Help - Search - Members - Calendar
Full Version: Hacking Commlinks for Fun & Profit
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2
Ayeohx
According to what I've read so far it appears that ID theft is a big problem. It looks like hackers can go on shopping sprees. Unfortunately I can't figure out how they can do it in SR. Can someone give me a few examples showing how to hijack someone's nuyen? I'd really appreciate an example showing how to hack someones commlink to steal cash if at all possible. Thanks!
Writer
I would say that once you get into Average Shopper's commlink by defeating the Firewall 3, you control their commlink. Copying the Legitimate ID files and using those on your own commlink would be simple enough for shopping. Treat it like a Rating 1 fake ID, as it won't last long. Shopping doesn't entail anything more than a simple scan with no biometrics. Also, the person whose ID you stole will probably be notified quickly, since your shopping habits are most likely nothing like the shopping habits of the stolen ID. This will trigger some alerts. Tracking shopping habits are not just for advertising. To some extent, this process is already in place, but usually for large purchases only, and for credit cards, not debit cards.
Method
I think Writer has the right idea. There is no "money" on the commlink. Any nuyen the slag has are just credits in an international banking system, the computers for which are far more secure that the average commlink. What you are really stealing is the ID info necessary to spend that money, and the banks clamp down on that as soon as they figure out what is happening. You could try to cash out the slag's bank accounts and convert to certified cred sticks or corp scrip but that would likely require entering a bank or other business and undergoing far great scrutiny. Any hacker who does that too often will eventually get caught.
Ayeohx
I'll give you a scenario and you tell me how wrong I am. smile.gif

I'm in a club and some schmuck has switched his commlink to active; I guess he really wants chicks to check his profile. The guy's not rich so he's sporting a crappy commlink: A CMT Link (Response 1 / Signal 3) with a Vector Xvim OS (Firewall & System 1).

#1. I make a Matrix perception on his node to get his accessID (right?).

#2. I want his Personal Data file, the one that contains EVERYTHING about him including cred accounts. Can I:

#2a. Spoof a command at admin level to send the file from his link to my backup link?

#2b. Hack on the Fly, make an admin account and transfer the file to my backup?

#3. After I get the Personal Data file I can then decrypt it. Can I then access his cred accounts and transfer his money to my certified credsticks?

This seems like an easy way to get money. Will it work?
KCKitsune
All this makes me glad my Chaos mage's cyber commlink has Firewall 6 and Encrypt 6, and IC running.
GreyBrother
Spoofing a 'link with it's own AID wouldn't work in my game. It would be like saying "Hi, i am you, now gimme that info i want."
Since he is active you have the node, you can do a matrix perception for certain information but if you'd want the ID information you'd have to hack him.
Alternatively, you go to shops which only require an AID and a name for checkout and let the poor schmuck get all the bills when you spoof his AID. But i am not sure if such etablissements exist.
Medicineman
For some of my Chars I use a Decoy Comlink(The cheap 1/1/1/3 ones) for my fake Sin,Licences and Public Identitity/Front and so on.
These are connected to an "Allowance Account" ,so a Hacker invading the comlink can't get more than 50¥ /Week

with a Public Dance
Medicineman
Kerenshara
QUOTE (Method @ May 17 2009, 09:39 PM) *
I think Writer has the right idea. There is no "money" on the commlink. Any nuyen the slag has are just credits in an international banking system, the computers for which are far more secure that the average commlink. What you are really stealing is the ID info necessary to spend that money, and the banks clamp down on that as soon as they figure out what is happening. You could try to cash out the slag's bank accounts and convert to certified cred sticks or corp scrip but that would likely require entering a bank or other business and undergoing far great scrutiny. Any hacker who does that too often will eventually get caught.

This isn't necessarily the case. You can still have "cash" on the 'link (notice the BBB mention of an included credstick reader) but why would you as Joesephine Average Shopper? Lose the comlink, lose the "cash" stored on it. If you keep it in the nice, safe bank...

But a shadowrunner might choose otherwise, mightent they? My GM made a big show of having a bartender pull out an OLD and very DUSTY credstick reader when I tried to use one to pay at a higher end bar, but I don't think that's particularly canon so much as him feeling like whacking me for being parano- er, I mean overly security concious In Character. I can't remember where I saw reference to this precisely; Maybe somebody who worship- er, I mean is very intimitely familiar with the BBB and lesser gospels of the RAW can lend a hand with a citation for me?
Kerenshara
QUOTE (Ayeohx @ May 17 2009, 10:48 PM) *
I'll give you a scenario and you tell me how wrong I am. smile.gif

I'm in a club and some schmuck has switched his commlink to active; I guess he really wants chicks to check his profile. The guy's not rich so he's sporting a crappy commlink: A CMT Link (Response 1 / Signal 3) with a Vector Xvim OS (Firewall & System 1).

