Splitbit is a game that involves hacking other systems, for hire or for your own curiosity.
Passive Traces:
Passive Traces are instituted by the target of your hacking attempt when they notice something awry - which may be from seconds after your initial infiltration to hours or even days later when a harried help desk lackey finally checks the error logs. Passive Traces are not publicly announced, and begin at the target server - they check their log files, and if they notice a connection around the time of the problem, they may follow it to the next computer in the chain. (There is a Security Information Request process they have to go through, which takes time depending on how secure the computer in question is and how trusted the hacked company is. The federal governments and most major banks will get results much faster than Tom's Tekno-Shack.) If they find a clear link - a connection from the same time period - they will follow it.
Deleting logs is an important part of evading these passive traces; depending on the sophistication of the log removal, a log may be recoverable. In game terms, there is a 100% chance of following your path, minus 25% x the level of the log deleter (at level 4, the log is erased and overwritten, so it cannot be recovered, and thus no path can be made.)
When a company turns over information as part of a SIR, they may also figure out that their own systems have been compromised, resulting in their own passive trace attempts if evidence is still available, as well as removal of unauthorized accounts and password changes on necessary accounts.
Companies may also hire hackers to do this work; this can be quicker and more effective than the polite method. Major companies often do both; following the legitimate methods in public while having a hacker on the side try to run down the perpetrator as well.
Either way, the Passive Trace ends when a company either loses the trail or follows it to a Personal Computer. If that Personal Computer happens to be yours, you've been caught! Or at least your Gateway has. Federal agents will be dispatched to seize it from its current storage location, which takes more time dependent on its location. You may receive advance notice of this if you've purchased the proper software. Once they've tracked down your machine, however, your only recourse is the Self-Destruct, a small but powerful explosive that eradicates your computer along with all the evidence that might otherwise incriminate you, the user behind the scenes.
On the other hand, if you get caught, depending on the scope and nature of your crimes against cyberspace, you are likely to have your equipment seized, a steep fine, legal fees, a temporary suspension from activities, and - if you can't afford to pay to evade your crimes - a game over as you are incarcerated.
There are a few ways to avoid a passive trace:
1) If in the log files you are not the most recent person to connect and disconnect when an incident occurs and there is no information about who perpetrated the incident, the connection of the person who was closest will be investigated instead. (This is how incidents can sometimes point to you even if you didn't do anything! Be careful!) Note that unless you are forcibly disconnected, you are likely to be the most recent person to disconnect, so this is NOT a foolproof way to avoid trouble.
2) If you completely delete the OS of a system (which includes its log directory) and crash the system before they begin passively tracing you, they will have nothing to follow. Note that if they start the passive trace before you crash the system (ie, after they've made their first SIR request), this will NOT stop them from following you. However, if you do this to a system in the middle, this WILL disrupt the chain of tracking.
3) Routing through an onion system (one that encrypts your connection path within multiple layers) and/or an anonymous proxy (one that keeps no logs of your activities) will make it much harder for someone to track you. Note that both methods are likely to slow your connection significantly (due to frequent use by other hackers, as well as additional encryption layers in the case of onion systems), but they can be an excellent tradeoff. Anonymous proxies in particular have a very high chance of ending a Passive Trace at their doorstep; the Proxy may itself be seized and subjected to forensic analysis which may prove incriminating, but the chances are much lower than with most other systems, especially given that many anon-proxies perform System Restores with some regularity.
Hacker versus Hacker:
Most of the interesting things you can do to disrupt or destroy a computer system can be done to your fellow players, if you can figure out their IP address and target them for destruction. As with all things, a long bounce chain will reduce the speed of your attacks, but will make it a lot more likely that they won't be able to track down who you are to get revenge if they survive your onslaught. You can also modify logs to point incriminating evidence of your crimes in their direction; since they won't have any evidence on their machine, this won't give them the same level of penalty you may have incurred, but will definitely piss them off and cause them headaches when their system is seized temporarily.
