Welcome! These forums will be deactivated by the end of this year. The conversation continues in a new morph over on Discord! Please join us there for a more active conversation and the occasional opportunity to ask developers questions directly! Go to the PS+ Discord Server.

Hacking: Admin vs. Admin

25 posts / 0 new
Last post
Fri, 2014-02-14 23:24
#1
consumerdestroyer consumerdestroyer's picture
Hacking: Admin vs. Admin
p. 246
Quote:
ADMIN ACCOUNTS Admin accounts provide complete control over the system. Characters with admin rights can do everything security accounts can, plus they can shut down/reboot the system, alter access rights of other users, view and edit all log files and statistics, and stop or start any software available on the system.
I noticed that if a player gains access they can try and shut down AI, AGI or Infomorph hosted on the system, however they reboot within a few task actions (or more or less at GM's discretion). Two thoughts emerge from this: one is that there has to be some way to remove the reboot redundancy (maybe by software or a Programming check paired with an Infosec check? I'm not sure if maybe this is covered somewhere and I'm just missing it) and then shut them down until someone else goes into the system and re-enables the reboot redundancy (this tactic might be more difficult if there is both infolife and a fleshy/clanky external operator monitoring the system together). But what happens to intruders who have been spotted and locked out had me thinking...what if a player gains hidden admin access to a system and then wants to reduce the monitoring AI to Locked status? Is there a way to keep the AI Locked out of the system that it is hosted on? Could you trick the system into deleting its own security AI/AGI/informorph? I don't see any checks for how one would do that, but the above quote shows that someone with an admin account can alter access rights of other users. So...could they alter the access rights of a security AI down to a flagged, spotted intruder from a position the system recognizes as admin authority? I mean, ostensibly they have all the privileges that the security AI has, which includes doing just that to them. Could they use this to trick the system into not giving any resources to hosting the security AI, because the countermeasures think that they're dealing with an intruder who needs to be wiped out? Trick the system into thinking the resources needed to host the AI are itself a trick to stop it from shutting them down? Thoughts? Am I maybe missing some rules for this?
Top
Sat, 2014-02-15 06:52
Smokeskin Smokeskin's picture
A hacker admin can do
A hacker admin can do anything the regular admins can. Some settings might not be within the scope of the admin rights and the security conscious might require for example rebooting the server in debug mode without mesh access to do some of the things you describe.
Top
Sat, 2014-02-15 08:43
ShadowDragon8685 ShadowDragon8685's picture
If you have a game of Admin
If you have a game of Admin vs. Admin, with both aware of the other and hostile to each other, it becomes a hacker game of Rocket Tag. Specifically, whomever wins initiative has the option to downgrade the other's access rights And then it's no longer a game of Admin vs. Admin. Then it's a game of Admin vs. Locked Out User, which is basically the same as a professional sumo wrestler and an overweight toddler. At that point, only hardware access can turn the contest around. [e]Unless, of course, Smokeskin has the right of things and the server is set up so that an admin account can't be downgraded without the hardware being rebooted in unmeshed debug-only mode. I wouldn't allow that for [i]creating[/i] admin access, though - that kind of kicks the point of hacking in the loins. Of course, you can have some fun with that, too. Can't downgrade admin access? Upgrade [i]literally every account[/i] to admin access. Now your pals with 30 infosec can still jump on and get in on the fun, wreaking untold havoc, and making a reboot mandatory. As well as any of the servers' own lusers who want to take a pot-shot at the authentic admin staff.
Skype and AIM names: Exactly the same as my forum name. [url=http://tinyurl.com/mfcapss]My EP Character Questionnaire[/url] [url=http://tinyurl.com/lbpsb93]Thread for my Questionnaire[/url] [url=http://tinyurl.com/obu5adp]The Five Orange Pips[/url]
Top
Sat, 2014-02-15 09:21
ORCACommander ORCACommander's picture
*makes note to self* if ever
*makes note to self* if ever playing info life make my access level ring 0
Top
Sat, 2014-02-15 10:00
Smokeskin Smokeskin's picture
[quote=ShadowDragon8685
ShadowDragon8685 wrote:
[e]Unless, of course, Smokeskin has the right of things and the server is set up so that an admin account can't be downgraded without the hardware being rebooted in unmeshed debug-only mode. I wouldn't allow that for [i]creating[/i] admin access, though - that kind of kicks the point of hacking in the loins.
