The first thing you need to know about hacking is that it's not all about the flashy environmental interfaces. You can cut it just as easily on the command line as in the sushi line – and you can get fried just as easily in either setting. White hats and black hats and red hats take warning, looking for security holes is a risky business when your chosen system might be pointing a loaded brain-burner back at you. Let's get hacking.
Yes, the common everyday cell phone is to the hacker what the humble pocketknife is to the survivalist – an underrated tool, but not nearly as good as proper equipment. Modern cell phones can store an amount previously considered unfathomable in their infancy, roughly 1,000 terabytes for an average phone. However, they almost never include an interface jack, so you'll have to do your hacking through its touchscreen datapad-style interface. It does mean you'll be safe from physical consequences should someone lash out at your equipment, at least. A common teenage prankster's hobby is to use the free wireless access at a public venue to conduct their 'awesome hacks'. Just don't fall into the careless trap of letting your onboard GPS tell everyone who you are and where you're going – unless, of course, you need it to.
Tablets give more workspace (or space for watching videos), and with virgonomic designs available, you needn't keep a full suite of peripherals handy. Some even include neural jacks. They aren't the most powerful rig you can carry, but they're probably the lightest rig you can easily smash if the chillers are on their way.
Name | Execution | Skill Defaults | Complexity | Effect |
---|---|---|---|---|
Alter | Single-Execution | Computer Hacking-3 or Computer Programming-3 | 4 | Change target program or data object in such a way as to serve a different purpose, but still function and appear valid. Use Alter to insert technically consistent records into a database, build a back door into an ICE program (add margin of success on Alter to subsequent rolls to Breach the ICE; see p. 8), or change the way that a program works (e.g., a scheduled money transfer moves the funds into a numbered Swiss account instead of its usual destination). Successfully made, such changes will go unnoticed until their results become apparent (disinformation spread, funds missing, etc.), unless the program or datum is successfully Analyzed (see below) – the Analyze roll must succeed by a greater margin than the original Alter roll. |
Analyze | Continuous or Single Execution | Computer Programming-3 or Expert(Computer Security)-2. | 3 | Get information about the target user, computer, program, or data object. A successful roll returns useful information – file or user ID, running programs (and their Complexity), profile, network address, physical access location, or whatever the GM determines is available. If Alter, Spoof, or Stealth programs have been used to obscure or change the target, the Analyze program must win a Quick Contest against the deceptive program in order to detect the forgery and get accurate information. A victory on this roll also tells the program user about the presence of the obscuring programs, which can then be investigated further. Analyze can be invoked as a single-execution program to examine a specific target, or set to run continuously to monitor the status of a particular file, computer, or program. Analyze can be run on a target protected by an ICE program, but Analyze will only give information about the ICE and any programs that are running through it (Analyze, Listen, or Search). It can also be set to cyclically scan all programs and data on a single computer, looking for irregularities (Alter, unauthorized instances of Control, etc.), or Triggered (p. 9) to scan users or programs that meet certain criteria. In all cases, it can call a Trigger program when certain results are obtained, or pass information to a sysadmin (or AI) for a more thorough examination. |
Breach | Single-Execution | Computer Hacking-2 | 3 | Penetrate a target ICE program to gain unauthorized access to the network, computer, program, or data it protects. Breach must win a Quick Contest against the ICE; victory grants the hacker access to the target, allowing him to execute other programs on it. A target protected by multiple layers of ICE can only be accessed after all instances are defeated. |
Control | Single-Execution | Computer Hacking-2 or Computer Operation-3 | 4 | Take over function of the target computer. A successful roll allows the netrunner to cause a compromised computer to carry out any function known to him of which it’s normally capable – shut down, erase or transfer data, run or halt installed programs, etc. It can also allow remote control of a networked device (security cameras, machine-gun sentries, etc.), in which case the program defaults to the appropriate Electronics Operation specialty. This roll is only contested if another user is trying to Control the same computer to make it do something different. An individual program, device, or database that is protected by its own layer of ICE cannot be Controlled (or otherwise accessed) until the ICE protecting it is defeated. Each instance of internal ICE on a computer (protecting a particular program, database, or system) protects itself from tampering, and cannot be Controlled until it’s been individually Breached or Spoofed. |
Damage | Single-Execution | Computer Hacking-3 or Expert (Computer Security)-3 | 5 | Create a destructive feedback loop in the target computer, causing physical damage; hardened computers impose a -3 to the program’s skill level. Against most computers, a success will cause a crash and disable the system until 1d days and 1d x 10% of the computer’s original cost have been put into repairs. (Any permanent data loss is up to the GM; most important systems will have multiple redundant, off-site backups.) Against a cyberdeck, it forces the decker to make an immediate HT roll (+3 for a hardened cyberdeck); success incurs 1d burning damage to the decker’s brain, but allows him to act normally, though any programs are rolled at a penalty equal to the damage taken. (Most deckers opt to jack out at this point.) Failure causes 2d damage, and totally incapacitates the decker; critical success avoids all damage, while critical failure increases damage to 3d. Successive uses of the Damage program against an incapacitated decker are resisted at -5. This is the phenomenon known as “flatlining” – a flatlined character can do nothing on his turn but attempt to recover with a HT roll, at a penalty for the damage taken that round, but at +3 for a hardened cyberdeck. If he recovers, he can jack out immediately, but if he chooses to remain jacked in, he can’t invoke any new programs until the next round. |
