When a netrunner connects to his deck (via a data jack, hard-wired into his head — hence the term “jacked-in”), he starts out at his “home” node. Until he connects to the net proper, the only items visible are the data links heading out of his location (communication lines, microwave links, etc.). To establish connection with the net, he uses a Datalink program.
Once he is connected, the world of the net reveals itself (the exact appearance of the net is determined by Environment Modules, below) and he can start maneuvering through it. The “distance” that a decker can see is directly related to the Complexity of his cyberdeck. For each point of Complexity, a netrunner can see one hop. For instance, a netrunner with a Complexity 7 deck could see someone or something in Cyberspace seven hops away (see Movement in the Net below).
Everything that a decker does while in the net counts as an action. Each action takes a certain number of Phases; the better his Neural Interface and cyberdeck, the shorter each Phase is. A netrunner can take one action per phase without having to make a roll. Taking more than one action requires a roll versus Computer Hacking for a cumulative -3 for each action after the first. Actions include moving from node to node, executing a cyberdeck program, switching active slots on the cyberdeck, remotely executing a program, and searching a database.
A computer system that is executing multiple operations in the same Phase applies the -3 modifier to the skill level of the program being run.
Example: Jack the Ripper has Computer Hacking-14. He was browsing around Datex-P when he saw a Trace (see p. 92) coming after him. He tries to make a hop out of the area while simultaneously throwing up Codewall (p. 93) and Misdirection (p. 90) programs. He would roll 14 or less to make the hop, 11 or less for the Codewall, and 8 or less for the Misdirection.
The first thing that a netrunner must be able to do is move around the net — between nodes, or from a node to an intermediate point in space. Each move is a “hop.” One hop can cover up to 500 miles (round up). Thus, a system in New York would be five hops (between 2,000 and 2,500 miles) away from California. Each hop takes one Phase. Even if two nodes are sitting on the same desk, it would still take one hop to move between them. A satellite uplink (see Mapping the Network) lets a decker move to any other uplink, no matter how far away, in one hop. So in the above example, the Yankee netrunner could connect to a New York-based uplink in one hop, move to a California uplink in a second hop, and go from there to the destination system in Los Angeles with a third hop, cutting two Phases off the time required. Of course, many uplinks are protected with security programs to keep unauthorized users out…
If the signal has to be routed through any system that the GM feels might slow it down (such as an archaic, mechanical phone switch), he can add additional phases.
Merely connecting to a node doesn't usually set off any alarms (unless the system is specifically running alarm and intrusion programs to detect and deter connections), and many systems allow signals to route through them without any problems. See Mapping the Network for more information.
What a decker can “see” in the net depends on where he is. From a random point in the net (even if it's not actually on a node), a decker can see most things on a direct line within C hops, where C is equal to the Complexity of his deck. He will see the node number and the public “front” displayed by each node within range; this may be anything from an advertising sign to a huge locked door with a “Go Away” sign.
Not everything within C hops will be visible. If a node is Camouflaged, it probably won't be seen. If a node is “behind” another node, it can't be seen.
When a netrunner wants to enter a system, his first action is to survey its defenses. A Recon program can be directed at anything visible within 1 hop, to attempt to detect ice. Recon will also tell about how fast that system is, relative to the decker. A Mask program will lower this roll appropriately. Mask may cover any or all of the ice on a system.
If the target system has an active Disinformation program, the GM should roll against it each time the Recon program fails to detect an ice program. On a successful roll against Disinformation, the Recon program returns false information to the character. Recon may also be used for a closer look at any individual program.
A decker may make only one attempt to recon a given system. If he gets better equipment or software, he can try again. Otherwise, repeated attempts will always give the same result that the first one did. Exception: If the target system has changed its defenses since the last recon, the GM will roll for each change to see if it is detected.
Not all computers use the same communication protocol. An effective protection method for an important computer is to isolate it from the network and then make sure that anyone connecting to it through normal comm-lines must be using a specific, non-standard piece of hardware or software.
This can lead to some interesting experiments as the characters try and figure out what strange communication programs or odd cyberdecks are designed to work with. For instance, the GM might have the group run across a cyberdeck that has no manufacturer's name or serial number on it. Not only do they not know where it came from, but it doesn't seem to work with any normal network. As they investigate it, they might eventually find out that the chips in it were designed by a large Canadian computer company.
As their research proceeds, the team finds a group of comm-lines that disappear into the complex. When they connect a normal cyberdeck to the lines, they just get garbage — but when their red deck is hooked up, the netrunner finds himself in the midst of a strange network, the likes of which he's never encountered…
When a decker moves to a node (“connects” to it), he cannot automatically enter and use that system. He is in front of the system, in the login area. From here, he gets an automatic chance to see any ice and other defenses, and to judge Phase Length, as though he had run Recon at a level equal to his Cyberdeck Operation skill. However, unless he is very well camouflaged, any system ice will see him in the login area. A Watchdog or Password program will challenge anyone in this area. Depending on the program's settings, it may ignore an intruder who seems to be doing nothing, or it may set off an alarm.
In order to leave the login area and enter a system, the decker must satisfy — or defeat — any Password programs that it has. Once this is done, he is in the system. (He isn't necessarily safe. If he set off an alarm while defeating the Password, other ice might attack him even though he is already in the system, or even past it!)
When a decker has entered a system, he can see “past” it on the Net. He can also determine how many outgoing lines it has, and whether they are open lines (which can be used to route connections anywhere) or dedicated (which reach only a particular destination). Some outgoing lines will be passworded. Until the decker satisfies or defeats those passwords, he can't use those lines or see along them.
Depending on his access, the decker will also learn something about the structure and function of that particular system. If there are files on the system, he will be able to look at directories of information, and so on. All this information is entirely up to the GM.
Internal password programs, and even more complex ice, may exist within a system to guard certain file areas. This is treated as a system-within-a-system, complete with its own logon area. But most systems assume that anyone who passes the main logon area is permitted to access everything that he can “see.”
Superusers, of course, can see more! A decker with superuser access can make an automatically successful Recon for all ice in the system. He can also turn any individual program off or on, or turn all ice off or on at once. Each “switch” takes one turn. For more about what the decker can do with an invaded system, see p. 79.
A decker can see all other netrunners within his “vision range,” unless they are successfully Stealthed. Normally, another decker appears simply as a blur or flicker, unless someone specifically looks at (or for) them. The observer will then see whatever image they have chosen to project in the Net, and how fast they are moving. He cannot tell anything about who they really are or what they are doing, unless he recognizes someone by his image. Most deckers habitually use the same image, but it can be changed at will!
Depending on the quality of his cyberdeck and the size of his credit chip, a netnmner may have anywhere from one to several dozen ROM decks stored at one time. The ROM decks will usually be dormant, or offline; how many of them can be active, or online, depends on the Complexity of the cyberdeck and the programs in the ROM decks.
The decker can bring any slotted program online at will. Since a deck can only run a finite number of programs at once, a netrunner must decide when he sets up his cyberdeck which programs take priority if a program is activated which would exceed the cyberdeck's capacity.
The time listed for each program includes the activation Phase. Thus, if a decker runs a program with an execution time of one Phase, the program will finish executing by the end of that Phase.
In a cyberpunk world the development of hardware and software speeds along at the same pace that everything else does. Attack and defense programs become less effective as they age because human hotshots and dedicated AIs are constantly finding faults and releasing new versions. Your Codewall may not stand up against a new Icepick, but it will laugh at last year's model.
The GM should define a release date for each piece of software that the PCs get, or that is used by NPCs. When two programs oppose each other in a Contest of Skills, the older program has a penalty as given on the table below:
3 month: -1 6 months: -2 9 months: -3 12 months: -5 15 months: -7 18 months: -9 24 months: -12 30 months: -15 36 months: -18
Software more than 3 years old is simply useless in the world of high-stakes industrial espionage!
Example: A Confuse program dated 1- 1-20 (“Confuse 010120”) comes down the line at the Green Giantess, who is protected by a Damper program released 9-20-19.
The Giantess' program is less than 4 months older than the Confuse, so it rolls at a -1 in the Contest of Skills. Its effective skill is a 11 against the skill 12 of Confuse 010120.
