I had a lot of fun with the last one, and so I have a few more ideas to trot out on this subject. A lot of these concepts can be used simply as plothooks, but can also be interesting mechanical tools to aid or challenge players.
D2NA: One of the most basic malware out there, D2NA (Digital DNA) is a basic program which has one instruction, self-replicate. When activated, it generates copies of itself as rapidly as possible, filling up free storage on the device and taking up processing cycles. The name comes from both its self-replicating nature, and the tendency to use incredibly complex data, such as DNA sequences, complex mathematical formulas or large number sequences to eat up data. If not caught, it will fill up spare storage on a device in a matter of days or hours, making it overloaded. Most trained system defenders or firewall tools will catch a spread of D2NA, especially during a security audit, but a skilled hacker can covertly install it or conceal its nature until it's done it's job. Because servers have so much storage space that it takes too long to fill up, D2NA attacks are usually used to gum up sensor motes, bots and the gear of specific computer users rather than large systems. [Minor] (R)
Fog of War: Also called "Static Wall", "Blue Screen" or "Blizzard" this software tool is adapted from actual forms of e-war defense used in the Fall. It is typically run to protect certain devices which have active administrators who are directly in control of a system, and takes the form of a new countermeasure when activated. The simplest is that Fog of War degrades the quality of connection and access for normal users. It throttles connections, spams additional UI features, AR mist or other sensory distractions and in general makes things harder to navigate. Admin accounts or other select system occupants (often certain Infomorphs or ALIs using the server) are protected from this, and can work as normal. This will slow down intruders and make it harder for them to accomplish their goals, but is also a real hassle for normal users so tends to be reserved for personal use or on highly secured servers. For normal users, they act as if they are on an overloaded device, taking a -10 penalty to all meshed actions on the device (and possibly higher if the Fog of War is particularly good) - and if this device includes an AR overlay they take the Distraction penalty as well. However, the Firewall, admin accounts and other select users suffer no penalty, able to function as normal while the enemy is bogged down. [Moderate]
Grond: Grond and its many knock offs and clones are a down-and-dirty software designed to break into systems quick. It uses optimizing algorithms to smartly pick the proper exploits for a system, rather than running straight down the list, and can even multi-task to try multiple attack angles where possible. It's "siege algorithms" continue to work even after the initial intrusion, constantly trying to preempt countermeasures and predict standard software protocols. However, Grond is anything but subtle, and thus many hackers eschew the tool. It grants a +10 on Brute-Force Hacking (taking it to a -20 penalty) and on InfoSec checks while there is an active alert (removing the penalty). [Moderate] (R)
Honey Trap: Honey Traps and their many variants are common on corporate servers to discourage or counteract espionage. Most professional hackers use proxy services and stealthed signals, and so even if one is aware of them tracking them is difficult. To do this, the Honey Trap is made - it looks like an attractive piece of data, such as crypto, blueprints, personal data, etc. However, when downloaded or opened by a hacker, it reveals itself to be a trap - if still on it's home device it will usually automatically trigger an active alert, and if it has been copied elsewhere, it has a protocol to immediately "phone home" via the Mesh with the Mesh ID of device it is currently on and positioning data unless the hacker acts fast. Nastier versions of this are known as "data mines" or "wasp nests" and instead of tracking they will "detonate" when opened, revealing malware, corrupt data or overwhelming signal traffic, dealing 2d10 DV to the offending Infomorph, ALI or Account Shell. A skilled Hacker can detect if a program is trapped with InfoSec, but only if they care to look. [Minor+] (R)
Icewall: Normal firewall software uses a neural net filter to smartly detect potential intrusions or unusual activity, a constant crucible which puts pressure on any hacker who is operating through it. The Icewall takes a different tactic, it is a single, rigid defense. A hardened structure constantly patching itself against exploits, usually with stricter than normal authentication methods. Icewalls are very firm against Brute-Force hacks, as they have very few vulnerabilities and tend to rapidly patch them, applying a further -10 (total -40 modifier). They are also hard to attack directly, having 10 AV in Mesh Combat. However, because of their front-loaded defense, they are vulnerable to spoofing, and their passive threat detection once an intruder is inside may be weaker than normal. [Minor]
