[KarmaInferno]

Ways to avoid getting hacked:

A) Be a hacker, or at least have one on your team.

Hope they're better than the opposition. Also have them set up internal defenses in your team's comm gear and PANs that can slow down attackers, for those times when he's not available.

B) Disconnect everything that doesn't need to have an external connection.

Most of your cyberware, for example, has no reason to be attached to your communications PAN in any way. Heck, if you're not a rigger or a decker, you probably don't need VR, so ditch the DNI/trode connection and operate your comms manually.



-k

[Psikerlord]

Defending against hackers is easy. Just turn off the wireless function. Yes you sacrifice a bit of flexibility yourself, but if you're worried about being hacked, its a surefire fix.

Any cyberware with no reason to be wireless need not be - eg all your wired reflexes etc. Your character's body just needs a datajack or something to allow maintenance crew to do whatever they need to do occasionally. Smartlink gun etc - use signal 0 - 3m range only, get it skinlinked or cable connect it. Commlink - just turn it off. Talk to your team if you want to communicate, hand signals, it doesn't have to be all high tech. Course that depends on where your teammates are, but sometimes you just have to put up with potential hacking... 

But my main point is - unless you are a hacker yourself, the best way to safeguard your gear is to simply turn off wireless functionality. Just about any gear should be able to have that option - either as a turn off switch or hardwire only - most times you won't need that wireless connection. And if you need an active commlink for security clearance into an area - use a dummy one just for that purpose.

Course, even though you and your gear may be (largely) impervious to hacking, your environment wont be.

Very high level jammers ought to work quite well too, actually.

In terms of safeguarding your commlink - put IC in it, high analyse, encrypt it, databomb it, high firewall/system ... yes it costs a bit, but will rebuff most hackers long enough for you to shoot them, or detect the hack and turn off your commlink.

Anyways my 2 cents

[Mirikon]

In terms of safeguarding your commlink - put IC in it, high analyse, encrypt it, databomb it, high firewall/system ... yes it costs a bit, but will rebuff most hackers long enough for you to shoot them, or detect the hack and turn off your commlink.

And since this is the way any hacker is going to get into your ware anyway, unless they're standing right next to you, the other stuff is basically on the doomsday prepper level. And if you are letting a hacker hack into you from six feet away without shooting him, then your ware isn't the problem.

And just turning off your link and rebooting will reset the system so that the intruder will have to start his hack all over again. And by that time, you should be sending major ordinance downrange at him.

The hacker who can get into your ware in the middle of a firefight and start making your cyberarm hit you in the junk is only a danger if you A) have no (competent) Matrix overwatch at all, B) for some reason can't send rounds the hacker's way (which would be distracting enough that they may take penalties to their hacking tests), AND C) don't know how to turn your commlink off. If all three of those things come together, then yes, this is a real threat. Otherwise, it is scaremongering and a 'What if' scenario, such as planning how you'd survive the zombie apocalypse.

[KarmaInferno]

If you REALLY want to annoy your gamemaster, daisy-chain one or more "gateway" commlinks to your primary system.

Only the far commlink has it's wireless turned on, the others are hardwired into each other. A hacker needs to stealth his way past each and every gateway, all of which are doing nothing but running high level agents scanning intently for unauthorized activity. If ANY of the commlinks gets even a hint of the intruder's presence, they ALL do a hard re-boot, dumping the intruder so he has to start all over.




-k

[Blue_Lion]

If you REALLY want to annoy your gamemaster, daisy-chain one or more "gateway" commlinks to your primary system.

Only the far commlink has it's wireless turned on, the others are hardwired into each other. A hacker needs to stealth his way past each and every gateway, all of which are doing nothing but running high level agents scanning intently for unauthorized activity. If ANY of the commlinks gets even a hint of the intruder's presence, they ALL do a hard re-boot, dumping the intruder so he has to start all over.




-k

Actualy daisy chaining was talked about in the books does not work because you have icon on all so attacking your icon on one is attacking it all, and if they get in the code from one bypasses the others inorder to link them. So he can hack one and spoof all the rest with ease. The only reason to have more than one is to have a public one active and a hidden one that it is slaved to only a dedicated look will find the second so most police drive by scans will not notice it.

[All4BigGuns]

If you REALLY want to annoy your gamemaster, daisy-chain one or more "gateway" commlinks to your primary system.

Only the far commlink has it's wireless turned on, the others are hardwired into each other. A hacker needs to stealth his way past each and every gateway, all of which are doing nothing but running high level agents scanning intently for unauthorized activity. If ANY of the commlinks gets even a hint of the intruder's presence, they ALL do a hard re-boot, dumping the intruder so he has to start all over.




