Over on the Interface Zero: Fate Edition Google+ Community we received a bunch of questions from Nicholas Simpson about hacking. I said I’d answer them on a blog post so I could easily come back and add more information. Putting it on my blog also means it will stay around as an easily searchable resource for anyone else with hacking questions.
So, here goes nothing!
1)If an access point is protected by something like a biometric scanner, can that also be hacked, and if so would it probably have better security than the network it’s guarding?
Biometric scanners are used to provide the highest level of physical security, whether that’s for a vault door or an on-off switch for a subnet. Nobody can hack a subnet that can’t be turned on without a detailed biometric scan of the VP of security, am I right?
It’s impossible to hack a biometric scanner wirelessly, but it can be bypassed physically if you have the knowledge, tools, and time. Biometric scanners are hardened as much as possible, making this a laborious process; it’s easier to kidnap the person who has authorized access to activate the biometric lock.
That’s for story reasons! The overriding drive when making the hacking system was to prevent ‘hacker stays in the van and solves the plot’ syndrome, and the limited range of cloud access points was a big factor in that. Biometric locks are the next step up, and should be used relatively infrequently in only the most security critical situations.
Overcoming a biometric lock is a Tech action against opposition appropriate to the situation, but it will usually be somewhere up in the Fantastic (+6) to Epic (+8) range, and with a timeframe of an hour.
2)Under Intrusion, it’s noted that some Hyper Objects can be “Invisible” when a hacker is trying to detect them; can subnets or clouds be made invisible as well?
Yes. ‘Invisible’ just means it doesn’t advertise itself when you search for it. It’s a bit like how today’s wi-fi networks can be hidden so that you must know the name of the network to be able to connect to it.
3)Can a hacker look for hidden targets without knowing they are there/what they are?
You can find concealed targets by searching with Hack opposed by the highest Firewall of the hidden targets in range. This will give you a list of object IDs (in hexadecimal or some kind of quantum computing gobbledegook!) and a rough idea of what each is (e.g. ‘a cloud’, ‘a hyper object’).
4)How is the broadcast range of a network determined for the purposes of hacking it?
According to the needs of plot! For security reasons access points are generally kept quite limited in range and shielding is used to prevent signal leakage. Each floor of a corporate skyscraper could have a subnet with the AP available on the entire floor, or a floor could be divided into multiple shielded suites, each with their own subnet and AP. It’s highly unlikely that you could access anything except the skyscraper’s Public Access Network.
5)When hacking a target outside of its broadcast range, can it only be achieved through a nearby connected Public Access Network, or can it be through any kind of nearby network? Can this only be done within range of the first connecting network, or can it be daisychained through multiple networks? Can this be done only to stationary networks, or can it be done on a moving Hyper Object or TAP? Can it be done to a network that would be Invisible or Concealed?
As long as something is connected to a cloud, whether directly or indirectly, you can use it as a point of ingress. You could theoretically use a drone or other trojan horse to carry an access point somewhere, then hack via that device–as long as you can somehow connect to it. Practically this is of limited utility because of the use of wireless shielding in secure areas. Again, the aim here was to prevent ‘hacker-in-a-van’ syndrome; we want hackers to be moving around with IZ teams, not stuck far away from the action. I said PAN in the rules because by definition the GDN terminates in PANs, from which you can then reach out to connect to things within range of the terminal access point.
6)What happens if a network has no Sysop or Sprites on it; does nothing roll to Notice hacking/intrusion attempts?
That’s correct. An unmonitored network is unprotected except for its Firewall.
7)How many sprites/sysops are normally assigned to a network? Does this differ by security?
This is down to the GM to decide. The more sprites/sysops there are the tighter the security; the same considerations apply as to building any conflict scenario.
8)When taking a Hacking action, it says they are opposed by the Sysop or sprite. Can they only do this if they’ve detected you, or is it automatic if they’re connected to the same subnet? What happens if there is no Sysop/Sprite?
From the rules:
“No roll is required to perform the standard actions of the hacked target, but doing something the target wasn’t designed for or which needs security clearance (such as logging into the user’s VR game account, taking an elevator to the penthouse suite, or permanently deleting their files) requires a Hack roll against the target’s Firewall, and a SysOp or Sprite connected to the cloud is always justified in providing active opposition.“
So it’s against the firewall if there’s no SysOp or Sprite. If there is a SysOp or Sprite they’re always justified in providing active opposition; even if they aren’t aware of you as an intruder, their active monitoring and security protocols allow this. Practically, this means you’re opposed by the higher of the target’s Firewall or the SysOp/Sprite’s Hack.
