This page covers the way hacking worked from August 2009 to Early 2013. The hacking mechanics described here have been completely replaced by Novos. The Hacking page provides an overview of the current mechanics. |
Alert Level
A site's alert level increases due to opponents' active and passive alarms in net combat, and from looking at files, enacting sabotage, or any other actions you take on a site when not in net combat. This is internally represented as a number between 0 and 100 - once the alert level reaches 100 or more, you are kicked off the site and lose access to it.
You can detect a site's approximate alert level if you are running Eavesdropping Tools, Network Interpreter, Network Scan, or Signal Triangulator:
Alert Level | |
---|---|
0-25 | There isn't any alert on the system. If anyone's noticed you, they haven't told the system here. |
26-50 | The system is on alert, but it'll still take them a while to notice your intrusion. |
51-75 | The system is on medium alert. You shouldn't be in any immediate danger of the admins noticing you, but you might want to throw them off your trail. |
76-99 | The system is on high alert. If you can't find some way to defuse the situation, they're bound to find you out. |
100 | Kicked off (see below) |
If you have full control of a system (or level 5 access on very secure sites) and the system is on alert, you get an option to "cancel alert" if you are running Eavesdropping Tools, Network Interpreter, Network Scan, or Signal Triangulator. This takes 1 energy, and gives you this message:
You manually cancel the alert. A reassuring "Bwooooooooooop" rumbles from your speakers. It'll show up in the security logs, but at least the present danger has passed.
Canceling alerts leaves traces in the security logs. These will be eventually noticed and cause you to get kicked off of the site. You can cancel an alert on less secure sites twice. You are automatically kicked off if you attempt to cancel an alert for a third time. On more secure sites, you can only get away with cancel the alert once. For some extremely secure sites, you can't cancel the alert at all.
Generating Alert levels
Passive Alarms (in combat)
Most opponents have alarms which passively raise the alert level. You can detect these if you are running Network Interpreter or Network Scan or Signal Triangulator - at the end of each round passive alarms are generated, you will see one of these messages:
1-2 alarms:
You see a tiny transmission heading back from the defender towards central security. It's probably not a threat yet.
3-5 alarms:
You see a transmission heading back from the defender towards central security. That might become a problem.
6+ alarms:
You see a large transmission heading back from the defender towards central security. Damn.
- Network Silence can disable 1 or 2 alarms each time it is used.
Each round of combat with an opponent with alarms active increases the site's alert level by:
Active Alarms (in combat)
Some opponents also have a Data Pulse tool which actively raises the alert level:
This raises the site's alert level by:<Opponent> sends a data pulse back to the main security system.
Opponent | Alert |
---|---|
Midgard Protector | 3 + Alarm |
OmniTech AutoDefense | 2 + Alarm |
Password Lock | 2 + Alarm |
The Gatekeeper | 3 + Alarm |
The Virus | N/A |
Zaibatsu Defender | N/A |
Incognito does not reduce this, and the minimum value is 2 or 3 if all alarms have been disabled.
Known methods of preventing active alarms:
- Burst of Static and Network Silence drown out attempts to send a data pulse on the pass after you use them.
Other alert generators
Other actions on a site, such as browsing files, also increases alert. These change depending on the site and the action, and can increase the alert by anywhere from 2 to 75 points. Note that the same action on different sites are not always the same - for example, Browsing Public Files could raise alert by 10 on one site and by 5 on another site.
Incognito seems to decrease this as follows:
Reduces Alert | |||||
---|---|---|---|---|---|
Incognito | 2 | 7 | 8 | 20 | 40 |
0 | 2 | 7 | 8 | 20 | 40 |
1 | 2 | 6 | 7 | 18 | 37 |
2 | 2 | 5 | 6 | 14 | 34 |
3 | 2 | 4 | 5 | 10 | 31 |
4 | 2 | 3 | 4 | 8 | 28 |
5 | 2 | 3 | 6 | 25 | |
6 | 2 | 2 | 5 | 22 | |
7 | |||||
8 | |||||
9 | 1 |
Security Logs
Once you have level 5 access (or Full control if there are fewer than 5 levels), you can browse the security logs. Doing so will give you a rough idea of how much suspicion you've attracted by the admin of the site. It costs 1 energy but doesn't further raise the alert. The current alert level doesn't seem to matter for attracting admin attention; Cancelling Alert too many times increases your suspicion rapidly though (see above).