If the server was set up like that, I'd still let a hacker upgrade to admin with Infosec and Exploit as usual - but once an admin he wouldn't be able to create new admin accounts of course, it would require Infosec rolls each time. I don't think excessive use of debug mode makes sense either. Systems have to work, and is it reasonable to have to take the server offline every time you need to change access levels for an admin? Maybe for a top secret R&D server or ego backup storage, but it would be unacceptable for most applications. And that's good news for hackers :)
Top
Sat, 2014-02-15 12:50
consumerdestroyer consumerdestroyer's picture
Smokeskin wrote:A hacker
Smokeskin wrote:
A hacker admin can do anything the regular admins can. Some settings might not be within the scope of the admin rights and the security conscious might require for example rebooting the server in debug mode without mesh access to do some of the things you describe.
Well, say it's a lax system. Take for example the GM Screen adventure, Glory. If the distracted, buggy Muse who is barely paying attention in the first place has a hacker trying to downgrade them to Locked Out, it's not like they're inside Vo's head in the first place: he put her in the system from what the adventure says. So if someone downgraded her to Locked Out, would she effectively be deleted? And if not, would she then get attempts to get back in and be subject to countermeasures deployed by the player? I wonder about what the system would think about a "Locked Out" user clearly using up system resources in order to exist, especially with an admin flagging it as a virus!
Top
Sat, 2014-02-15 13:47
ORCACommander ORCACommander's picture
I think in the glory scenario
I think in the glory scenario the muse still primarily resides in the owner's mesh inserts and just monitor's things remotely
Top
Sat, 2014-02-15 17:48
Smokeskin Smokeskin's picture
Yes, an admin could generally
Yes, an admin could generally keep a process from restarting and shut it down. Only very few things would be off limits to an admin.
Top
Sun, 2014-02-16 04:54
consumerdestroyer consumerdestroyer's picture
Smokeskin wrote:Yes, an admin
Smokeskin wrote:
Yes, an admin could generally keep a process from restarting and shut it down. Only very few things would be off limits to an admin.
Well the rules seem clear about how shutting down/crashing an AI just means it reboots in a matter of rounds, which is I guess what sparked all this pondering. The default security seems to be: if you crash it, it comes back regardless (modified by GM's discretion as to the duration until that happens) which is why I assumed that there are redundancies in place for hosted AIs/AGIs/infomorphs.
Top
Mon, 2014-02-24 15:54
NewtonPulsifer NewtonPulsifer's picture
Counters to the "rocket tag"
Counters to the "rocket tag" scenario 1. Install a back door 2. Log in with the opponents' Admin-level account
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Top
Tue, 2014-02-25 13:34
consumerdestroyer consumerdestroyer's picture
But if the opponent is an AI
But if the opponent is an AI/AGI/infomorph hosted on the system, what happens to their data? I can see a player arguing for the system recognizing the data as an intrusion/virus/corruption (esp. if they flag it as such from an admin account, either hacked and hidden or back door'd), and honestly I can't see what a system's security would do about that but attempt to quarantine and delete them. Sure they'd get infosec checks in response, but there isn't really a system in place for this. I guess as GM I'd just have to develop one, but I'm not sure if one should give an advantage/disadvantage or neither to an AI that used to be the admin who is now locked out. It seems like a situation where they're at a disadvantage, being clearly noticed by the system and hosted entirely on the system. To "kick out" a hacker who is access jack'd in, the hacker's presence has somewhere to go once "deleted", which is to say that the hacker retracts the jacks and books it before security gets there. But what happens to a presence hosted entirely on the system?