ICE | Continuous | Computer Hacking-2 or Expert (Computer Security) | 3 | Intrusion Countermeasure Electronics deny unauthorized access to a network, computer, program, or data object. ICE runs continuously, generally alongside a Listen program to grant access to those with the proper credentials. As long as it’s in effect, no program can be executed on the protected object without satisfying the Listen program or successfully Breaching the ICE, or Spoofing the gatekeeper Listen program. An ICE program that has been successfully Breached is considered “off” until it’s restarted by a sysadmin or automated defense system (or a hacker covering his tracks); ICE that’s been Spoofed is still “on,” but has granted access to the netrunner for the current session (until he disconnects from that computer). Highly secure systems often run several instances of ICE – one to restrict access to the computer itself, and others to protect critical programs, classified databases, etc. ICE can allow some communication through. For example, a Listen program that’s functioning as gatekeeper for the ICE, or an Analyze or Search that’s reaching through the computer’s ICE to look around the network (or monitor the ICE), can still be Spoofed. ICE doesn’t prevent the protected object from being found in a Search, but it does prevent the object’s contents from being Altered, Controlled, Searched, or otherwise accessed. For example, a Search executed over a penetrated network can find an individual computer protected by its own ICE, but that ICE would have to be defeated before the computer could be Controlled, or a Search invoked to find a specific program or datum on it. |
Jam | Continuous | Computer Hacking-2 | 2 | Overwhelm an Analyze, Listen, or Search program, or a specific mode of communication, with static or meaningless input. If the Jam is successful (no contested roll needed), the target can’t receive any input from the jammed source – programs error out, and comm channels buzz with white noise – until the Jam is terminated, or its source is disconnected from the network. This is an easy, brute-force way to interrupt communication, but it does nothing to “fool” the target – so if, for example, an Analyze program is set to alert the sysadmin of any errors in an ICE program, jamming it will draw as much attention as allowing it to report a Breach. |
Listen | Continuous | Computer Hacking-2 or Expert (Computer Security) | 2 | Passive reception of communications. This program can either listen for specific kinds of messages (login attempts, etc.) or capture all traffic over a specific communication channel. When used for access control, Listen can be set to allow authorized users through a particular instance of an ICE program. In this case, it can be Spoofed (see below); the Spoof program must win a Quick Contest against Listen to allow a user through the ICE. When used to snoop, Listen only captures data – if it’s encrypted, the hacker will have to decrypt it (see Code-Cracking). Listen must overcome Stealth, winning a Quick Contest, in order to detect a cloaked communication; it has no chance to overcome Jam (see above), and will simply capture any misinformation presented by Spoof. Whatever mode it’s used in, Listen can call a Trigger program if received information meets certain criteria (unsuccessful access attempts, etc.). |
Search | Continuous or Single-Execution | Computer Operation-2 or Expert (Computer Security)-1 | 3 | Actively seek out a particular program or piece of data on a computer, or a particular computer on a network. A success finds the target, allowing further programs to be executed on it (once its ICE is defeated, of course!). Search must win a Quick Contest against Stealth, or Spoof used to mask a target’s identity, in order to find targets protected by those programs. Run continuously, Search can scan a computer or network for a certain class of target, such as “unauthorized programs.” Search can be set to activate a Trigger program when specified types of targets are found. |
Spoof | Continuous or Single-Execution | Computer Hacking-3 | 4 | Feed false information to an Analyze, Listen, or Search program. Use Spoof to actively fool a program that’s looking for specific information, or to continuously masquerade as a legitimate user. For example, if an Analyze program is set to monitor the status of an ICE program, Spoof can attempt to convince Analyze that the ICE is still up after it’s been Breached. Analyze and Search can see through a Spoof if they win a Quick Contest against it; Listen only needs to tie the Contest to deny access through ICE, but gets no roll when simply recording Spoofed information. |
Stealth | Continuous | Computer Hacking-3 or Expert (Computer Security)-3 | 4 | Mask a user, program, computer, or data object from Analyze, Listen, and Search. While running, Stealth resists any attempt to find or examine the cloaked object – such programs must win a Quick Contest with Stealth in order to get any information at all. Of course, to many sysadmins, inconclusive results on an Analyze attempt are cause for further investigation . . . |
Trigger | Continuous | Computer Operation or Expert (Computer Security) | 3 | Delayed, conditional execution of one or more other programs. Trigger can function as an automated link between information-gathering programs (Analyze, Listen, and Search), and other programs that are activated in response to certain information. It can also perform normal functions of the computer (shutdown, send alerts to the sysadmin, etc.), and can be set to activate on a schedule rather than in response to other programs. Trigger requires no roll; it’s called after Analyze, Listen, or Search have successfully defeated any Spoof or Stealth programs. The number of programs that a single instance of Trigger can initiate is equal to its Complexity; the programs can be called all at once (with the normal penalties for invoking multiple programs), or staggered to execute in stages. A single instance of Trigger can only be set to respond to one instance of a specific info-gathering program, but multiple Triggers can be keyed to multiple programs and instances. Many combinations are possible; some of the more common are Triggers set to run an Analyze on any user attempting to access a given computer, or to shut down a system when unauthorized access is detected. |
Depending on the hiring practices of the company, the sysadmin may be one more obstacle between you and your prizes; as someone with ostensible administrative access to the network's systems, they can go anywhere and run any program any system has available, physically operate or remove systems or connections from the network, or even shut down the entire network if necessary. However, sysadmins are still human, and you can distract them temporarily or wait for a time they aren't on site to do your work if you're worried they might interfere with your operations.
The three types of AIs are known as dedicated AI, non-volitional AI, and volitional AI. Any of these will be a thorn in your side if you are trying to wreak havoc across a network, as even a dedicated AI can be taught to reactivate Breached ICE and trigger other programs, and a non-volitional AI may be instructed to pursue intruders; a full volitional AI is rare but fights with enthusiasm and complete knowledge of their home territory - and worse, it's difficult to fully remove from the environment.