came up with a neat trick for deckers i thought i'd share. it allows you to set up what amounts to a permant valid account on any host you're skilled enough to hack. all you need is a computer (programming) skill of 4+, and good Validate, Deception, and Read/Write programs. a high DF helps; if you can change modes, go for high masking.
first, create a command set with four operations. the operations are, in order, Validate Account, Send Data, Send Data, Null Operation (24 hrs).
next, logon to the host and validate a user account. this allows you to do an Upload Data operation, so you can save your command script as a text file on the host, then Send Data to create an active copy of the script; with the valid account, you can do this without rolling dice. now, do a Null Operation (24 hrs) to activate the command set. the system will get +5 to its security value, which is why you want high masking. your work is done; log off.
the command set waits 24 hrs, then validates a new user account (24 hrs is the minimum time a spoofed account will remain valid). with the new user account, it then does one Send Data to email you the new account information, then does a second Send Data to call up the saved copy of itself. using that, it does a Null Operation (24 hrs) to activate the new copy of the command set. the command set waits another 24 hrs, then kicks in. rinse, wash, repeat.
partly as instruction and partly for the karma, i rolled out a character of mine performing this trick here. the character is GG Beat.
Full Version: decker tricks
I've been doing something similar with command sets and Redirect Datatrail operations to bounce commcalls through Validated accounts in various secure hosts in order to foil tracing....
Err.. more info when I'm not scrambling to get ready for work..
Err.. more info when I'm not scrambling to get ready for work..
Congratulations. You've invented the rootkit.
indeed. i'm introducing near-mystical technology into the world of SR--such things shouldn't even be possible, given the level of technology in 206x !!
i think it's hilarious how hard you have to work to use basic hacker tricks, in SR.
i think it's hilarious how hard you have to work to use basic hacker tricks, in SR.
Unfortunately, this trick is less reliable with a company that employs security deckers.
Self-replicating command sets. L33t. Of course, the one hitch is that you have to upload your e-mail address onto the host, giving security a potential lead on you if they find it.
Come on now. Every decker worth a grain of salt can make an anonymoose e-mail addy.
well, you probably don't want to do this trick on an actual host--better on a grid, where security is looser and traffic is higher.
| QUOTE (Digital Heroin) |
| Come on now. Every decker worth a grain of salt can make an anonymoose e-mail addy. |
How'd I get involved in this thread? 
Orient, i'm very interested in your auto-redirect scheme. i'm working up one myself, but if someone else has already done all the hard work...
Okay, here comes the clue train, last stop you. Security deckers aren't above doing a little hacking themselves. So, security decker traces your anonymous e-mail address, hacks it, and looks through your inbox, sent messages folder, and the log that says where you jacked in from. Now, the log will be useless if you redirected your datatrail, since they can't trace your redirects without you being there to hit with a trace utility. And of course, you can download your received messages and erase everything as soon as you dl/send it. However, they can continue to monitor your account if they manage to get in unnoticed. So, unless you meteiculously cleanse your e-mail account, search it for dataworms and sniffer programs every time you log on, and change to a new pirate account regularly, regardless of whether you have reason to suspect it's been compromised, you can be monitored. And even if you do all that, that still leaves your enemies a small window to infect your account with a dataworm, and monitor the address until you log on, allowing them to monitor incoming messages. The only solution to this would be to have an agent guarding your account 24/7 to both watch for intruders and shoot down dataworm info dumps. Even this wouldn't be foolproof. No matter what you do, you will leave a datatrail of some sort.
Or you could send it to fifty thousand email boxes. The other 49,999 will delete "CLICK HERE FOR AWESOME SICK PORN jfi4u389fq20j f893f8934", but you'll be quite happy to use l: jfi4u389fq20j p: f893f8934 
even better, send a single email to one address, which in turn shotguns it out to however many addresses. that way, no one will be wondering why the grid's email traffic suddenly shot through the roof.
You would be surprised at how many people actually open messages like that.
Thats why you fill it with junk, your decker only cares about the name of the email.
| QUOTE (Jason Farlander) |
| Unfortunately, this trick is less reliable with a company that employs security deckers. |
Indeed! If the company has security on the system, it's not going to take it long to notice that there are new accounts popping up. Specifically because there is such a thing as a Validate utility on the market, I'd have to imagine that any business that can afford a green-hard or higher would probably have some kind of smart frame or agent doing nothing but watching for this kind of activity. Specially because would be relatively cheap for a company to own such equipment and keep it running. Gotta give those programmers something to do!