-k

Actualy daisy chaining was talked about in the books does not work because you have icon on all so attacking your icon on one is attacking it all, and if they get in the code from one bypasses the others inorder to link them. So he can hack one and spoof all the rest with ease. The only reason to have more than one is to have a public one active and a hidden one that it is slaved to only a dedicated look will find the second so most police drive by scans will not notice it.

Books and page numbers for proof, please.

[Mirikon]

Hacking Cyberware
Sometimes, it’s easy to forget that all that chrome doesn’t mean jack shit without the software running it. That is, until you get an interface problem and two pieces of ‘ware don’t want to talk to each other—then it comes to the forefront of your mind. Nowadays, it’s easier to hack cyberware than ever before, and shadowrunners should pay close attention to how their implants are wired together.

Most cyberware is set up as peripheral nodes connected to your PAN during implantation, and configured for open access so that medtechs can access the implants quickly for diagnostics and repair. Most internal implants are usually accessible with a lowlevel wireless connection.

> Shadow clinics and street docs with a little programming expertise can disable this wireless connection if the client asks, arrange for the implant to send out false diagnostics, or even upgrade the software without much trouble.
> Butch

> Okay, but does that mean that if I get into a fight with a hacker or technomancer they can just reach out and turn off my cyberarm?
> Hard Exit

> Maybe, but probably not. Cyberarms and most implants that have an exposed area on the body often require direct wired connections through access ports and the like, not a wireless signal. If you’re really worried about it, you should keep your cyberarm in hidden mode—or better yet, turn it off. Not always the best option, but it prevents hacking.
> Butch

Like any other device, implants are susceptible to viruses and other malware. The devices most at risk to this sort of tampering
are those connected together through direct neural input (DNI)—in other words, any implant that you can control with a thought. To prevent a single virus or worm from infecting all of their systems, many street samurai and other implant-heavy runners front-load a high firewall on critical access points like datajacks. If the malware can’t get past the datajack, it can’t infect the rest of the DNI implants in your system.

> Cyberware hacking can work to your advantage too, though. Just as an example, most people don’t realize that a smartlink is wireless. That means you can send a command to your smartgun even if you’re not holding it. And a hacker can spoof a command to that smartgun as well.
> DangerSensei

> Yep. You can also stick malware into a smartgun (which’ll spread to infect your smartlink) or crash it to prevent it from firing.
> Slamm-0!

> In modern warfare, it is common practice to use malware and databombs to disable equipment we must leave behind—or worse, erase the equipments’ operating system.
> Picador

Subscribed Commlinks
Nowadays, just about anybody without a PAN is obviously a criminal hacker or a technomancer. Walking down a busy street in Hong Kong in hidden mode is the equivalent of trying to look inconspicuous with a day-glo mohawk. To avoid looking like a putz, you can keep two commlinks: a public, legal POS and your real commlink loaded with all of your tasty illegal programs. Just subscribe the public commlink to your hidden one, and you can walk around like a normal person.

> Keeping a legit commlink has other benefits than just to hide your hidden commlink, especially for SINners. You can keep all of your above-board accounts and e-mail separate from your shadow life.
> Kat o’Nine Tales

> Some hackers go overboard with subscribed commlinks, daisychaining them together into a “stack” for various purposes, like being in more nodes at once or having more agents under their direct command available. These amateurs like to think they can “hop” from one commlink to another and avoid the damaging effects of IC—hey, if I’m not there, it can’t hurt me right? Wrong. Unless you logout of the node, your icon is still present—whether you’re paying attention to it or not, and damage from Black IC still hurts you directly.
> Slamm-0!

> Why can’t you just have the commlinks running separately?
> Sticks

> Because no matter how many commlinks you have, you only have one brain. All of the data is going in there, and if you try to use
two commlinks at once you’ll get a splitting headache, multisensory hallucinations, and your icons will try to do the same thing on both commlinks at once. The way around that is to link the commlinks together—daisy chaining, as I said—so that you’re only focusing on one icon at a time (even if each icon is in a bunch of different nodes), flipping through the stack.
> Slamm-0!

Happy?

[All4BigGuns]

I was talking about the claim about multiple comm links chained "doesn't work". Though I personally will continue with my ruling that cyberware cannot be hacked, period.

[Mirikon]

*sigh* Second part of that quote, where it talks about "Subscribed Commlinks". And even specifically mentions daisychaining. Do you people not read before you comment?

Daisychaining commlinks can be done, but an attack on your icon in one is an attack on your icon in all, meaning that once you get through, you're in.