#1. I make a Matrix perception on his node to get his accessID (right?).

#2. I want his Personal Data file, the one that contains EVERYTHING about him including cred accounts. Can I:

#2a. Spoof a command at admin level to send the file from his link to my backup link?

#2b. Hack on the Fly, make an admin account and transfer the file to my backup?

#3. After I get the Personal Data file I can then decrypt it. Can I then access his cred accounts and transfer his money to my certified credsticks?

This seems like an easy way to get money. Will it work?

By the RAW, I would think so. On the other hand, Matrix work isn't my strong point. Here's another case where we are back to another thread's discussion of SiN's and "common sense" from the GM. How fast could you get that money transfered via proxy to a numbered shadow account then re-transfered to another before they figure out the hack (two IPs/MAC IDs at the same time for one account) and freeze the assets?
Method
QUOTE (Ayeohx @ May 17 2009, 08:48 PM) *
#3. After I get the Personal Data file I can then decrypt it. Can I then access his cred accounts and transfer his money to my certified credsticks?

This seems like an easy way to get money. Will it work?

All well and good... unless the nuyen has some kind of serial identification imbedded in it (not sure if there is any cannon basis for that). Then you need to launder the money, which requires help from certain groups of people with financial resources and moral flexibility- the kind of people that will require a large cut of the money.

I guess really what it boils down to is this: Do you want hackers to have this ability in your game? If you don't you can find a reasonable explanation as to why its not possible or not worth the effort. If you don't care, then go nuts.

Personally I think it defeats the purpose of playing SR- who wants to RP a dude sitting around in a mall all day picking peoples virtual pockets? Maybe they just do it as a side-line when they need cash- well if its that easy why do they bother with shadowrunning? (See the age old "Economy of Car Jacking" argument).
Ayeohx
You're right Method, I remember that nuyen have digital signatures (or at least they did back in 3rd ed). If so then nuyen can probably be flagged as stolen. I wonder what system handles that and how that'd work.

@Karenshara
I don't believe the commcode or accessID is linked to the cred accounts. Otherwise I wouldn't be able to upgrade to a new commlink without going through red tape. I believe when you change commlinks you transfer your Personal Data file over and thats that. Not sure if you have to set up your MSP connection again though.

@Greybrother
To support you the SR4A says:
"The target of a spoof attempt must either have a Pilot rating or be a peripheral device."
I don't think a Commlink is a peripheral device, correct? But couldn't you spoof info between to commlinks that are communicating? Huh, not sure.
kzt
No that would work fine. In SR the whole purpose of certified credsticks is to provide lazy GMs a way to give their lazy players untraceable money. By cannon you can't trace money once it goes into a certified credstick or that wouldn't work.

It's also pretty clearly not possible to have certified credsticks be untraceable and also prevent that from being trivially forgeable in SR, but I digress.

Anyhow, yeah, any semi-competent hacker can, by the rules, make a lot more money stealing small sums from passerbys than they can make running the shadows at the suggested payment rates in the book. Pretty much the GM has to fiat that they CANNOT do that.
Chrysalis
Or as I pointed out in the other thread is you mug or steal the person's commlink and go on your online shopping spree, or transfer their money to a credstick and then go on a shopping spree.

This actually indicates that a commlink is less secure than a RL credit card, where with a credit card you have a PIN which you have to place in and with larger transactions a photo ID must be shown. This of course varies from country-to-country.
GreyBrother
QUOTE (Ayeohx @ May 18 2009, 09:53 AM) *
@Greybrother
To support you the SR4A says:
"The target of a spoof attempt must either have a Pilot rating or be a peripheral device."
I don't think a Commlink is a peripheral device, correct? But couldn't you spoof info between to commlinks that are communicating? Huh, not sure.

Nice, i didn't know that. Very sad, i always thought you can also spoof a kommlink or a nexus. Well... as for spoofing the communication, i'd suggest you intercept the traffic and edit it, but i can't quote the RAW since my books aren't available at the moment.
Larme
People are always confused about spoof -- it's not some general term for tricking a device, it's specifically a way to command a drone or slaved device while pretending to be its master. If you want to issue commands a commlink, you have to hack in and get authorized access for yourself. After that, it's a very simple matter to copy someone's ID. It might be encrypted, but that's not really a big problem. But it seems to me that if two people were using the same SIN at the same time, the system would detect it almost immediately and quash the copy. That's why fake SINs are so complicated to make -- you have to take a valid number, but scrub away anything that could show it's stolen or fake. You can't just steal one and make do.
Writer
Pickpocket hacking is all a matter of scale. People who have money worth stealing probably have the security to protect it. Pulling 5 nuyen from 100 people who have weak security really isn't worth your time, if you are trying to pay for some serious hardware or software costing thousands. Also, I tend to think that the hackers of 2070 wouldn't ever admit to doing this, even if they did. They would lose all respect from the hackers that pulled in 2,000 nuyens for hacking a small companies alarm system so the samurai could steal something physical.