Now I just have to hope Elfie doesn't read that paragraph
Dash: All you do there is add an extra step where the Decker needs to find the Smart Frame/Agent and hack it to ignore that new account. Or maybe you could somehow make the account look like it has been there all along or something. Either way, I'd give the Decker a way around it.
Of course there's a way around it. It's like chess. You move, I counter it, you counter my counter, etc. I just need a little work on my decker tricks if I'm going to survive (oh yeah, that'll be another thread).
hmm, didnt know you could do a null ops inside a command set...
as for the redirect comcall commandset, its described in the matrix book under decker tricks. but i allways belived that you could only do make comcall on a RTG. this will make my decking days easyer as i can just call my onsite partners, i just hope that they have vibration only (or maybe a headphone)...
as for the redirect comcall commandset, its described in the matrix book under decker tricks. but i allways belived that you could only do make comcall on a RTG. this will make my decking days easyer as i can just call my onsite partners, i just hope that they have vibration only (or maybe a headphone)...
Yes, since the work week is 40 hours, and week is 168 hous long, a company would need 4 security deckers to have one on duty at all times. However, having a frame or agent on guard at all times is much more economical.
don't get me wrong, this isn't a trick you'd use on Lone Star. but, say, Angel Satcom? or, better yet, any number of random MSPs? (i do have to wonder about that discrepancy--in Matrix, it says your average MSP is an Orange-Average host; but in T:Matrix, it stats an average MSP as Green-Easy!)
Deckers love those throwaway MSP accounts. Head over to the cybercafe, order
a mocha-java, pop in this week's free UCASOL chip, register new account to be used later for less than legal purposes and then hit the newsfeeds. (You do at least skim the buisness news daily to keep that Evaluate program current - right?)
a mocha-java, pop in this week's free UCASOL chip, register new account to be used later for less than legal purposes and then hit the newsfeeds. (You do at least skim the buisness news daily to keep that Evaluate program current - right?)
don't need to. otaku are teh leet!
| QUOTE (Grey) |
| Dash: All you do there is add an extra step where the Decker needs to find the Smart Frame/Agent and hack it to ignore that new account. Or maybe you could somehow make the account look like it has been there all along or something. Either way, I'd give the Decker a way around it. |
Sure, like I was saying to Elfie yesteday, though, if you hack the agent and the group notices it, they know what the agent was protecting and no where to look for extraneous data. The response: hack more than one agent so they're not sure which one was the "important" hack. That of course, is more dangerous and could get you whacked by IC or anything else that happens to be in the system.
Who needs decking? Just have a teammate infiltrate the base and run a bar magnet over the security host.
...computers in 2060 use optical storage. what's a magnet going to do?
and also, why would you need to modify your newly-forged account to make it looks like it's been there all along? that's what validating it is--making it seem legit. the only reason an admin would invalidate it is if the account were brought to their attention as being faked--like, say, the guy using it racks up security tally.
and also, why would you need to modify your newly-forged account to make it looks like it's been there all along? that's what validating it is--making it seem legit. the only reason an admin would invalidate it is if the account were brought to their attention as being faked--like, say, the guy using it racks up security tally.
Computers still use electrical wiring, which can be affected my magnets. The magnet would cause some wires to misfire, causing some of the photon circuits to misfire, causing a few improper 1's, 0's, and 2's. (Or one-zero dualities, thoguh I imagine people just call them twos) This wouldn't be nearly as bad as degaussing a magnetic drive, but it would cause some bugs and fragmentation.
a few. you'd have to have a really, really powerful magnet, though, and it'd take a really, really long time to have any significant effect. i mean, heck, the computer you use right now is chock full of magnets. long before you manage to screw up an optical computer, someone will have noticed the errors and gone on a magnet hunt.
| QUOTE (mfb) |
| the command set waits 24 hrs, then validates a new user account (24 hrs is the minimum time a spoofed account will remain valid). with the new user account, it then does one Send Data to email you the new account information, then does a second Send Data to call up the saved copy of itself. |
Better than "email" -- given the problems with the hackability of such accounts -- is to incur a high signal to noise ratio (like someone mentioned with the 50k porn emails, lol! GOOD idea!), and write out data that doesn't look like account information.