9)Is there a delay/action required on moving from one subnet to another? How about from one connected cloud network to another? What is the general limitation imposed by being connected to a subnet in terms of affecting other subnets, the cloud network, or one’s own TAP? Basically, how many places can a Sprite/Sysop/Hacker be affecting an accessing at once and what are the restrictions on moving in between them?
You don’t literally move from one subnet to another, but you can only execute code in one place at a time (e.g. on an exchange). A single SysOp can monitor an entire cloud. In general as you penetrate deeper into a cloud your range of hacking options increases. In reality, security considerations mean that clouds have a limited number of subnets that are hackable by accessing the main cloud.
For example, hacking the Genshi Corporate Access Network from the main rules lets you (among other things):
1) Get a list of the subnets (finding the hIdden money laundering subnet would take a roll) and where their access points are.
2) Attack any of the subnets attached to the CAN or the entire network.
Let’s say you make your way up to the fourth floor and hack the Security subnet. On any given exchange you can now:
1) Control any of the security Hyper Objects attached to the Security subnet.
2) Attack any object, sprite, or sysop attached to the Security subnet.
3) Attack any subnet attached to the CAN.
In other words, you’re still connected to the CAN even when you connect to one of its subnets, because the subnet is a part of the network. You just can’t connect directly from the CAN to the subnet without being physically proximate to its authorised access point.
10) How exactly does IC work? Can it effectively take all the actions available to a Sysop/Sprite, or is it limited? If it is limited, please give a list of what it can and can’t do.
IC can only attack. It represents the network’s built in security attempting to get rid of hackers with DDOS attacks and other stuff.
11) Since the risk of attacking an entire network at once is being swarmed by sysops/sprites, is it assumed that each network has multiple sysops and sprites, and do they each count as another NPC in a conflict/contest?
The GM should decide how many SysOps and sprites are monitoring a given network (and its subnets) when creating the network. Yes, they each count as an NPC, but can be mobbed together as mooks per the standard Fate Core rules for handling the opposition.
12) When a sysop/sprite creates an “Alarm” aspect, does this clue in security to a general alert, or would it be able to clue them in to the more access locations of a specific subnet if the hacker was sighted at that level?
An alarm is just an aspect that can be used to gain advantages against the hacker. Security will certainly know the subnet that triggered the alarm, and this may give them a clue as to the whereabouts of the intruders if the subnet’s only access point is in a restricted area. If the SysOp has previously used Backtrace IP then they can tag the exact location of the intruder to the alarm.
13)How is difficulty set for a Sysop/Sprite calling/running another sprite as an overcome roll?
It’s automatic unless the hacker is opposing it (which they usually will!).
14) If a hacker wants to oppose calling a sprite, do they just need to declare this, or do they need to be in the same subnet/have placed a relevant advantage to do this?
They need to be connected to the same subnet.
15)When a hacker uses a relevant advantage to oppose an attempted system shutdown, does this use up the advantage or does it still exist?
Depends on the advantage and the situation, but it probably does not use up the advantage.
16) If a system is shut down, will sysops count as being forcibly booted or just hackers?
Log Out is an action, so yes _everyone_ connected to the network is forcibly booted. That’s another reason why this is a last ditch action!
17)Can hackers take the action to trace the physical location of a user, or is this limited to sysops?
As designed, only SysOps and Sprites. You could allow hackers to do this an overcome if you wanted to.
18)Can the hacker wipe out traces of his presence on a network any other way than taking it out in hyper conflict?
No, but they can take steps to cover their actions (e.g. by creating relevant advantages).
19)When calling a sprite, can only one be called at a time?
Injecting a sprite into a system or moving one from another subnet is an action, so yes.
20)When targeting a cloud network, do effects (e.g. aspects, effects of hyper conflict) caused to it also apply to all of its subnets, even if they have restricted access? Or does it only affect the networks currently accessible to the hacker?
I’d judge this on a case-by-case basis. Something like Network Lag being placed on a CAN would also affect any subnets of the CAN, certainly.
21)I understand why a big network would slave a bunch of hyper objects, but is there any benefit to a single entity slaving objects to his TAP?
You can’t use hyper objects that aren’t attached to a network–directly connecting to your TAP counts as attaching it to a network–unless you hack them. That means you’d have to waste an action connecting to an object before you could use it. Imagine if you had to re-pair your smart watch with your phone every time you wanted to check for new messages on it; same thing.