KeyChain: This software comes by many names (Skeleton Key, Key Ring, MasterKey, Pick Lock, etc), and is a fairly common hacking tool, though often not a reliable one. Normally, to Spoof, one must first sniff data transmissions, or forge an authentication by copying the original somehow. KeyChain is a type of software which skips that step, instead it brute-forces a spoofed authentication by studying the authentication, then rapidly making attempts to enter it via a brute-force attack. This functions as a normal spoof attack, but doesn't require sniffing, and imposes a -30 penalty on the hacking test, as it is highly likely the attempt will be flagged by the Firewall as suspicious. KeyChain cannot defeat some forms of authentication, and systems with particularly complex authentication (like very long passcodes) might take more time than a complex action. [Minor] (R)
Logic Gate: Logic Gates are an unusual form of authentication which resembles a passkey, but requires one not just know (or have stored) their passcode, or possess a specific key, biometric, Ego or device, but to actively solve a puzzle. These can come in the form of Captcha, or riddles, visual puzzles or even complex subjective ethics questions which an administrator will assess. Because of this, spoofing a Logic Gate is not possible, and most of them have a complex library of questions to ask, so simply listening in to a correct answer won't work either. You either can solve it, or not. Clearing a Logic Gate requires a COG test, which might be opposed if it is an assessment test. Failure causes a passive alert as normal. Because there is no "convenient" way to pass them, Logic Gates are incredibly unpopular for systems which are heavily trafficked, but are often used by personal eccentries, or to guard specific devices, storage spaces and tiers in networks by limiting who can access. Guanxi operators often us a Logic Gate variance which offers "tests of loyalty" to check a user's bona fides, and some servers who wish to prevent ALI access will use them. They can also be used as an active form of authentication, giving a specific user a test and kicking them out if they fail. [Minor]
Plumber: Networking has sometimes been referred to as a series of pipes or tubes. And who better to check on your pipes than a plumber? Plumber is a form of software used by both hackers and system defenders - originally intended as a simple script to check network health, a few iterations and it is a sophisticated tracking system. A Firewall can normally re-authenticate or terminate connections if threatened, and a security account can trace specific users, but sometimes you want to do a lot of tracing all at once, and not let anybody know you're doing it. Fire up Plumber and let it run. In the normal timeframe of a re-authentication, it will instead actively run a trace on all accounts on the system, attempting to ping their connection and trace them to a Mesh ID or other tag, and note and report all discrepancies to the system defender (such as proxy services, user accounts in privacy mode, duplicate accounts and other unusual transmissions). This is useful for an admin to trace all suspicious connections and flag them to lock them out or otherwise catch them, though obviously it rarely beats efforts to prevent tracing a hacker. Intruders on the other hand, will often use Plumber to trace all users on a network for further traffic analysis, or figure out where the next device or node in a network or tier is. [Minor]
Poison Pill: Another one of the classic malware tricks, a poison pill looks like good software, but it is actually bad. It can be seen as kind of a reverse honey trap. Firewalls actively monitor for unusual activity, so a hacker can try and cloak their work by making it seem like normal data. Most poison pills will fail against a dedicated scan of their code (an InfoSec test), but for purposes of passive defenses, can be safely uploaded or copies to most devices. Depending on what exactly is in the poison pill, it can do multiple things. Most when opened will dry and directly crash the OS (including possibly the Cyberbrain of a morph) of the system it is stored on with viral or corrupt data, but can also be used to damage infomoprhs or account shells which handle the data. When opened it deals 2d10 DV to the appropriate software. [Minor] (R)
Remora: Sometimes, you don't want to crash software, delete data, or even read secret files - you want to see where that data goes. Enter Remora, a common style of spyware script which attaches itself to a file and then is designed to log where that file goes. Installed with a Program test as a complex action, Remora embeds itself in the data and then covertly logs whenever that file is accessed, modified, copied or moved. If a the data is duplicated, the Remora is duplicated with it. What it does with the log depends on how the specific Remora is configured, some will simply "phone home", using an encrypted communication to upload the log to the hacker or a secure cloud storage they can access later - but this is risky if intercepted. More commonly, after a period of time, Remora will disconnect itself and through normal network processes "swim" home, connecting through public networks to find it's home device. This means that if a file with Remora attached ever makes it to an air-gapped network, however, it's useless unless the hacker can hook back up with it. [Minor] (R)