Top
Thu, 2014-02-27 03:05
ShadowDragon8685 ShadowDragon8685's picture
consumerdestroyer: Depends on
consumerdestroyer: Depends on the system. On pretty much any autonomist habitat, there would be root-level restrictions preventing the summary deletion of any sapience running on the machine. You'd require hardware access to kill them, probably by pulling the device itself and recycling it. In the PC, it would probably not be quite so extreme, but since infolife people (IE, humans existing only as infomorphs,) do exist, you'd still probably need to reboot the device into a special debug mode to cancel and wipe such processes, again, from hardware. If we're talking about the Jovians, on the other hand, their computers are probably set up to automatically wipe any detected sapience running on the device, no intervention by an admin nessessary.
Skype and AIM names: Exactly the same as my forum name. [url=http://tinyurl.com/mfcapss]My EP Character Questionnaire[/url] [url=http://tinyurl.com/lbpsb93]Thread for my Questionnaire[/url] [url=http://tinyurl.com/obu5adp]The Five Orange Pips[/url]
Top
Thu, 2014-02-27 16:59
consumerdestroyer consumerdestroyer's picture
Well, again, if a hacker has
Well, again, if a hacker has fooled the system into thinking that the hosted sapience is, in fact, an invading ego hosted elsewhere (or an ego foolish enough to download entirely onto a system it is trying to hack), would an autonomist security protocol maintain fidelity to that ego any more than it would to the morph and ego of someone who could plant a bomb on a hab? I mean, a hacker who the system continues to host could very well hack the life support out of existence if it breaks free from a quarantine imposed by the system, so if you, as admin, tell the system, "Hey, that's a hacker.", I can't see a reason that the system wouldn't just follow the logical steps. 1) That's a hacker. 2a) That hacker exists elsewhere OR 2b) That hacker was dumb enough to be radically vulnerable in shunting their entire ego onto hab resources. 3) And either way, that hacker is hogging resources trying to compromise the system. What security system would want to keep those resources dedicated to hosting a potential compromise?
Top
Thu, 2014-02-27 19:17
ORCACommander ORCACommander's picture
the ram would certainly be
the ram would certainly be cleared but erasing the hard stored data off the drives would probably be more difficult
Top
Thu, 2014-02-27 20:59
consumerdestroyer consumerdestroyer's picture
Well, let's take an example
Well, let's take an example from the rules: you are a hacker. You try to hack into a system. Success! And the infosec of the security AI failed! No crits, but you're in. You try to do something else. OH NO A 99 WHY DICE GODS WHY?! The GM leers at you darkly over the GM screen for a moment, leaving you to wonder what numbers lie face-up behind that scene of fractal-on-sentinel combat adorning the screen. The screen is lifted, revealing double zeroes. GM: "Sorry bud, you are Locked." Hacker: "Whatever, let the countermeasures come." GM: "Gladly." *rolls to Lockout* "Nice, 66 is a critical success for this AI!" Hacker: "...I hate your dice so much." *rolls* GM: "HAHAHA AND 99 IS STILL A CRITICAL FAILURE NO MATTER WHAT!" Hacker: "...I just hate [b]you[/b] so much, actually. Well, whatever, it's not like I'm deleted from the system." GM: "Uh, you haven't read what the Lockout countermeasure does, have you?"
Quote:
A system that has locked onto an intruder may also attempt to lock them out. Lockout is an attempt to remove the compromised account, sever the connection between the two, and dump the hacker from the system. Lockout must be initiated by someone with security or admin privileges. An Opposed Infosec Test is made with the intruder suffering a –20 modifier for being Locked. If the character defending the system succeeds, the intruder is immediately ejected from the system and the account they used will be placed on quarantine or deleted. That account will not be usable again until a security audit approves it and replaces the authentication. Any attempt to access the system from the same mesh ID as the intruder automatically fails.
