Technology

Computer Programming

Languages Skill Subgroups Skill Modifiers Software Development Hacking
 
 
 
COMPUTER HACKING
In the MetaCyber setting there are two basic ways to "Hack" a computer that collectively are referred to as "Cracking" in a general sense:
  • NEURAL INTERFACE LAYER: most Mindscapes expose access to the underlying functionality of the Computers they run on via Neural Human Interfaces (NHI's) and / or Agents. A person with a properly configured Computer running specialized software (traditionally called a Deck) can enter the virtual reality of Mindscapes and take control of them in various ways. While there are numerous limitations to this method, there are also some major pros. This is covered in detail in the Decking document.
  • PROGRAMMATIC INTERFACE LAYER: Computers can communicate with each other via the NET. While this has many legitimate and beneficial uses, it also creates vulnerabilities to malicious or unauthorized access via the NET. Characters that have the Computer Programming Skill and access to a Computer connected to the NET can attempt to "Hack". Hacking generally consists of three steps:
    • Locate a specific Target Computer
    • Penetrate Target Computer's Security
    • Hack Target Computer
LOCATE TARGET COMPUTER
A Hacker might already know the NET Address of their target, but if not they can generally use the Network Address Directory as described previously to locate their target.
PENETRATE TARGET COMPUTER'S SECURITY
This is the difficult part of almost all Hacking endeavors; beating any security software protecting the Target Computer, preferably without setting off any alerts in the process.
This is generally an extended process and there are many different techniques and tricks. However, the success or failure of the entire process resolves down to a modified Computer Programming Skill Roll. 
Of particular importance to the penetrate process is what Role the Hacker is gaining access as, which is referred to as Spoofing. The Role they spoof will determine what the Hacker can do on the Computer if they succeed in penetrating its security. As a defacto standard, there are generally five Roles with ascending permissions in general use in the MetaCyber settings, though some Computers don't support all Roles.
  • NET User *: Allows the usage of NEC on the Computer via the NET.
  • Local User: Allows limited usage of productivity software on the Computer.
  • Super User: Allows broad usage of most software on the Computer.
  • Local Admin: Allows effectively full control of the Computer.
  • Sys Admin: Allows effectively full access to and control of all or most Computers on the Target Computer's internal network.
* The NET User Role is generally not applicable to Hacking, but is relevant to Decking:
In some cases a Hacker has legitimate user credentials for the Target Computer, in which case they don't Spoof a Role, but are limited to the Role of the user they are logging in as.
The following list indicates many different modifiers relevant to penetrating a Computer's security. The GM should simply add up all applicable modifiers and apply them to the Hacker's Computer Skill Roll to determine if they succeed or fail at this task. The GM also determines how long it takes to make the attempt.
HACKING PENETRATION MODIFIERS
 
CIRCUMSTANCE MODIFIER
Have A Valid Password / Credentials +4
Target Computer Is Unsecured +2
Hacked Target Computer Previously (Undetected) +2
Have A True Backdoor +2
Target Computer Is Poorly Secured +1
Hacked Similar Computers Previously +1
Have Physical Access To Target Computer +1
Target Computer Is Secured -0
Spoofing Local User -0
Have Remote Access To Target Computer -1
Have Expired Password / Credentials -1
Spoofing Super User -1
Attempting To Conceal Trace -2
Hacked Target Computer Previously (Detected) -2
Target Computer Is Well Secured -2
Have A False Backdoor -2
Spoofing Local Admin -2
Target Computer Is Very Well Secured -4
Have Invalid Password / Credentials -4
Spoofing Sys Admin -4
Target Computer Is Extremely Secured -6
Lack the Infiltration Hacking Option -6
Target Computer Is Totally Secured -8
Target Computer Is Nigh-Impossible To Hack -10
 
HACK TARGET COMPUTER
Once a Hacker has penetrated a Computer, they can essentially do anything they want to it up to the level of the Role they spoofed. They can access any programs, data, or files on the Computer accessible to their Role, and even install programs from their own Computer onto the Target Computer (assuming they spoofed as a Local Admin or Sys Admin). They can also usually shut down or reboot the Computer, which kicks them off, but brings the system down for at least a few seconds if not longer.
Depending on what a Hacker wants to do, and circumstances involved, one or more additional Computer Programming Skill Rolls or other Skill Rolls will likely be necessary. For instance if a Hacker wanted to access a database from the Computer they have hacked, familiarize themselves with the data model, and write some queries to find data they are interested in they would need to know the Databasing subgroup of Computer Programming and would need to know the query language in use (usually LQS), and would have to make one or more Skill Rolls to successfully complete this task, depending on how granular the GM wants to get.
ALERTS
The main trick to Hacking is of course not getting caught. There are a number of ways to set off alerts or leave traces of activity behind, which give a bonus to the Computer Programming or Security System Skill Rolls of any software or people responsible for monitoring or administrating the Computer. Similarly, there are things a Hacker can do to make it harder to detect them, which result in penalties. In some cases a Hacker is so clumsy or in over their head that they set off immediate alarms. The following chart summarizes the relevant modifiers.
HACKING ALERT MODIFIERS
 
