Hackers...
and Script Kiddies!
Over time, technology has crept closer and closer to the street. By 2005, many countries were talking about "a browser on every corner and email in every home;" in 2006-7, IBM made that a reality in Ethiopia, striking fear into the super powers' hearts that they'd lost the 'Net Race.' By 2010, every corp-nation and nation-corp had begun such efforts. The cities of North America, and at least most of the cities of Europe, are completely wired, and virtually all of South America and Africa are as well. Outside the cities, most small towns and villages have at least a few computers, with wireless networks for the company bigwigs on vacation. Asia is more conflicted, with Japan garnering 'Most Wired Nation' status several years in a row, China all but forbidding access, while Indochina and the Phillipines are inconsistent, fighting off computers and the social homogeneity that comes with them to the last man, or else throwing all of their money into training their best and brightest to hack the people who would own them.
The result of this, of course, has been an explosion in the script kiddy population, because not only can any two-bit hack with something to prove get software to do the dirty work of finding weaknesses automatically, but any two-bit hack in any of dozens of countries can get that software. As in all things, the more two-bit hacks there are, the more artists, fortunately.
For every two hundred script kiddies, there's one guy who wrote those automated programs back when he was script kiddie, and has since moved on to work for a corporation. Such white hats are viewed with derision, even by the non-hacker community -- going from writing kiddie scripts to corporate 'Net muscle is a step up economically, but a step down socially. For every hundred white hats, there's a black hat that hasn't sold out yet, and for every 50 black hats, there's a hacker that was never in it for the easy money.
Many of the best hackers grew up on the street -- too small to live off mugging, too smart to sell their bodies, but who managed to get on the web enough to learn more. Some of them stole credit card numbers to buy groceries online, some of them faked (or stole from someone else) an online ID to get an online job. They are the urchins that hang around the terminals, but don't ask for change, or the gangers that try to get turf with terminals on it. For most of them, their only acquaintance with Authority is the local cop's stungun. They typically have very little formal education, and they rarely bother 'expanding their minds.' But they're better with computers than all the white hats with fancy college degrees, and they might even know it.
Being one of the elite, and having access to hackerly skills, equipment, and friends, is an Unusual Background (Elite) for 25 points. Being a s'kiddie is the not-so Unusual Background (S'kiddie) for 10 points. You like to play with the computer when your parents are asleep.
Immersive environments are restricted to people willing to go through the surgery and training that datajacks require, or else deal with the response penalties of external input devices (such as wired gloves). For games, the datajack is widely regarded as essential; for other people, simply interested in enjoying online environments, private voice chats, and three dimensional images, the delay is more than acceptable. They are generally not well regarded as more productive than voice control and two-dimensional displays (unless there is some legitimate relevance to three-dimensional data).
As such, computers able to follow relatively complex commands as verbal sentences are in use in more and more offices, and Ethiopia/IBM has pioneered 'industrial' applications, such as 'do what I mean' voice command processing on street corners, bars, and other loud places. Voice-controlled computers vary in use from being the future PDA, to letting executives lounge back in their comfy leather chairs while evaluating business plans, and records, to scientists verbally describing the tests they want to run samples through.
Most people have always used only a fraction of the power their computers have; by 2025, the tide of Network Computers is once again rising. Most people are quite content using touch screens and keyboards with microphones to send/receive voicEmail, follow their favorite hobbies online in discussion groups, chat rooms, and libraries. There are even timelessly fun games available on these systems, although all the Real Gamers(tm) play in immersive environments.
Some people still use more archaic interfaces, such as keyboards and monitors (without the ability to function as a touch screen). However, given the growing popularity of three dimensional sites, and the entrenched popularity of two dimensional interfaces, it's a wonder nobody has put them out of their misery.
There is dizzying variety in computers; red ones, blue ones, smart ones, dumb ones, new ones, old ones. They typically talk to each other through IPv6/IPSEC, with all kinds of other protocols built on top. Every system's interface is a little different, and almost every computer manufacturer diddles around with the systems software. The ISP market has, in most places, become government regulated, in large part as a response to the new corp-nations' clear superiority in the 'Net Race and their use of in-house providers for their adopted nations; in the US, each state has developed its own laws for regulating the industry (or not).
