comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Pistons is researching the NeoNET Aegis-II Armor<br />
program (a Rating 2 armor program). She rolls her 4<br />
Hacking dice and 4 Logic dice against a threshold of 12;<br />
in six days she has discovered a new exploit that applies to<br />
that particular program. Pistons will enjoy a 2 dice bonus<br />
to her Cybercombat Skill Test to crash that particular<br />
armor program.<br />
Hacked accoUntS<br />
Just because a hacker has bypassed a <strong>Firewall</strong> once doesn’t<br />
mean he has an open pass to access the node whenever he pleases,<br />
or that he can share that access with all of his hacker buddies.<br />
Several factors must be taken into consideration first (each subject<br />
to gamemaster review).<br />
If a node has been hacked on-the-fly, the hacker has found<br />
some gaping hole in the system security that allows him to access<br />
an account on that node. The hacker has not actually acquired<br />
the passcode for the account, however, and the exploit is likely<br />
to be noticed in a security audit and/or patched in the immediate<br />
future. This means that if the hacker wants to access the node<br />
again, he will have to hack in again. There is no way for the hacker<br />
to share the hacked account with another hacker or Matrix entity,<br />
even while the hacker is accessing the account.<br />
If the target node was carefully probed before the hack,<br />
however, there is a better chance that the hacker can use the same<br />
method to regain access at a later point. Either the hacker has<br />
ascertained a passcode that will allow him to access the account<br />
legitimately in the future, or he has discovered a re-usable exploit<br />
(p. 96)—the gamemaster determines which. In either case, this<br />
access may be shared with others, allowing them to use the account<br />
or re-usable exploit. Eventually, however, passcodes may expire or<br />
be changed, and exploits may be discovered and patched. Nothing<br />
lasts forever.<br />
No matter how access was obtained, if a hacker triggers an<br />
<strong>alert</strong>, their method for accessing the node will likely be closed off<br />
in the future, to prevent future intrusions.<br />
Hackers may of course make arrangements while within a<br />
node to ensure that they can access it at a later point. Options include<br />
inserting a re-usable exploit, creating a “legitimate” account,<br />
or creating a hidden account or access point. These methods are<br />
referred to as backdoors.<br />
BackdoorS<br />
A backdoor is a means for a hacker or technomancer to<br />
gain repeated access to a node with less effort than hacking their<br />
way in every time; this means it is typically hidden from the site<br />
administrators, though in the case of repeated use of legitimate<br />
accounts this might mean hiding in plain sight. Before leaving<br />
a node they’re likely to come back to, some hackers will take the<br />
time to code in an account or exploit that will let them access<br />
the node again. In general there are four types of backdoors:<br />
reusable exploits, legitimate accounts, hidden accounts, and<br />
hidden access points.<br />
reusable exploits<br />
As noted under Probing the Target (p. 221, SR4), some<br />
probed exploits may be used repeatedly if the hacker doesn’t do<br />
something to give them away or it they aren’t discovered. The<br />
Unwired<br />
drawback to this “open hole” sort of backdoor is that the system<br />
gets an Analyze + <strong>Firewall</strong> Test every time you use it.<br />
Hackers who have hacked their way into the node can also<br />
create their own reusable exploit; a specially crafted flaw in the<br />
node’s firewall that allows those who know about it to hack the<br />
node with extreme ease. Creating a reusable exploit requires a<br />
successful Extended Software + Exploit (<strong>Firewall</strong> + System, 1<br />
Initiative Pass) Test if you have at least security-level access on the<br />
node—otherwise replace Software with Hacking. Once created,<br />
this provides a hidden exploit that gives the hacker a +6 dice pool<br />
modifier to gain access to that node using the Exploit program.<br />
The details of a known exploit like this may also be traded/<br />
sold to other hackers, who will also receive the +6 dice pool<br />
bonus until the exploit is discovered and removed (see Detecting<br />
Backdoors, below)<br />
Legitimate accounts<br />
Nodes expect a certain amount of traffic from normal users,<br />
and for many work-related nodes even some off-hours access from<br />
home or private terminals is typical or expected. A hacker who<br />
steals the passcode to a legitimate account can, with care, continue<br />
to make use of that account for some time before a spider notices<br />
anything, if they ever do.<br />
A hacker who has hacked the node may also create a “legit”<br />
account on the system (see Hackers & Editing, p. 225, SR4) and<br />
then hide the fact that they created it. This requires a successful<br />
Software + Editing Test if you have at least security privileges on<br />
the node, or a Hacking + Edit (2) Test if you do not. For securitylevel<br />
access, increase the threshold to 3; for admin access, increase<br />
it to 4. New accounts of course show up on security audits and<br />
are usually carefully scrutinized for legitimacy. All of the account’s<br />
actions are also logged—it’s not hidden, as it was created with the<br />
façade of a legitimate account. A verifiable account on a corporate<br />
system combined with a fake SIN and/or records that the hacker<br />
is employed by that corporation can make a very convincing cover<br />
story for an infiltration.<br />
Hidden accounts<br />
A hidden account is not visible to spiders or administrators,<br />
being discernible only by the system. While this account<br />
allows the hacker to access the node freely, it is still subject to<br />
account privilege limitations and spiders who perceive the character<br />
will assume them to be trespassing as they will not appear<br />
to have an account.<br />
To create a hidden account, you must already have access to<br />
the node (either legit or hacked) and must follow the procedure<br />
for creating a legitimate account noted above. On the next action,<br />
the legitimate account must then be hidden with a Hacking +<br />
Stealth (<strong>Firewall</strong>, 10 minutes) Extended Test. As with any other<br />
account, this hidden account has a unique passcode; anyone with<br />
that passcode may access that account. Previously existing legitimate<br />
accounts may also be transformed into hidden accounts this<br />
way, but the access log must also be modified or a security audit<br />
will show an account mysteriously disappeared.<br />
Hidden access points<br />
A hidden access point is similar to a reusable exploit, except<br />
the hacker exploits a software flaw that allows him access to a node<br />
Simon Wentworth (order #1132857) 9<br />
97<br />
hacker’s handbook . . . . . . . . . . . . . . . . . . . . . . . . . .