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
Thursday, November 14, 2019
Tuesday, November 12, 2019
Mesh Combat Programs
(On page 264 it describes mesh combat as an abstraction with "no dueling avatars, no digital maneuvering, no deadly programs", but sadly that's not very fun. Below are a list of some specific software and other special features which can offer some customization and flavor to Mesh Combat, but with the understanding that using these types of things will add layers of complexity to the game and may further slow play, but they can still be entertaining. Use them just as flavor or apply the mechanical concepts as you see fit)
Aegis: A standard software package utilized by governments and security contractors, Aegis is designed to protect software from crashing. Utilizing a filtering system, it's constantly updating database can identify common malware and exploits and automatically block or remove them, as well as intercepting bad data packets. It also has real time crash protection which can check for most obvious software errors and compensate. Aegis adds 5 AV in Mesh Combat to all software on the same device as it. [Minor]
Attack Barrier: Also sometimes called a "lava wall", this form of advanced Firewall has counter-intrusion protocols. Increase the Firewall rating (p. 260) by 10, and if any intruder or attacker fails an opposed test with the Attack Barrier, their relevant software (Account Shell, Infomorph, etc) takes 2d10 DV. If they are physically connected to the system running the Attack Barrier, the device takes 1d6+Shock DV as it overloads them with an electrical surge. [Moderate] (R)
Daemon: Daemons are a sub-ALI script or process which system administrators use to delegate tasks, usually when they have a large system to run. Because they are not intelligent, they are relatively compact files, effectively spare account shells for the device or OS itself. When installed by an administrator, they decide their privilege level. Daemons can undertake certain account actions in place of their masters, either by preprogrammed signals, or by receiving an order from an authorized security/admin user as a Quick Action. They aren't very sophisticated, so anything requiring a roll they perform at a 30, but they can be helpful to pull useful information, trigger alerts or perform additional attacks in large systems while still allowing the active defender to focus on their own tasks. Even if they don't act, a Daemon adds +10 to any tests an active defender of a system makes for teamwork, as they are designed to help. [Minor]
Labyrinth: Labyrinth or a number of related softwares are known as "barrier mazes". These are complex systems which evolve over time, and thus are not allowed in many polities. In addition to normal Firewall functions which block conventional access to those without authorization, they build in deliberate traps and weak-points which an intruder might think are safe to enter, but lead to dead ends. Some versions of Labyrinths can even alter or mask the internal file registries and databases, literally shifting information to confuse and delay attackers so they can be locked in or traced. Using a Labyrinth increases the timeframe of Hacking task actions by 50%, and gives system defenders a +10 on tests to zero-in, trace and crash/lockout an intruder. [Major] (R)
Mad World: Developed by criminal and anarchist hackers, Mad World is a software somewhat akin to a Scorcher designed to crash a wide variety of software at once ("Mad" standing for Mutually Assured Destruction). Once installed and opened, Mad World will try and crash the operating software, and any apps, accounts or informorphs using the device by creating junk files, sending bad data and making an overwhelming number of connections and input options. This will seriously degrade the user experience and eventually crash a system if not disabled or deleted. It deals 1d10 DV to all software per Action Turn, other than itself (this includes the hacker who placed it). In some cases, Mad World or it's variants can even overload hardware, taking up so much processing power and stressing the system, causing physical damage to the hardware device it is hosted on. [Minor] (R)
Muramasa: Named after a legendary Japanese swordsmith, Muramasa (and many copies and variants) is one of the most basic tools a hacker has to disrupt and crash software. Instead of overloading programs with bad data or too many signals, Muramasa "cuts" into software and deletes small snippets of their code, increasing the likelihood of errors, glitches and crashes. Add +1d6 DV to damage you inflict in Mesh Combat. [Minor] (R)