Computer speed doesn't matter and isn't noticed; software developers have finally given up on spurring next year's hardware sales with their new software, because most things have been handled already. Except in 'hard' computing environments, such as weather forecasting, chemical and biological modelling, etc., computers are just furniture. People who are not opposed to either the potential (and still largely unrecognized and unsubstantiated) risk of sticking a lot of radio emmissions next to their head, having computers 'do it for them,' or else who are too dirt-poor to afford it, have earcomps capable of handling voicEmail, standard scheduling tasks, and phone calls. In most places, as well, ISPs provide free basically functional applications on their servers for customers to use; as an extension, since most users don't buy their own software anymore, the software industry is unofficially regulated (as companies that piss off the ISP lose the fat contracts off of which most of them live).
As for the network, well... there are a wide variety of networks, not just the Internet. Most of them are built upon the same protocols, with their own layers and software on top. Others use nothing special, but use strict encryption and routing policies to delineate themselves. Virtually everything is wireless, and wireless bandwidth and latency have dropped remarkably in relation to wired connectivity, since wired connectivity reached a plateau 10 years ago. Only people terribly concerned about security still use wires, and fat shielded wires at that. At the same time, wireless 'jamming' technology has also developed quite strongly, in order to restrict and monitor network access. For instance, the networks in many corporate offices end get killed at the borders of their buildings, to prevent snooping or free rides.
This is the ability to get things done using a particular type of computer interface. It includes figuring out program functions, getting programs to run, etc. This is the TRULY basic user skill. This skill must be taken for each type of interface (see below).
Using any given interface still requires familiarity to use well, as the specific commands will be different. You are automatically familiar with one system upon taking the skill, and you are also automatically familiar with any system for which you have the O/S skill.
| Mechanical/Binary (MA, no default, unfamiliar -5): | Punch Cards, Switch Flipping |
| Command Prompt (ME, no default, unfamiliar -4): | Linear Typed Text Commands, Esoteric Verbal Commands: DOS, Unix, VMS |
| Iconic (ME, IQ-4, unfamiliar -3): | Windowing, Point & Click Command Selection: MacOS, MS Windows, Modern Linux |
| Conversational (ME, IQ-3, unfamiliar -2): | Full Language Parser But Limited Understanding |
| Immersive (ME, IQ-2, unfamiliar -1): | Interactive House Automation, POV Enhancement |
This is the ability to fiddle with the system running your computer. This includes things like setting up a network, tweaking/tuning for performance, installing and checking software, modifying your setup, etc. For operating systems which include administrative powers, this includes knowledge of how to use those administrative powers. This skill must be taken separately for every sperating system. System Security (MH, IQ-6, prereq any O/S skill)
This is training in the mindset and logical approach to computer security required to run a tight ship. This is used to secure a machine (by anticipating possible vectors of attack and putting preventative measures in place), find signs of hackers (and trace them), find security breaches (and patch them) and so on.
All operating systems come with a default security level (Windows is about a 10, BSD is about a 14). You can roll System Security when first setting up the machine to improve this; each 2 points you make the roll by gives a +1, to a maximum final value equal to your own skill or the operating system's security +1, whichever is higher, to the security level of the system. If your O/S skill is lower than your System Security, subtract -1 per 2 points of difference. This takes an amount of time equal to the bonus to the system's security in hours. You may reduce the bonus to speed things up.
You can also reduce the security. This requires no roll - just set the level to whatever lower level you want.
As new holes in systems are discovered, the security of the system effectively decreases; every month that goes by without tightening down a system, the security level of the system decreases by 1 (down to a minimum of half the system's base security). You can eliminate this loss by updating the system; roll System Security every time you go through the security of the system, and for every two points by which you make your roll negates 1 month's decline. This can be done at most once a week, and takes 4 hours.