"Man, you should have seen the way he took down those three guards!"
"Oh, yeah? I made someone's grandmother pay for my burrito!"

And there is always the "shopping habits" theory. If dumping your credit into certified accounts isn't part of your makeup, the bank holding your credit might not allow the transfer until it received some high security verification. The target might be asked to contact a branch in person. There are (have to be) reasons why the wireless world works. Otherwise, we revert back to 3rd Edition.
hobgoblin
just go with spoofing a lifestyle from unwired and leave it at that...
Kerenshara
QUOTE (Ayeohx @ May 18 2009, 02:53 AM) *
@Karenshara
I don't believe the commcode or accessID is linked to the cred accounts. Otherwise I wouldn't be able to upgrade to a new commlink without going through red tape. I believe when you change commlinks you transfer your Personal Data file over and thats that. Not sure if you have to set up your MSP connection again though.

OK, I KNOW we're talking about two diferent things here. I wasn't talking about having to register any single MAC or IP, I was actually referring to any single attempt to access ANY single account simultaneously from two SEPARATE MACs and IPs simultaneously. In other words, "You are already logged in on another device" or "You have been logged out because you have logged in on another device". Make sense?
DireRadiant
The Matrix isn't about files. It's about accounts and authentication. Nuyen isn't in a file. It's in an account. What's on the commlink is simply the list of common accounts and personal history for the users convenience. The commlink is the net device for accessing the rest of the Matrix where everything else happens. It's very rare that any transaction occurs solely between two devices. Sure you can take my commlink, or find what's on it, but you need my authentication to access and use the accounts.
hobgoblin
and thats why a IT student can have fun with the local vending machine payment system (thanks to the data on the card or keyfob being the actual rest amount), but cant do so with a debit card, as it just id the account to access, and in combo with the pin, a legitimate user of said account...
Writer
QUOTE (DireRadiant @ May 18 2009, 09:32 AM) *
The Matrix isn't about files. It's about accounts and authentication. Nuyen isn't in a file. It's in an account. What's on the commlink is simply the list of common accounts and personal history for the users convenience. The commlink is the net device for accessing the rest of the Matrix where everything else happens. It's very rare that any transaction occurs solely between two devices. Sure you can take my commlink, or find what's on it, but you need my authentication to access and use the accounts.


Ah, right, I completely lost myself on this point. You can't download someone's SIN file, because the information is actually in various databases. You can look at the database links, but you can't steal the linked information. Even the owner of the information can't change it, because they don't own the database. When you get a new commlink, you probably can't just pick it up off the shelf and access the matrix. You have to "personalize" it, let it read some kind of biometric or something to access the matrix account that pays for the matrix access.

Well, not really, now that I think about it. If you are in the middle of the barrens with no matrix, you can still access nearby devices and nodes. So, you could have you're commlink running with no connection to any SIN. However, your commlink probably has unique identifiers to separate it from other devices and nodes within the matrix coding.

If I have a SIN, could I just shut down my SIN on my commlink, or use a commlink that is not connected to any SIN, and operate a matrix connection (node to node) without risk of linking my activities to my SIN?

Okay, I'm going to sleep on this. I'm sure the questions will be answered sometime in the next sixty years (or sixty posts, whichever comes first).
DireRadiant
SIN <> Commlink
Zen Shooter01
My question to the original poster is, why? If your idea is for your hacker to live off the commlinks of passers-by, then, as someone else said already, just use the Spoofing Life rules from Unwired.

This question touches on the existential dilemma of Shadowrun, which is, "Why am I doing this?" Shadowrunning, by the definition of "The fixer hires you to do X", is dangerous, unreliable, sporadic, and doesn't pay very well after deducting expenses. Why doesn't the magician open up a magical clinic, or divination service, or rent herself out to business meetings to use Analyze Truth on both parties? Why doesn't the hacker make a comfortable and low-risk living stealing motorcycles?

Because it would make a boring role-playing game. So, do not have your PC seek other employment. Avoid existential dilemmas. They kill the fun.
Kerenshara
QUOTE (DireRadiant @ May 18 2009, 09:32 AM) *
The Matrix isn't about files. It's about accounts and authentication. Nuyen isn't in a file. It's in an account. What's on the commlink is simply the list of common accounts and personal history for the users convenience. The commlink is the net device for accessing the rest of the Matrix where everything else happens. It's very rare that any transaction occurs solely between two devices. Sure you can take my commlink, or find what's on it, but you need my authentication to access and use the accounts.