Keep in mind that software — especially stolen software — may already be old when the netrunner acquires it. Any program carries a date, written into the code, which can easily be checked by whoever controls the program. But dates can be falsified!
Detecting a falsification on a disk is impossible unless one has another, genuine copy of the program (either the version you think you have or the one you really have) for a byte-by-byte comparison; this requires a two-slot deck and an hour. But if you suspect your Icepick is really a year old, you can easily set up a situation to test it…
On the other hand, a skilled netrunner may occasionally make off with prerelease copies of software programs that are effectively “dated in the future.” Such programs will have an advantage over anything obtained through legitimate channels — if they work at all! Software developers are notorious for hiding viruses, tracers, and other surprises within unreleased material, just in case. And there's also the possibility of a plain old bug.
When a decker is trying to get into a computer, he will eventually run into some sort of defensive programs. These programs are called “ice” (for Intrusion Countermeasure Electronics). And there is always the possibility of encountering a hostile silicon cowboy — after the same data, or working for the company that owns the system being assaulted, or just a hostile jerk with a cyberdeck.
“Combat” in netrunning refers to any unauthorized attempt to enter a system, or to any hostile confrontation between two or more netnrunners. Note that, if they enter the system at the same time, several netnrunners might be battling each other and any ice they find guarding the system!
After using Recon to determine the extent of the system ice, the intruder can try to disarm it. Each type of ice has a particular attack that is effective against it — if the netrunner doesn't own a particular program, all of the attacks have defaults (see p. 89). The disarming attempt is resolved as a Contest of Skills between the attacker and the ice program. If the netrunner makes a critical failure while attempting to deactivate the ice, any alarm programs that haven't already been disarmed are immediately set off. A smart netrunner usually starts by disconnecting the alarms!
Once the system has been alerted to the intruder's presence, the difference between the length of the intruder's Command Phase and the system's Phase becomes very important. (This is also the first thing that needs to be determined when two netrunners are attacking each other.) The GM will need to keep time in units equal to the shortest Phase in the combat — if Deck Wizard is using a deck with a 1,000-millisecond Phase to attack a system that has 500-millisecond Phases, the GM will have to keep track of time in half-second (500-millisecond) intervals, as the faster system will act twice for every action that Deck Wizard gets. Attack and defense programs are executed just like any other program — but if the attacker is sufficiently quick, the defender may never get a chance to act!
Example 1: Deck Wizard (1,000-millisecond Phase) encounters a bank computer (500-millisecond Phase) and begins to snoop around with a Recon program. Unfortunately, he gets a critical failure while checking out an Alarm program, and the system is alerted to his presence. Within 500 milliseconds, the bank's computer simultaneously executes Codewall-14 and Sever-13. Since this is two actions in one phase, the Sever attempt is at -3, so the bank rolls versus Codewall-14 and Sever-10. Unfortunately for Deck Wizard, he doesn't have any defenses running at the time, and both of the bank's rolls were successful. He briefly sees the Codewall thrown up, then experiences the slight disorientation of having his communication link severed. Deck Wizard is now sitting dazed in his apartment, wondering where he can get the cash for a faster deck!
See the attack and defense programs (pp. 89-92) for detailed information. A critical success during any of the netrunner's attacks indicates that the account he is working on is a superuser account (see p. 69). If all ice is cracked, the decker has full superuser access. Otherwise, he will need to use a Promote program (p. 91) to obtain superuser status.
Once a decker has penetrated the defenses of a system, he can do anything a normal user can do. (If he has “borrowed” the account of a legitimate user, he has access to any special privileges that user may have.) If he has gotten in with a superuser account, he can do anything. Some of the activities in which an enterprising netrunner might engage (other than standard program execution) follow.
This can only be done from a superuser account. A fictitious entry is made in the system user file — the creator chooses whether to set it up as a normal account or as a superuser. Normal users are less powerful, but tend to attract less attention; a new superuser can do anything, but may be noticed quickly. If the netrunner can accomplish his goal with a normal account, or if he has confidence in his Promote program, he should stick with a standard account. The decker should keep in mind that everything he does is probably being logged — unless he has a very trustworthy Erase program, he should plan on abandoning an account after using it for any noticeable scams.
Each week there is a chance that the fake account will be discovered by routine system administration. The GM should secretly roll 3d for each bogus account. If the machine is public, a result of 4 or less indicates discovery; this increases to 6 or less on a normal machine and 8 or less on a secure machine. Increase these numbers by 2 if the fake account has superuser privileges.
Possible actions upon discovery range from simple deletion of the account to heavy Alarming and a Trace program.
Once inside a system, a hacker may wish to appropriate a piece of software or the information within a database. Given the storage size needed for these programs, it takes time to transfer it, even across the fiber-optic network. A second option for an intruder is to duplicate the item so that two copies of it exist on the same system — with the backup in an area that he can get to again.
Copying data within a machine is quick — 1 minute per petabyte. Downloading it from the system onto another machine on the net (such as the netrunner's cyberdeck) will take 20 minutes per petabyte. Program size varies with Complexity — an average Complexity 1 program is 1% of a gigabyte. This includes all help files, documentation, tutorials and anything else that is needed to run the program. This is increased by a factor of 10 for each additional level of Complexity (e.g., a Complexity 3 program would be 1 gigabyte). See p. 67 for information on database size.
Data can also be uploaded in the same manner — a hacker might need a temporary storage place for particularly hot information.
The decker may use a Monitor program (p. 91) to track the actions of another user. A successful roll versus Computer Programming minus Complexity of the System allows the decker to install a Monitor on a system to keep a log of the actions of a particular user. The netrunner can then go offline and return later to look at the file. A Monitor of this type has the same chance of being detected as a fake superuser account (see above).
There will often be times when a net jockey needs to execute a program on a computer that he has linked into — to turn off a security system so his teammates can get past a door undetected, for instance. Assuming that he has defeated any security programs, and has an account that is authorized to run the desired program, it takes one Phase to activate or deactivate a program.
One of the hazards of remote execution is that running (or shutting off) a program may trigger alarms that weren't visible until set off. A Recon program can be used to check for this.
Execution time for a remote program varies based on Complexity. Since most of the programs are running on standard computers, the regular ten-minute figure is a good estimate, although the GM may modify this up or down as the situation varies.
Once a netrunner has gained access to a database, he can search it. It takes 10 minutes per petabyte of the database to do a search (see p. 66). It takes only 1 minute per petabyte to search a datachip (see p. 67).
With the advent of electronic fund transfers, money is shuffled by communication lines instead of armored trucks. By shuffling the appropriate numbers, a good netrunner can give himself “legitimate” access to millions of dollars in cash, precious metals, products or anything else that is used in commerce.
Transferring commodities is simple — the exact appearance depends on the Environmental Interface being used (see p. 88), but the decker basically “picks up” the commodity with a Computer Hacking roll, and then “carries” it with him to another node, or uses a Transfer program to move it (see p. 92). What really happens is that the netrunner steals the routing codes and invoice number for the valuta, then erases them from the true owner's system. He must then arrange for delivery…
OK, you've just cracked a big block of ice. made your way through the central computer's circuits and found a shipment of diamonds. How do you take physical delivery?
In many cases, when you break into a computer and want to take possession of the commodities it keeps track of the things you want — money, information, negotiable instruments such as stocks and bonds — are actually only bits of data stored in the computer's memory. By changing some of the bits, you can easily change the “address” of the data from the previous owner's to yours. At that point, transferring the information into one of your more legitimate accounts is easy. But what if the information represents a physical commodity that can't be shuffled around just by setting a few computer bits?
Let's go back to the example of the diamonds. The “address” of the data mentioned above — in this case, the diamonds as listed on, say, a cargo manifest — merely denotes ownership. If the console cowboy is smart, he will change the address the diamonds are to be shipped to that of a fence, who will dispose of them for a small fee. In tricky or very unusual situations, he might have them delivered to an address that he has control of (his home, for instance), but this makes the theft much easier to trace.