Say a system has been sitting in the machine room for a year without updates, because the admin you replaced was lazy. If you immediately starting fixing it up, and were able to consistently make your roll by 6 points, it would take 20 hours spread out over 5 weeks to bring the security back up to its initial point (4 weeks of reducing the penalty by 3 each week, at which point a month has passed and the security is reduced by 1, requiring just a little more time...). It could take less time, but then you're not being very conscientious, are you? Hacking (MH, System Security-5, prereq appropriate O/S skill)
This is the ability to find loopholes, cracks and security holes in a machine, whether it is a software security issue or a hardware physical limit. By exploiting these holes and limitations, you can crash the machine, compromise information stored on it, control it to do things for you, gain administrative access, etc.
To use Hacking, roll an opposed contest with the target machine's Security level. The default time this takes is 4 hours; each point you beat the machine by halves this time (so if you beat it by five, it takes you about 8 minutes). If you lose the roll, you can not try again for another 4 hours. Also if you lose the roll, the admin for the system can make a System Security roll to detect your attempts (she can also make a roll any time she decides to check the system for attempts to hack in).
Once you have gotten in and done whatever it is you chose to do, you can make a roll to cover your tracks. This is handled in exactly the same way, except that you only get to roll once, and the base time is 1 hour (instead of 4 hours). The GM should mark down how much you made it by - the admin has to beat this to detect your attempt later.
You can also cover your tracks as you go, although this is less efficient. Take a penalty to your roll to penetrate the system; the admin then takes an identical penalty whenever she finally attempts to detect you. Note that you must still roll your Hacking to cover tracks as you leave, so that final traces are erased (and the GM has a number to beat later).
Once you have penetrated a system, you may enter it at will afterward until the hole you used gets patched. Holes can get patched in a number of ways: the admin may discover where you snuck in and fix the problem, the OS creators may issue a program-level patch, the hole may have been dependant on hardware limitations which are removed in the next upgrade cycle, etc. Reversing (ME, Programming-5, prereq appropriate program paradigm)
This is the ability to analyze machine code and/or translate the machine code into its original programming language. A small program (<1000 lines) can take several hours of dedicated work, but for a dedicated reverser the end outcome is rarely in doubt. Assume 1 hour per 100 lines of code, although obfuscation techniques can double or triple the time required.
Prereq: Note that basic machine code is a programming language, and can be used in lieu of any other language, BUT takes four times as long.
Rolling: Mainly, this is to determine how well you do. If you fail, it simply means that you misunderstood some parts of the code. The better you succeed, the more you "own" the code in terms of knowing its little quirks and whatnot.
A Hacker can encode a particular hack into a script which does the work automatically. This requires programming, but creates an automated program which uses its own Hacking skill for a specific task ("Get root access on a targetted Windows NT machine", for example). Once a Script is written, it can be used by anyone who gets their hands on it. Unfortunately, as scripts spread, occasionally admins find them. Whenever an admin tightens down security on a system, he discovers and fixes the holes exploited by scripts (rendering them useless against that system) that achieved widespread distribution on or before the time to which the admin updated the system.
Going back to our admin in the previous example, in the first week he discovered the holes exploited by scripts that were easily accessible 9 months ago; in the second week, he closed the gap to half a year. In another two weeks, only relatively new and secret scripts had a chance. Hackers who keep a lid on their scripts get much more benefit out of them.
To create a script, you must first do what you want the script to do. You must then decide on the skill you want the script to have, relative to your own skill. For every point above Hacking-4 you want the script to be, you have a -2 penalty to your Programming roll; the script can not have skill greater than your own. To modify a script, you must have access to the source code, or suffer a -2 penalty to any rolls to modify it; many scripts take their name from the fact that their useful form *is* the source, and so having the one means having the other, but this is not always true.
To simply update the script, you must be familiar with the techniques used by the script, as well as the techniques used to defend against it. If your Hacking skill is less than the skill of the script, you suffer a -2 penalty for each point of difference; if your Hacking skill is greater, you enjoy a +2 bonus for each point of difference. Roll Programming with this modifier; if you make it, the script will once again work. However, if your Hacking skill is less than that of the script, the script's Hacking skill is now equal to your own. If your Hacking skill is greater than that of the script, then for each 2 points by which you make your roll the script's skill is improved by 1, up to a maximum of your skill.