE (Ravor)
Hmm, very interesting point kzt, but what workaround do the corps have in place for the next corp war? Surely they aren't going to allow a rival corp the ability to shut down their Thor Platforms by purposely tripping alarms in either system?

It's on an isolated network running just raw IP V6 with SSH and SCP over a crypto tunnel. Without the GUI nobody can hack it. biggrin.gif biggrin.gif
Ravor
eek.gif Umm, you want to run that by me again, in english this time? cool.gif
Eleazar
QUOTE (Ravor)
Well the way I see it, a simple spoofing test wouldn't work because a Thor Platform isn't the same as a drone which is designed to accept and execute commands instantly, in my example, spoofing would allow you to access the platform's node, but you still have to hack the nodes themselves in order to fire the weapon.

Basically it's the same reason I can't just spoof a corp system into giving me all of it's paydata as well as shuting down the security systems and opening the elevator doors for my team, I ahve to actually hack the systems and be able to Stealth (Or Crash) whatever IC/Security Deckers are standing in my way.

I think you and I came to a misunderstanding. That was in response to Busters scenario where the commands were being directly given from the satellites. So the relay satellites would be like a rigger controlling a drone.
kzt
QUOTE (Ravor)
eek.gif Umm, you want to run that by me again, in english this time? cool.gif

It's not running matrix protocols at all, and requires that you have physical access to one of the terminals.
Ravor
Ok, yeah in that scenerio I agree, a single Spoof Test and you're ready to rain fiery destruction down upon your enemies, starting with one soon to be very crispy bunkered dragon. cyber.gif

Talia Invierno does that count as a win for the runners? cool.gif
Buster
I'm thinking that Thor platforms are strategic, rather than tactical weapons, so a few more milliseconds wouldn't matter in their security systems. This allows you to add a lot of layers of security to the system that you couldn't have in a drone.

Since each relay is potentially a weak link, I imagine that each relay satellite would be a cluster of nodes that have to be hacked through before moving on to the next relay. I'm thinking of the opening intro to the Get Smart TV show where Agent Smart has to go through a Rube Goldberg set of security doors before he gets to the trapdoor at the end of the complex. biggrin.gif
Ravor
Ok, other then the near impossiblity of actually managing to hack into the system not once but twice, what would a runner have to do in order to code her own version of a guideance program?

I would assume that Thor Platforms have to be tested through dry runs once in a while, so a Decker should be able to get a peak at a sample during one of the tests since we are talking about a team that can find and get to a dragon's lair with no questions asked. wink.gif

Kyoto Kid
A Thor shot platform/command centre should be at the very least as difficult as cracking Zurich Orbital. Not only would the system be isolated from the outside, but, not having everything in one convenient gift wrapped package would add to the security.

@Adam & Ravor: Two (or more) Metahumans with the interlock passkeys inserted simultaneously would be an excellent failsafe, especially if they were aboard the orbital platform. This can even be layered. For one, you would have to go “up there? to deal with them, Second, hope the runners have Zero G experience or things could get pretty interesting in a hurry. Target Wastelands has a lot of good info on dealing with micro & zero G environments. One additional thing I do is have the runners perform a body test to not lose their lunch (this has even happened to trained astronauts in RL). Even if the test succeeded, I would have the PCs without Zero/Micro G training suffer the effects of nausea for a period of 24 hrs – (Body + Willpower). Of course the personnel aborad the station would have the proper conditioning & training. Finally, in space, “no one can hear the mage scream?.

The platform itself would have it's own security measures as well. Platform Personnel would be armed with tasers, stun batons, and possibly dart/squirt pistols (as these would not cause a hull breach). Other measures could include low velocity flechette launchers (to rip holes in the space suits of intruders) concealed in strategic areas. The module would then be sealed off and either flooded with a neuro/stun toxin or if the owner is really sadistic, simply have the module's atmosphere vented out. These could either be manually triggered by the station's security operator and/or tied to access codes.

There would be of course also be full fire control redundancy in the event the command facility is totally compromised. In a sense this can be a very nasty “insurance policy? if necessary. OK, dodge rolls – er – Edge attributes everyone… grinbig.gif

@Buster: To further reduce the risk of magical tampering I would also consider setting the ground based centre it in an area with a high background count or even possibly a mana void. Even if the team's mage got to one or more of the personnel on the outside, the spells would go have a good chance to *poof* once they entered the area.

Barring that, at the very least, the centre would have a ward around it, and a hefty one at that (most likely ritually cast). Inside there would be all sorts of Magical countermeasures as well including FAB, UV mist emitters, patrolling spirits, and at least two Initiate Mages with another on "astral call". All personnel entering would also be routinely subjected to an astral screening at the initial chokepoint through a direct fibre optic link (e.g. a built in version of Mage Sight Goggles) to the security centre.

@James: (on the topic of multiple nodes) My thoughts exactly especially if several of them are false leads. Of course these are still loaded with IC.
Ravor
Sure, the problem is that I'm having trouble imagining a manned Thor platform as being cost effective and the moment that you try to design an umanned platform then the old multiple key trick isn't nearly as effective anymore.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012