comStar Firewall alert - PhaseThrough

Recommendations

Info

hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . . 96 coUnterfeiting otHer cUrrencieS There are other kinds of electronic money in the Sixth World besides nuyen, and hackers can counterfeit those too. Typical examples include national currencies (UCAS dollars) and corpscrip (Aztechnology corporate pesos). These monies are usually easier to counterfeit than nuyen but are much more difficult to pass as authentic (verification systems get +4 dice on Opposed Tests to detect counterfeits). Player characters can also generate game currencies such as those used in Matrix games to buy virtual equipment (pikucredu); game cred can be purchased with nuyen inside the game but cannot (legally) be exchanged for nuyen after purchase. A very few backward places in the Sixth World even rely on physical mediums of exchange in the form of coins or bills (see Using Forgery, p. 124, SR4). optional rule: forging Sins and ids Creating a fake system identification number (SIN) requires extensive resources that most shadowrunners just don’t have; the forger must generate and insert corroborating data into a number of government and corporate databases, the names and addresses of which are not available to the general public. The fixers and syndicates who deal in false SINs and IDs have established channels and contacts that work in the issuing institutions and have multiple backdoors into the necessary databanks. Even then it can be a tedious, expensive process to produce a high-rating false SIN, and also a very personal one involving increasing degrees of personal information and biometric data depending on the rating of the fake SIN. Solo hackers and technomancers can forge their own SINs, but without the apparatus of contacts and backdoors in place the process is much longer and more difficult than buying a fake SIN. Gamemasters should think very carefully before allowing their player character hackers to dabble in forging SINs, as it can prove unbalancing. The following rules are for use at the gamemaster’s discretion. Creating a fake SIN or fake license (see Legality, p. 303, SR4) requires Matrix access (through a commlink, terminal, or a technomancer’s innate ability) and an Extended Forgery + Edit Test (see the Forgery Table, p. 95, for Interval and Threshold). Fake SINs and licenses have a rating from 1 to 6 that determines how well they stand up to verification systems (see Fake ID, p. 260, SR4). Once created, the fake SIN or license and its corroborating data must be accepted by official databases, which requires a series of system intrusions and Hacking + Edit (System, 1 hour) Extended Tests on challenging nodes; the gamemaster decides on the target system ratings and can choose to play these out or summarize them quickly with an Extended Hacking + Edit (Rating of fake SIN x System, 1 hour) Extended Test. Burnt and Stripped Sins When a SIN is exposed as a fake or is no longer usable because of crimes connected to it, it is said the SIN is burnt. A SIN contains biometric and identifying data that a character doesn’t want to fall into the wrong hands, and can only be stripped of such incriminating data. Fixers and fences who buy fake SINs (see Fencing Goods, p. 303, SR4) typically strip them automatically, but some characters might not want to take the chance that their personal data is recorded first. A character can strip a SIN with a series of system intrusions and Hacking + Edit (System, 1 hour) Tests on challenging nodes; the gamemaster decides the target system ratings and can choose to play these out or summarize them quickly with an Extended Hacking + Edit (Rating of fake SIN x System, 1 hour) Test. When a SIN is burnt or stripped, the character loses all online accounts, licenses, DocWagon contracts, rental agreements, deeds for property, and legal debts tied to that SIN. optional rule: forging passkeys A passkey (see Passkeys, p. 64) contains an encrypted code that, combined with a valid passcode, allows a user access to a system. The encrypted code is incremented or scrambled every time it accesses the system, which means the code changes with every use. A dedicated character could forge a copy of a passkey, but it would require at least a schematic of the passkey and a copy of its firmware. The forged passkey (if made correctly) would be good for one use only—and it would have to be used before the actual passkey is used, or the code won’t work. If someone uses a forged passkey to access an account, the original