Sample Devices for Hacking

This will be of varying use, but this is how I’m going to stock locations with hackable devices. I’m using a Trav-style universal device profile so that I can just write the six-digit code onto whatever map or document I’m using. At the end I’ve written up some statblocks for some of the things you’d see constantly.

The Device Profile

A simple system to make it easier to keep track of devices when stocking a location:

A device’s security rating ranges from zero to fifteen, expressed in hexadecimal (0 to F). Rating-zero devices are the most secure, rating F devices are the least secure. Installations also have security ratings. If a device is marked with an I, its security rating is equal to the installation rating.

Devices are marked with a W if they are wireless-enabled, a lowercase w if they are only accessible wirelessly with prior knowledge or exploits , and with N if they cannot be accessed wirelessly.

Devices are then marked with two digits corresponding to the countermeasures present. Mark them as W if they contain white ice, which targets the hacker’s device, attempting to disconnect or damage it. Mark as B if they contain black ice, which targets the hacker’s brain. Then, mark with a number between 1 and 6, corresponding to the chance (out of 6) that the ice triggers when a hacker takes control of that device. Devices without ice are marked 00.

Mark a device with a capital D if it contains obvious data of import, and with a lowercase d if that data is hidden. If the data is encrypted, mark it with a letter E. If it is hidden and encrypted, with lowercase e. Mark it with a 0 if it contains no such data.

Finally, mark the device with a C if it is able to control a complex device, like a construction drone, heavy machinery, or fire sprinkler system. Mark it with a 0 if it has no such capabilities.

The final six-digit code serves as a shorthand for handling device security on the fly. For example, a device marked AwB400 has a Security of 10, is accessible wirelessly through an exploit, and has black ice at a 4 in 6 chance of triggering.

Sample Devices

Commuter Car - Bw000C

Can be driven. Wireless access is on a specific encrypted protocol for self-driving vehicles; a specific car can be opened wirelessly if its communications are monitored for 4 turns, or if its Vehicle Identification Address is found ahead of time.

I myself see the car crash as a tremendous sexual event really: a liberation of human and machine libido (if there is such a thing). –J.G. Ballard

Electronic Lock - 9N000C

Regardless of the intended mechanism of opening (keycard, pinpad, biometric), if the lock can be connected to, it offers little resistance. They have no data ports on the outside, but if the cables leading to them can be identified, they can be tapped with cheap tools.

Smarthome Node - AW00EC

Every security pro wishes people didn’t use these. Even when the owner is savvy enough to disable the wireless, they can be accessed by tapping into any of the external devices (cameras, air conditioners, internet routers). Contains records from those peripherals, with basic encryption so that secure” can be printed on the box.

Security Camera - AN00D0

Once inside a security camera, it can be altered to send a false feed instead of the real one. If the feed is supposed to be convincing to a close observation, it should be forged ahead of time. Contains a few days’ records of its own feed; archives are always held elsewhere.

Corporate Dataterminal - IN0000

Thin client email-stations which are only useful as little avenues through which to access the installation’s more important devices.

Major Terminal - IN00D0

Terminals where important work is done which cannot or should not be offloaded to a distant server. Terminals used for research or programming would qualify; these tend to store data. Many missions involve searching for the correct one of these to find the work of a specific employee.

Mainframe - IN3WD0

Ice varies. Mainframes contain data relevant to the installation’s computer network, and all incoming and outgoing data traffic passes through the mainframe in most cases, so communications can be sniffed and decrypted from here.

Quarantine Router - IN6W00

These are layered with thick ice which boots and blacklists any device that triggers it. This ice cannot be broken through by brute force, you need specific exploit information to evade it (which can often be found on the black market, if you know enough about the device itself. Exploits can be used once before the ice adapts to them). These are used to prevent installations from being hacked over the open web. With clever spoofing, the ice can be tricked into targeting another device.

Trap Terminal - 7N4B00

These are virtual machines in corporate mainframes which are listed to appear like terminals elsewhere in the installation. Since they would never be used by a legitimate device, the security pros have no qualms about loading them with especially nasty countermeasures. Can be identified by monitoring traffic flows in the network, but this takes time.

Bottleneck Node - 5N3W00

Especially secure routers made for securing the deliberate choke points’ of a network topology. Ice in these nodes is typically designed to trace back to the hacker’s physical location before booting them.

August 31, 2023