Hold on a second:
Accounts are not a file, but the information to access them is, thus why I mentioned logging in from two devices at once. Remember, password security is only as effective as the user. Users are lazy. Most browsers offer "remember my password?". Now, if you could manage to steal THAT file... that's why I mentioned accessing one account simultaneously from two devices being a red flag. Most people don't go shopping on two 'links at a time.
As for transactions between devices, that depends. Small amounts of cash would almost certainly be kept on a 'link for convenience sake, the same reason in the digital age most of us still carry a token amount of cash and coin: to make very small purchases easier. Just point your link at the receiving device and hit "quick buy!" and boom! you're done. No passwords or fingerprints or any of that. The BBB says that 'links have largely REPLACED cred sticks, because they have the same functionality built in. When you go to the strip club, or when you are greasing your way into a happening place in the 'plex, you're not going to ask for a brokered 3rd party transaction! You're going to beam a small amount of cred to the gal/guy.
Remember back in earlier editions, there were detailed (and complicated) rules for circumventing a certified credstick's protections which required more Hardware ability than Cracking. There is no reason the same functionality couldn't be (or isn't) on every single comlink, making it cost-prohibitive to try to hack it, since doing so, if you screw up, also compromises the rest of the 'link. By the same token, hacking that cash OUT of the 'link would be nigh impossible "on the fly", but convincing the OS that the user told it to beam it to another 'link nearby then carefully deleting the access logs... now we're getting someplace. But any large purchase is going to want a mandatory ID check, which is part of the 3rd party verification anyhow, so cash won't often help you there. At best, a certified credstick and a completely separate SiN check would be required.
hobgoblin
QUOTE (Zen Shooter01 @ May 18 2009, 04:03 PM) *
My question to the original poster is, why? If your idea is for your hacker to live off the commlinks of passers-by, then, as someone else said already, just use the Spoofing Life rules from Unwired.

This question touches on the existential dilemma of Shadowrun, which is, "Why am I doing this?" Shadowrunning, by the definition of "The fixer hires you to do X", is dangerous, unreliable, sporadic, and doesn't pay very well after deducting expenses. Why doesn't the magician open up a magical clinic, or divination service, or rent herself out to business meetings to use Analyze Truth on both parties? Why doesn't the hacker make a comfortable and low-risk living stealing motorcycles?

Because it would make a boring role-playing game. So, do not have your PC seek other employment. Avoid existential dilemmas. They kill the fun.

or the magician may not have the proper certificates (iirc, you need to be both a medical doctor and a trained magician to use magic to heal, legally).

as for why not just steal things? well first of the default expected sales price of something you stole is 30%. second, a shadowrunner is often a thief for hire, only that they steal company secrets rather then random items of the street.
deek
I'd allow it, but as others have already said, the only information your are getting off the commlink is a bunch of bank account information, including a password and login name.

Think about today's online banking. If someone knew my bank website (pretty easy) and stole my username and password, they could get into my account and steal all my money. But, they are going to have to transfer it to another account AT THE SAME BANK or send a paper check (similar to a certified credstick) to an actual address. Unless of course, they went to the bank in person and pretended to be me. In either event, I'm sure I'd be notified at some point of either of these activities.

Anyways, it could be done, but you are talking about taking up a good portion of time to hack a commlink, get the data, move money and potentially impersonate a person in the physical world...if you are talking thousands or hundreds of thousands of nuyen, yeah, that would be a good run and payout, but if you are talking about doing this on a regular basis for small cash...doesn't make much sense.
hobgoblin
Btw, is people familiar with the GSM phone system?

The interesting thing there is that you have yours sim card, and that ids your service provider and your account there. But on top of that there is a id number of phone. That is, every phone ever made has a supposedly unique id, so that if its reported stolen, it can be locked out of the GSM phone system globally, even if the sim is replaced by the thief or whoever he sells it to.

Gsm sim = SIN (to a degree)

Phone serial = access id...
DireRadiant
QUOTE (Kerenshara @ May 18 2009, 09:09 AM) *
Hold on a second:


None of what I wrote contradicts your original nor this post. You'll note I did refer to the personal history data.
deek
I just thought of an in-game example of mine...one of my players met an obnoxious wageslave acting like a johnson at a train station (is was one of the SRM where the runners go to the top of a mountain resort in Denver). Anyways, the hacker hacked into this dude's commlink, changed his profile information including adding that he was looking for men, then copied his train e-ticket onto his own commlink. He then boarded the train using the guy's e-ticket (it was first class seating) without issue (I could have made that part more challenging, but didn't, as the ticket was already paid for and it wasn't really important to the plot).