Oculus: One of the scariest software a hacker can meet, but luckily very expensive and restricted. Firewalls already have threat modelling algorithms which learn normal user activity, and will flag suspicious actions and work to locate intruders. Oculus takes this one step further, it not only learns to spot likely signs of an intruder, it learns about specific intruders. Through heuristic programming, Oculus will gather data about the actions of a spotted intruder, or potential intruders and identify their patterns. It gathers passive flags and data cues, even if no official record is made of a hack, and can always apply these later by cross referencing it's database. For every time you complete a hack against a system with an Oculus active, the Firewall and active defender(s) gain a +10 bonus on all opposed tests with you specifically (maximum +60). This persists even if the hacker is anonymized, as it learns based on activity, not IDs, but it can be confused by group hacking or making an effort to alter your normal activity patterns. This bonus is lost if the Oculus is crashed or deleted. [Major] (R)
Partition: Also sometimes called a "great wall", software partitions are used to block out access to certain software by an attacker. This can be either an app which controls access, or be fundamentally built into an operating system. While a Partition is active, one cannot make Mesh Combat attacks (local or remote) on any software which is protected by the Partition. At the GM's discretion, it may also prevent otherwise normal user functions (like using apps or terminating software processes) without Security/Admin access. Operating systems, Cyberbrains and Account shells cannot be protected by a partition. ALI and Informorphs can, but in doing so they are limited by the restrictions of the Partition to software which is not contained within it. Partitions can be circumvented by crashing or disabling them via Hacking, or by faking authentication. [Minor]
Red Dress: Hacking is not all about brute-forcing, cracking, trash & crash or nuking. Many professional hackers prefer to be subtle and not alert the system at all. To this end, some of them use programs like Red Dress - a sub-ALI script which is designed very simply, as a distraction. Activating Red Dress takes a Complex Action, when it is active the app creates a distraction. What this looks like depends on the system being hacked and it's current conditions. Red Dress may attempt to physically distract a sysadmin with a personal message, or a standard request for help, but this doesn't work on a small private system. In most cases, it creates a new fake account which lacks proper authentication, a "fake" intruder which a system or operator will spot and remove, after which security functions are usually reset. This can be used to "take the heat" if a hacker thinks they're about to get spotted or dumped by giving the admins something to catch - but it doesn't always work as the Red Dress' dummy account does nothing to fight back or escape. [Minor] (R)
Shield Wall: An upgraded version of Aegis, this system not only blocks common malware attacks, but actively hunts for them in a system. It can be used to spot corrupted files, viral data and more, and will flag or delete them as necessary. Running Shield Wall in public systems or high traffic is uncommon, but more paranoid users like the additional layer of protection besides their default firewall. Shield Wall assists in Security Audits, scheduling and running them with regularity, and offering a +10 on the Infosec check to perform them as well as halving the timeframe. If there is no system defender to run it, the Shield Wall has an Infosec of 40 (counting it's own +10) to do so. In addition to patching exploits and backdoors, the Shield Wall will locate any lingering corrupt data, malware, spyware and other bad-actor software lingering in the system after an intrusion, so long as it's not too well concealed and fits its filters. Shield Wall also still provides 5 AV to all software on the same device as it. [Major]
Time Bomb: Sometimes, you just want to fire-and-forget. Time Bomb is a form of malware akin to a scorcher which does just that, it produces a single burst of viral data, bad packets or network noise to destabilize a program, then is gone. A hacker (or just an angry user) uploads or copies the software onto the system, then "points" it at a particular piece of software. When it is commanded to run (which can be set to timers, remote triggers and more) it automatically inflicts 3d10+5 DV to that software. Having "fired", Time Bomb is then effectively deleted from the device. A defender aware of a use of Time Bomb can roll a simple success Infosec test to intercept it. Most professional networks know to find lingering Time Bombs in file uploads or delete them in regular security audits, but not always. Computer Forensics can sometimes trace the origin of a Time Bomb. [Minor] (R)
