this post was submitted on 20 Nov 2024
27 points (96.6% liked)

rpg

3216 readers
37 users here now

This community is for meaningful discussions of tabletop/pen & paper RPGs

Rules (wip):

founded 2 years ago
MODERATORS
 

In High technology setting, the hacking skill is incredibly powerful, and a shortcut in many investigation scenarios. By hacking the CCTV camera, I could see that Joe did it, by checkin [insert social media] I know were the evil gad guys live.

Either you go old shadowrun-style with a whole mini game where decker can be killed by AI but it's pretty heavy and weird, or you end-up with 3 success on my roll and give a lot of info for just one roll.

What are your trick/house-rules to prevent that ? And how would you actually protect from panopticon. Especially looking how stupid people are in today's real world

top 11 comments
sorted by: hot top controversial new old
[–] Bougie_Birdie@lemmy.blahaj.zone 14 points 1 month ago

I don't really run a lot of cyberpunk, but I'm all about subverting player expectations. The trick is usually to make them feel like they got something out of the skill, while also ensuring that they don't circumvent the whole thing with a single check.

So say you look up the evil bad guy's social media to find out where they live. Then you discover that they live in a hardened bunker only accessible from the private elevator of their corporate penthouse office. The knowledge of their whereabouts is useful, but it's still going to require more strategizing to figure out how to penetrate it.

Or if they're a major public figure, you might discover that their social media is being run by a botnet. You might not get your target's exact location, but it gives you a chance to direct the players in an investigation at the botnet's physical address.

Hacking the CCTV camera might determine that Joe did it. But maybe the assailant was disguised, or Joe got deepfaked, or your hacker discovers that someone has deleted / corrupted the footage. All of these scenarios have potential to turn the investigation in another direction.

If you have a hack-happy player then you probably want to do something to beef up the villains' technological prowess. Ultimately you do want to reward the player for using their skillset, but you also want to challenge them too. Every hero needs a foil, after all.

It would probably be disingenuous to have every villain suddenly be a computer prodigy though. But it's not unreasonable to have a few high-profile hacking antagonists or organizations. And if you're the sort of villain who has the resources to wield a private army or a lavish ultra-rich lifestyle, it stands to reason that you've probably contracted out your IT needs

[–] trashheap@social.avoidbig.tech 12 points 1 month ago* (last edited 1 month ago) (1 children)

@Ziggurat I don't know of any system which does this. BUT my gut reaction is to simply make any kind of "hacking" skill less broad.

Requiring the player to either gain profeciency with the hacking skill towards different kinds of tech; as they advance.

OR

Breaking it down into less broad skills. I.E.
* Cryptography (decrypting encrypted data)
* Network Access/Device Penetration (getting into a device at a distance)
* Privilege Escalation (Your into the system, but now you need to trick it your an admin.)
* Scripting/Programming (Your miscellaneous reprogramming a device skill).

[–] Sanctus@lemmy.world 3 points 1 month ago

I'd just like to add with more than an upvote that I do this and it works well. Also I set up points for cameras. Some are stationary, some are PTZ that change their view over time, and SOMEONE has to stay at the cameras with accessible communication to give the whole team info about it. Hacking and computer stuff is less of a problem the more you know about it in real life.

[–] INeedMana@lemmy.world 9 points 1 month ago

hacking skill is incredibly powerful, and a shortcut in many investigation scenarios

(From cyberpunk-ish perspective)
Let's re-frame this. Instead of thinking about hacking, let's think the goal here is to shoot someone. Of course, they can just walk up and shoot. But that is not enough to spend time on this. Especially when one of the PCs is a cybered-up shoot-first-ask-later kind of character. So what do we do, so there is a challenge to that? You can have bodyguards, secure buildings, time-frames, additional entanglements. Just as we don't envision a mission where they could just walk up to the target on the street and pull the trigger, we need to add layers to hacking too.

And before I get to giving some examples. Take a look how investigation flows in noir films. Our hero is often and oddball that somehow manages to sleaze his way into possession of some info but then hits a snag, it all ties to someone with power. Some scheme where a few bad steps can buy you a bullet. So the hero had their shining moment but there's more to it. And btw that tie is why we are telling the story in the first place.
Of course, there is little point to saturate every investigation hack with so much happening in the background. But again, it's the same as with shooting. A trigger-finger-character is trying to get some info on the street and dice or pacing says you want to spend some additional time on that? The ensuing shoot out on the streets doesn't have to be machinated by a corp secret forces, it can be just a case of Monday.
Same with hacking, if what they are looking for is just one piece of intel that is needed to continue, and PCs will obtain it this way or the other because that's where story is going, just toss them an IC or two to keep things real and let's call it a day

So the real hack, the beat-important hack is not just a hack on the go of a low level place. It should be like shooting a mid-level manager in the face. So layer it up with air-gapped systems, time-based response, public visibility, rouge AI, mysterious AI, script-kiddies wrecking the place, prototype ICE, etc. A complication that makes it a story and provides pressure

And just to rant a little bit, I think Shadowrun and Cyberpunk really dropped the ball on hacking. It shouldn't have been a dungeon crawl. Currently we either have matrix-crawl or whole full-narrative systems. There is little in between and IMO in no way it resembles the source material like Neuromancer hacking

[–] Berttheduck@lemmy.ml 6 points 1 month ago (1 children)

Really depends on the specifics of your setting doesn't it. A lot of things aren't going to be available outside of the local network which means you'd need to logistically get into the building via other skills. Most of the time your not going to be able to access what you want from a safe location.