First, you'd want to encrypt the data. Then, you'd want to obfuscate it by including it in some small subset of data, like a "debug dump" or somesuch. This data can then be :
(a) stuck in some commonly used holding area on the host (equivalent of /tmp/ on a modern unix host), to be later downloaded manually by you -- you deck in, grab a file with 5-10 valid accounts in it, and log out -- even better if you use a valid login for THAT, and not be a nuisance to the system...
(b) uploaded to a dead drop - similar to a "mail" account, but rather than having a canonical "inbox" or anything like that, it is spooled through another process that does even more obfuscation and then sends it on to someplace else you can pick it up.
Note that this can be strung together to several levels (just like you might with a redirect-datatrail operation, for example). Make the initial process (that gathers/creates/whatevers valid account information) send to multiple destinations. Make some of those do the same. Obfuscate the purpose of some of these by making it look like they do something harmless with it (like dump the message to a log as a "received error", or somesuch). Make some of them look like a poorly written university project.
The security deckers will find your original stuff. They might shut it down, or they might be confused as to what it does (even better if the program looks like it's supposed to do something USEFUL (to them) there. Bonuses if you can make them think that one of the other deckers wrote it as a quick onetime knockoff utility.
If they follow it on and see what it does, they might find that it writes a log. They'll examine it, but if you've been careful, they shouldn't be able to realize that the file that's dumped contains any Information, but rather is junk. (Hell, make it look like a debug/coredump, or something. Even better, have your program ACTUALLY crash and send that data to the system's NORMAL error logging function - so that it looks like a legitemate death.)
If they realize that your utility sends data elsewhere, they might hack in to THOSE places. Or, they might think that it's correspondence between two researchers, or something. If you've been careful about hiding the information.
The security deckers have finite time and resources - more than you, yes, but you can easily make the job look like it's of low importance/threat. If they either don't recognize what your program Really Does, or can't figure out where it sends it (or why), you're pretty much scot free. If they DO figure out what your program does, they will probably just shut it down so it won't run again, but will probably not expend the resources to develop an agent to send looking for you.
Skills needed:
Encryption knowledge skill, probably: so that the data you hide will not be obviously acocunt information.
Steganography, so that you can hide Real Data inside other harmless looking data.
Forgery: to enable you to write convincing-looking Fake Stuff, perhaps - like emails between department heads, or bad spam responses, etc.
ye gods.
It seems to me that any security personnel capable of back-decking a connection is probably savvy enough to notice a new account being created every 24 hours on the mark. Even if the program waited a random amount of time and made a new account, new accounts should be pretty obvious.
The rules are the problem. The minimum time it takes to find a fake account is 24 hours? Maybe for the first one or two, but that rule is much too static for any serious security procedure.
Possible Motto: Static rules are inherently unrealistic and can be exploited by players to great gain. Worry more about the dynamic reactions of the parties involved.
The rules are the problem. The minimum time it takes to find a fake account is 24 hours? Maybe for the first one or two, but that rule is much too static for any serious security procedure.
Possible Motto: Static rules are inherently unrealistic and can be exploited by players to great gain. Worry more about the dynamic reactions of the parties involved.
| QUOTE (gknoy) |
| Better than "email" -- given the problems with the hackability of such accounts -- is to... write out data that doesn't look like account information. |
My first idea was to have it emailed to a local paper, one that offers free personal ads. That way you can't possibly be traced when you go to the corner and pick up a paper. The accounts are only around for 24 hours, though, so I scrapped the idea.
A better one would be to post to a public forum ("HOWRD STERN RULZ!!!!!!!!!jiogfjei943urui3/j842rj8f934jr!!!!! BA BA BOOOOEY HAHAHAHAHAHA U SUK!!!!!!!1121@!2!@!").
i've always assumed that the Validate Account operation includes making the account appear to have a history--that is, changing the dates and adding some logs so that the account doesn't look new. any actual new account would get a thorough check by the system, but if you manage to fool the system into thinking the account has been there all along, you avoid that. you also end up avoiding the pattern of having a new account show up every 24 hrs.
| QUOTE (mfb) |
| i've always assumed that the Validate Account operation includes making the account appear to have a history-- |
Being that people are aware that Validate exists, you'd think they'd have a printout in their office of all the accounts on the system, or on some sort of write-once media, and simply compare with the known-good copy.
The first rule of security decking is never trust anything, not even your own system. If target matrix sites don't adhere to that, then yeah, they're pretty much screwed.
| QUOTE (BonJoviJones @ Feb 12 2004, 11:00 AM) | ||
Being that people are aware that Validate exists, you'd think they'd have a printout in their office of all the accounts on the system, or on some sort of write-once media, and simply compare with the known-good copy. |
Agreed. I usually concider the office I work for. We do a daily backup, on Fridays it's a weekly backup, on a two-week rotation. That means that every day we have 14 days to backup our data just in case of a problem.
