I'd start setting up obstacles that a hacker can't solve. Toss them through a Gate, strand them on a mined-out asteroid or ship them to the surface of the sun. You can't hack if there's no wifi. - An exurgent colony has established itself on an asteroid in the Main Belt, attacking and infecting any prospectors who come looking for the rich palladium vein inside it. There are a few mining bots left behind but there's no hackable architecture (the miners got eaten before they could set up accommodation) and the mutated gribblies are happily living in hard vacuum in the middle of a deep crater. Blow them to bits and wipe any trace of the exurgents ever being there. - A rush order goes out on The Eye: verified intel says that an exurgent-tainted shipment of rations has been slated for an exploration team's first supply train. It's currently hidden amongst hundreds of identical pallets in a high-security Gatekeeper/Love & Rage/Pathfinder warehouse, but Firewall knows it's going to be on the colony's supply train. The players are inserted at the last minute as escorts to find and destroy the tainted food once it's on the other side and away from watching eyes. Once they get there they're going to have no mesh other than the sparse equipment set up on the other side, and the exploration team might strongly object to their precious supplies being torched...

Bursting Eagerness Soul wrote:

I would either throw physical threats at them that they can't hack, or have circumstances render the fork/partner unavailable for a time. Also, their skills shouldn't straight up stack. Each extra person should add +10 to the roll, as per teamwork rules.

And IIRC the maximum bonus from that is capped too, something like +30 (ie 3 people helping) I think it was? Something about cooks and kitchens. I might be remembering it wrong though. But yeah, sticking an administrator on your systems is probably one of the better defenses against high-level hackers, especially if blocking the hack is less important than setting off the alarm that summons an army of security guards. With the abundance of task-specific AI in EP (considering everyone has one in their head...), getting an administrator is fairly easy and I would consider failure to at least install a basic monitor AI to be negligence on the network owner's part. Having a monitor also gives you a second lever to adjust difficulty: not only can you set up the system to give negative modifiers to the hacker, but you can also give positive modifiers to the monitor so that it does better on the contested roll.

R.O.S.S. is correct; teamwork caps at +30, per EP pg 117. Eagerness, I'm not so sure about that. While I can see the reasoning behind it, another part of teamwork is that someone will often wish they had someone doing a specific thing. If your forks are there, they know exactly what specific thing you need them doing, and they can be doing that. My uncle's always screaming "I don't have enough hands!" whenever something comes up that requires manual dexterity and the manipulation of more than one object at a time. While this is, frankly, [i]maddening[/i], it's explained by teamwork bonuses; specifically, when he worked at a car factory, he had a guy who worked with him, who was his "second set of hands," acting without my uncle needing to tell him what to do, handing him things or taking things out of his hands the moment my uncle needed them or needed them not to be in his hands. So I'd say, let a fork count for full teamwork bonus. While them thinking just like you do is, in some ways, limiting, it's also a force-multiplier, as you don't need to tell them that you need XZYABDC done in that order, they just know it and do it.

I think I'm going to go against the grain here and actually suggest you embrace their incredible hacking skills. First, I guess I'd ask, did your player set out to make the best hacker they could? Do they want their character to be an incredible hacker? Maybe they didn't realize what the stats they were assigning their character truly meant. If they didn't, maybe a frank discussion with them would sort the issue out. Bringing the hacking skill down to a more... averagely exceptional could help with this. A hacker with 60 to 80 can do a lot of amazing things and should be respected in their field. Having a 99 in their hacking skill makes this character the absolute best of the best. They probably don't have a peer. If this is not what the player realized they were doing, it might be worth adjusting their character sheet. If this is what they were doing, I'd try and roll with it. I can see how it might be frustrating to see someone able to cut through all computer security like a vibroblade through tissue paper. However, ultimately this player's fantasy is being able to do that. This is their fun. When you write your adventures, take for granted that the player will hack the system. Make it so the NPCs in the game understand this person. Maybe your hacker ends up getting framed for a hack they didn't get, because "Only the best could have cracked us!" Maybe agencies will seek out this hacker for help, because only they can get the job done. Maybe your adventure seed relies upon the hacker stumbling across a carefully encrypted file they find floating around on the mesh. It should have been safe and confidential, if it weren't for their character. If you make the universe act in such a way that this character is a legend, they get to feel good about the character they built and you get a plot device that helps you show why it's the players that are the important people in your story. As far as defenses against the best hackers... I think R.O.S.S. has the right of it. System Administrators are the best defense, and against someone that good maybe the only defense. If the SysAdmin gets word the player is in their system, maybe you can even make it an interesting choice. The Admin's hiding files, you've only got time to chase down one of your leads, which will it be? Also, if this SysAdmin is working for, say Gorgon, they can probably count on hefty equipment bonuses and some assistant AIs, giving them some rather near legendary skill bonuses themselves. While throwing in un-hackable problems is indeed a good idea, I'd urge you to not do it too often. If the player has built themselves around hacking systems, and no systems are there to hack, why are they playing that character? Maybe they should just reroll a Scum Martial Artist so they can play in the game again...

Lorsa wrote:

The sad answer to that question is; you don't. Maybe there's an answer for how to make hacking truly interesting for a character specialised in it, but I haven't found it yet.

