comStar Firewall alert - PhaseThrough

Recommendations

Info

hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Hacker Bookkeeping One issue with botnets and mass probes is that player characters can quickly accumulate a lot of compromised nodes and a lot of bots— more than a gamemaster can be expected to fully detail at the table. The key to avoiding unnecessary bookkeeping and holding up the game is for the gamemaster to plan ahead and let the player worry about the bulk of the bookkeeping. Make up a list of five (or ten or fifteen) nodes that would be of particular interest to the hacker, are specifically relevant to the campaign, or are particularly amusing false leads; the majority of the rest of the nodes compromised by mass probing will be home terminals, student commlinks, and other nodes only useful as a place to store a bot or rip an access ID from. logged the probe, security patches updating software in the time between the probe and the intrusion attempt, and other security measures to protect against mass probing. Mass probing never reveals hidden nodes. BotnetS A botnet is like a specialized VPN that allows a hacker to maintain and manage large numbers of agents (or worms) without overloading her subscription list. The agents are loaded with a copy of the unrated botnet program along with the rest of their payload and loaded into separate nodes to run independently. From that point on, the agent (or bot) counts as only a single subscriber on your subscription list, and its active programs do not count toward your persona’s active program limits. However, the only way to communicate with the agent is through the botnet. The botnet program contains a list of all the agents online and connected through the botnet, with simple status symbols communicating their effective Matrix attributes, current Matrix Condition Monitor, payload, location, and what action they are undertaking. With a Simple Action, the hacker can issue a command (see Issuing Commands, p. 220, SR4) to any number of bots in the botnet. Botnets can be intercepted, hacked, or spoofed in the same manner as virtual private networks (see p. 94). A compromised botnet can quickly lead to another hacker “stealing” your bots by locking you out of your own botnet, or even turning them against you. For this reason, bots typically feature an Encrypt program that protects their communications or can be programmed to report in or shut down if subjected to an unsuccessful Spoof or Hacking attempt (player’s discretion). You may also check to see if your botnet is compromised with an Opposed Test, putting your Hacking + Analyze versus the intruding hacker’s Hacking + Stealth; success allows you to cut off the compromised bots and deny the intruding hacker the use of the rest of the botnet. Botnet programs contain access IDs for their handlers, theoretically allowing others to trace you (see Track, p. 219, SR4) back to your originating node; most hackers use proxy servers (p. 104) or disposable commlinks to negate this potential threat. Bots lack some of the independence and adaptability of other agents and have a more limited ability to communicate—usually only to signify if a job is done, if they take damage, or if someone has attempted to hack them and failed. If a hacker is using mass probing to place bots, accounts lost to security upgrades and system audits will usually remove the bots as well. A botnet can also assist a hacker in performing a mass probe; add a 1 die positive modifier to the hacker’s Mass Probing Test for every bot in the botnet carrying an Exploit program, up to a maximum bonus equal to the character’s Hacking skill. agent ScriptS Like IC, agents—including mooks, bots, and drone pilots— can have scripts (see Scripting, p. 69), a list of actions that they take when certain conditions apply. Scripts can make a hacker’s (and a gamemaster’s) life much easier, as hackers can spend less time micromanaging their agents or bots. Players and gamemasters should be aware that no script—no matter how ridiculously long, complex, or detailed—can handle every situation in which an agent might find itself. Some events, like encountering an AI, might be without precedent, and the agent will do nothing—or mistake the event for a different trigger on the script. When in doubt about whether an agent should follow a script or not (or in a situation where the script suggests two contrary courses of action), have the agent make a Pilot + Response Test against a threshold determined buy the gamemaster; if successful the player chooses the agent’s action, if not the gamemaster does (see Issuing Commands, p. 214, SR4). The Adaptability autosoft (p. 113) may aid in this test. Mook Cost Multiplier Availability Modifier Unrestricted Agent 1.2 +2 Unwired Simon Wentworth (order #1132857) 9