So, that means that if something strange happens one would have a record of the valid accounts on the system and could compare them to the current accounts on the system. Plus, if the sec. deckers missed the problem, then they might have quite a lot of temporal information to find out when the validation took place. Therefore, they might be able to notice the actions of the command set that started out this whole conversation.
Basically it still comes down to this point: Deckers can easily fool the system into thinking they're legitimate, and they can obfuscate that fact from other deckers. But, they can never completely eliminate every trace of information concerning that account.
Otherwise, you'd have deckers with a Validate 8 or 9 utility that they program themselves (to avoid the cost on purchasing such a program) who do nothing but log on and try to validate a super user account. If they fail, log off, waith 24 hours for your tally to drop to zero and then try again until they succeed. Only time and the ability of a sec. decker to notice patterns in the system that the system itself cannot prevent this.
hence the reason validated accounts don't last forever. deckers don't usually pull the kind of trick you describe in your last para, dashifen, because once they manage to forge an account, it's only going to last a maximum of (1d6 x succs) days.
and if your command set gets deleted, who cares? you've got fifty more, on fifty other RTGs.
and if your command set gets deleted, who cares? you've got fifty more, on fifty other RTGs.
Well, I have a solution for the anonymous, untraceable email drop-box. The pager listed in the BBB basically receives email, voice messages and even faxes (why faxes still exist in SR is beyond me though), up to 5mp if I remember correctly. So, hop into a stuffer shack, snag a :nuyen:10 to 
50 pager and plug it into an open port on the ol' deck. No big deal.
50 pager and plug it into an open port on the ol' deck. No big deal.
yeah, but it's a cellular device, which can be easily triangulated. since they can't get your email address, they'll just have to make do with your physical location!
Pagers only receive data in SR, they don't broadcast (a lot). Meaning they would have to be damn good to get a lock when the pager goes ping every few hours.
right, but the pager's number would necessarily be included in your command set. once they have that, the sec decker can just hack your service provider and force it to query your pager.
Wait, wouldn't your first trick work for the pager provider too? You could have your pager switching id everytime it* detects a suspicious set of queries. You could even have various pager numbers - thus you know which security system discovered you and which passwords are now worthless.
*I obvioulsy assume one can hack their own pager.
*I obvioulsy assume one can hack their own pager.
indeed.
Since we're tossing up cool decker tricks, does anyone else think the drawbacks for a satellite hookup are more then worth the benefit of the fact that you can't be traced back to a meat body?
That is in fact very smooth. Just love satellite jumping.
| QUOTE (Fenris) |
| Since we're tossing up cool decker tricks, does anyone else think the drawbacks for a satellite hookup are more then worth the benefit of the fact that you can't be traced back to a meat body? |
Myself, Grey, Lindt and Dash, had a disscussion on this in our game (Misfits) and although it is canon that you can't be traced if your satlinking, i do agree with grey on the fact that you should be able to interrogate the sat into where it's uploading/ download from, because the matrix is a 2-way connection.
Side note: techincally you don't actually need a satlink uttilaty, hack into somewhere that use's satlinks them selfs and borrow theirs.
I was looking at Virtual Realities 2.0, and it shows Ares' hottest decker, Pyro with a custom-built attack program called "Napalm Blast"! Could it be an attack program that can hit more than one target?
attack progs that attack multiple opponents are possible with Matrix. i thought program options were included in VR 2.0 as well, but i guess i was mistaken.
determining one's physical location by querying the satellite is only possible if the satellite has some means of determining the direction that a given signal is originating from. most satellites, as far as i'm aware, do not have this capability; there's simply no reason to have it.
determining one's physical location by querying the satellite is only possible if the satellite has some means of determining the direction that a given signal is originating from. most satellites, as far as i'm aware, do not have this capability; there's simply no reason to have it.
The matrix is a2-way thing no? you send a siganl telling it you want to do, it sends a return telling you to frag off. The satalite needs to know where to send that frag off to.
a sat works by basicly bombarding a big area with a signal, its not tightbeam at all. so while you can get the general area this area can be say they size of europe
program options where in virtual 2.0, you are looking at the area option for multitarget effects.
program options where in virtual 2.0, you are looking at the area option for multitarget effects.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.