One of the options on the Random Network Generation tables (p. 82) is a business computer in the communications industry. There are a number of interesting things that someone with superuser access on a telco (telephone company) machine can do. These include:
Customer Information: The phone company maintains a database known as CN/A (Customer Name/Address) that lists the owners of all comm lines. CN/A functions are also available by placing a regular phone call through Social Engineering (see p. 70). The CN/A operators are not very sophisticated — all Fast-Talk rolls are made at +2.
Line Routing: With access to the main phone switch computer, a hacker can control everything about a specific phone line. He can change the number, forward it to another destination, make the switch think that it's a pay phone (an amusing, if somewhat useless prank), busy it out (all incoming calls will get a busy signal) or add custom calling features (call waiting, threeway, caller identification, etc.)
Monitoring: It is also possible to monitor another phone line through the switch. This requires a roll versus Computer Hacking-4, but is undetectable by the person being monitored. Each time that the hacker uses this function, the GM should roll 3d. On an 8 or less, someone at the telco has noticed the unauthorized monitor and killed the offending account.
Alter Billing: The netrunner can enter the billing office (or BOC) computer and tamper with phone bills at will. He might lower his bill, erasing incriminating calls, or add calls to someone else's bill (either to implicate them in something evil or just to cost them a few bucks).
One netrunner can “piggyback” another, if both are jacked in together. One of them simply decides he wishes to piggyback; his software does the rest, moving him automatically, provided the other decker is willing and the rider's speed is at least as great. The two deckers occupy the same “position” in cyberspace until they separate. This means that an expert can carry an apprentice or assistant with him through deep ice, for training or for help inside a complex system.
To piggyback an unknowing opponent, a netrunner must be in the same “place” and win a Contest of Computer Hacking skills, with the attacker at -8. The attacker must have a Phase at least equal to the victim's. If the attacker makes his roll, he has tied himself to the other decker, without being noticed, and will follow him automatically. If he fails, he is detected. A new Contest of Skills, at no penalty, is made whenever the “horse” launches a Recon program; this can result in a decker suddenly realizing he has company! If other deckers are in the area, they roll against the would-be rider, at no penalty, to see if they notice him.
To piggyback an unwilling opponent, the netrunner must catch him with a Snare program. When the victim is Snared, the attacker must win a Contest of Computer Hacking skills, attacking at -4. Repeated tries are allowed, at another -1 each time. A success indicates the deckers are tied together. However, the “horse” can always escape by jacking out!
Some decks have an “observer” jack. Anyone jacked into this can “see” everything the main netrunner does, and communicate freely, but can take no action of their own. Such a jack adds $1,000 to the cost of the deck.
Whenever two deckers are piggybacking, or when they are in “sight” of each other on the Net, they can communicate freely. In game terms, the players can talk in real time, though the GM should not allow extended conversations in the heat of net battle.
The exact function of each attack and defense program is determined by the GM. In effect, the defenses of a system must be “programmed” by the gamemaster to be effective. For instance, just noting that Watchdog. Trace and Sever exist on a system isn't enough — the GM (or player, if he owns the computer) must define how they interact. (Yes, designing a welldefended computer system is the c-punk gamer's equivalent of building a welltrapped dungeon!) For example, the GM might note the following:
The Watchdog runs constantly, and launches a Trace on every connection. The Trace reports its results to the Watchdog, which compares it to a list of valid nodes that is stored in a file. The file is only modifiable by a superuser. If an unauthorized connection is made, the Watchdog launches an Alarm followed by a Sever. If the Sever fails, the Watchdog then begins to delete certain important files before the hacker can get ahold of them. If the hacker's Recon program is good enough, he would have been told about the Watchdog, and probably zapped it. If not, he'll have his hands full…
Anyone familiar with programming will recognize the above as an abstraction of a series of IF…THEN and DO…WHILE statements. If the GM and/or the players are familiar with programming, they might want to pseudocode a system's defenses.
While this method is difficult at first, it allows infinite complexity and makes netrunning a contest of wits between the player and the GM instead of a never-ending series of die-rolls.
One of the features of a cyberdeck is its ability to let a console cowboy know when he's in danger, and what he's up against. With a text or icon-based interface, this is not a problem. The nature of the threat is spelled out on the screen, either in text (“WARNING! ICE DETECTED. THIS COMPUTER KNOWN TO USE FLATLINE PROGRAM. SUCCESS PROBABILITY 36% TO DEFEAT ICE. SUGGEST YOU DISCONNECT NOW”) or as a recognizable icon (with levels of perceived danger, from a little kid with a slingshot through the Big Bad Wolf and up to a Japanese movie monster).
In cyberspace interfaces, warnings are generally built into the objects and people the character's simulated self will meet. In a 1930's gangster setting, for instance, a security program might be represented by a rival mobster. The mobster's weapon shows what kind of threat the character is up against. In an abstract art setting, the character would assign one color (usually red) to anything dangerous. The intensity of color would indicate the magnitude of the threat, from very dim to brilliant and flashing. (This tends to explain why cyberjocks tend to stick with one particular type of interface for a long time — they've learned to recognize the danger signals of that particular “world.”)
Often, there will be information that the simulation simply isn't set up to process, or that needs to be conveyed to the cyberjock in some detail. In this case, it is often presented through audio. In a gangster setting, a lieutenant might come up and whisper in the character's ear; in the World War in dogfighter interface, the information comes over the cockpit radio, even as the Zero representing the enemy appears on the horizon.
When someone is trying to gather information about a person or a company, they usually spend a lot of time lurking in the shadows with expensive surveillance equipment, recording their every move and word. In the excitement of playing spy, they often overlook one of the best sources of information available — the trash.
There is an endless variety of useful (and not-so-useful) information to be gleaned from a trash can. People who wouldn't dream of talking on their home phone for fear it is tapped will jot down detailed (and sometimes incriminating) information on a piece of paper that they later toss away with the orange peels — sometimes they may tear it in a few pieces, but it's nothing that a bit of tape won't fix.
Modern-day hackers use this technique to glean information from phone and computer companies — they call it trashing. Legitimate users (especially low-paid employees such as data-entry clerks) tend to jot down their computer accounts and passwords on random notes which are later dropped into the garbage. One major Bell company has distributed posters to its offices warning all employees to “shred everything.” As well they should! Even if the hackers don't find actual accounts, they may find printouts of computer sessions that demonstrate the correct format for using commands — an invaluable tool with some of the more cryptic operating systems. (In game terms, this could give a +1 to +3 on effective Hacking skill for that system only.)
Other useful information that might be found in the trash can include credit-card information (if the PCs look in the trash of a major retail or mail-order store), phone numbers, sales receipts and many other pieces of paper that can be useful when building a database about an individual. Even actual disks may be thrown away; depending on the professionalism of the user, they might have been wiped carefully, wiped carelessly, or not wiped at all. Deleting all the files does not wipe a disk; “undelete” programs are common and effective even in the 1990s. To read a wiped disk or other media, make a Computer Operations roll at -(2d). The GM may modify this upward or downward for a careful or careless user. And if the target facility manufactures hardware, the trash may yield actual memory chips, ROMs, and who knows what else?
How to get the trash? That depends on the security of the physical premises. If the PCs are collecting from someone's house or apartment, it is usually just a matter of showing up before the garbagemen and throwing it in the car. And while many companies have fences around most of their building, they sometimes (a 9 or less on 3d6) have the dumpsters placed outside for case of collection.
If the trash receptacle is enclosed by a fence, but still outside, it may take a pair of wire cutters and a successful Stealth roll to root through the garbage. A simpler method involves impersonating the cleanup crew and collecting the trash normally. After all, who would pretend to be a garbageman?
If the characters need trash from one particular office, they might do well to get hired as (or impersonate) a janitor in the necessary building. This might require a week or two, but would pay off in access. Another popular trick used by high-school or college-age people is to contact the company about the school paper drive, for which they are in charge of recycling computer paper. Most big companies are very conscious of their public image, and will be happy to participate in such a worthy project. Anyone truly dedicated to their cover story will organize a paper drive — they'll just make sure they get a look at the paper first!
Collecting the trash from a high-security area should be a whole adventure in itself.
