comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
98<br />
without actually granting him an account. To create a hidden access<br />
point, the hacker must have previous access to the system and<br />
must make a Hacking + Exploit (<strong>Firewall</strong> + System, 1 minute)<br />
Extended Test.<br />
The advantage is that such hidden access points make it very<br />
easy to penetrate the system, requiring only a simple Hacking +<br />
Exploit (1) Test, and the <strong>Firewall</strong> gets no test to detect the intruder.<br />
As no account is being used, access won’t be noticed as long<br />
as the intruding hacker remains under the radar of patrolling IC.<br />
Since no passcodes have been obtained, however, the hacker<br />
has no account privileges at all and must rely on Hacking for all<br />
tests as long as he is connected to the node in this manner (it is<br />
common practice to access the system via the hidden access point<br />
and then create an account, leave the system, and do a “legal” log<br />
on with the fake account). IC or security hackers that perceive the<br />
hacker will immediately recognize him as an intruder.<br />
Note that the actions of a hacker who uses a hidden access<br />
point are still recorded in the access log, but they are obscured<br />
and confusing because they are not tied to an account. The<br />
hacker’s datatrail may still be tracked, however.<br />
detecting Backdoors<br />
Users with security or admin privileges can<br />
conduct account audits and security sweeps to<br />
look for known or suspected backdoors. Of<br />
course, hackers with security or admin access<br />
to a node can conduct their own searches<br />
and keep the results to themselves,<br />
making use of the hard work of<br />
their fellow hackers. Some technomancer<br />
hackers have been<br />
known to watermark their<br />
backdoors (see p. 237, SR4),<br />
so that other technomancer or<br />
sprite hackers can find them.<br />
Reusable Exploits and<br />
Hacked Accounts: A spider or<br />
hacker conducting a routine audit<br />
will detect a reusable exploit or<br />
unauthorized use of a legitimate<br />
account on a successful Extended<br />
Data Search + Browse (lowest<br />
Stealth rating of hacker using<br />
exploit or account, 1 day) Test;<br />
the exploit may be immediately<br />
fixed with a successful Extended<br />
Software + Edit (<strong>Firewall</strong>, 1<br />
minute) Test, while the legitimate<br />
account is typically locked<br />
pending an official review. If the<br />
logs show the legitimate account<br />
has not been engaging in any illegal<br />
or questionable activity, the account<br />
will be unlocked; otherwise the user<br />
will face arrest and/or questioning.<br />
Hacker-created<br />
accounts subject to this<br />
review are typically deleted<br />
unless the hacker has taken care to have a good cover story and has<br />
been editing the logs to hide her activities.<br />
Hidden Accounts and Access Points: Hidden accounts and<br />
access points do not show up on routine inspections by securitylevel<br />
and admin users, but if a spider becomes aware of them<br />
(either through a sloppy log edit or seeing the hacker use them),<br />
a thorough account audit—a successful Extended Data Search +<br />
Browse (lowest Stealth Rating of hacker using access point or account<br />
x 2, 1 day) Test—will reveal them, after which they may be<br />
edited or erased as normal.<br />
Probing the Target: At the gamemaster’s discretion, a hacker<br />
who is probing the target (p. 221, SR4) may discover a backdoor<br />
rather than a flaw to exploit.<br />
advanced Spoofing<br />
The SR4 rulebook details several good uses for the Spoof<br />
program: redirecting traces, spoofing the datatrail, and spoofing<br />
commands to agents, drones, and sprites. A common misconception<br />
is that spoofing is a simplified version of hacking in with an<br />
exploit and controlling the agent, drone, or device in question—after<br />
all, if the target does what you want, you’ve<br />
hacked it, right? Not really. Spoofing is a great tool, but<br />
it has its limitations. The following rules expand on<br />
spoofing options and provide a few new ones.<br />
expanded command Spoofing<br />
As described under Spoof Command, p. 224, SR4, a<br />
hacker can use Spoof software to send commands to a target<br />
that look like they were sent by someone with control<br />
or access privileges. This trick may be used to<br />
falsify commands to drones, agents, sprites<br />
(technomancers only), electronic devices,<br />
and slaved nodes.<br />
Spoofed commands will seem<br />
to come from the authorized user<br />
you are spoofing (why you need their<br />
access ID), and so will be treated as having<br />
the same access privileges (personal,<br />
security, or admin) as that impersonated<br />
user. It is up to the gamemaster to decide<br />
what commands are legitimate for which<br />
access privileges. For example, spoofing<br />
a command to an oven to start cooking the<br />
turkey is something anyone accessing the oven is<br />
likely allowed to do. If you are spoofing commands to<br />
a drone, pretending to be the controlling rigger, you<br />
could certainly instruct the drone to log that rigger off<br />
or slave that drone to your commlink instead (since the<br />
controlling rigger would have privileges to do that). To<br />
add, alter, or delete an account, you would almost certainly<br />
need to spoof a command from someone with<br />
admin privileges. Many legitimate users have limits<br />
on what they can do with their accounts, and security-<br />
or safety-conscious spiders can and<br />
do program agents, drones, and nodes to<br />
ignore certain orders. After all, the last<br />
thing a security hacker wants is to be<br />
the target of their own IC.<br />
Unwired<br />
Simon Wentworth (order #1132857) 9