Okay so I've read the rules and had some successful albeit short runs as the GM, partially winging some things. From what I understand, a data steal run would go something like this:
1. Enter host with user access or administrator access only if required.
2. Patrol IC gets deployed and makes an immediate perception test to spot the hacker, then does another test every minute. Would the hacker actually even be in there a minute later?
3. Hacker does hash checks until they locate the file they're after.
4. Hacker teleports to the file location and uses an action (I forget, probe?) to defeat the defenses of the file.
5. Hacker acquires the file.
6. Jack out.
If at any point the hacker is detected by patrol IC the host begins to deploy one new IC per round, up until the number of IC matches the host rating. If the patrol IC does not spot the hacker then do they have free reign over the system or is there a way for the hacker to be noticed otherwise? Lastly, to create a larger system, multiple hosts can be attached, making the hacker have to beat multiple hosts and acquire user or admin access to the new hosts, giving extra chances to be caught. How far off am I?