The GM should keep in mind that such techniques may also be used against the PCs. A party that makes a point of burning notes, shredding files and crumpling disks — and that is alert for cover stories that could signify “trashers” — is less likely to suffer intrusion into its own systems!
Systems that contain top secret or classified information are almost never available from the mainstream network. This isn't to say they aren't networked — but the network has to be accessed from certain physical locations.
Netrunners should be careful when hacking government computers. Private companies won't usually come after someone who only cost them a few hundred (or even thousand) dollars — it just isn't profitable to track down everyone. The government, on the other hand, has no need to show a profit, and will quite willingly dedicate massive resources to hunting down and eliminating anyone they perceive as a minor threat.
The GM will need to construct a map of the computer network for the world. While it isn't necessary to map the entire world, some basics such as Internet backbones and common routes taken to reach other places of interest, and the networks nearby the PCs' home base, constructed fairly well.
Looking at the net generation tables, the GM will notice that a surprisingly large number of systems will have little or no security; they will be “open” or “normal” systems. This, however, is accurate. The vast majority of systems will be of the “normal” variety, because most system operators/owners think that there is nothing anyone else would be interested in on their system.
The GM should make sure that obvious targets — banks, S&Ls, military systems, corporate R&D computers, etc. — are appropriately protected.
To connect to the matrix, a decker merely jacks in and connects through a comm-line. Once he's made it to the main network, he can begin connecting to nodes at random. If the GM wants him to connect to a certain node, he should make it so. Otherwise, he should generate a random node (the GM may wish to do this beforehand to save time during the play session.)
A node is represented by an icon box. Not all systems will have all pieces of information in their icon box. Also, the GM shouldn't make anything but the Node Address and System Icon public when the player encounters the system — he'll have to figure out everything else himself!
Node Number: Assigned by GM, and purely for record-keeping purposes (although GMs running a realistic network may wish the Node Number to correspond to a network address of some sort).
System Icon: Each type of system has its own icon, allowing a GM or player familiar with the icons to quickly identify it. An exclamation point (!) indicates that it is owned by the government. A 8 symbol indicates an AI.
System Complexity: This is a quick reference for the GM as to how fast the system can execute its attack and defense programs.
Type of System: See p. 68. Ether P (Public), N (Normal) or S (Secure).
Number of Comm Lines: This represents how many users can be attached to the system externally — there may be a huge number attached to the system within the building where it is located, but there will usually only be a small number of inward lines. Many systems have their lines set up to refuse any connections not originating from a certain place — this isn't ice, it's a function of how the line is installed and can't be altered. But they can call out.
When a decker is attached to a system, he occupies one of the comm-lines. If there is more than one line, extras can be used as outgoing comm-lines back into the Net. The advantage is that any subsequent machines will trace the connection back to the outbound link rather than the netrunner's home node. These can be used to connect anywhere in the world. They usually have builtin fax and Voice Synthesizer/Recognition programs so normal VoIP communications can be established.
System Links: If two systems can reach each other directly through the network, they are connected with a line. If there are a number of systems that are geographically close (in the same building, for example), they may all be connected to the same line. If the netrunner cannot trace an uninterrupted line from one system to another, he will have to route the connection through another machine. The link between two systems should have a number representing the number of hops between the two nodes. The GM should determine and record the type and operation of the defense programs on a system. See the Launching Programs sidebar, p. 83, and the net map on p. 94 for examples
Almost every university, college and even secondary schools have their own computer systems or networks. Machine type will range from personal computers to mainframes (possibly outdated). Rich universities might have a Megacomp, particularly if they are doing important research.
University computers are usually well-networked, with lots of inward and outbound lines and systems. They also tend to be less restricted than most systems, and are often used for chat systems or as underground bulletin board systems, pirate distribution sites, and samizdata distribution sites.
Hacking academic computers is not usually very profitable — unless the school is engaged in cutting-edge research. However, University administrative computers are often good sources of information about former (or current) students.
Most academic systems have weak security — but one doing significant research (especially if it's government-funded) will have state-of-the-art ice.
These systems are used in the trading of cash, stocks, bonds, commodities and anything else of value. Naturally, these are going to be the best-protected, top of the line systems on the network — the GM should be careful that the financial systems in his world are protected against all but the absolute best netrunners.
A typical system runs on a Mainframe or Megacomp — if AIs are common, there will undoubtedly be one in charge of system security for large banking systems. Everything that happens on the system — every connection and command — is probably logged on both the machine and on a remote machine or hardcopy, so a successful penetration might have to involve physically entering the site. The GM shouldn't roll for random defense programs — he should assign them manually. A typical medium-size system will have a Watchdog running that executes a Trace and Sever on any unauthorized connections, a Mask, and a plethora of Datalocks and Codewalls. Many times the internal links to a banking system will be Camouflaged.
Some companies maintain banks of outdials so that their employees can connect to the outside world. These are not run by a separate system; they have their controlling software built-in. Unfortunately, their security is usually lax. Most systems are treated as a Complexity 5 machine running Password-12. Roll on the # of Outbound Lines table to see how many lines are available to call out with — there is a 50/50 chance that each line will be busy at any time. It takes 5d minutes for a line to release.
There are many thousands of different government offices, bureaus, departments and agencies that require computing power. The Government Type table points the GM toward the general area that a system is involved in, but specifics are up to him. If corporations rival governments in a particular world, these might actually be corporate systems!
An exclamation point (!) at the bottom of any system icon indicates a government system.
Judicial systems are typically large databases on criminals and current investigations. They are usually kept fairly secure, and will attract a large amount of publicity if penetrated (assuming the intrusion becomes public knowledge).
Legislative systems are mainly used by lawmakers to track current laws, voter information and the like. One of the most interesting things on a legislative system would be the list of campaign contributors (and possibly the account numbers that the money is stored in!)
Administrative Systems are typical “red tape” machines — large, with many gigs of databases on everything from population figures to rainfall density. The bulk of government computers will be administrative in function.
Easily-accessible military systems will never be controls for weapons (those are always on isolated networks with no inbound lines)! They're more likely to be concerned with supplies, logistics and administration. That's not to say that they won't contain information of strategic value to an enemy…
The bulk of the machines on the network are owned by large businesses and corporations. Wthout a massive amount of processing power, companies of this size simply can't function.
These are used for day-to-day management of the corporation's assets. They are usually well protected, as they are often targets of both freelance netrunners out to make a quick buck and industrial espionage. A microframe is the usual choice for this type of work — the biggest corps will use mainframes.
This type of system handles all the paperwork concerning employees — records, history, job duties, insurance, vacation and sick leave, etc. Minicomputers or microframes are usual systems for this type of work, and security is somewhat lax.
R&D systems are used by scientific personnel to store data and perform calculations. They are generally large, powerful systems capable of hosting a number of users and performing complex calculations quickly — a mainframe or megacomp. System security will vary from system to system. A company working on a new nerve gas will have tighter security than one working on a new glue.
This system is also quite common — it is used by mid-sized offices and provides computing power for the business operations. Often individual users will have a Complexity 7 personal computer attached to it. Security on this type of system is not usually state-of-the-art, not often is much worth stealing kept online.
This is most often a minicomputer or microframe that provides the computational power for an entire small business — inventory, payroll, accounting and other record keeping. As above, it usually employs protection commensurate with the value of the data stored on it.
This node connects you to an entirely new network. It is not so much a computer as an outdial that is permanently connected to a secondary network. The destination of this gateway can be chosen by the GM, or it could be another net generated using the random tables. Some gateways will be protected with Password programs. If so, they should be treated as Password-12 on a Complexity 5 system unless the network has military or confidential applications, in which case both skill and Complexity will be higher.
This could be anything from a Complexity 5 personal computer with a basic modem attached to a megacomp on fiber-optic access — it all depends on the individual who owns it. Generally, it will be a small system with only a password defense, no outbound lines, and absolutely nothing of interest to a netrunner. The GM should feel free to be creative, though…
This is a connection straight into a comsat. From here, a connection can be made directly to any other uplink in the world — it has an effectively infinite capacity for line transmission, but adds one hop to any data passing through it.