passkey no longer functions correctly, and spiders or admin users will know that the last time the account was activated, it was done with a forged passkey. Given these limitations, most shadowrunners choose to steal or “borrow” passkeys; especially more advanced nanotech and alchemical passkeys, which require special facilities and equipment to manufacture. expLoitS Not to be confused with the Exploit program, an exploit is a loophole, a code flaw, or other software error that a hacker can take advantage of (in other words, an exploit is what the Exploit program is designed to find, from a built-in database of security flaws, and take advantage of ). A hacker that discovers a new exploit (i.e., one that software and security vendors don’t know about and haven’t plugged yet, and that hasn’t even circulated through the hacker underground) has a decided advantage when dealing with the subject of that exploit. The hacker gains a +2 dice pool modifier for a Hacking or Cybercombat Test targeting that specific exploitable software (a particular brand of agent, program, firewall, or operating system). Finding a new exploit requires research into the already existing exploits available for that piece of code and detailed analysis of the code itself, while also requiring a successful Extended Logic + Hacking (10 + rating, 1 day) Test. Every time the new exploit is used, there is a chance that the exploit is plugged and no longer works—the hacker won’t know for sure until they try to use the exploit and it fails. Exploits aren’t restricted to a single system, so even if an exploit is plugged in one system, there’s a chance it will still work on other systems, until news of its existence spreads at least. Known new exploits are always plugged when a new patch arrives for the software. Unwired Simon Wentworth (order #1132857) 9
Pistons is researching the NeoNET Aegis-II Armor program (a Rating 2 armor program). She rolls her 4 Hacking dice and 4 Logic dice against a threshold of 12; in six days she has discovered a new exploit that applies to that particular program. Pistons will enjoy a 2 dice bonus to her Cybercombat Skill Test to crash that particular armor program. Hacked accoUntS Just because a hacker has bypassed a Firewall once doesn’t mean he has an open pass to access the node whenever he pleases, or that he can share that access with all of his hacker buddies. Several factors must be taken into consideration first (each subject to gamemaster review). If a node has been hacked on-the-fly, the hacker has found some gaping hole in the system security that allows him to access an account on that node. The hacker has not actually acquired the passcode for the account, however, and the exploit is likely to be noticed in a security audit and/or patched in the immediate future. This means that if the hacker wants to access the node again, he will have to hack in again. There is no way for the hacker to share the hacked account with another hacker or Matrix entity, even while the hacker is accessing the account. If the target node was carefully probed before the hack, however, there is a better chance that the hacker can use the same method to regain access at a later point. Either the hacker has ascertained a passcode that will allow him to access the account legitimately in the future, or he has discovered a re-usable exploit (p. 96)—the gamemaster determines which. In either case, this access may be shared with others, allowing them to use the account or re-usable exploit. Eventually, however, passcodes may expire or be changed, and exploits may be discovered and patched. Nothing lasts forever. No matter how access was obtained, if a hacker triggers an alert, their method for accessing the node will likely be closed off in the future, to prevent future intrusions. Hackers may of course make arrangements while within a node to ensure that they can access it at a later point. Options include inserting a re-usable exploit, creating a “legitimate” account, or creating a hidden account or access point. These methods are referred to as backdoors. BackdoorS A backdoor is a means for a hacker or technomancer to gain repeated access to a node with less effort than hacking their way in every time; this means it is typically hidden from the site administrators, though in the case of repeated use of legitimate accounts this might mean hiding in plain sight. Before leaving a node they’re likely to come back to, some hackers will take the time to code in an account or exploit that will let them