I've started running my first SR4 game, and our hacker has never played, so we're in the dark on some scenarios. Let's say he breaks into a system, hacking on the fly, with a user-level account. Then he decides he wants to have a security or admin account. Does he have to step outside the node and make the hacking extended test again at the higher threshold? Make another extended test with the difference in difficulty as the threshold?

That scenario isn't strictly covered in the rules, but I would say he needs to make the extended test again, but doesn't have to leave the node to do it. However, he may not need to get a new account, either. Things that can't be done "legally" with a Hacked account usually just result in substituting the Hacking skill for the Computer skill. For example, to change a file or device that the current account doesn't have access to would be a Hacking + Edit rather than a Computer + Edit. At the GM's discretion, the PC Hacker may not be able to get around the security like that.

If you want a higher level account, you will have to hack an entirely new account. Whether you hacked into a legitimate account, or found a backdoor or whatever you did to get in, you are only allowed a certain set of rights within the node(which on a personal commlink may be no rights at all). If you want better access, you will have to find a new way to get in.

That said, there is nothing you can do in admin that you can't do with user access, just note that a)icons you need may be invisible to you and would require a matrix perception check, and b)you will need to use the hacking skill to do anything your access rights don't allow, which will allow the node to make an opposed firewall+analyze vs your hacking+stealth to detect your illicit action. Certain agents may also be programmed to analyze user and/or security icons more often.

Alternatively: Spoof the Node into believing that your account receives an upgrade to Admin and kill the original Admin account.

This wouldn't work in our game, the way we read the rules. Per Unwired pg 98:



(emphasis mine) Remember you're at a -6 to spoof a command from an admin level account, and that security concious folks will likely consider "delete Admin Accounts" as an order to be ignored. At the very least, I'd think you'd get the "Are you sure: Yes or No" prompt, which the hacker wouldn't see--it'd go directly to the real admin account... and that person would likely raise an alert. Heck, as a GM, I'd say that upgrading a User account to an Admin account would merit a verification prompt, which, again, would tip off the admin -- Remember, when spoofing, you just send the command, you can't actually do anything else:

There is allready a clear mechanic on how to get difference access levels, you use hacking+exploit. It's doesn't really make much sense to allow someone to get different access IDs through a much easier method.

Spoof is another way to get around with low access though, so long as you know a legit access ID. You can spoof commands from that access ID, commanding the node/agents/drones, to do various things and usually not risk detection unless you either a)fail, or b)have someone (or something) watching the traffic heavily.

Spoof however is not a be-all end-all program though, it simulates commands only, you can command the IC to shut itself off, or the drone to turn off it's IFF(unless the rigger was smart enough to hard code the drone to ignore that natch), but you can't tell the node to do something that it couldn't normally do, thats what hacking is for.

Hacking + Spoof then?

Just kidding. Gonna reread the Spoof Section in Unwired.

Technically speaking the hacker have already breached the firewall so they should be able to make a second hacking attempt with a lower treshold since they are already inside the system.

Well if you play it that way then it's a house rule, and frankly I'd take it in your game every time. Facing a Firewall 5 (for example) I would always Hack for a User account at Threshold 5 and then Hack up to Admin at Threshold 6, since that's a ton easier than starting at Threshold 11. I don't see why any Hacker would start out going for an Admin account under such rules (unless time was absolutely critical, but with Hacking On the Fly your looking at a difference of maybe 2 rounds). As soon as you have some mechanic where it is always more advantageous to do X instead of Y with no significant counter-balance, you have a broken mechanic. Plus from a conceptual point of view it doesn't make sense to me.

"Firewall" here doesn't mean the same thing as in the real world. It's an abstraction representing the host's entire security setup, rather than just the program keeping unauthorized users from connecting to it. So you would still have to contend with the hosts' Firewall rating whenever you try to do something your account privileges don't allow you to, even if you have already logged in to a legitimate account.

I never said it would be easy.

Since the person is already inside the system he/she should be able to find the ID of a superuser/admin and spood a command using that persons matrix icon. So a spoof test at a +6 for impersonating someone else and giving the account he is using admin access.