[–] andrewrgross@slrpnk.net 6 points 1 month ago* (last edited 1 month ago)

I would second this. I've definitely spent a lot of time with this question.

For my setting, I try to lean into realism. So the first thing we have to ask is what "hacking" means in these situations. Hacking shouldn't be magic.

First, hacking typically looks like using a system in the way it was intended by someone who wasn't intended to use it or in some other modified way. So to break into a CCTV system, ask how proper users would use it, and then how to bypass that.

Second, the more advanced technology gets, the more advanced security gets. Think about what it would take to hack into a CCTV system today. You'd likely need to steal a password to use the actual software or snoop the raw data signal of a camera and then decode it. In the future, this isn't going to be less secure.

So if you wanted to hack into CCTV camera, players should not be able to roll and then see anything anywhere. They should need to find some physical connection and/or find some way to obtain credentials to a remote access system. This could be by forging biometrics of someone with access, tricking someone with access to logging in for them, or finding leaked access credentials online. And all of these should have limitations: how long they can be logged in; what they can do without triggering detection; how long it takes to call files; etc.

These same principles apply to a social media search. It wouldn't really make sense for everyone's data to be readily available to anyone with basic hacking proficiency in some kind of easy database. Assume online privacy moves forward at the same pace or greater than privacy invasion. You can't just type "HACK!" and see someone's real-world location. You could probably find a publicly listed address or maybe find a license plate reading with a time and place. But you're going to have to still do a lot of the conventional investigation work to find someone: figure out where they work, hang out, shop, etc. and look for a point where they slipped up, either in biospace or online.

[–] Nariom@lemmy.world 5 points 1 month ago (2 children)

Maybe a dose of realism? To hack anything serious from the outside it would probably take weeks or months of investigation, programming, testing, ... So if the players don't have the time, physical access, or previous knowledge and tools, that's a big nay. It depends on what type of sci-fi though, if it's the movie / tv type where hacking is a shortcut to anything in record time, welp.

[–] sbv@sh.itjust.works 4 points 1 month ago

Physical access is how Cyberpunk RED solves the problem. Sure, there are security cameras (etc) but if you want access, you need to do a dungeon crawl.

[–] jjjalljs@ttrpg.network 2 points 1 month ago

I've tried this a couple times with limited success.

  • Hacking something remotely was a default Very Hard challenge. Very difficult to do without spending fate points.
  • Hacking something on the same network was hard. Could maybe hit it with a lucky roll, but still would probably require a fate point
  • Hacking something with physical access was in the realm of "the PC who specializes in this can likely do it without trouble"

Those were then bumped up or down depending on if it was "budget", "consumer grade", or "corporate grade". Hacking into some nobody chump's security system from across the street is something the hacker PC get done for free with a little luck. Hacking into the ASI Corporate HQ maglock door subsystem from across town would be a feat of legend, not something someone can likely do just off the cuff.

I do like that Fate encourages players to do some preparation for hard tasks. Have someone use their talky skills to talk up some junior workers, and learn something about the network. That's an advantage you can invoke. Have someone spend resources to bribe someone, that's another advantage.

A problem that's come up each time I've tried this kind of game is not having a shared understanding of what "hacking" can do. Fate kind of helps here because the actions are kind of agnostic about what skills are creating them. If you're trying to remove someone from the scene, that's likely an Attack whether you're using "hacking" or "fight" or "intimidate". The hacker might fake a text from the boss telling the bouncer he's fired where the bruiser might just deck him, but they go down the same kind of mechanical funnel. The tactical considerations for the players comes from like "what looks like a softer target: his face or his phone? is anyone going to see?"

[–] sbv@sh.itjust.works 3 points 1 month ago

And how would you actually protect from panopticon.

That's a big part of games like Shadowrun and Cyberpunk. Players can do a thing, but they'll need to make sure they don't leave evidence pointing to themselves, be that ballistics analysis, on cameras, or trace DNA.

[–] SamuraiBeandog@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

Have degrees of success that require multiple escalating rolls. You can describe it as penetrating layers of security. Layer one has a relatively easy difficulty but only gets you basic info. It lets the player feel like their skill is useful but lets you tune how much you want to give them. You can even let them make additional attempts to break through each layer but this takes time, e.g. each attempt is a week of game time. You can also have legwork decrease difficulties to give the rest of the party something to do, e.g. talking to/threatening/kidnapping employees for passwords.

I also highly encourage what other comments have said about physical access. Physically breaking into the relevant building and accessing the system from there bypasses some of the layers, and specific physical targets bypass even more, e.g. plugging into the executive's computer on the top floor gets you straight to the deepest layer.