But here's some more, from the Game Information section of that same chapter:

Hacking Cyberware
Not all cyberware is hackable, though enough is to make a hacker’s interest worthwhile. To determine if a particular cyber-implant
can be hacked, the following criteria must be met (note that these criteria actually apply to almost all devices, not just cyberware):

First, the cyberware must be computerized—not all implants need a built-in computer. Most cyberware, however is either computerized (or at least equipped with RFID sensor tags) so that it may be queried for diagnostics, controlled remotely or via direct neural interface, or communicate with other implants/devices. See DNI and Wireless Functionality, p. 31, Augmentation.

Second, the implant must be accessible by the hacker, via wired or wireless connection. Most external implants (like cyberlimbs) only have wired connections, requiring the hacker to physically jack in to access the device. A datajack provides immediate access to all cyberimplants with a direct neural interface. Many internal implants have wireless links to aid medical staff in running diagnostics (like wired reflexes) or to link to other devices (like a smartlink). The Signal rating of internal implants tends to be low (usually 0), meaning that a hacker needs to be in close range. Such implants are often slaved to the character’s commlink, however, so a hacker who infiltrates the master node can access slaved implants (see Slaving, p. 55). Some internal implants (such as cortex bombs) have no wireless or DNI connection and so are isolated from other systems, requiring surgery to allow a hacker to jack in and access the device.

If these criteria are met, the hacker can attempt to hack or spoof the implant following normal rules. Device ratings for standard types of cyberware are given on p. 214, SR4. Some implant nodes/transmissions may be encrypted for extra protection, requiring that the hacker decrypt them first (see Encryption, p. 65). Like other devices, cyberware can be manipulated within the limits of its programming and functionality. In most cases, such actions require no test to someone with the proper access privileges. In the case of commands that exceed operational parameters or access privileges, an Opposed Test pitting Command + Hacking Test versus System + Firewall may be required. It would take too much space to provide an exhaustive list of possibilities, but here are a few examples (players and gamemasters are encouraged to be creative when devising other options—as always, the gamemaster has final say):

• Cybereyes can be shut down or crashed to make the target blind.
• Pre-recorded or self-created (using Computer + Edit) sounds could be played within hacked cyberears to make the target hear things.
• Incriminating evidence (for example, forged smartlink footage of a shooting) could be downloaded into an implant’s memory,
framing the victim for a crime.
• The implant may be activated (for example, triggering foot anchor implants to keep someone from running away) or shut down
(turning an internal air tank off, to force them to breathe).
• The target character may be shut out of controlling his own implants by deactivating DNI or altering the account privileges
(requiring a Hacking + Editing Test).
• Seizing control of a cyberarm and using it to attack others, or even the cyberlimbed character.

Hacking Smartlinks and Smartguns
Smartguns and smartlinks are both low-level wireless devices (Signal 0), and the default mode for smartguns is private access—a primary user account is registered when the gun is purchased, and that user can set up guest accounts for friends and allies instead of letting anyone pick up the gun and access the smartgun link and/or fire the device. To prevent their smartguns from being hacked, some users place the smartgun in hidden mode or disable the wireless access and use a skinlink or datajack located on the inside of the wrist to connect to the smartgun (the fiber optic cord also serves to make the gun easier to recover if the character drops it).

Issuing commands to a smartgun through a smartlink is a Free Action that requires no test; issuing commands to a smartgun through a commlink or any other wireless device is a Simple Action and requires a successful Computer + Command (1) Test. If two characters are attempting to command the same smartgun, make an Opposed Computer + Command Test, with the winner determining what the smartgun does that round. Some street samurai store a copy of the Command program in their smartlinks specifically for these tests.

In that same section, there's also a sidebar:

Cyberware Defenses
How can a character protect his cyberware from hacking?
1.) Turn off or remove any wireless links (see p. 31, Augmentation).
2.) Use a direct physical connection rather than wireless (externally-accessible implants only).
3.) Keep the Signal rating low so a hacker would have to be within close range.
4.) Use a good Firewall program.
5.) Use a good Encryption program.
6.) Stay in hidden mode.
7.) Slave the implant to your secure commlink (see Slaving, p. 55).
Install Data Bomb, ECCM, or IC programs.

[Blue_Lion]

*sigh* Second part of that quote, where it talks about "Subscribed Commlinks". And even specifically mentions daisychaining. Do you people not read before you comment?

Daisychaining commlinks can be done, but an attack on your icon in one is an attack on your icon in all, meaning that once you get through, you're in.