Anyways, when the wage slave tried to board the train, he was apprehended, as his personal data didn't match the ticket, plus the ticket was already used. In addition, the wageslave was obnoxious and while a level-headed approach could have rectified the situation (including putting a little heat on the hacker) he was instead, escorted out of the station.

Now, the hacker had fun, hacked a commlink, but didn't really spend a ton of time hacking, so the rest of the table was fine with it. So, I'd be all for letting hackers continue to do this sort of thing without any major repercussions, but I'd probably start bricking them if they try to steal nuyen from bank accounts... These sorts of hacks may be more than enough to keep your hackers entertained and not break anything in game!
Kerenshara
QUOTE (DireRadiant @ May 18 2009, 10:40 AM) *
None of what I wrote contradicts your original nor this post. You'll note I did refer to the personal history data.

I was mainly responding to the line "Nuyen isn't a file". If it's "cash" in the locked and encrypted "wallet", technically it IS.

And also, partially (I think) to "Comlink <> SiN". It's an excellent point, but I think I lumped it in with the above when I was making the post. I just wanted to make sure we hit the possibility that SOME Nuyen MIGHT in fact be stored "locally" as a file you could zap to yourself one way or another. I didn't mean to sound like I was bashing you, and if that's how I cam across (and I can see how it might seem that way), I apologise.
Kerenshara
QUOTE (hobgoblin @ May 18 2009, 10:35 AM) *
Btw, is people familiar with the GSM phone system?

The interesting thing there is that you have yours sim card, and that ids your service provider and your account there. But on top of that there is a id number of phone. That is, every phone ever made has a supposedly unique id, so that if its reported stolen, it can be locked out of the GSM phone system globally, even if the sim is replaced by the thief or whoever he sells it to.

Gsm sim = SIN (to a degree)

Phone serial = access id...

Close, but not quite.
The way an access ID is described, it's much closer to an IP Address. But said IP MUST be registered to a MAC ID number, and your phone's "serial ID" fills that role.
The GSM SIM card/module is analagous to a comcode/account. When you dial a phone number (whose format is technically meaningless these days, due to number portability and IP telephony) a computer checks a registry and routes the call to the SIM card in question. Another database checks for for what IP that SIM was last issued at last log-on to the network, and queries yet ANOTHER database to see which physical tower is currently providing service to that SIM. Finally, the call is physically routed to the MAC address corresponding to the SIM via the IP address of the closest tower and your phone rings.
The SIM itself is only related to the SiN in how it is attached for identification and billing purposes.
But I like the way you presented the idea, and it's a good observation.
hobgoblin
QUOTE (deek @ May 18 2009, 04:49 PM) *
I just thought of an in-game example of mine...one of my players met an obnoxious wageslave acting like a johnson at a train station (is was one of the SRM where the runners go to the top of a mountain resort in Denver). Anyways, the hacker hacked into this dude's commlink, changed his profile information including adding that he was looking for men, then copied his train e-ticket onto his own commlink. He then boarded the train using the guy's e-ticket (it was first class seating) without issue (I could have made that part more challenging, but didn't, as the ticket was already paid for and it wasn't really important to the plot).

Anyways, when the wage slave tried to board the train, he was apprehended, as his personal data didn't match the ticket, plus the ticket was already used. In addition, the wageslave was obnoxious and while a level-headed approach could have rectified the situation (including putting a little heat on the hacker) he was instead, escorted out of the station.

Now, the hacker had fun, hacked a commlink, but didn't really spend a ton of time hacking, so the rest of the table was fine with it. So, I'd be all for letting hackers continue to do this sort of thing without any major repercussions, but I'd probably start bricking them if they try to steal nuyen from bank accounts... These sorts of hacks may be more than enough to keep your hackers entertained and not break anything in game!

I would say it would be more appropriate if the hacker spoofed the ticketing system to charge the return trip to the johnsons account.

That is, i suspect that under a system like the SR4 matrix, you do not have a offline ticket as much as you board, pass a rfid/comlink reader that goes beep, and your account is charged the sum for a trip with that train (or if charged by the distance, your comlink is read again on exit, and the distance calculated and charged).
hobgoblin
QUOTE (Kerenshara @ May 18 2009, 05:00 PM) *
Close, but not quite.
The way an access ID is described, it's much closer to an IP Address. But said IP MUST be registered to a MAC ID number, and your phone's "serial ID" fills that role.
The GSM SIM card/module is analagous to a comcode/account. When you dial a phone number (whose format is technically meaningless these days, due to number portability and IP telephony) a computer checks a registry and routes the call to the SIM card in question. Another database checks for for what IP that SIM was last issued at last log-on to the network, and queries yet ANOTHER database to see which physical tower is currently providing service to that SIM. Finally, the call is physically routed to the MAC address corresponding to the SIM via the IP address of the closest tower and your phone rings.
The SIM itself is only related to the SiN in how it is attached for identification and billing purposes.
But I like the way you presented the idea, and it's a good observation.