Just as against computers, hackers can attack each other's Firewall, Motherboard, Drive, Memory, and
Keeping Your Nose Clean:
Factory Reset allows you to restore your machine to the state it was in before you started sullying it with your wicked hacker ways - no programs, no bounce routes, and most importantly, no public or internal records of your activities. As such, it may be beneficial to establish a datastore or offsite backup with your favorite programs copied to it, then Factory Reset your machine every so often to make sure there's nothing for a snooping FBI cyberforensics expert to find.
To a lesser extent, clearing your own Event Logs will help as well - removing the initial connections between you and your first bounce point will help to strengthen the case that someone edited log files to point to you (lowering your legal fees, and possibly evading actual criminal charges, particularly if you have no convictions on your record.) However, cyberanalysts who have physical access to your machine will eventually be able to find evidence against you if they have reason to search hard enough (and if they have reason to search, other cybercrimes might come to light), so a Factory Reset is the only way to guarantee your tracks are gone from a particular hard drive.
System Backup and System Restore:
You can also opt to have an offline backup made of your entire software configuration, and choose to have it restored at any time. This is superior to a Factory Reset, if the System Backup has no traces of your illicit activities, and can remove viruses, rootkits, and other unfortunate predators that have gotten themselves lodged in your machine.
Dealing with The Sysadmin:
Internal networks have their own problem - the sysadmin, who is a hacker in their own right with the additional benefit of being on his home turf. His goal is to track you down and find your current location in the system so he can force you offline, a feat which is much easier if there are few other users connecting remotely or if his firewall is still functional. Of course, some sysadmins don't play fair, and simply connect, go straight for their router, and break the connection to interrupt whatever you were doing - but this also disrupts everyone else on the network, which can be a problem for major corporations with many telecommuting workers or many incoming data streams. (“Sorry, Billy, your grandma died because the doctors couldn't connect to the medical database to figure out what medicines she was allergic to.”)
If a sysadmin successfully finds and identifies you, they can block your last known connection route and user account from the system and then immediately start passively tracing you (and they almost certainly will, if you did any significant damage or they are part of a large enough company).
Viruses And Their Uses:
Viruses have a number of uses for the savvy hacker; install them on a target system (or get someone to run them for you!), and you can set up a number of nasty tricks:
V-Spammer: This uses some of the target's resources to send out spam emails. These emails will earn you money when you configure the virus to use a particular advertiser as a source, and/or can be used to transmit viruses. Note that this will take up system resources, and if found, may result in people following the chain back to you… so be careful with your transfer logs! You can configure how many resources the system uses, which will control how much your spambot will send.
V-Drive: This uses some of the target's resources to store files for you. This is most useful when you have this installed on many machines, allowing you to digitally distribute files across a broad range of targets for later use and abuse. You control how much space is used on each machine, and how redundantly files are stored - if you have 1 Gq on each of ten machines, you could choose to store 10 Gq of data with no redundancy, 5 Gq of data with 100% redundancy, 2 Gq of data with 400% redundancy, etc. If someone finds and removes a V-Drive, the chance of corrupting files depends on the redundancy factor involved (if you have 6 Gq stored, then you have 66% redundancy - a 2 in 3 chance that a specific lost sector exists elsewhere.) Note that if you have one file stored in a less-than-redundant network that takes more space than there is redundancy - say, a 6 Gq file on 10 Gq of storage - any failure will destroy the file.
V-Spy: This allows you to read the system logs at any time to see what a system is up to, which can be very useful for remotely monitoring a system's activity, picking up passwords, or seeing who's new in cyberspace.
V-Slave: Ah, the fun stuff. V-Slave carries a program package of your choice and installs it on the target machine; you control the space it uses and the resources it uses, and on your command it will use those programs for your benefit. For example, if you V-Slave a machine with Denial, you can use your V-Slaves to commit a distributed Denial attack to take a system offline or bury evidence of your activity in a torrent of system requests.