There are many systems that allow users to obtain free services from them, usually paid through ad service and other tracking measures. Users log in under a specific account, and then use the system for everything from electronic mail to playing games to making airline reservations. Google or Facebook are good examples.
Occasionally, someone will find themselves in need of secure, reliable and completely anonymous offline storage. A data haven offers a large amount of protected offline memory that they'll allow a netrunner to use — for a fee. The most common legal use of a data haven is for offsite backups. Illegal uses range from storing stolen programs or databases to holding the books for a crime organization.
Data havens usually encrypt (see p. 63) all data stored in them. Storage in a data haven costs $1,000 a week per petabyte for the average haven. The best Swiss data havens are hundreds of times more expensive. Payment is usually made through an anonymous electronic funds transfer, and access is controlled with a unique user number and password. If someone forgets their password, they're out of luck — and can kiss their data goodbye.
A Padlock is a system that is dedicated to just one thing — security. Padlocks are generally used as front-end machines for business networks. A typical Padlock is a high-Complexity system with the maximum number of slots, plus a number of disk-based ice programs. Most Padlocks will have some form of a Sysop-in-a-Box running as well as standard ice.
This type of system is usually a bulletin board that caters to netrunners, specifically those involved in illegal activities. Some pirate systems are menacing, highly secure nodes, with complicated SIABs and Password programs… and, occasionally, Black Ice. Other boards might have false fronts – for instance, an innocuous BBS message base with nothing much of interest. However, if a hacker can beat the board's security and promote himself to superuser, he then sees the real messages and users on the board.
Other boards are populated with the darkest, most sinister netrunners, who would just as soon send someone to cut a hacker's throat as sever his connecton. Breaking into these systems can lead to some interesting encounters for unwary hackers.
This is similar to a Network Gateway, except that instead of connecting you to a network, it provides an encrypted path for your efforts. The time increase due to lag is often worth it to have a route that is more difficult to trace, triple-encrypts its user paths, and preserves no log files. Backtracing through an onion router is one of the more difficult things a white hat hacker can do.
These Virtuals often charge a monthly cost to play them (between $10 and $50), and are generally highly elaborate Virtual realities along a specific theme (e.g., New Orleans by Gaslight, Age of Yoruba, Pokemon Battle Champions, etc.) They are often well protected to protect their players from malicious hackers and scams, as well as from outright threats. There are rumors that some black hats track people through their gaming habits and attempt to give them a Flatline when they least expect it…
Cyberdeck software has a Complexity rating, just like normal software — but each program also has an Execution Time, expressed in Phases. Thus, a program with an Execution Time of 3 would require three Phases to run. The actual length of time per Phase is determined by the type of neural interface and the Speed Index of the cyberdeck.
Example: A basic cyberdeck has a base Phase of 1,000 milliseconds. If it has an SI of 5, that would be reduced to 200 milliseconds. Running it with an Icon Interface would reduce the Phase to 150 milliseconds. So a Crash program (Execution Time 4) would take 0.6 seconds (150 milliseconds x 4) to execute with the above configuration.
Software that is always running, such as environment modules, has no fixed Execution Time; in these cases, no Execution Time is given.
In most worlds, the data stream from a neural interface is presented in a standard protocol (see sidebar, p. 77). The cyberdeck will pass this information to the Datalink program (either running on the deck or integrated into the neural interface), which then interprets the data as visual signals. In most cases, users can decide what view to have of cyberspace through the loading of Environment Modules, but specific systems may run an interface that overrides end users' EMs.
An Environment Module (EM) interprets the data flow from the network into a specific pattern, usually revolving around a theme of some sort. EMs are designed with a limited amount of self-programming ability. This allows the EM to customize itself to a particular user. Over a period of time the EM will develop a personality of sorts, “learn” what programs the netrunner uses in a particular situation, and may even make suggestions now and then. After a character has used the same EM regularly (at least twice a week) for three months, the GM can secretly roll 3d in any situation where he thinks the character needs a hint of some sort. On a result of 6 or less, the EM will offer some suggestion that might help the PC. On a 17 or 18, the advice will be bad!
The GM should use his imagination when describing the net to a player. If the character is using a Space Odyssey interface (see below), the GM shouldn't just say “Ok, you see a computer ahead.” Instead, he should see, perhaps, a lightly-defended merchant vessel with a gold-plated hull! (Of course, the GM should give the actual name of each program seen, at the player's request.) Often, the time in the matrix is the only action that a netrunner will see during a play session, so the GM should make it exciting.
EMs reinterpret the environment individually for each decker. Thus, one character might see a confrontation as a magical duel, with a fireball coming toward him, while the other might be congratulating himself on the accurate shot his cannon placed on his rival's ship!
This requires a GM to be quick on his feet if two PCs meet on the net — it's challenging to describe the same situation to two different people in two different environments.
An EM costs $5,000 and varies in Complexity depending on its VR interfacing. Marquee Interfaces are Complexity 2; Iconographic Interfaces are Complexity 3; Basic VR Environmental Interfaces are Complexity 4; full VR EIs are Complexity 5; total immersion EIs are Complexity 6. Some of the most popular EMs follow.
The netrunner jacks in and finds himself at the controls of a huge spaceship. Cyberspace is represented as the void between planets. Nodes in the net are displayed as moons, planets and suns — the more data traffic on the node, the larger the stellar object. Links between systems are displayed as paths through the hyper-space navigation plotter. Attack programs are dispatched as fighter ships, or the ship's guns fire on the target. Defense programs are represented by hostile fighters and planetary defense forces. Black Ice is seen as a black hole sucking in everything nearby… The EM communicates directly to the user as the ship's computer. Data is represented as towering monoliths inscribed with runes on the planetary surface. Once all of the defenses have been subdued, viewing drones can be dispatched to search the rock for a particular piece of information. Cash and commodities are represented as asteroids of precious metal orbiting the planet — they can be taken into the hold of the ship and repositioned around other “planets.”
This is a very stylized view of the net — full of walls of color and bright lights. The netrunner is represented as a glowing ball of color — the better his equipment the brighter and bigger the ball (although some deckers prefer to be underestimated, and purposely dim their aura). The nodes display as colored geometric shapes — lightly trafficked nodes are monochrome, while heavily populated areas are huge, multi-colored polyhedrons. Links between nodes (if not camouflaged) are visible as glowing ribbons of neon — the wider the ribbon, the greater the number of paths. Data is represented as small cubes with gothic lettering indicating the contents — commodities are shown as shimmering spheres of precious metal, with sphere size increasing as the value of the commodity goes up. Attack programs are displayed as incandescent bursts of laser-fire, and defense programs are seen as solid walls of chrome, quartz or colored fire. The EM is a small, glowing pyramid that follows the decker throughout the net.
This interface has particular appeal to netrunners with a musical bent and a taste for the bizarre. The decker is cast in the role of a singer/guitarist for a rock band. Each program is invoked as a different song — the greater the volume, the better the program and deck. Nodes in cyberspace are represented as various clubs and concert venues. The defense programs are hostile crowds or bouncers at the door — they must be overpowered by the wall of sound that the netrunner's amps put out (the better the offensive programs, the louder the amps). Data is collected as groupies who whisper sweet bits of information into his ear, and commodities are gathered as cash at the door. The EM is the netrunner's manager, and can sometimes offer advice on which song is likely to “win over” the crowd.
One of the most popular EMs, Castle Perilous casts the decker in the role of a medieval knight journeying through a monster-infested castle. Each room is a different node, with the corridors between rooms representing links. Camouflaged links are hidden by secret doors, and defense programs are seen as monsters. Light defenses such as Password (see p. 93) are seen as small, easily dispatched monsters such as Orcs, while Black Ice might appear as a fire-breathing dragon or spell-hurling demon! Attack programs are the knight's weapons, from daggers up to giant axes and two-handed swords. Data is represented by collections of scrolls, while commodities are seen as gold, gems and jewelry. The EM is represented as a squire, carrying the knight's weapons and treasure.