Nah, i would say that the access id is a MAC, or at least what it would have been, if one could have stored a infinitely long routing list and altered it instantly, no matter how deep. That is, the IP address is nice in real life because its a logical address. And one that can be carved up into as small a "sub-net" as one wants. So that the router x removed from your computer only have to look up a small part of the whole address to decide where to send the packets addressed to your computer, as there will be more routers farther down the chain.

and the SIM card may well become the SIN of the future, as there are plans of putting the logics of a RFID inside the SIM, and having the phone provide the antenna for a NFC system. extend that far enough and you have your SIM hooked up to national id services, bank accounts, door locks and whatsnot.
kzt
QUOTE (Writer @ May 18 2009, 06:30 AM) *
Pickpocket hacking is all a matter of scale. People who have money worth stealing probably have the security to protect it. Pulling 5 nuyen from 100 people who have weak security really isn't worth your time, if you are trying to pay for some serious hardware or software costing thousands. Also, I tend to think that the hackers of 2070 wouldn't ever admit to doing this, even if they did.

Could be that people couldn't admit to this. But how many people actually admit that they pay for their suburban house and SUV by begging at the expressway on ramps? But people actually do this. If you are willing to shoot people in the face for money but instead can sit at Fourbucks Coffee in the train station and with essentially no risk suck in 200 nuyen.gif per hour you might not admit to you hacker buddies that is what you do, but are you going to not do it?
kzt
QUOTE (Larme @ May 18 2009, 05:02 AM) *
People are always confused about spoof -- it's not some general term for tricking a device, it's specifically a way to command a drone or slaved device while pretending to be its master. If you want to issue commands a commlink, you have to hack in and get authorized access for yourself. After that, it's a very simple matter to copy someone's ID. It might be encrypted, but that's not really a big problem. But it seems to me that if two people were using the same SIN at the same time, the system would detect it almost immediately and quash the copy. That's why fake SINs are so complicated to make -- you have to take a valid number, but scrub away anything that could show it's stolen or fake. You can't just steal one and make do.

They are broadcasting the SIN, there is no reason to hack anything. It's like having your SSN printed on the back of your jacket in inch-high letters. Nobody needs to use rubber hose cryptography to make you tell him what you SSN is, he can just read it without ever interacting with you.

What "system" is going to detect this? You are postulating a globally ubiquitous surveillance network that is explicitly not there in SR due to the balkinization.
Kerenshara
QUOTE (hobgoblin @ May 18 2009, 11:14 AM) *
Nah, i would say that the access id is a MAC, or at least what it would have been, if one could have stored a infinitely long routing list and altered it instantly, no matter how deep. That is, the IP address is nice in real life because its a logical address. And one that can be carved up into as small a "sub-net" as one wants. So that the router x removed from your computer only have to look up a small part of the whole address to decide where to send the packets addressed to your computer, as there will be more routers farther down the chain.

and the SIM card may well become the SIN of the future, as there are plans of putting the logics of a RFID inside the SIM, and having the phone provide the antenna for a NFC system. extend that far enough and you have your SIM hooked up to national id services, bank accounts, door locks and whatsnot.

*cracks fingers cheerfully in anticipation*
These are the kind of discussions I love.
In the descriptions of "hacking a com code" it talks about getting the network to accept you and let you in by granting you a com code. That is in a way directly analagous to hacking a DHCP server to force issuance of an IP address to a protected network. If it's something that changes it CAN NOT be analagous to a MAC, because a MAC by definition is hard coded into the equipment, which is why I equated the PHONEs serial number to a MAC. I am making my distinction based on hard/firm/software comparisons. A phone's serial number can't change. You can SPOOF it to make it LOOK different to the network, but that's not the same thing at all. The SIM card's information is essentially firmware: the card carrys semi-permanent information, but can be erased and re-issued to a new user if the company desires. The IP address is issued each time the device logs onto the network, thus it is pure software. Multiple comcodes can be addressed and routed to the single physical piece of gear, just like multiple IP addresses can point to a single device by the unique hardware ID - the MAC.
Again, as DireRadiant mentioned above, Comlink <> SiN. When we refer to a SiN, it is a (theoretically) unique Serial Number assigned to the Wetware known as a (Meta)human being. Like the serial number on the phone (the permanent MAC), it's not supposed to change, but it could in theory be spoofed (like a MAC) in the form of a FAKE SiN, but in the end it still points to a single and unique piece of wetware: you. YOU never change, no matter how you label yourself. Your bank accounts and licenses are like assigned comcodes, which you can hack, but they only really exist in the Matrix (and maybe on some archaic hard copy somewhere). The "Firmware" in this case would be your comlink (your SIM card) because you can reprogram it to serve as the link between any particular piece of Wetware and any set of software.
Does that make sense?
hobgoblin
It may have been, it it was not bulk text to the nth...