V-Wipe: Nasty bit of software, this allows you to remotely wipe a machine's memory on command. Note that this does NOT remove the virus unless you set it to do so; this means that people may suspect a normal system wipe unless they have a sophisticated enough virus killer.
V-Crash: This is another nasty bit of software that allows you to force a machine to crash (ie, become totally unresponsive and cease to function) with a single well-placed command. This is great for interrupting adversaries - find a system they commonly route to, install this, and Crash them, making their hack stop dead in its tracks!
V-Fee: This nasty little number watches a target system for banking transactions and records account data, then files additional payments to accounts of your choice. Great for bankrolling a new system! Note that you probably had better have the account cleaned out by the time the credit card companies figure out this is going on…
V-Mail: This allows you to remotely read email on the target machine, which can be quite interesting if it happens to be a player account.
V-Kit: This gives you a root backdoor into the target system, allowing you to connect to it at any time without normal login credentials and without logging your activities. These are ideal for installing all sorts of other problems onto a target system!
V-Logger: This installs a secondary log system that works regardless of whether the system logs are activated, and gives you access to read this at any time. Note that even if they wipe their System Logs, a cyberforensics expert who finds this will be quite happy if it contains incriminating evidence of the user's misdeeds!
V-Proxy: This allows you to use the system as a proxy even if it normally doesn't allow such activities - why hack through your own box when you can use someone else's?
V-Command: Along the same lines, V-Command allows you to remotely launch programs installed on the subject's computer as if you were the authorized user. Want to make them try to launch a Denial attack on the Russian Nuclear Launch System? Go for it!
V-Manager: This is a management portal that allows you to control other V-systems without a direct connection, allowing your BotManager program to have multiple-level trees of communication that you can operate or prune at a safe distance. V-Manager includes a self-destruct feature that erases itself (or if installed with V-Wipe, can erase itself and the entire hard drive) on command, useful if you feel you might be compromised. Ideally, you use one central V-Manager you can disconnect if necessary, with other V-Managers under it to coordinate 'branches' of attack. V-Managers use a simple password system, which CAN be cracked. This allows a botmaster to reclaim V-Manager bots if desired, reconnecting them to their new V-Manager superior.
V-Lert: This basic program is designed to trigger upon a cursory scan of the system for virii, and alerts the installer of the scan before deleting itself. Aside from being useful for knowing when you might have to pull the plug on a particular V-Manager, this can also be useful for tracking the habits of sysadmins (NPCs, in particular, often have particular schedules or lack thereof for their scans). Note that because it deletes itself automatically whether caught or not, it doesn't inform the user of anything else that may transpire, including whether other viruses were found; it also sends and self-destructs if the end-user finds and runs the program directly (note that it's generally a stupid idea to run a program if you have no idea what it does.)
V-Block: This nasty bit of tech stops the target system from launching attack scripts - or more specifically, from transmitting them to targets. While the scripts will run normally (and use system resources), nothing will actually happen. This also means that the target system will not receive notification that it's under attack (since from its perspective, there's no attack coming).
V-Direct: This is another bit of unpleasantness that can cause serious damage. In effect, it disables proxy routing and trace tracking on the target system and connects the user directly to the target system. The first inkling the user may get that something is horribly wrong is when their session is abruptly disconnected after an Active Trace concludes shortly after they are first detected, with no notification.
V-Frag: Another annoying bit of software, this randomly shifts a user's programs around in storage when they aren't online, creating fragmentation. Mostly an annoyance, unless a user needs to copy large files quickly.
V-Corrupt: This virus corrupts a random segment of memory or drivespace (similar to what happens when a Drive-Breaker or RAM-Slammer attack hits). As with those attacks, if something happens to be in the target segment, it is corrupted (and if currently in memory, it crashes, leaving those resources in use.) Users are advised to keep the frequency low if they want to escape detection, and not to use it against systems with valuable datafiles they might want to steal.