The above list is far from complete; other possible EMs include espionage (complete with mask and trench coat), military (ordering armies off to do battle), magical (a mighty sorcerer with many spells), safari (a hunter searching the jungle for animals), pirate (sailing the data seas and stealing from treasure-laden galleons), mecha (a giant anthropomorphic robot), pornographic (best left to the imagination) and many more. The GM should develop any additional EMs that he wishes to make available as standard programs.
All attack programs have a base skill level of 12. Skill level can be modified in the normal manner (see p. 65). In some worlds, possession of these programs is considered a crime — in others, they will be sold openly! If attack programs are illegal, the GM should, at minimum, double all costs given to reflect their rarity. Forcing netrunners to deal with the black market each time they need a software upgrade is a good way to keep the characters busy — and helps trim the fat from their bank books!
Many of these attack programs are designed to work against a certain type of ice; these programs are known as icebreakers. Most of the programs — both attack and defense — have a default. This represents the ability of a character to “improvise” them, and only work for someone with an Environmental Interface! Neither Marquee or Icon interfaces communicate enough information for the netrunner to construct defenses or attacks from scratch in the relatively short time available. The maximum default level is 13; better programs just can't be improvised! Note that Computer Hacking defaults to Computer Programming -4; the default can be calculated against this, an exception to the normal prohibition of “double defaults.”
Example: Datamage is investigating a computer owned by a foreign government when he discovers a piece of electronic mail awaiting delivery to his country. It contains assassination orders for a prominent politician. Datamage has no confidence in his ability to delete or reroute the mail without leaving tracks pointing in his direction. He decides the only thing to do is Crash the system, giving him time to (perhaps anonymously) trigger a government investigation before the damning message can be read or removed. He doesn't have a Crash program available, so he would roll against Computer Hacking-4 to Crash the system.
Note that most systems are stupid. For instance, if a defense is not being watched by Regenerate, a decker could try over and over to Corrode the same Watchdog or Alarm program, with no penalty for failure. With some programs, each attempt is progressively less likely to work. But most programs won't realize they are being attacked unless they are monitored by another program looking for damage.
Defaults to Computer Hacking-6
This program is used to defeat a Misdirection program. It is typically invoked by a Trace program if the program (or the decker) realizes that it has been thrown off the track. Roll a Contest of Skills between the Bloodhound and the Misdirection program — if the Bloodhound wins, the Trace can continue following the subject. If the Bloodhound loses, try again — but each successive try is a cumulative -3, as the trail grows “cold.” Execution Time is 1, Complexity is 2, and cost is $7,500.
No Default
Confuse sends a surge of static through a communication line. This has no effect on machines, but a decker must make an IQ roll or be mentally stunned for 1d seconds from sensory overload. If a user has a Fuse (see p. 90), Confuse must win a Contest of Skills against it before it can affect the victim. Execution Time is 1, Complexity is 2, and cost is $10,000.
Defaults to Computing Hacking-4
Corrode slowly chips away at the integrity of a program, giving the decker plenty of time to safely distance himself from the crumbling system. When the Corrode program is executed, a Contest of Skills is rolled between the program's skill level and Corrode. If the program wins, Corrode has no effect. If Corrode wins, the program begins to deteriorate — in 1d seconds it will crash (assuming that the corrosion isn't caught by a Regenerate program). Time 1, Complexity 2, cost $12,500.
Defaults to Computer Hacking-4
Short of destroying its hardware, Crash is the ultimate injury that can be inflicted on a system. Ironically, Crash is also one of the simplest programs available — but it can only be executed from a superuser account. Any time a Crash program is run in a system with a Safety Net (see p. 93), immediately roll a Contest of Skills between the Crash program and the Safety Net. Otherwise, roll against the Crash program's skill level, modified downward by the complexity of the target system. If the Crash is successful, the target system immediately shuts down. All users are kicked off, and any links passing through it are treated as though hit with a successful Sever program (p. 91). If the Crash fails, subsequent attempts are at a cumulative -5 instead of the normal -3 — if it didn't work the first time, it is unlikely to ever work on that particular system. Execution Time is 4, Complexity is 2, and cost is $15,000.
Defaults to Computer Hacking-4
The Crumble program is used to get past a Codewall (see p. 93). Roll a Contest of Skills versus the Codewall program — if Crumble wins, the Codewall is destroyed. Repeated attempts are allowed at the normal -3. Execution Time is 1, Complexity is 2, and cost is $5,000.
Defaults to Computer Hacking-4
This program is used to alter the “appearance” of a netrunner's signal, making it appear to be a legitimate user of a node. This doesn't give the user access to a target node, but will deceive any Watchdog (see p. 93) programs that are guarding the node. Roll a Contest of Skills between Watchdog and Disguise to determine whether it accepts the connection as legitimate.
A Disguise program must be tailored for a particular system; this requires information about that system. The GM decides how much information is to be required. If the “tailoring” must be done online, the decker must make a successful Recon of the Watchdog that is to be deceived, and then make a Computer Hacking roll at -1: this takes 2 phases. One Disguise program can fool any number of Watchdogs, if it has been given the proper data in advance.
Disguise has an Execution Time of 1, but must be activated prior to connecting to the node whose Watchdog is to be fooled. Disguise is Complexity 2 and costs $2.000.
Defaults to Computer Hacking-4
Most systems keep some sort of log of who was on the system, when, and what they did while they were there. Particularly paranoid systems print these records out on hardcopy as they're logged — there isn't much that can be done about this, short of sending a strike team into the computer room to destroy the evidence! Most systems, however, content themselves with a disk-based record of comings and goings.
An Erase program is used to remove evidence of a particular login, database search or program execution. The GM makes the roll — and doesn't tell the character the result! (A failed roll indicates that the intruder thinks he erased all traces of his visit, but really missed a few “footprints.”) Only on a critical success or failure will the hacker know he has succeeded or failed. The Erase skill level is modified down by the Complexity of the target computer. Execution Time is 1, Complexity is 2, and cost is $8,000.
No Default This is the most feared piece of code on the net. Horror stories abound about netrunners who tangled with the wrong system or decker — the story usually ends with the victim's eyeballs exploding from the heat of his melting brain.
Flatline is used mostly by large computer systems — most cyberdecks struggle to run Flatline, even if they can find it. Flatline is designed to disconnect hackers and computers — permanently. There are many different methods of killing a wired-in netrunner. The most common method, and the one from which Flatline takes its name, is to force the decker's EEG to go flat. Other versions cause a power surge to feedback through an opponent's cyberdeck directly into his neural interface. Either of these immediately does 1d damage per Phase (DR doesn't protect) of the computer running the Flatline (assuming that the skill roll is made, roll each Phase) to the victim.
Some of the more exotic Flatlines don't kill at all. One version wreaks havoc with the brain's electrical system, giving the netrunner the Epilepsy disadvantage (the hacker may not even realize he has it until later!). Another version hypnotically reprograms the netrunner, overwriting his normal personality with that of a Ghostcomp (see p. 56). Both of these require that the Flatline program work three times in a row before being unplugged — after that, the netrunner is helpless to unplug the jack until the Flatline allows him to.
The only defense against Flatline, other than unplugging the neural interface, is a Fuse program (see below). Unhooking a neural interface only takes one second, but a fast system with a 200-millisecond Phase will be able to get off five surges before that second is up — enough to fry most netrunners to a crisp. The GM should use his imagination when creating new flatlines!
Flatline programs are almost always illegal, and many ROM decks carrying them are designed to burn themselves out after a certain number of executions. Execution Time is 1, Complexity is 4, and cost is $1,000,000+; Legality Class 1.
No Default
A few paranoid netrunners have begun employing fuses in their cyberdeck toolkit. A Fuse program waits in the background until it detects something that looks like a Flatline program coming through a neural interface. It then immediately disconnects the user from the net.
A fuse program can save the netrunner's life. There are several disadvantages, however. First, some programs (including state-of-the-art ice) will sometimes send a harmless signal disguised to look like a Flatline at the beginning of a transmission (see Bluff, p. 93). This signal can be filtered out if the Recon program (or the netrunner) recognizes it as false, but it will trigger many fuses. Second, suddenly disconnecting from a neural interface is very disorienting — it causes the decker to be mentally stunned for 3d seconds. And third, it uses up a valuable deck slot.