But here's some more, from the Game Information section of that same chapter:

Hacking Cyberware
Not all cyberware is hackable, though enough is to make a hacker’s interest worthwhile. To determine if a particular cyber-implant
can be hacked, the following criteria must be met (note that these criteria actually apply to almost all devices, not just cyberware):

First, the cyberware must be computerized—not all implants need a built-in computer. Most cyberware, however is either computerized (or at least equipped with RFID sensor tags) so that it may be queried for diagnostics, controlled remotely or via direct neural interface, or communicate with other implants/devices. See DNI and Wireless Functionality, p. 31, Augmentation.

Second, the implant must be accessible by the hacker, via wired or wireless connection. Most external implants (like cyberlimbs) only have wired connections, requiring the hacker to physically jack in to access the device. A datajack provides immediate access to all cyberimplants with a direct neural interface. Many internal implants have wireless links to aid medical staff in running diagnostics (like wired reflexes) or to link to other devices (like a smartlink). The Signal rating of internal implants tends to be low (usually 0), meaning that a hacker needs to be in close range. Such implants are often slaved to the character’s commlink, however, so a hacker who infiltrates the master node can access slaved implants (see Slaving, p. 55). Some internal implants (such as cortex bombs) have no wireless or DNI connection and so are isolated from other systems, requiring surgery to allow a hacker to jack in and access the device.

If these criteria are met, the hacker can attempt to hack or spoof the implant following normal rules. Device ratings for standard types of cyberware are given on p. 214, SR4. Some implant nodes/transmissions may be encrypted for extra protection, requiring that the hacker decrypt them first (see Encryption, p. 65). Like other devices, cyberware can be manipulated within the limits of its programming and functionality. In most cases, such actions require no test to someone with the proper access privileges. In the case of commands that exceed operational parameters or access privileges, an Opposed Test pitting Command + Hacking Test versus System + Firewall may be required. It would take too much space to provide an exhaustive list of possibilities, but here are a few examples (players and gamemasters are encouraged to be creative when devising other options—as always, the gamemaster has final say):

• Cybereyes can be shut down or crashed to make the target blind.
• Pre-recorded or self-created (using Computer + Edit) sounds could be played within hacked cyberears to make the target hear things.
• Incriminating evidence (for example, forged smartlink footage of a shooting) could be downloaded into an implant’s memory,
framing the victim for a crime.
• The implant may be activated (for example, triggering foot anchor implants to keep someone from running away) or shut down
(turning an internal air tank off, to force them to breathe).
• The target character may be shut out of controlling his own implants by deactivating DNI or altering the account privileges
(requiring a Hacking + Editing Test).
• Seizing control of a cyberarm and using it to attack others, or even the cyberlimbed character.

Hacking Smartlinks and Smartguns
Smartguns and smartlinks are both low-level wireless devices (Signal 0), and the default mode for smartguns is private access—a primary user account is registered when the gun is purchased, and that user can set up guest accounts for friends and allies instead of letting anyone pick up the gun and access the smartgun link and/or fire the device. To prevent their smartguns from being hacked, some users place the smartgun in hidden mode or disable the wireless access and use a skinlink or datajack located on the inside of the wrist to connect to the smartgun (the fiber optic cord also serves to make the gun easier to recover if the character drops it).

Issuing commands to a smartgun through a smartlink is a Free Action that requires no test; issuing commands to a smartgun through a commlink or any other wireless device is a Simple Action and requires a successful Computer + Command (1) Test. If two characters are attempting to command the same smartgun, make an Opposed Computer + Command Test, with the winner determining what the smartgun does that round. Some street samurai store a copy of the Command program in their smartlinks specifically for these tests.

In that same section, there's also a sidebar:

Cyberware Defenses
How can a character protect his cyberware from hacking?
1.) Turn off or remove any wireless links (see p. 31, Augmentation).
2.) Use a direct physical connection rather than wireless (externally-accessible implants only).
3.) Keep the Signal rating low so a hacker would have to be within close range.
4.) Use a good Firewall program.
5.) Use a good Encryption program.
6.) Stay in hidden mode.
7.) Slave the implant to your secure commlink (see Slaving, p. 55).
Install Data Bomb, ECCM, or IC programs.

LOL thank ou saved me having to go threw all my books to find it. I knew i read about it but not where.  Most of the defences where already listed.

[KarmaInferno]

*sigh* Second part of that quote, where it talks about "Subscribed Commlinks". And even specifically mentions daisychaining. Do you people not read before you comment?

Daisychaining commlinks can be done, but an attack on your icon in one is an attack on your icon in all, meaning that once you get through, you're in.

This is true if I'm accessing the Matrix. If my icon is out and about, anyone attacking my icon is, indeed, attacking me directly.

