Background settingHow to make a characterGame mechanicsMagic and the occult in Dark ageToys and techUpgrade yourselfComputers & hackingIndex

INTRUSION

Security Values

The security value is the base intrusion difficult to get into a system. This before any modifiers are taken into account:

Basic is 10 Moderate is 15 High is 20 Very High is 25

Security Profile

Getting into a system depends on the target's security and the paranoia of it's sysadmin users.

Type
Security Login Audit Sysop
VeRB
12 0 0 or 1 12
Academic
16 -2 D3-1 14
Business
15 -1 D3 16
Finance
20 -3 D3+1 18
Military
25 -5 D3+2 20

Security:
Base rating of password ICE. Add any bonus from security options to this.

Login:
This is the penalty applied when make an intrusion.

Audit:
Detail of access log (if any) - used when tracing an intrusion.

Sysop:
This is the sysop's skill (use for computer use, decking & programming rolls). Or just use the system's power rating as task base.


A STRAIGHT HACK

Going straight in requires the decker to approach the system's login area. Once there he runs an intrusion program:

Decker's KNOW + intrusion + toolkit bonus + D10 + mods

versus

Security + security options

Failing this roll can cause problems, firstly all additional intrusion attempts incur a cumulative -2 penalty. On low security systems, the login will simply deny access and the decker can try again. Higher level systems may attempt to ID the user, perhaps with a mild scan. Really tough hosts may launch trace programs or even sever the decker's net connection!

Modifiers

A straight hack often works against the basic system setups. However, with a bit of leg work, a hack can be made a lot easier.

Have list of user accounts: +1          Know target intimately +3
Studied network OS in depth +2 Have copy of login script +1 to +3
Hacked this host before +2 Never hacked this system type -2
Know target user +1 Trying for supervisor account -5

 

A bit of social engineering goes a long way. This is tricking a (l)user to reveal their passwords to you. Typical tricks includes pretending to be a system engineer or similar. The decker should make a suitable pitch to the user and then make a bluff roll (fast talk, persuasion, intimidate?, etc). If this is successful, add half the success points to the intrusion roll. A fumble could mean anything to tipping off the sysops or giving an incorrect password.

Alternatively, a smart decker might try some interception. With the advent of teleworking, many workers access the office computer from home or when away on business. Often, this will involve the subject logging on via a fairly indirect route. Of course, someone monitoring that first host and looking for the right data packet could intercept it.

This requires a decking roll over the host's security rating. Success means the decker has snatched a copy of the packet, or intercepted it completely. A failed roll means the data slips by unnoticed. Most data packets are simple affairs and only require an average [15] computer use roll to decipher. Complicated encryption or bizarre protocols may require tougher rolls - or even a specialised breaker (adventure hook anyone?).

Just logged in?

Once the decker is passed the login there are a few things to consider. The main question is what account has the decker got into? This will affect what resources he or she has access to.

The aim of the hack is to get supervisor access, as a supervisor "owns" the system. If you have supervisor access, you are the network god.... you can do anything.

1. Roll a D10
2. Subtract the login value (see security profile)
3. Add half the decker's success score from the intrusion roll.
4. Consult the table below.

Who am I and what's my clearance?

Success Points:
You connect as a.....
Promotion Penalty
0 - 1 points
Guest
-5
  Allows the decker to browse company PR or look at some unimportant databases.  
2 - 5points
Standard User
+0
  Users make up the bulk population of the system. They have access to some email facilities, a few files and hardware (printers, plotters, etc).  
6 - 7 points
Manager
+1
  A user's boss. The boss will be able look at the majority of underlings work. Manager's have access to more facilities on the network and may be able to change their underling's passwords.  
8 - 9 points
Power User / Help Desk / Engineer
+3
  These are basic sysadmin users - ie: helpdesk or fault fixing engineers. These users can create new accounts; disable or remove user; view all data on the network, access any hardware.
However, they cannot delete system files nor shutdown the network.
 
10 or more points Supervisor n/a

A supervisor, or supervisor equivalent, can do anything. They have utter and total access to the network. They can add or delete any user account; read or delete any file; alter the properties of any file (file's owner or time & data stamp). They can shutdown the system or allow/deny access to any hardware on the network.

When attempting a "hack" - either to open a locked file or switch off a remote - an admin account adds +1 to the roll, while a supervisor access adds +2.

I wanna be Supervisor!

So, the decker didn't get root access when they hacked in? Well, they should try a promote roll. This is another intrusion roll, but is done from within the system. This can involve guessing; searching for passwords; packet sniffing; or even hacking the system's core to get supervisor access.