If a Fuse is online, roll a Quick Contest of Skills every time a Flatline program (or an appropriate Bluff) appears. If the Fuse wins, it disconnects the user from the system immediately, sparing him from being flatlined. If it loses, the Fuse delays by one of its own Phases for each point by which it lost. Critical failure means the fuse failed and its user takes full damage (and probably dies a horrible death). Execution Time is 1, Complexity is 2 and cost is $20,000.
No Default
This is the universal attack tool. It can act as any icebreaker program (Bloodhound, Corrode, Crumble, Disguise, Silence, Skeleton Key II and Webster). Icepick is the tool of choice for the sophisticated decker, but it requires expensive equipment to run. Execution Time is 2, Complexity is 4, and cost is $250,000.
Defaults to Computer Programming-2
Loop is used to occupy processing time on the target computer so that it is less resistant to other attacks. Loop programs generally involve putting the central processing unit into a infinite loop of some sort — calculating the value of pi to the last decimal place, for instance. A successful Loop reduces the target system's skill rolls by 2. The only defense against an Loop is a Bailout program (p. 92). Execution Time is 1, Complexity is 2, cost is $4,000.
Defaults to Computer Hacking-4
This program is used to throw a Trace (sec p. 92) off the path. If the follower doesn't have a Bloodhound (see p. 90), he has no chance of following a path obfuscated with a Misdirection. Execution Time and Complexity are 2; cost is $17,500.
Defaults to Computer Programming-3
This program is used once a hacker is in a system. If he has superuser access, he can monitor the actions of any user in that system with a successful roll versus Monitor. Monitor has an Execution Time and Complexity of 2, and a cost of $25,000.
Defaults to Computer Hacking-4
This program is executed from a normal user account on a system. If successful, the account is “upgraded” to a superuser account. The skill roll for a Promote program is modified down by the Complexity of the target system — the better operating systems are designed to prevent a user from doing this! Execution Time and Complexity are 2, and cost is $20,000. Promote programs are common on stacked decks.
Defaults to Computer Hacking-3
This program is used to scan a system for defensive programs, both ice and “counterattacks” like Snare. When a netrunner first encounters a system, the GM should roll versus Recon for each ice program the node has defending it. A successful roll lets the decker “see” the ice. If the netrunner doesn't have a Recon program, the GM rolls versus Computer Hacking-3 for each piece of ice to see if the character spots it.
If the target system has an active Disinformation program (see p. 93), the GM should roll against it each time the Recon program fails to detect an ice program. On a successful roll, the Recon program returns false information to the character. Recon also rolls versus Bluff programs (see p. 93) — a successful roll reveals the Bluff as a feint.
A decker may also use Recon to get more information about a specific program, once it is detected. Roll a Contest of Skills between the two programs. On a success, the decker learns what contingencies will activate the program, and what other programs it can trigger and when. On a failure, he learns nothing new. A critical failure sets off an Alarm if one is present. A critical success by the GM (who rolls in secret) lets the GM lie.
Recon has an Execution Time of 1, a Complexity of 2, and a cost of $7,500.
Defaults to Computer Hacking-6
The Sever program cuts another netrunner's access to the net by temporarily disconnecting his communication lines. The image generated by a neural interface is constantly being refreshed and updated from the decker's incoming data stream. If this flow is interrupted, even for only a fraction of a second, the representation breaks down and the decker is disconnected. If the target doesn't have a Shield (see p. 93) program active, the only thing required to successfully sever his connection is a skill roll. (If a defender's cyberdeck is fast enough, he will see the Sever attempt begin in Phase 1 of its execution, and will be able to throw up a Shield in Phase 2, since Shield's Execution Time is 1 versus Sever's 2.) If a Shield program is running, roll a contest of skill between the Sever and Shield programs. If the Sever program loses the contest, the user can attempt to execute it again, but each successive attempt is at the standard -3. Sever has an Execution Time of 2, Complexity of 2, and costs $15,000.
Defaults to Computer Hacking-4
Silence is used to attack any Alarm programs that a target system might have. Each Alarm must be Silenced separately — roll a Quick Contest of Skills between Silence and the Alarm. A critical success silences the Alarm without “noticeable” damage. A critical failure results in the Alarm being tripped! Execution Time is 1, Complexity is 2, and cost is $ 10,000.
Defaults to Computer Hacking-2 The Shield program is used to defend against a Sever attempt (see p. 91 for more information). Execution Time is 1, Complexity is 2, and cost is $12,000.
Defaults to Computer Hacking-5
A Snare is used to trap a netrunner in one location for a brief period of time. A Snare is launched at a decker. If he moves before it hits, it cannot pursue. But if he is still there, he must then win a Quick Contest of Skill — his Computer Hacking skill versus the Snare — to move again. Each Phase after the first, the victim can try to break free again, at a cumulative +1 on his roll (the Snare detiorates). This does not impede the netrunner's own use of programs, and it does not keep him from jacking out. Snare is Execution Time 1, Complexity 2, and is $12,500.
Defaults to Computer Hacking-5
Hackers use the Stealth program to remain invisible as they move through the net. To see another netrunner, no roll is normally needed. If the subject is running Stealth, however, they won't be seen unless they are on the same node or point as the observer. Then the GM secretly rolls a Quick Contest between the observer's Computer Hacking skill at -3 and the Stealth. Each doubling of price subtracts an additional -1 from the Computer Hacking skill, up to a maximum of -9. Stealth is Complexity 2, has an Execution Time of 1 and costs $10,000.
Defaults to Computer Hacking-4
Well-designed ice usually involves messages being passed from one program to another — a Watchdog will act based on data from a Trace, for instance, or a system might be set to shut down if a Sever attempt was not successful (in order to prevent the hacker from gaining access to the information.) The Success program is used to feed false information to the system.
For instance, a netrunner's Recon might have informed him that a Watchdog is set to launch a Sever program if a Trace said he was coming from any node but “Alpha.” The netrunner doesn't have a Disguise program in this case, and doesn't wish to chance his default, so he would begin by destroying the Trace program (using a Corrode program, probably). Once the Trace is gone, he is left with the problem of a Watchdog that is expecting information from the Trace. The decker launches the Success program, and it will simulate the correct answer.
The GM should roll against the level of the Success program whenever it has to give a response to something. A missed roll indicates that it didn't work, and it notifies the netrunner of its failure. On a critical failure, the program doesn't realize its cover is blown, so it doesn't notify anyone… The GM should give bonuses to a Success program if the netrunner has experience or prior knowledge of the system being subverted. A Success program is Complexity 3, Execution Time 1, and costs $12,500.
Defaults to Computer Hacking-5
This is the standard icebreaker for use against Password programs (see p. 93). It acts as an extremely fast “brute-force” hacker. The attack is resolved as a Contest of Skills between Webster and the Password program. Webster is at a -5 against a Secure system, and has no effect on a Datalock. If Webster fails, the hacker may try again at -3. Some Password programs will set off alarms after one failed attempt, while others will allow indefinite tries.
Webster has an Execution Time of 2, is Complexity 2, and costs $5,000.
Ice programs are, by nature, defensive. They also rarely have a default or an Execution Time — they are either there and running, or they aren't. Defense programs are usually legal, although Black Ice and Misdirection are sometimes regulated.
The most deadly defense is a hot human decker. The more secure a system is, the more likely it is to have netrunners on call. For each system, the GM should decide whether human operators are available, how good they are, how long it takes them to come online when called, and what events call them.
Some ice can be used as defense in a cyberspace duel — a desperate netrunner might use a Password to block access to a newlyentered system and slow down a pursuer for instance. If the runner doesn't have the program slotted, some can be attempted by default.
Defaults to Computer Hacking-4
An Alarm is set up to activate a certain program or alarm device (a bell, beeps on the sysop's console, etc.) when an unauthorized access attempt is made on the system. See also Recon (see p. 91) and Silence (see p. 91).
Alarms are executed (that is, turned on) when the system is booted. It takes one Phase for an Alarm to trigger. Complexity is 2, and cost is $10,000.