Wrench Wench: Normally, apps cannot repair damage inflicted in Mesh Combat - one has to close and reboot the app to restore normal processes. Wrench Wench helps with this, it uses active system recovery functions to scan all running apps and data files, and attempt to correct glitches, troubleshoot errors and even patch in bad code. Wrench Wench repairs any apps 1d10 DV every minute, just like OS, Infomorphs, accounts and cyberbrains. Additionally, all software on the same device as Wrench Wench ignore the penalties from 1 wound, as it's functions compensate for damage by finding work-arounds. [Moderate]
Aegis: A standard software package utilized by governments and security contractors, Aegis is designed to protect software from crashing. Utilizing a filtering system, it's constantly updating database can identify common malware and exploits and automatically block or remove them, as well as intercepting bad data packets. It also has real time crash protection which can check for most obvious software errors and compensate. Aegis adds 5 AV in Mesh Combat to all software on the same device as it. [Minor]
Attack Barrier: Also sometimes called a "lava wall", this form of advanced Firewall has counter-intrusion protocols. Increase the Firewall rating (p. 260) by 10, and if any intruder or attacker fails an opposed test with the Attack Barrier, their relevant software (Account Shell, Infomorph, etc) takes 2d10 DV. If they are physically connected to the system running the Attack Barrier, the device takes 1d6+Shock DV as it overloads them with an electrical surge. [Moderate] (R)
Daemon: Daemons are a sub-ALI script or process which system administrators use to delegate tasks, usually when they have a large system to run. Because they are not intelligent, they are relatively compact files, effectively spare account shells for the device or OS itself. When installed by an administrator, they decide their privilege level. Daemons can undertake certain account actions in place of their masters, either by preprogrammed signals, or by receiving an order from an authorized security/admin user as a Quick Action. They aren't very sophisticated, so anything requiring a roll they perform at a 30, but they can be helpful to pull useful information, trigger alerts or perform additional attacks in large systems while still allowing the active defender to focus on their own tasks. Even if they don't act, a Daemon adds +10 to any tests an active defender of a system makes for teamwork, as they are designed to help. [Minor]
Labyrinth: Labyrinth or a number of related softwares are known as "barrier mazes". These are complex systems which evolve over time, and thus are not allowed in many polities. In addition to normal Firewall functions which block conventional access to those without authorization, they build in deliberate traps and weak-points which an intruder might think are safe to enter, but lead to dead ends. Some versions of Labyrinths can even alter or mask the internal file registries and databases, literally shifting information to confuse and delay attackers so they can be locked in or traced. Using a Labyrinth increases the timeframe of Hacking task actions by 50%, and gives system defenders a +10 on tests to zero-in, trace and crash/lockout an intruder. [Major] (R)
Mad World: Developed by criminal and anarchist hackers, Mad World is a software somewhat akin to a Scorcher designed to crash a wide variety of software at once ("Mad" standing for Mutually Assured Destruction). Once installed and opened, Mad World will try and crash the operating software, and any apps, accounts or informorphs using the device by creating junk files, sending bad data and making an overwhelming number of connections and input options. This will seriously degrade the user experience and eventually crash a system if not disabled or deleted. It deals 1d10 DV to all software per Action Turn, other than itself (this includes the hacker who placed it). In some cases, Mad World or it's variants can even overload hardware, taking up so much processing power and stressing the system, causing physical damage to the hardware device it is hosted on. [Minor] (R)
Muramasa: Named after a legendary Japanese swordsmith, Muramasa (and many copies and variants) is one of the most basic tools a hacker has to disrupt and crash software. Instead of overloading programs with bad data or too many signals, Muramasa "cuts" into software and deletes small snippets of their code, increasing the likelihood of errors, glitches and crashes. Add +1d6 DV to damage you inflict in Mesh Combat. [Minor] (R)