give me a sec to parse it...

err, makes sense mostly, tho i suspect i cant comment on the "hacking a com code" as something tells me thats a SR4A thing, unless you can provide me with a page reference (or i missed a earlier quote in this thread).
Tymeaus Jalynsfein
QUOTE (hobgoblin @ May 18 2009, 09:32 AM) *
It may have been, it it was not bulk text to the nth...

give me a sec to parse it...

err, makes sense mostly, tho i suspect i cant comment on the "hacking a com code" as something tells me thats a SR4A thing, unless you can provide me with a page reference (or i missed a earlier quote in this thread).



If I remember right, that is an "Unwired" thing... no page numbers handy though as I do not have access to my books
Kerenshara
QUOTE (Tymeaus Jalynsfein @ May 18 2009, 12:09 PM) *
If I remember right, that is an "Unwired" thing... no page numbers handy though as I do not have access to my books

Quite right, P.53 Unwired
Tymeaus Jalynsfein
There you go... Thanks Kerenshara...
Writer
QUOTE (Kerenshara @ May 18 2009, 12:28 PM) *
*cracks fingers cheerfully in anticipation*
These are the kind of discussions I love.


I totally agree.

QUOTE (Kerenshara @ May 18 2009, 12:28 PM) *
Does that make sense?


Very much so. And, it helps to think of the sentient using the SIN and commlink as "wetware", just another component.

Kerenshara, I think the answer to your question about multiple commlinks is, yes, you can walk around with multiple commlinks, even if you are using one SIN. With the description you gave, the wetware can connect to two different commlinks, much like the two commlinks can connect simultaneously to a single device or node. The complication is the interface between the wetware and the two commlinks. The interfaces or I/O devices only connect to one commlink at a time, though switching could be as easy as a simple action. It might be easier to run one commlink through another.

This brings to mind a related question.

Hacker A is posing as a corporate wageslave. She has her own personal commlink, and a corporate issued commlink. She uses her personal commlink to hack the corporate commlink and runs the corporate commlink through her personal commlink, sort of like running windows on a Linux machine. Now, with trodes on, she has access to her personal software, logs into the home office through her corporate commlink, and has a meeting. Well, let's say she needs to shut down her personal commlink to prevent security from detecting any anomalies on her commlink. Since the trodes are a peripheral device, they can just transfer their connection to the corporate commlink (especially if she set this up ahead of time). Would this be seemless? Or would there be a moment of some kind of dumpshock or glitching?

I imagine it could be seemless. She prefers AR, so she would be viewing the main window as if on the corporate commlink, with her personal commlink icons on the edges. When the transfer happens, all the personal icons would disappear and the corporate "settings" would remain. Does this all make sense?
hobgoblin
in ar it could be potentially seamless. hell, it may even be able to connect the same set of trodes to to multiple sources, it just depends on how smart the trodes are.

not with vr tho, that would result in dump shock, imo.
PirateChef
The easiest way to use hacking to go on a shopping spree is similar to the way many thieves do it now.

When someone is in a store, and picks up an item, they tell their comm to send a purchase order to the stores main purchasing computer. (In ar they press the buy button, and the commlink takes care of the rest). The easy way to make cash off of this system is to watch someone as they shop, intercept the buy order as it is sent out, then use your comm to send a duplicate transmission. You get the item for free, they get charged twice. The system lets it through, b/c it looks like they just decided to buy two. When they notice the second charge, they then dispute the charge and get their money back. Everyone thinks either the customer was an idiot and accidentally hit the buy button twice, or that there was a hiccup in the system.

As long as you keep the amount low enough, no one will really even notice.
Writer
QUOTE (PirateChef @ May 18 2009, 06:53 PM) *
As long as you keep the amount low enough, no one will really even notice.


This is probably why it isn't in the realm of shadowrunning. Yeah, the risks are higher running shadows, but the pay is higher, also. On the other hand, this could be one way to detail the abstraction called "spoofing lifestyle".
Kerenshara
QUOTE (Writer @ May 18 2009, 03:26 PM) *
Kerenshara, I think the answer to your question about multiple commlinks is, yes, you can walk around with multiple commlinks, even if you are using one SIN. With the description you gave, the wetware can connect to two different commlinks, much like the two commlinks can connect simultaneously to a single device or node. The complication is the interface between the wetware and the two commlinks. The interfaces or I/O devices only connect to one commlink at a time, though switching could be as easy as a simple action. It might be easier to run one commlink through another.