CIRCUMSTANCE MODIFIER
Valid Password / Credentials Used -2
Backdoor Used -2
Complementary Cryptology Skill Roll Made -1
Complementary Security Systems Skill Roll Made -1
Every point by which Computer Programming Roll made -1
Every point by which Computer Programming Roll failed +1
Every ten minutes of time spent using the Target Computer +1
Local Admin spoofed +1
Secure Files accessed +1
Files deleted +1
Users added +1
Each Program installed or deleted +1
Expired Password / Credentials Used +1
False Backdoor Used +1
System Rebooted +1
Monitoring User Or Software Has The Defense Hacking Option +1
System Shutdown +2
A Complementary Skill Roll Was Failed +2
Sys Admin spoofed +2
 
The GM should add up all the modifiers and consult the below Hacking Alert Results chart for guidance on if a Hacker's activity is discovered, and how quickly.
HACKING ALERT RESULTS
 
TOTAL MODIFIER RESULT
-5 or less Hacking goes undetected for a while, perhaps forever. It is more likely to be discovered by accident than by any deliberate effort.
-0 to -4 Hacking wont be detected in the near term; it is likely to get noticed during some kind of an audit process at a later date.
+1 to +4 Hacking is not immediately noticed unless someone or a security program is actively monitoring the Computer, but will likely be noticed within the next few days.
+5 to +9 Hacking is not immediately noticed unless someone or a security program is actively monitoring the Computer, but will likely be noticed within the day, perhaps within the hour.
+10 and higher Hacking is noticed immediately.
 
 
OTHER USEFUL COMPUTER RELATED SKILLS
There are a couple of other Skills with a good deal of cross over with Computer Programming that can be used as Complementary Skill Rolls to various Computer Programming tasks, and thus are mentioned here.
CRYPTOGRAPHY
The art and science of encrypting and decrypting data can be very useful indeed to a Computer Programmer. Many just use utilities on their Computers to gain the practical benefits of this discipline, while some Computer Programmers are also knowledgeable and skilled in their own right. Either way, Cryptography has three main uses for a Computer Programmer:
  • Make Penetration of Target Computers easier
  • Make Penetration of a Computer harder
  • Encrypt and Decrypt Data
A Hacker can use Cryptography as a Complementary Skill Roll to their Computer Programming Skill Roll when Penetrating a Target Computer's security.
A Computer Programmer can use Cryptography to make their own Computers more Secured and therefore more difficult to Hack. Most Computer Programmers take sufficient precautions for their Computers to be at least Well Secured, but the use of Cryptography can improve this by one or more levels depending on how successful their Skill usage is and the GM's judgment
Finally, Cryptography is used in the normal fashion to encrypt and decrypt data, as indicated by the Hero System Fifth Edition Rulebook (or the Ultimate Skill if it is available). This can be useful if data is acquired from a Run that could be valuable if its encryption can be cracked.
SECURITY SYSTEMS
Security Systems, typically with the Limitation "Only For Computer Security; -1/2" can be used for a few purposes in the context of Computer Programming:
  • Make Penetration of Target Computers easier
  • Make Penetration of a Computer harder
  • Allow the use of computerized Security Systems
A Hacker can use Security Systems as a Complementary Skill Roll to their Computer Programming Skill Roll when Penetrating a Target Computer's security.
A Computer Programmer can use Security Systems to make their own Computers more Secured and therefore more difficult to Hack by installing and configuring various security software and following various safe practices. Most Computer Programmers take sufficient precautions for their Computers to be at least Well Secured, but the use of Security Systems can improve this by one or more levels depending on how successful their Skill usage is and the GM's judgment.
A Hacker that has penetrated a Computer that runs one or more Security programs can use Security Systems to use and abuse those programs. This could be very useful for things like hacking into a Computer that controls the video surveillance system of a building and disabling or tricking the system so that allies can infiltrate that building undetected.
THE "NAD" AND COMPUTER PROGRAMMING
There are millions of individual Terminals and Computers connected to the NET in one fashion or another, and further each of them could potentially be identified via many aliases or host many virtual "locations", each of which have a unique address.
Obviously without some kind of order imposed, it would be practically impossible to find anything on the NET. Fortunately there is an answer; the Network Address Directory, aka the NAD, which is a list maintained on hundreds of nodes world wide, which are all refreshed frequently from a master list maintained by CERN.
NADs have Neurally Enabled Content, accessible from the NET with a number of different sensorium effects to choose from based upon user preference. However NADs can also receive direct programmatic requests for information and emit responses back, which is a feature that exists to allow peer to peer and business to business software to function, but is also frequently used by programmers for their own convenience. A simple utility is needed for this, but all personal and business computers can be assumed to have it by default.
Any character with the Computer Programming Skill and access to a Computer connected to the NET can make NAD requests as a Routine Task to locate the addresses of Computers on the NET or Terminals. However, this can be detected which can be an unwanted outcome if the request is for a less than upright purpose. To use the NAD in this fashion without leaving a trace is a Difficult Task rather than a Routine Task.
Some Computers are connected to the NET, but their addresses are either unlisted or more commonly are hidden behind multiple aliases and redirects. An unlisted address costs a lot of money and they are rare, the purview of the mega wealthy or very well connected (or both). Finding an unlisted address is extremely difficult, and at any rate the NAD is of no help in such an endeavor; discovering an unlisted address is the sort of thing that can serve as the goal for multiple sessions and even story arcs. Finding an obfuscated address on the other hand is possible via the NAD with patience; it is a Very Difficult Task and can take hours or even days, and doing so stealthily imposes a further -2 penalty.
Though there are plenty of legitimate reasons to need to resolve an address for specific Computers or Terminals, for the most part its likely to come up in a MetaCyber campaign in the context of an intent to find a target computer and Hack it.