Code breakers and thief takers
“We must be as stealthy as rats in the wainscoting of their society. It was easier in the old days, of course, and society had more rats when the rules were looser, just as old wooden buildings have more rats than concrete buildings. But there are rats in the building now as well. Now that society is all ferrocrete and stainless steel there are fewer gaps in the joints. It takes a very smart rat indeed to find these openings. Only a stainless steel rat can be at home in this environment…” — Harry Harrison
All the pervasive Matrix stuff makes the world seem intractable for professional criminals. Surely the second you come out of the Barrens, you’d be revealed six ways to Sunday, right? Fortunately it’s not that bad. Smart bad guys - by which I mean “anyone who’s not a gutter-punk scum” - have some tricks up their sleeves.
Hiding on the Matrix
Alice is a shadowrunner, walking through a high-end commercial part of town, surrounded by throngs of wageslaves looking to buy lunch or scurrying to meetings. She passes Bob, a Knight Errant beat cop. Alice is up to no good, and therefore carrying a wide range of interesting and potentially illegal items, many of which have Matrix functionality. How does she slip past Bob undetected?
NotesNB: I am removing the Wrapper program, as Shadowrun itself did in 6e. I think it causes an endless hall of mirrors problem, where everyone is constantly running Matrix Perception checks against everything in case it’s a Wrapper hiding something dangerous. This slows down play unless you handwave it away, so I’d rather just remove the entire concept instead.
Hiding in plain sight: looking legal
What’s the most fail-safe way to hide? By not having anything to hide in the first place.
If Alice is only lightly armed and has a good fake SIN, she could simply have a legal licence for all her armaments. Her commlink, in addition to her usual SIN and persona icon, will broadcast that she is armed and that she has appropriate licenses. This will probably attract a little attention from Bob; enough to warrant a SIN check, say. But licences to carry firearms are not uncommon so if she’s not doing anything else suspicious and her SIN stands up to scrutiny, Bob will let her pass.
Dropouts: going offline
What constitutes a gun that Bob will ignore and a gun that will attract his attention is very situational, however. Perhaps Alice is carrying more serious firepower than a light pistol: say, a hunting rifle, concealed under a long coat. She might have a licence for it, and it might be perfectly reasonable to be carrying out in the wilds of Snohomish, but that doesn’t mean she can broadcast that she has it now. If he sees that, Bob’s definitely going to know that something is up. Wageslaves don’t take long guns to lunch.
Alice’s next option is to completely disable the wireless features on all the things she wants to hide, while still leaving it enabled on innocuous devices like her commlink (which is still broadcasting her fake SIN, of course.) This means her illegal things can’t be spotted on the Matrix at all. However, it has a few disadvantages:
- If she needs the gun in a hurry, she may not have time to turn the wireless back on. (For bits of gear, this involves pushing a physical button; for cyberware, giving a mental command. It has to be done one-by-one.) If she gets jumped, she’ll have to do without her smartgun, boosted reflexes, and other toys until she can do that.
- If Bob spots the shape of the gun under her coat while she’s not broadcasting an ARO saying she’s armed, he’s going to get really, really interested in Alice. Only criminals would hide that they’re armed. So if you’re going to turn the wireless off on something, you’d better make sure it can’t be spotted.
Obviously, if Alice was trying to sneak into a building in the dead of night, she’d also need to take her commlink offline. It’s pretty hard to sneak into anywhere when you’re broadcasting your Matrix presence to everyone within half a kilometre.
Running silent and the art of traffic obfuscation
If she is trying to sneak into somewhere, though, Alice’s third option is to set her entire PAN to run silent. This means all the devices in it minimise their traffic to and from the Matrix, the commlink stops advertising itself as a Matrix node, and she generally disappears from the local grid.
Two downsides here:
- Walking around downtown, it’s pretty suspicious to not be online. It’d fly in the Barrens, but if Bob notices that Alice doesn’t have any sort of commlink or SIN broadcast, he’s going to assume the worst. (He might not notice, though, as it’s very crowded.)
- On the Matrix, spotting a commlink that is running silent is pretty easy for any decker or spider. There’s still some data moving back and forth, and if they know to look for it, they’ll probably find it right away. It gets a lot harder if Alice has a friendly decker who can add Alice’s gear to their PAN and guard her Matrix presence with their cyberdeck, though.