Hacker: "...well dang." Now let's reverse the situation. Hacker: "Ok, I'm in with a 77! Critical success!" GM: "Ouch, 88 is a crit fail for this security AI. It was browsing the mesh to find out what the heck this 'tentacle porn' the security chief was talking about before he left the office is all about." Hacker: "Can I see the search results?" GM: "With rolls like these, you could probably program a meshsite ripper and download 10 links deep into each of the top 10 search results without this janky AI noticing the spike in bandwidth [b]or[/b] the direct looking over the shoulder. Yeesh." Several incredulously good player rolls/bad GM rolls later... Hacker: "Alright, so I've removed this AI's admin privileges, downgraded it to Locked and it [i]still[/i] hasn't noticed?" GM: "Look, I'm just going to rule there's no way it couldn't have noticed, even with this chain of crit failures. It knows, it just can't do anything about it. It has no permissions to communicate with anything, or [b]do[/b] anything, and it's isolated and quarantined off, basically." Hacker: "K, gonna launch the Lockout countermeasure on it. *rolls* OH YEAH 00 READ 'EM AND WEEP!" GM: "This is a foregone conclusion but..." *rolls, facepalms as the table goes crazy* "...yeah yeah, 99, whatever. Remind me what that does again?" Hacker: "Deletes the budding little tentacle porn junky from existence." GM: "Uh, what?" *flips to Lockout* "Huh. Yeah, I guess it does." Am I missing something, or is that basically what the rules say would happen?
Top
Thu, 2014-02-27 21:11
ORCACommander ORCACommander's picture
this is dealing with the
this is dealing with the accounts not the full ai or infomorph. deleting or quarantining an account does not delete data by defualt. For example if i was an admin and this forum was using Invision Power Board I could delete your account but by default all your posts would remain. deletion of accounts in EP to me just means removal of access since apart from high security systems each user's data would be stored locally by that user. So in Ep if i were to browse this topic i would authentic my user level and the post data would be pulled from 5 or 6 different person's mesh inserts or ectos. the actual data pull probably would not be handled with my user account but probably by the websites backbone ai.
Top
Thu, 2014-02-27 22:46
consumerdestroyer consumerdestroyer's picture
I see what you mean, the
I see what you mean, the account of the security AI is deleted. But then it remains: what does it mean to be an intruder "ejected from the system"? If you're not hosted on the system, it means your entire presence is deleted as well as your account, near as I can tell (i.e. you no longer exist even as data on the system and are back in your morph with a stunned look on your face). But what would happen if, for example, an intruder was supposed to be ejected from the system and the system noticed they were still there, as in a server-hosted AI?
Top
Wed, 2014-03-05 19:00
The Doctor The Doctor's picture
NewtonPulsifer wrote:1.
NewtonPulsifer wrote:
1. Install a back door 2. Log in with the opponents' Admin-level account
2.a) Log in with a new Admin account created by your attack. 2.b) Your rootkit subverts the firmware such that arbitrary commands hitting a particular port with a particular transport protocol prefixed with a certain string ("988a90ff5003e691713e9f389e88e250 ") are executed as if their UID was the Admin user logged in locally.
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img] [img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img] [url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...
Top
Wed, 2014-03-05 19:03
The Doctor The Doctor's picture
ShadowDragon8685 wrote:If we
ShadowDragon8685 wrote:
If we're talking about the Jovians, on the other hand, their computers are probably set up to automatically wipe any detected sapience running on the device, no intervention by an admin nessessary.
It seems more likely that any compromisable equipment aboard a Jovian habitat would have insufficient processing power for an infomorph to inhabit it. Infomorphs and AGIs are unpopular, to say the least, so there would be little need to include that kind of CPU power. Which would make life interesting for Firewall agents infiltrating a Jovian habitat - they would have to bring their own server to virtualise an AGI or two because loading them into the hab's network would bring it to a crawl.
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img] [img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img] [url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...