The promotion penalty (from the table above) should be added to this new roll. The decker should make another intrusion attempt against the security level of the system. The decker can use a promote program to help do this, although a basic IC breaker will do at a push (-5 penalty however). A promote test should take about D4 x 10 minutes to perform. If the player rolls high, the GM may reduce this time (perhaps by half - or even a quarter on a critical).

As before:


THINGS TO DO WHEN YOU'RE ROOT....

All tasks require an computer use roll over the system's security rating.

Create new accounts:

Set yourself up a false account so you can get in with a lot less trouble next time. Don't forget that some sysops will be auditing their user database and so you account could be deleted (or monitored for when you next log in).

Big systems can be difficult to patrol in this manner so there is truth in the saying of safety in numbers. Remember, it's much more stealthy to have a normal user account and promote yourself to supervisor.

Disable/delete users:

Delete user accounts off the system or just disable the login. Want to mess a system up? Delete all the administrators!!

Modify/erase/create files:

Once you've found the file you want you can do what you want with it. Delete it, rename it or upload a new copy over it. Don't forget that most systems will have a backup in place so they could restore damaged files.

Search the system:

Not sure if your target has dumped there email on this server? Best do a search then.

Run a program:

Sometimes systems have host based databases or applications running on them. You could use the latest wordprocess if you really wanted, but I bet CyberLabs auto-assembly CAD package is a lot more interesting. With Terminal Server based applications, the only way to access the data will be to log on as a remote user. Oh, did I mention that the telephone company will have names & addresses for you to search against?

Control a remote:

Mess about with security cameras, open or close computer locked doors. Autofactories and computer controlled vehciles can also be controlled remotely but you will need the relative skills to pilot the device (unless the host system has some sort of driver software <no pun intended>).

Link to another system:

Once you get into a system you can use the host's Net connection to jump to another system. This can make tracing your signal more difficult. This is a common practice and many schools, library and universities are used as jumping off points.


IT ALL GOES HORRIBLY WRONG!

What could go wrong? A really bad intrusion or computer use roll could cock things up. Alternatively, the system's intrusion detection sweep might pick you up (funny login address, odd hours, weird program activity, etc).

On basic systems a decker only has to worry about scamming the password routine. On more complex hosts, there are programs that scan the network for any dodgy goings on - like crashed programs or external lines coming in after hours.

END OF THE LINE

The level of security of the host network should dictate what happens when an intruder is detected. Typically the intruder will be booted out of the system.

Kill the wabbit!!

Killing an intruder's connection is an attack roll against the sysop's system operation skill and decker's system operation skill. If the decker looses - they get kicked out. Decent sysadmins will probably carry out an audit to see how the decker got in and if that hole can be plugged. At the least the administration passwords will be changed!

Click.... boom!

Just as network hosts have security weaknesses, so do smaller computer operating systems. A sysop may attempt to force the decker off the Net by making an attack with a killer program. If they are sucessful then the decker's computer crashes and this leaves a messy trail back to their original access point. Logging off properly cleans up after the decker.

Traces

Most admins will be happy enough to kick a user out of the system and plug up the holes in the fence. More security conscious (re: vindictive) will attempt to trace the intruder's physical location.

The sysop makes a trace roll against each hop made by the decker to get to the sysop's own system. Connecting to the Net from your own phone and doing a direct hack is only one hop - maybe it would be wiser to cover your ass by bouncing off a few public library terminals or piping your signal out of the Corporate Council's remote access server?

The trace roll requires the system administrator to test their system operation skill against the target's system's security rating. Each attempt to source through a hop takes D4 minutes although every per 3 success points drops the trace by a minute (which can mean an instant trace!).

If the sysop fails a trace attempt, then may try again but at a cumulative +2 penalty. A fumble means that the trace is lost and cannot be picked up again! The following modifiers apply and don't forget to apply the Audit value of the system if the sysop has access to them.

Event
Modifier to trace
Decker is still logged in during trace attempt
+2
Decker crashed out rather than logged out cleanly
+3
Decker logged out and backtracked through hops
Increase task by -5 when attempt to
trace through that host.

Network Host is:

Very busy (very popular web server)
Busy (application or data server)
Quiet (small business or home system)
Accessed out of office hours (no one else is in!)


+4
+2
-2
-3

Intrusion occured:

One day ago
One week ago
One month ago
Six months ago
Over a year ago

+2
+4
+6
+8
+10

Should the system's owners have access to a database of telephone or network access records, they may well be able to find a decker's physical location. This does not occur very frequently with low security systems, but the miltary and some corporate systems may attempt it - especially if you've just made off with their R&D database. Should a sysop attempt a physical trace, use the trace rules as above but add 2D4 minutes while they find the decker's physical location. Once that's been found... well, that's up to the ref.