Oculus: One of the scariest software a hacker can meet, but luckily very expensive and restricted. Firewalls already have threat modelling algorithms which learn normal user activity, and will flag suspicious actions and work to locate intruders. Oculus takes this one step further, it not only learns to spot likely signs of an intruder, it learns about specific intruders. Through heuristic programming, Oculus will gather data about the actions of a spotted intruder, or potential intruders and identify their patterns. It gathers passive flags and data cues, even if no official record is made of a hack, and can always apply these later by cross referencing it's database. For every time you complete a hack against a system with an Oculus active, the Firewall and active defender(s) gain a +10 bonus on all opposed tests with you specifically (maximum +60). This persists even if the hacker is anonymized, as it learns based on activity, not IDs, but it can be confused by group hacking or making an effort to alter your normal activity patterns. This bonus is lost if the Oculus is crashed or deleted. [Major] (R)
Partition: Also sometimes called a "great wall", software partitions are used to block out access to certain software by an attacker. This can be either an app which controls access, or be fundamentally built into an operating system. While a Partition is active, one cannot make Mesh Combat attacks (local or remote) on any software which is protected by the Partition. At the GM's discretion, it may also prevent otherwise normal user functions (like using apps or terminating software processes) without Security/Admin access. Operating systems, Cyberbrains and Account shells cannot be protected by a partition. ALI and Informorphs can, but in doing so they are limited by the restrictions of the Partition to software which is not contained within it. Partitions can be circumvented by crashing or disabling them via Hacking, or by faking authentication. [Minor]
Red Dress: Hacking is not all about brute-forcing, cracking, trash & crash or nuking. Many professional hackers prefer to be subtle and not alert the system at all. To this end, some of them use programs like Red Dress - a sub-ALI script which is designed very simply, as a distraction. Activating Red Dress takes a Complex Action, when it is active the app creates a distraction. What this looks like depends on the system being hacked and it's current conditions. Red Dress may attempt to physically distract a sysadmin with a personal message, or a standard request for help, but this doesn't work on a small private system. In most cases, it creates a new fake account which lacks proper authentication, a "fake" intruder which a system or operator will spot and remove, after which security functions are usually reset. This can be used to "take the heat" if a hacker thinks they're about to get spotted or dumped by giving the admins something to catch - but it doesn't always work as the Red Dress' dummy account does nothing to fight back or escape. [Minor] (R)
Shield Wall: An upgraded version of Aegis, this system not only blocks common malware attacks, but actively hunts for them in a system. It can be used to spot corrupted files, viral data and more, and will flag or delete them as necessary. Running Shield Wall in public systems or high traffic is uncommon, but more paranoid users like the additional layer of protection besides their default firewall. Shield Wall assists in Security Audits, scheduling and running them with regularity, and offering a +10 on the Infosec check to perform them as well as halving the timeframe. If there is no system defender to run it, the Shield Wall has an Infosec of 40 (counting it's own +10) to do so. In addition to patching exploits and backdoors, the Shield Wall will locate any lingering corrupt data, malware, spyware and other bad-actor software lingering in the system after an intrusion, so long as it's not too well concealed and fits its filters. Shield Wall also still provides 5 AV to all software on the same device as it. [Major]
Time Bomb: Sometimes, you just want to fire-and-forget. Time Bomb is a form of malware akin to a scorcher which does just that, it produces a single burst of viral data, bad packets or network noise to destabilize a program, then is gone. A hacker (or just an angry user) uploads or copies the software onto the system, then "points" it at a particular piece of software. When it is commanded to run (which can be set to timers, remote triggers and more) it automatically inflicts 3d10+5 DV to that software. Having "fired", Time Bomb is then effectively deleted from the device. A defender aware of a use of Time Bomb can roll a simple success Infosec test to intercept it. Most professional networks know to find lingering Time Bombs in file uploads or delete them in regular security audits, but not always. Computer Forensics can sometimes trace the origin of a Time Bomb. [Minor] (R)
Wrench Wench: Normally, apps cannot repair damage inflicted in Mesh Combat - one has to close and reboot the app to restore normal processes. Wrench Wench helps with this, it uses active system recovery functions to scan all running apps and data files, and attempt to correct glitches, troubleshoot errors and even patch in bad code. Wrench Wench repairs any apps 1d10 DV every minute, just like OS, Infomorphs, accounts and cyberbrains. Additionally, all software on the same device as Wrench Wench ignore the penalties from 1 wound, as it's functions compensate for damage by finding work-arounds. [Moderate]
Subscribe to:
Comments (Atom)