*scratches head* my comment about two 'links wasn't to a single SiN per-se, so much as two diferent 'links accessing a single BANK account throwing up a red flag for the BANK. Unless I mangled something else somewhere and missed it. Point it out and I will try to un-kludge it.
QUOTE
This brings to mind a related question.

Hacker A is posing as a corporate wageslave. She has her own personal commlink, and a corporate issued commlink. She uses her personal commlink to hack the corporate commlink and runs the corporate commlink through her personal commlink, sort of like running windows on a Linux machine. Now, with trodes on, she has access to her personal software, logs into the home office through her corporate commlink, and has a meeting. Well, let's say she needs to shut down her personal commlink to prevent security from detecting any anomalies on her commlink. Since the trodes are a peripheral device, they can just transfer their connection to the corporate commlink (especially if she set this up ahead of time). Would this be seemless? Or would there be a moment of some kind of dumpshock or glitching?

I imagine it could be seemless. She prefers AR, so she would be viewing the main window as if on the corporate commlink, with her personal commlink icons on the edges. When the transfer happens, all the personal icons would disappear and the corporate "settings" would remain. Does this all make sense?

Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?
PirateChef
QUOTE (Kerenshara @ May 18 2009, 06:35 PM) *
Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?



What you can do (and this works with bluetooth) make the switch to teh second device without turning off the first, thus interrupting the connection without shutting it down. This should make for a seamless transition.

You can try this if you have a bluetooth headset, and two phones. Place different calls on each phone, and you can switch between which one the headset is linked to fairly seamlessly.

I think you'd still get dumpshock if you were in vr though, as the incomplete data hits your head.
PirateChef
QUOTE (Writer @ May 18 2009, 06:25 PM) *
This is probably why it isn't in the realm of shadowrunning. Yeah, the risks are higher running shadows, but the pay is higher, also. On the other hand, this could be one way to detail the abstraction called "spoofing lifestyle".



Yeah, i'm pretty sure this is what they mean by that.

There are other variations on the same theme to get actual nuyen in your account, but then things get complicated.
Kerenshara
QUOTE (PirateChef @ May 18 2009, 08:30 PM) *
What you can do (and this works with bluetooth) make the switch to teh second device without turning off the first, thus interrupting the connection without shutting it down. This should make for a seamless transition.

You can try this if you have a bluetooth headset, and two phones. Place different calls on each phone, and you can switch between which one the headset is linked to fairly seamlessly.

I think you'd still get dumpshock if you were in vr though, as the incomplete data hits your head.

OK, never tried that myself, so I can't comment, but it makes sense. And while the device handoff might be seamless, even in AR you have to deal with the comcode (IP) changeover, which is sure to cause at least a stutter.
Writer
QUOTE (Kerenshara @ May 18 2009, 07:35 PM) *
*scratches head* my comment about two 'links wasn't to a single SiN per-se, so much as two diferent 'links accessing a single BANK account throwing up a red flag for the BANK. Unless I mangled something else somewhere and missed it. Point it out and I will try to un-kludge it.


Sorry, I was mixing issues. I'm not sure it would necessarily be a problem for one SIN to access via two commlinks, but it might raise a few eyebrows. There really isn't a reason for it.

QUOTE (Kerenshara @ May 18 2009, 07:35 PM) *
Um... the catch is you'd have to leave the second 'link ON to be seamless, because they were subscribed to the 'link you're turning off. You could re-subscribe the trodes to the prime comlink, but it would not be seamless. Think of it like a BlueTooth® adapter of some sort, and what you had done was network two laptops in an ad-hoc point-to-point network where the modem on the first computer is getting you to the 'net, but you're controling it via the BlueTooth® device which is actually attached to the second laptop. If you shut down the second laptop, the BlueTooth® device has no partnered (subscribed, in SR parlance) device until it is re-paired with the laptop that's still running. That is a very simple process in SR, but it's not "seamless".
Does that make sense?


I was thinking that trodes are subscribed to Commlink A, which controls Commlink B. Make a single command combo (like a macro) to do a simple subscription switch to Commlink B, then shut down Commlink A. You might see a stutter, but no one outside your POV would, because it is only affecting your trodes.
Kerenshara
QUOTE (Writer @ May 18 2009, 08:28 PM) *
I was thinking that trodes are subscribed to Commlink A, which controls Commlink B. Make a single command combo (like a macro) to do a simple subscription switch to Commlink B, then shut down Commlink A. You might see a stutter, but no one outside your POV would, because it is only affecting your trodes.

Sure, but I wouldn't call that "seamless". Automated, and probably unnoticable to others, but not seamless. Enough for a cover for sure. Kerenshara wouldn't know anything about THOSE tricks. Nope, not her.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012