Top
Wed, 2014-03-05 19:05
The Doctor The Doctor's picture
ORCACommander wrote:the ram
ORCACommander wrote:
the ram would certainly be cleared but erasing the hard stored data off the drives would probably be more difficult
The discussion seems to implicitly assume that an infomorph cracking a particular piece of equipment needs to transfer zirself into it. That is not necessarily the case, and in many circumstances it would be infeasible for such a thing to happen. I somehow doubt that even a beta fork() could be instantiated in the microcontrollers managing an environment control system, for example. Transferring data and sending commands to a cracked piece of hardware are not the same as uploading your mind into it.
[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img] [img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img] [url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...
Top
Wed, 2014-03-05 20:40
ORCACommander ORCACommander's picture
The Doctor wrote
The Doctor wrote:
ORCACommander wrote:
the ram would certainly be cleared but erasing the hard stored data off the drives would probably be more difficult
The discussion seems to implicitly assume that an infomorph cracking a particular piece of equipment needs to transfer zirself into it. That is not necessarily the case, and in many circumstances it would be infeasible for such a thing to happen. I somehow doubt that even a beta fork() could be instantiated in the microcontrollers managing an environment control system, for example. Transferring data and sending commands to a cracked piece of hardware are not the same as uploading your mind into it.
this is part of a discussion of an infomorph defender on the host system you are breaking into. not of your forking yourself or uploading a morph over into the target system
Top
Thu, 2014-03-06 15:45
consumerdestroyer consumerdestroyer's picture
Yeah, like a security AI in a
Yeah, like a security AI in a basic situation is a good example of a defender being hosted entirely on the system. Or even the head of digital security, whether uplift, AGI or otherwise, inhabiting a system and patrolling for leaks! I mean, take for example the kind of security procedures you might find at an ego backup server farm for an egocasting/resleeving/backup insurance company. I bet they have people in morphs sitting at hard-wired terminals, people in morphs sniffing for trouble on the wireless mesh and security specialists as data digitally patrolling the systems, in addition to the private security contractors there to eliminate anyone trying to physically get in. But say a team managed to wipe all the morphs out and was trying to eliminate the admin infomorphs.
Top
Mon, 2014-03-10 23:49
NewtonPulsifer NewtonPulsifer's picture
If anybody was mesh connected
If anybody was mesh connected at my ego storage backup company I'd fire them, shoot them, and then delete their backup. Air gapped network at a minimum. Ego backup data delivered by sneaker-net from vault to resleeving area.
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Top
Tue, 2014-03-11 00:01
NewtonPulsifer NewtonPulsifer's picture
ShadowDragon8685 wrote
ShadowDragon8685 wrote:
consumerdestroyer: Depends on the system. On pretty much any autonomist habitat, there would be root-level restrictions preventing the summary deletion of any sapience running on the machine. You'd require hardware access to kill them, probably by pulling the device itself and recycling it. In the PC, it would probably not be quite so extreme, but since infolife people (IE, humans existing only as infomorphs,) do exist, you'd still probably need to reboot the device into a special debug mode to cancel and wipe such processes, again, from hardware. If we're talking about the Jovians, on the other hand, their computers are probably set up to automatically wipe any detected sapience running on the device, no intervention by an admin nessessary.
FWIW I only allow these sorts of failsafes on cyberbrains, not on ecto class processors. Hosting an ego on an ecto? Deletion is a very real risk.
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto
Top
Tue, 2014-03-11 13:06
consumerdestroyer consumerdestroyer's picture
NewtonPulsifer wrote:If
NewtonPulsifer wrote:
If anybody was mesh connected at my ego storage backup company I'd fire them, shoot them, and then delete their backup. Air gapped network at a minimum. Ego backup data delivered by sneaker-net from vault to resleeving area.
I think there'd probably be a local mesh up at an ego backup server farm, for those working there to communicate with each other. Although, actually, now that I'm typing this...I guess an ego backup facility'd just spring for tacnets in every brain.
Top