Most of the time, Alice is only going to use running silent if she’s trying to sneak into somewhere. Taking selected devices offline is probably the better option in public spaces.
NotesNB: as in Shadowrun 6e, I am saying that Running Silent is a whole-PAN setting, not a per-device setting. This streamlines decision making and book-keeping.
Having your cake and eating it: internal routers
Tag randomisers and scramblers
All those tags in your clothes and equipment, reporting their existence to anyone nearby and their location to servers at all times, would make sneaking around pretty tough. Shadowrunners and other dubious types get around this by scrambling them to destroy their code entirely, or randomising their IDs on a regular basis so no-one can discern any pattern from them.
Normal tags are very easy to mess with and have no countermeasures against this.
TODOhardened / stealth tags
All the clever cloud security stuff described above doesn’t work for squat if you have a low-grade fake SIN or no SIN at all. Fortunately, there’s a fallback mechanism built into the protocols designed to work when the user is off-grid, for example, if there’s another Matrix crash or if you’re way out in the wilds. You can download backup copies of your digital keys and store them on your commlink, then use them to start your car or open your apartment without any hosts being involved. Bonus: it’s another way of tracking you that no longer works. Only downside is, if your keys get stolen by a script kiddie, so does your stuff - and if your commlink gets trashed, you’d better have backed them up somewhere… Better upgrade from that base model Meta Link, omae.
The difference between legal and illegal cyberdecks
Mass media would like you to believe there’s a world of difference between the tools of the Matrix security specialist and those of the decker. After all, the good guys and the bad guys can’t use the same stuff, right? Otherwise you might question which was which. Well, actually, their ‘decks and their actions are more alike than they are different. Both groups of people need the ability to reach out and hack targets across the local mesh, whether to attack or counter-attack. So both groups need quantum decryption cores to crack encryption and armies of vuln scanners to find exploits on their targets.
What does differ, though, is the degree of monitoring by GOD. Legal cyberdecks are infested at every possible level with stealthmode code and hidden firmware designed to report back to the Grid Overwatch Division at every turn. This code is created by pseudo-AIs, different on each deck manufactured, in an attempt by the corps to stay one step ahead of the streets.
The high price of illegal cyberdecks doesn’t reflect the off-the-shelf hardware so much as the modifications necessary to turn it into a black market cyberdeck. Skilled technicians must labour for many hours to unpick the backdoors and boobytraps built into legal cyberdecks by the manufacturers before they can be used for illicit goals. Processors and memory cores sometimes have to be replaced with custom-manufactured replacements, assembled on nanoforges in anonymous back-alley workshops. An entire cottage industry exists, hidden from view, and the best of their work is always in high demand.
Somewhere in between cyberdecks and commlinks is a broad grey area of kitbashed decks. Usually not much more than a souped-up commlink running some custom software cobbled together by some backroom illicit tech, they are far less capable than even the weakest purpose-built ‘deck. However, they’re also a lot cheaper, and much easier to find on the streets. Many a novahot decker started out with nothing more than a kitbash ‘deck and a datachip full of dreams.
TODOThese are the dongles in Data Trails / Kill Code that grant commlinks a couple of points in Attack and/or Sleaze. They’re of little interest to shadowrunners and are here mainly to explain how low-level criminals can afford any hacking equipment at all, as even the cheapest ‘decks are beyond their reach. They can also be used in decker PC’s back stories - explaining how they got started without having to afford a full-on deck somehow.
How to hack
For legal Matrix users, the local mesh - the wireless peer-to-peer network that gets their data onto the backbone - is just an implementation detail. They rarely even think about it. But for deckers, it’s home.
The corps control and patrol the backbone, and going anywhere near it with an illegal device is begging for trouble. But the local mesh - that’s different. It’s a dizzying mishmash of devices, built up of protocols laid on top of protocols laid on top of protocols, each layer with its own cocktail of security holes. There’s no central control and no central oversight, it’s impossible to secure, and it’s where deckers earn their keep.
Step one: find your target
Step two: reach your target
Step three: hack your target
A decker begins by running routines to poison the local mesh routing protocols. Normally, the grid just passes traffic along to the nearest uplink node. But under the decker’s control, this is corrupted, causing it to pass traffic through the local mesh directly to the target of their hack. Like all local mesh connections, this has a limited range though, so deckers need to be brave enough to get out into the field and within range of the devices they wish to pwn.