No Default
This program defends against infinite loops caused by an Loop program (see p. 90). The GM should roll a Quick Contest between the Loop and Bailout. Bailout is executed upon system startup, is Complexity 2, and costs $15,000.
No Default
Black Ice is a defensive version of Flatline (p. 90). It is triggered by an Alarm (p. 92). Black Ice is almost always illegal for private individuals; corporations, and those with influence, can use it with impunity. Execution Time is 1, Complexity is 4, and cost is $200,000.
Defaults to Computer Hacking-4
A Bluff is used to “simulate” ice, to make a system appear better protected than it actually is. Each active Bluff program can simulate one type of ice program. See Recon, p. 91, for more information. A Bluff is Complexity 1, is always running, and costs $1,000.
No Default
Camouflage is used to disguise a link — it remains invisible unless someone looks specifically for the link that is hidden (i.e., random network scanning will never find it). If someone tries to find the link, the GM should roll a Quick Contest of Skills between the Camouflage program and the Computer Hacking or Computer Hacking skill of the netrunner. Each successive search attempt by the same user using the same equipment is at a cumulative -1. If the runner upgrades his deck or his skill, he can try again with no penalties. Complexity 2, cost $1,000 per point of skill in the program. There is no execution time — if it isn't already running when an intruder appears, there's no point in gearing it up.
Defaults to Cyberdeck 0peration-3
A Codewall is a “wall” of sensory static created to temporarily block a signal passing through a communication line. If there are multiple paths from point A to point B, a single Codewall will only block one of them.
A Codewall is destroyed by a Crumble program, or will naturally decay after ten seconds. Execution Time is 2, Complexity is 2, and cost is $10,000.
Defaults to Computer Programming-4
A Datalock is essentially a long, complex, constantly-changing sort of Password. It is usually found on a particular database or program, rather than on a system. Webster won't help against it; a Datalock must be unlocked with a Skeleton Key. An authorized user will have a Datakey; this may be a message sent by his own system, or he may have a separate electronic code-key that he can jack in. The message is time-dependent, so even if it is “overheard” once, it will be different 5 seconds later! A Datalock has an Execution Time of 5, but is usually put in place when the system is started up.
At the owner's option, a Datalock may be an integral part of the database. In this case, any attack that destroys it, or even a superuser's attempt to turn it off, will erase the database! Complexity is 2, and cost is $20,000.
No Default
This program is used to feed false information to a Recon program. The GM should roll against this each time a Recon program (see p. 91) fails to detect an ice program. On a successful roll, the program returns false information to the character. Disinformation has no Execution Time; it is running on bootup. It is Complexity 2 and costs $15,000.
No Default
A Mask program is used to “blur” the appearance of a system's defenses. A Mask subtracts 2 from all Recon attempts; Mask may cover some defenses while deliberately leaving others visible. Each doubling of price subtracts another 1 from the Recon roll, to a maximum of -6 (for $320,000). Mask is Complexity 2, and costs $20,000.
Defaults to Computer Programming-2
This is one of the simplest protection mechanisms against unauthorized access to a system. In addition to obtaining passwords through theft or social engineering (see p. 70), a Webster program can usually be used to get past the protection — although a good password program will assign passwords that an average Webster won't guess. It is a Complexity 1 program costing $100.
Some Passwords issue a “prompt,” challenging a user to respond. These programs cannot be Masked. Other Passwords just sit quietly until they get the right response, and these can be Masked. Note that a Password doesn't have to use a typed input. It can take input from any peripheral device or sensor (such as those on pp. 53- 54) as valid input.
No Default
A Regenerate program constantly monitors the status of a system, and keeps track of the integrity of all programs on it. Each Phase, Regenerate checks the status of one program. If it is intact, it moves on to the next one. The default cycle is alphabetical through the list of programs, but the sysop can “program” Regenerate to a non-standard pattern — it might check the integrity of a particular database every other turn, for instance.
If a program is missing, Regenerate will notice automatically. If it has been tampered with (e.g., by Corrode, or an unsuccessful attempt at Silence), the GM rolls vs. the Regenerate's skill. On a successful roll, the Regenerate notices that something is wrong, and takes action. It can rebuild the program from ROM if it is available; this takes 1 Phase for Complexity 1, 2 for Complexity 2, and so on. If the corrupted program is disk-based, it will signal a human operator to install an offline (and presumably uncorrupted) backup, and probably shut the system down until it is reset. Regenerate can also activate other programs (such as Alarm) at the same time it starts repairs. Execution Time is 1, Complexity is 2, and cost is $30,000. To be fully secure against Corrode, two Regenerate programs are needed — they watch each other!
No Default
Safety Net acts as a failsafe against system crashes. Any time a command is issued that would cause the system to reset, for instance, the program checks to see if there is anything unusual about the request — looking at its internal log to see if the system is normally reset at this time of day, if the user requesting the reset has ever done so before, etc. If there is any doubt about the validity of the request, the Safety Net aborts the reset and sends a message to the sysop of the system informing him of the attempt. See Crash (p. 89) for more information.
A Safety Net is automatically invoked on system startup. Complexity is 2, and cost is $12,000.
Defaults to Computer Hacking-5 or Computer Programming-3
A Skeleton Key will “unlock” a Datalock (roll a Contest of Skills), allowing access to the information being protected. A Skeleton Key uses several sophisticated (and complicated) cryptography algorithms, and is available in two forms. Skeleton Key I defaults to skill level 10 instead of 12, has an Execution Time of 5, a Complexity of 2, and a cost of $25,000. The maximum skill level of this version is 14. The more intricate Skeleton Key II has the normal default skill of 12, an Execution Time of 8, a Complexity of 3, and a cost of $50,000. This version has no maximum skill level.
Defaults to Computer Hacking-3
A Trace program can follow the electronic trail left by another netrunner — follow the trail back far enough and the tracer can find a decker's comm-line. This can be used to find out the owner's name and address (see sidebar, p. 80).
Each time a target hops to a different node back along the path by which he entered the system, the tracer must make a successful Trace skill roll to follow. This roll is at -1 for each hop away the quarry is (GM's determination), so pursuing someone with a substantially faster cyberdeck is a difficult task. If the fleeing decker executes a Misdirection or Codewall program, the pursuer must stop and deal with them first (using Bloodhound and Crumble, respectively). If the Trace fails a roll, the intruder has been lost unless he is still close enough to be “seen” in the net (i.e., 1 hop per Complexity level of the pursuing machine).
If the intruder does not leave the system and “flee,” but remains connected, the Trace will do him no harm, but will move back along his path at 1 hop per Phase. If it misses a roll, it can immediately try again at a cumulative -1. Only the stupidest Trace will fail to eventually track down an active line. Example: Megacorp executes a Trace-14 program to try and catch a netrunner snooping around their accounting computer. Unfortunately for them, the hacker's deck is sizzling hot — he makes three hops away from the system before the Trace program can get started. Since he is three hops away. Trace rolls against an 11 to follow his first hop. If the decker stopped running after 3 hops, the Trace would roll against a 12 on the second node and a 13 on the third node. Trace has an Execution Time of 1, a Complexity of 2, and a cost of $20,000.
Defaults to Computer Hacking-6
This program is used to move a commodity (cash or goods) from one node to another (see p. 80). It has no intelligence of its own — it has to be told exactly what hops to make and what passwords to give (or programs to execute) to make the transfer safely. If a Transfer is aborted for any reason before reaching its destination (a link is down, or it runs into unexpected ice, for instance), the commodity effectively “disappears” for 1d days while the legitimate owners straighten out the problem.
When a transfer program is executed, the GM rolls versus the program's skill. A successful roll indicates that it follows its instructions as given. A failure indicates something went wrong. Transfer has an Execution Time of 1 (plus however long it takes to reach its destination), a Complexity of 2, and a cost of $25,000.
No Default
A Watchdog program is kept running constantly, monitoring and examining all connections to a particular node. Some Watchdog programs merely keep track of all connects, recording them to a log. Others execute Alarms, Traces or Severs to deal with any unauthorized connections. It only takes one Phase for Watchdog to execute another program (plus the Execution Time of the invoked program). Watchdog is Complexity 2, and costs $20,000.