access the node again. In general there are four types of backdoors: reusable exploits, legitimate accounts, hidden accounts, and hidden access points. reusable exploits As noted under Probing the Target (p. 221, SR4), some probed exploits may be used repeatedly if the hacker doesn’t do something to give them away or it they aren’t discovered. The Unwired drawback to this “open hole” sort of backdoor is that the system gets an Analyze + Firewall Test every time you use it. Hackers who have hacked their way into the node can also create their own reusable exploit; a specially crafted flaw in the node’s firewall that allows those who know about it to hack the node with extreme ease. Creating a reusable exploit requires a successful Extended Software + Exploit (Firewall + System, 1 Initiative Pass) Test if you have at least security-level access on the node—otherwise replace Software with Hacking. Once created, this provides a hidden exploit that gives the hacker a +6 dice pool modifier to gain access to that node using the Exploit program. The details of a known exploit like this may also be traded/ sold to other hackers, who will also receive the +6 dice pool bonus until the exploit is discovered and removed (see Detecting Backdoors, below) Legitimate accounts Nodes expect a certain amount of traffic from normal users, and for many work-related nodes even some off-hours access from home or private terminals is typical or expected. A hacker who steals the passcode to a legitimate account can, with care, continue to make use of that account for some time before a spider notices anything, if they ever do. A hacker who has hacked the node may also create a “legit” account on the system (see Hackers & Editing, p. 225, SR4) and then hide the fact that they created it. This requires a successful Software + Editing Test if you have at least security privileges on the node, or a Hacking + Edit (2) Test if you do not. For securitylevel access, increase the threshold to 3; for admin access, increase it to 4. New accounts of course show up on security audits and are usually carefully scrutinized for legitimacy. All of the account’s actions are also logged—it’s not hidden, as it was created with the façade of a legitimate account. A verifiable account on a corporate system combined with a fake SIN and/or records that the hacker is employed by that corporation can make a very convincing cover story for an infiltration. Hidden accounts A hidden account is not visible to spiders or administrators, being discernible only by the system. While this account allows the hacker to access the node freely, it is still subject to account privilege limitations and spiders who perceive the character will assume them to be trespassing as they will not appear to have an account. To create a hidden account, you must already have access to the node (either legit or hacked) and must follow the procedure for creating a legitimate account noted above. On the next action, the legitimate account must then be hidden with a Hacking + Stealth (Firewall, 10 minutes) Extended Test. As with any other account, this hidden account has a unique passcode; anyone with that passcode may access that account. Previously existing legitimate accounts may also be transformed into hidden accounts this way, but the access log must also be modified or a security audit will show an account mysteriously disappeared. Hidden access points A hidden access point is similar to a reusable exploit, except the hacker exploits a software flaw that allows him access to a node Simon Wentworth (order #1132857) 9 97 hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .
Page 1 and 2:
TM Simon Wentworth (order #1132857
Page 3 and 4:
Simon Wentworth (order #1132857) 9
Page 5 and 6:
Malware 86 Agents 87 Botnets 88 the
Page 7 and 8:
JackPoint StatS___ 57 users current
Page 9 and 10:
Page 11 and 12:
AR transmissions are so easy to eav
Page 13 and 14:
And I’m even happier when I can i
Page 15 and 16:
tHe aUgMented worLd The augmented w
Page 17 and 18:
people started cobbling together re
Page 19 and 20:
While the cheaper commlinks are onl
Page 21 and 22:
Matrix criMeS > I’ve downloaded a
Page 23 and 24:
“protection rackets” against vi
Page 25 and 26:
a general agreement that in order t
Page 27 and 28:
Now, to operate in the sprawl, you
Page 29 and 30:
capabilities and resources to do it
Page 31 and 32:
popULar SoUSveiLLance videoS knight
Page 33 and 34:
drug treatments during incarceratio
Page 35 and 36:
Page 37 and 38:
of more than one sprite at a time.