Challenge Accepted! The very first thing you need to realise is that creating forks to support hacking is a pretty obvious measure. So obvious in fact, that it can be considered standard practice. This gives you two options: 1. Run with it. In this case, even a bog-standard security AI is going to be forking itself to get the maximum bonus - so if you're players want to do anything more than the basics they're going to be running into contested rolls against scores of 70+, and probably 100+ when you apply bonuses from software, hardware or other privileges. Remember, you can always give your defender a bonus instead of giving the attacker a penalty. 2. Flip it. Don't give bonuses for forking, give penalties if they don't fork. This balances better of you don't want to use active defenders, and allows you to give extra penalties/bonuses depending on the availability of fork-supporting hardware. The next thing is this: Don't be afraid to use physical limitations. These needn't be as comprehensive or extensive as the Jovians, but very simple physical restrictions can be very effective, and are by no means out of place in other locations. You can have programs/data on drives which only connect when physical events close a circuit, such as sitting in a specific chair, being in a room, or throwing a switch. You can make an “unhackable” passcode in the same way – each possible code coincides with a physical connection. Put in the wrong code, and you close the circuit on an alarm, or connect to a drive loaded with fake data, or one loaded with horrible, horrible viruses, or ignite the Thermite lying on top of the server... the choices are endless. You can also use software alternatives, like having alarms go off if an administrator is logged on but doesn't open “GoatSe.exe” within 2 minutes, or have files only accessible when multiple specific user accounts are logged on simultaneously. You can place restrictions on the user. A sensitive file may simply be a random assortment of pictures, smells and tastes: actual users get a physical augmentation which decodes the image (synesthesia as encryption). Finally, it's perfectly reasonable to say that some things simply aren't achievable without additional skills rolls, if at all. Your Infosec expert may be able to access someone's personal log, but not speak the language it's written in – especially if it contains personal slang or technobabble. Likewise, they could gain access to a ship's reactor control system, but without the technical know how all they can do is dick around a bit, until the system realises the user doesn't know what they're doing and throws them out. TLDR: 1. Everything they can do, you can do better; You can do anything better than them. 2. Infosec should allow access to solutions, or be the solution, but never both.

You implement the rules as written, which are based on modern-day cybersecurity techniques. A character can't just walk up and slam a system with a roll and expect to be in, unless it's a really poorly secured system. Brute-force doesn't work because as soon as you fail three times, the system locks you out. You can't even scan for security vulnerabilities because as soon as the system senses it's getting scanned it buttons up. At this point you could roll a thousand. But just like rolling a critical success on Athletics doesn't mean you can fly, a critical success on hacking doesn't mean you're magically 'in'. So what do you do? 1) You do footwork to find vulnerabilities, mostly through research on the mesh, establish contact with people involved the system, then research how to exploit these vulnerabilities. This all takes time, usually months. Your super-character can reduce that to days or perhaps hours. 2) You do footwork to establish credentials. Maybe a directed attack; phishing messages, hacking personal email accounts for users to see if you can find some written down passwords, etc. Again, all that takes time. 3) You monitor traffic to see what you can extract, and do some mean decryption techniques. The first takes physical time, and can't be compressed, the other takes a TON of processing power (even with quantum computers, it takes time). So you're still waiting. Yes, all of this assumes you as GM know enough about hacking to be able to back this up, but you don't always have to be so colorful. Sometimes the answer is 'yes, you can do that! It will just take X years to complete. Go ahead and roll,' or 'well, roll your Moxie to see if you can guess. Otherwise the system will lock down,' or just 'no, you don't have the tools or knowledge to crack that system'. Yes, people who don't understand computers will get frustrated, since it seems like GM fiat. But the fact of the matter is, even for people with skills of 98, sometimes gravity still works.

As others have said and I briefly hinted at, integrating hacking into an Eclipse Phase game does require a good deal of mental agility and outside-the-box thinking. For example, it is possible and indeed even important for immersion purposes for multiple skills to be required either to achieve a hack or to do anything useful with the system you've accessed. This obviously would put a damper on anyone who completely maxed-out Infosec at the expense of everything else. As has been mentioned, can you read the language of that file you stole? Do you know enough about that reactor to make it melt down, or are you just going to trip some safeties and piss off the company's IT department? You've taken over some drones, but do you have the appropriate interfacing skills to order them around? Do you have the relevant piloting and gunnery skills to make them threatening? Do you have enough actions per turn to juggle all the bots you've seized? Now obviously your goal isn't to completely screw the player over. If you have a high-power hacker in the game, obviously there should be some stuff that they not only can hack, but *should* hack. Otherwise, they'll end up feeling like a third wheel. These are Player Characters after all, and as a rule Player Characters usually do expect to be somewhat successful more often than not. Different people also have different hacking styles: the smooth-talking con artist might rely heavily on social engineering, taking the path of least resistance into systems with minimal infosec rolls and exploits they downloaded from people who owe them favors. The AI flirting with the boundaries of Singularity may rely on a more brute-force approach, programming custom exploits in minutes to hours as it dedicates a terrifying number of processing cycles to perform actions in the blink of an eye. It can help to keep those styles in mind when giving them leads on systems and designing the systems as well. It can help them get into character, and also allow you to drop hints about which systems they should lay siege to and which ones they should avoid. Both can potentially have consequences, in the form of taking rep hits if people find out what you've done with the favors you asked of them, or getting labeled (deservedly or not) as a rogue AI who needs to be put down for the sake of humanity. The definition of defense can be flexible too. Sometimes stopping the hack is less important than hitting the panic button that sets off the explosive bolts attached to the hard lines. Admins can hack back too, tracing locations, grabbing mesh IDs, and generally doing things that will either be a nuisance now or come back to bite the players later. If you're hacking into a place that is really high on security and low on morals, they might even be prepared to deploy black ICE. Oops, was that your cortical stack? Hope you had a backup. There's definitely a lot of situations that can be set up where your hacker has to succeed several times (get access to the janitor's account, elevate to the accountant, elevate to the junior IT guy, elevate to his supervisor, elevate to admin...) while the system administrator only has to succeed once (notice intrusion, push big red button).