However, regular voice communications and sending out regular data packets doesn't require going out into the Matrix. Heck, you don't even have to be jacked in, you could be forwarding an e-mail with attachments to a team member by typing into the keyboard.

If my icon isn't out in the Matrix, it can't be attacked at all without going through the entire daisy-chain stack.

The point of daisy chaining isn't to protect a hacker infiltrating a computer system. It's to, say, protect that street sam who's busy shooting at people from getting his PAN hacked.



-k

[Mirikon]

Karma, what you're talking about is slaving one device to another. In this case, the commlink that connected to the outside would be the master, and hacking it would still allow access to all slaves further down the chain.

Slaving
One node, the slave, may be linked to another node, the master. In this setup, the master is given full admin access to the slave. When slaving a node to a master, the slaved node does not accept any Matrix connections from any other node but the master and instantly forwards any connection attempts to the master. Hackers have three options when faced with a slaved node. First, they can hack in directly to the slave with an additional threshold modifier of +2, though this requires a physical (wired) connection to the device. Second, they can hack the master node (thus gaining access to the slaved node—and any other slaves—as well), though this node is usually more secure. Third, they can spoof the access ID of the master node and then spoof commands
to the slave.

[Blue_Lion]

*sigh* Second part of that quote, where it talks about "Subscribed Commlinks". And even specifically mentions daisychaining. Do you people not read before you comment?

Daisychaining commlinks can be done, but an attack on your icon in one is an attack on your icon in all, meaning that once you get through, you're in.

This is true if I'm accessing the Matrix. If my icon is out and about, anyone attacking my icon is, indeed, attacking me directly.

However, regular voice communications and sending out regular data packets doesn't require going out into the Matrix. Heck, you don't even have to be jacked in, you could be forwarding an e-mail with attachments to a team member by typing into the keyboard.

If my icon isn't out in the Matrix, it can't be attacked at all without going through the entire daisy-chain stack.

The point of daisy chaining isn't to protect a hacker infiltrating a computer system. It's to, say, protect that street sam who's busy shooting at people from getting his PAN hacked.



-k

Actualy ever com link has firm ware with an icon for you. so even if you are not on the comlink if it is linked it has a icon for you. Does not need to be loaded or access to the matrix it is always there if no where else. They whould only need to gain access to one comlink and who says the one the pick as at the end of the line. The point unwired makes is only new runners make that mistake, it sounds good but is flawed.

Much easer and cheeper to run ice on the comlink than daisy chain them, even easer to turn it off while shooting so as not to give away your sin at a the sight of a crime.  Once he is in he can attack your icon and all icons linked to it or use the access linke to bypass your fire walls.

[All4BigGuns]

Karma, what you're talking about is slaving one device to another. In this case, the commlink that connected to the outside would be the master, and hacking it would still allow access to all slaves further down the chain.

Slaving
One node, the slave, may be linked to another node, the master. In this setup, the master is given full admin access to the slave. When slaving a node to a master, the slaved node does not accept any Matrix connections from any other node but the master and instantly forwards any connection attempts to the master. Hackers have three options when faced with a slaved node. First, they can hack in directly to the slave with an additional threshold modifier of +2, though this requires a physical (wired) connection to the device. Second, they can hack the master node (thus gaining access to the slaved node—and any other slaves—as well), though this node is usually more secure. Third, they can spoof the access ID of the master node and then spoof commands
to the slave.

I think what they're talking about is the "master" being hardlined to all the others with only the final one being wirelessly enabled (meaning it's a slave with wireless). That would mean that they would still have to go through each one one-by-one in order to get into something that they can do anything with.  Those quotes still won't change my ruling on cyberware hacking though.

[Mirikon]

Problem with that, Guns, is that slaves can't connect with anything except the master. Meaning that even if it had wireless functionality, it wouldn't be able to connect with other nodes, such as all the nodes making up the Matrix at large.

As for not being able to hack cyberware, that is a shortsighted ruling, like saying "Stunbolt is too powerful, so I'm not going to let mages cast spells". One of the risks of Cyberware, one of the things that balances it against other types of enhancements, is that it can be hacked. Take away the biggest disadvantage of cyberware, and it gets overpowered. Yes, chromed up street sams should worry about hackers getting in their system. That is one of the checks on street sams. But being able to hack cyberware isn't as uber as some people seem to believe. You're still limited by the functionality of the ware, and to make opposing commands, it is an opposed Command test. Being able to hack cyberware is no more overpowered than being able to hack any other node. Especially if the person uses proper matrix security, having firewalls, Analyze programs, and IC, as well as slaving everything through his PAN, which can be turned off and back on, resetting any hacking attempts people might be making.

Your ruling is overkill, IMO.