Page 39 and 40:
intuitive Hacking Cost: 5 BP A char
Page 41 and 42:
tweaking tHe rULeS Gamemasters and
Page 43 and 44:
Page 45 and 46:
‘link will s-l-o-w d-o-w-n, big t
Page 47 and 48: gram and a massive amount of time (
Page 49 and 50: . . . Matrix topoloGy . . . Hex was
Page 51 and 52: Simon Wentworth (order #1132857) 9
Page 53 and 54: track programs are not able to dete
Page 55 and 56: node attributes like a metaphor or
Page 57 and 58: datatrail Every interaction on the
Page 59 and 60: a castle could represent a control
Page 61 and 62: Simsense can also be used for exper
Page 65 and 66: with their image links is an expens
Page 67 and 68: To avoid detection, the hacker can
Page 69 and 70: aLertS Another important line of de
Page 71 and 72: B A R S C I L W ESS 3 2 3 2 3 4 4 3
Page 73 and 74: encryption on the access log of the
Page 75 and 76: filled with a high-rating Data Bomb
Page 77 and 78: You also need to choose the Matrix
Page 79 and 80: Sculpting: The node looks a lot lik
Page 81 and 82: Hardware: Saeder-Krupp Schwermetall
Page 85 and 86: Don’t call me a script kid Don’
Page 87 and 88: ight commands to bring those things
Page 89 and 90: drivers on my commlink before I tur
Page 91 and 92: what it sounds like: two or more ha
Page 93 and 94: Yep. You can also stick malware int
Page 95 and 96: gaMe inforMation The Hacker’s Han
Page 97: paYdata General rules for fencing p
Page 101 and 102: Spoofing commands from a user with
Page 103 and 104: to Mook or not to Mook? For some ch
Page 105 and 106: Issuing commands to a smartgun thro
Page 107 and 108: igger trickS Like hackers, riggers
Page 111 and 112: Server-Side prograMS Server-side pr
Page 113 and 114: cess (even if the agent tries to ha
Page 115 and 116: worms). To match the opposition, ho
Page 117 and 118: Mute Program Types: Common, Hacking
Page 119 and 120: temporary degradation can be restor
Page 121 and 122: advanced prograMMing taBLe Software
Page 123 and 124: prone to degradation. This is in pa
Page 125 and 126: dataworms Dataworms are a stealth t
Page 127 and 128: military and police units, professi
Page 129 and 130: them and plot them on a three-dimen
Page 131 and 132: . . . technoMancers . . . The secur
Page 135 and 136: attuning to a particular part of th
Page 137 and 138: advanced tecHnoMancer rULeS The rec
Page 139 and 140: Streams are still evolving and are
Page 141 and 142: info Savants Fading: Intuition + Re
Page 143 and 144: experience, induced by unfiltered e
Page 145 and 146: don’t have to be strictly technom
Page 147 and 148: new ecHoeS The following section ex
Page 149 and 150:
Sift Technomancers who possess this
Page 151 and 152:
Neuroleptic: This widget creates a
Page 153 and 154:
make are geared towards someone wit
Page 155 and 156:
Page 157 and 158:
Pilot Response Firewall Matrix INIT
Page 159 and 160:
traceroUte taBLe Subject Interacts
Page 161 and 162:
• It may raise one complex form i
Page 163 and 164:
. . . Matrix phenoMena . . . It’s
Page 165 and 166:
Page 167 and 168:
gaMe inforMation This section provi
Page 169 and 170:
(plus an additional box if the AI h
Page 171 and 172:
known aiS These are but a few examp
Page 173 and 174:
Uv nodeS—at tHe edge of reaLitY I
Page 175 and 176:
is something larger beyond the curt
Page 177 and 178:
the realm where the source code was
Page 179 and 180:
infektors The Infektors’ ultimate
Page 181 and 182:
corrupting it into a temporary diss
Page 183 and 184:
Pilot Response Firewall Matrix INIT
Page 185 and 186:
Page 187 and 188:
former prematurely and leave them o
Page 189 and 190:
playback gear On the most basic lev
Page 191 and 192:
y default can be used repeatedly an
Page 193 and 194:
to explain the missing time. Also,
Page 195 and 196:
compartmentalized pieces of informa
Page 197 and 198:
. . . Matrix Gear . . . Glitch was
Page 199 and 200:
Page 201 and 202:
eLectronicS Electronics follow all
Page 203 and 204:
Hacker ServiceS See Buying a Better
Page 205 and 206:
Software Suites Availability Cost H
Page 207 and 208:
SaMpLe nodeS (cont.) . . . . . . .
Page 209 and 210:
SaMpLe SpiderS (cont.) Security tec
show all

comStar Firewall alert - PhaseThrough

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?