First paragraph:Other intruders | Message |
---|---|
No intruders | It's pretty lonely in here. Your account sticks out like a sore thumb when you look for it. |
Few intruders | It's hard to say for sure, but it looks like you're alone in here. A couple of other accounts might be intruders. |
Some intruders | There's at least a few other people who've cracked into this system. It's hard to say for sure, but there are probably still some goodies. |
Lots of intruders | Wow. There's a lot of obvious intrusions in here. It's amazing they haven't locked the system down or, failing that, gone out of business. |
(In computer lab) | Looking at the security logs slows the system to a crawl. It looks like everyone who's ever set foot in the lab has tried to hack the system at one point or another and most did so rather poorly. You do see some evidence of audits, though, which is better than some companies. |
Related to Subversion/Virus/Both somehow | The logs are a little jumbled, mostly by errors from the networking stack. It takes you a few minutes to dig through them. |
Subverted Site and possibly because of Infection too | On the bright side, the reams of networking errors filling the logs might throw someone off your trail. On the downside, it's pretty likely someone will be looking at these logs soon to figure out what on earth happened. Digging further, it looks like The Fop has integrated this site in a broader network for The Unified Association of Raconteurs, Vagabonds & other Assorted Ne\'er Do Wells. |
Hub | The networking code behind this site is pretty hosed. Half the logs you try to bring up are just filled with page after page of error messages. Digging further, it looks like The Fop has integrated this site in a broader network for The Unified Association of Raconteurs, Vagabonds & other Assorted Ne\'er Do Wells. |
Your suspicion | Message |
---|---|
Little evidence | The logs look pretty clean. Someone would have to be psychic to notice you. |
Some evidence | You can find your traces pretty easily, since you know what you're looking for. Someone else would have to be pretty good to manage it, though. |
More evidence | The logs look pretty suspicious. Someone's bound to find your account eventually. |
Lots of evidence | The logs look bad for you. Much more activity and even a really inattentive admin would probably run an audit. |
"Maddening" infected site | The logs are filled with records of connections, incoming and outgoing. You're not sure if it would tip off an admin, but it certainly looks weird to you. |
Party of another gang's network | Digging further, it looks like <player name> has integrated this site in a broader network for <gang name>. |
Part of your network | Your influence on the system is pretty obvious. But, then again, you know where to look. |
Losing Access
If you lose access to a site on the the net that you have found from a search, it will disappear entirely from you "Targets" list. Losing access to a fixed site will remove all privileges, but you will be able to hack it again. There are several ways to get kicked off a site:
- If the alert level gets too high during net combat, you will get this message at the end of the fight and lose all access to the site you were hacking:
The system has sensed your intrusion and logged you off, killing your session.
- If the alert level gets too high due to actions you take out of net combat, you lose all access to the site and receive one of these messages:
It looks like a human being finally found the security flaw you were using to get into <sitename> and closed it up. Maybe <name> finally hired a decent security consultant.
or
It looks like a human being finally found the security flaw you were using to get into <sitename> and closed it up. It was bound to happen eventually, but it's still a little obnoxious.
or
It looks like the system's automated security measures were able to find and seal your entryway.
or, for a formatted site:
Connection refused? Wow, the site sealed up the security flaw you were using to get into <website>. Either someone's purging the system trying to clean it up or the virus just accidentally repaired that flaw.
- If you Cancel Alert too many times, you can lose access to the site (same as the above messages). Each time you Cancel Alert, it resets the alert level to 0, but risks human detection. For most sites, you can safely cancel the alert 1 or 2 times, although some will notice you with even a single cancel.
- If you steal too much money or products from a site, it may go out of business. This seems to remove the site from the target list of all characters who have found it, not just you.
The moment you connect, you realize something is wrong. The site has been replaced by an obnoxious ad offering this Net location for purchase.
They must have gone out of business or moved on.
- If someone reformats a site, other people will lose access to it as well.
Connection refused? Huh, some strange code has sealed over the security flaw you were using to get into <siteneme>. It doesn't look like an intentional patch, but maybe they reformatted the system for security reasons.
- If someone scrubs a site, other people will lose access to it as well.
The moment you connect, you realize something is wrong. The display is grainy and massive streaks of unnatural colors shoot through the false sky.
On closer inspection, your original hunch proves to be correct: someone tore down <sitename> byte by byte.