to Mook or not to Mook? For some characters, particularly those just starting out, it may look like a better deal to invest in a high-rated commlink, OS, and an agent (the mook) to take care of all of your hacking needs. Using a mook isn’t against the rules, nor is it gamebreaking, but players and gamemaster should both be aware and the advantages and disadvantages of the situation. When mooks are used en masse, or combined with botnets, a non-hacker character could potentially maintain a small army of agents and terrorize the Matrix from the relative safety of an AR interface. Mooks aren’t a perfect replacement for hackers, however, for several reasons. For starters, agents are really only adept at following orders— so-called agent scripts (p. 100)—and are not very useful at handling decisions on their own. For more details on this, see Agent Competency, p. 111. Still, mooks are useful as a trained dog—just point at the target and say go. They are also inherently replaceable—one gets trashed, load up another. Even a high-rating mook won’t roll as many dice as a hacker with good skills, programs, and right implants, however. As a second-string team or backup plan, however, mooks certainly make sense. Don’t expect to use a mob of copied agents to gang up on a target, though, as their built-in access IDs will keep all but one out of node (see Autonomous Programs, p. 110). Note that commercially-bought legal agents have built-in limitations that prevent them from taking any illegal action—broadly, this means they won’t perform any action that requires a Hacking Test, even if they have the correct program loaded, though gamemasters may rule this is a much broader restriction on any blatantly illegal Matrix activity. Hackers can remove these limitations with an Extended Software + Logic (13 + Rating, 1 hour) Test, code agents without them, or buy unrestricted agents from other hackers. The main drawback to a mook is that a character that relies on them will almost never develop their Cracking group skills and will miss out on most of the fun of Matrix. It’s worth keeping in mind that player characters aren’t the only ones that could use mooks; non-player characters are as likely to use a mook if they lack Matrix skills, and gamemasters can use that to their advantage. deniaL of Service attackS A denial of service (DOS) attack is a method of keeping legitimate users from accessing a specific node, or even the Matrix at large. Cutting off traffic to a specific node could be the beginning Unwired of a plan for extortion, or an effort to prevent outside reinforcements from entering a node while a hacker is busy working with it. More simply, a DOS attack can prevent someone from calling for help using their commlink or from getting directions while in their vehicle. Devices that a legitimate user cannot access are much more susceptible to spoofing because legitimate users cannot counteract the orders given them. The central focus of most DOS attacks is a node’s active account list; by editing the list a hacker can sever a connection (see Terminate Connection, p. 223, SR4). A hacker can also instruct the node to block future access connection requests from a particular node or access ID (or a range of nodes/access IDs), locking the target out. To accomplish this, the hacker must have access to the node and must make a Computer + Edit (1) Test if they have security or admin privileges; or a Hacking + Edit (2) Test if he does not. Accounts may also be deleted (if active, the user’s connection must be terminated first) with a successful Software + Editing (1) Test, assuming you have security or admin privileges; Hacking + Edit (2) Test if you do not. There are many other ways to accomplish a DOS attack: jamming a wireless device, cutting the hardlines on a physical network, or changing the routing to prevent traffic in or out of the target node all accomplishes the same task. Causing the system to crash can also achieve the same effect, though only for the amount of time it takes the system to reboot. distributed denial of Service attacks (ddoS) Hackers can also use botnets (p. 100) to perform a form of denial of service attack that is generally easier to accomplish than hacking the target node directly. Even in the 2070s, nodes have limits to the number of data transfers and access requests they can handle at once, though this is rarely an issue. A hacker performing a DDOS attempts to overload the node by having a botnet flood it with traffic of all kinds. In most cases, DDOS attacks require massively large botnets. For standard nodes, reduce the target node’s Response by 1 for every System x 4 bots flooding it with traffic. A node with System 5 and Response 5, for example, hit by a DDOS attack from a botnet with 100 bots, would have its Response reduced to 0, freezing all activity on the node. Even if the node is rebooted, it will be slammed with traffic as soon as it starts again, until the DDOS attack ends. A node under DDOS attack has three options. First, it can spoof its access ID, so that the DDOS can no longer find its target. The node must be offline (not meshed with other nodes) to switch access ID. Second, it can try to block access from botnet access IDs or attempt to filter out all flooding traffic. The success of these latter options is largely up to the gamemaster’s discretion. MaSS attackS A mass attack refers to a team of hackers pooling their resources to hack a particular system. Functionally, a mass attack is Probing the Target (see Probing the Target, p. 221, SR4) with a Teamwork Test. Hackers and technomancers can work together on mass attacks. If the test is successful, all of the participating hackers gain access to the node. Agents and sprites cannot participate directly in Teamwork Tests, but add +1 die to the prime character’s dice pool for each agent or sprite assisting (maximum +5). Simon Wentworth (order #1132857) 9 101 hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 1 and 2:
TM Simon Wentworth (order #1132857
Page 3 and 4:
Simon Wentworth (order #1132857) 9
Page 5 and 6:
Malware 86 Agents 87 Botnets 88 the
Page 7 and 8:
JackPoint StatS___ 57 users current
Page 9 and 10:
Page 11 and 12:
AR transmissions are so easy to eav
Page 13 and 14:
And I’m even happier when I can i
Page 15 and 16:
tHe aUgMented worLd The augmented w
Page 17 and 18:
people started cobbling together re
Page 19 and 20:
While the cheaper commlinks are onl
Page 21 and 22:
Matrix criMeS > I’ve downloaded a
Page 23 and 24:
“protection rackets” against vi
Page 25 and 26:
a general agreement that in order t
Page 27 and 28:
Now, to operate in the sprawl, you
Page 29 and 30:
capabilities and resources to do it
Page 31 and 32:
popULar SoUSveiLLance videoS knight
Page 33 and 34:
drug treatments during incarceratio
Page 35 and 36:
Page 37 and 38:
of more than one sprite at a time.
Page 39 and 40:
intuitive Hacking Cost: 5 BP A char
Page 41 and 42:
tweaking tHe rULeS Gamemasters and
Page 43 and 44:
Page 45 and 46:
‘link will s-l-o-w d-o-w-n, big t
Page 47 and 48:
gram and a massive amount of time (
Page 49 and 50:
. . . Matrix topoloGy . . . Hex was
Page 51 and 52: Simon Wentworth (order #1132857) 9
Page 53 and 54: track programs are not able to dete
Page 55 and 56: node attributes like a metaphor or
Page 57 and 58: datatrail Every interaction on the
Page 59 and 60: a castle could represent a control
Page 61 and 62: Simsense can also be used for exper
Page 65 and 66: with their image links is an expens
Page 67 and 68: To avoid detection, the hacker can
Page 69 and 70: aLertS Another important line of de
Page 71 and 72: B A R S C I L W ESS 3 2 3 2 3 4 4 3
Page 73 and 74: encryption on the access log of the
Page 75 and 76: filled with a high-rating Data Bomb
Page 77 and 78: You also need to choose the Matrix
Page 79 and 80: Sculpting: The node looks a lot lik
Page 81 and 82: Hardware: Saeder-Krupp Schwermetall
Page 85 and 86: Don’t call me a script kid Don’
Page 87 and 88: ight commands to bring those things
Page 89 and 90: drivers on my commlink before I tur
Page 91 and 92: what it sounds like: two or more ha
Page 93 and 94: Yep. You can also stick malware int
Page 95 and 96: gaMe inforMation The Hacker’s Han
Page 97 and 98: paYdata General rules for fencing p
Page 99 and 100: Pistons is researching the NeoNET A
Page 101: Spoofing commands from a user with
Page 105 and 106: Issuing commands to a smartgun thro
Page 107 and 108: igger trickS Like hackers, riggers
Page 111 and 112: Server-Side prograMS Server-side pr
Page 113 and 114: cess (even if the agent tries to ha
Page 115 and 116: worms). To match the opposition, ho
Page 117 and 118: Mute Program Types: Common, Hacking
Page 119 and 120: temporary degradation can be restor
Page 121 and 122: advanced prograMMing taBLe Software
Page 123 and 124: prone to degradation. This is in pa
Page 125 and 126: dataworms Dataworms are a stealth t
Page 127 and 128: military and police units, professi
Page 129 and 130: them and plot them on a three-dimen
Page 131 and 132: . . . technoMancers . . . The secur
Page 135 and 136: attuning to a particular part of th
Page 137 and 138: advanced tecHnoMancer rULeS The rec
Page 139 and 140: Streams are still evolving and are
Page 141 and 142: info Savants Fading: Intuition + Re
Page 143 and 144: experience, induced by unfiltered e
Page 145 and 146: don’t have to be strictly technom
Page 147 and 148: new ecHoeS The following section ex
Page 149 and 150: Sift Technomancers who possess this
Page 151 and 152: Neuroleptic: This widget creates a
Page 153 and 154:
make are geared towards someone wit
Page 155 and 156:
Page 157 and 158:
Pilot Response Firewall Matrix INIT
Page 159 and 160:
traceroUte taBLe Subject Interacts
Page 161 and 162:
• It may raise one complex form i
Page 163 and 164:
. . . Matrix phenoMena . . . It’s
Page 165 and 166:
Page 167 and 168:
gaMe inforMation This section provi
Page 169 and 170:
(plus an additional box if the AI h
Page 171 and 172:
known aiS These are but a few examp
Page 173 and 174:
Uv nodeS—at tHe edge of reaLitY I
Page 175 and 176:
is something larger beyond the curt
Page 177 and 178:
the realm where the source code was
Page 179 and 180:
infektors The Infektors’ ultimate
Page 181 and 182:
corrupting it into a temporary diss
Page 183 and 184:
Pilot Response Firewall Matrix INIT
Page 185 and 186:
Page 187 and 188:
former prematurely and leave them o
Page 189 and 190:
playback gear On the most basic lev
Page 191 and 192:
y default can be used repeatedly an
Page 193 and 194:
to explain the missing time. Also,
Page 195 and 196:
compartmentalized pieces of informa
Page 197 and 198:
. . . Matrix Gear . . . Glitch was
Page 199 and 200:
Page 201 and 202:
eLectronicS Electronics follow all
Page 203 and 204:
Hacker ServiceS See Buying a Better
Page 205 and 206:
Software Suites Availability Cost H
Page 207 and 208:
SaMpLe nodeS (cont.) . . . . . . .
Page 209 and 210:
SaMpLe SpiderS (cont.) Security tec
show all

comStar Firewall alert - PhaseThrough

Create successful ePaper yourself

Delete template?

Save as template?