SampleMatrixSites

byKhadimNasser
TheShadowrun4thEditionrulesforHackingactuallyworkquitewell.Theproblemisthatthereisverylittlein thewayofexamplesofhowaMatrixSiteisactuallyputtogether.By'verylittle',Iofcoursemean'buggerall.' ThisdocumentismeanttobeaquickoverviewofsomeofthesalientpointsalongwithafewexampleMatrix structures.Eachexamplematrixstructureincludesafewbriefnotestosuggestthepowerlevelofthesystem, alongwithitspurposeandsuggestedwaysofmodifyingit. Peoplemayalsowishtolookatthe'incharacter'HistoryoftheMatrixpiecethatIwrote,whichisavailableon mysite.Itactsasasortofcompaniontothis,fillinginsomeoftheflavourgapsinthesamewaythisfillsin someoftheexamplegaps. OnethingthatisintendedisthatthisdocumentshouldbefullyRAWcompliant.Anysuggestedchangeor ambiguitywillbeexplicitlynoted.IfyounoticeanythingthatyouthinkisnotRAW,pleaseemailmeat K@knasser.me.uklettingmeknowwhat,whereandespeciallywhy.Idothesethingsfornonprofit,andso feedbackifit'susefultoyou,isalwaysappreciatedinreturn. Khadim.

TableofContents
MatrixDesignNotes.............................................................................................................................. ....2 PhysicalLocation.......................................................................................................................... ........2 DefinitionofaNode............................................................................................................ .................2 SecurityLevels.................................................................................................................................... ..3 TravelandHackingintheMatrix.................................................................................................. .......3 ExampleSystems........................................................................................................................... ............4 Example1:SmallCompanyOffice................................................................................................. .....4 Example2:LargeCorporateSite................................................................................... ......................7 Example3:HackerBar........................................................................................................... ............13 Example4:HomeOfficeSystem.................................................................................... ...................15 Example5:CorporateEnclave....................................................................................... ....................15

MatrixDesignNotes
PhysicalLocation
It'simportanttonotethatintheMatrix,physicallocationisoftenirrelevant.Thereisnoreasonwhy thenodeofthehouseinSeattlewhereyoulive(whichordersyourfoodandhandlesaccounts,etc)is notlinkedtoyourholidayhomeinDubai.Ahackermightstepvirtuallyfromonetotheotherwithout asecondthought.Thisisimportanttograspbecausethereisaholdoverfrompreviouseditionsin whichpeoplethinkthattotravelfromonetotheother,ahackerwouldhavetosomehowbounce throughanentiretelecomsystemtomaketheconnection.Thisisnotthecasein4thedition.The underlyingstructureofthematrixhandlesthesedetails.Whatisofconcerntotheuser(whether legitimateornot),istheconceptualstructureofthesystem.Ifyouwantthesecuritycamerasinyour sprawlingBellevuemansiontobecontrolledbyanodeinthebusinessofficeyouown,youcandothat withoutanyaddedcomplexity.

DefinitionofaNode
AnodeisthebasicbuildingblockoftheMatrix.Itcanbealargenumberofthings.Itcouldbea singledroneoranofficenetwork.Itcouldjustaseasilybeatrafficcoordinationsystemfor Downtown,Seattle.Oritmightbeyourfridge.Insomeways,anodeisarulesconceit.Theessential definingqualityofthenodeisthatitisadiscreteentityasfarasinteractiongoes.Forexample,ifall theterminalsonthefloorofanofficebuildingareinterlinkedandshareaccountsanddata,thenthey areanode.TheGMdoesn'thavetotreatthemassuch,butit'sverymuchthelogicalwayofhandling itformostsituations.Whenthehackerhackstheofficenode,hehasaccesstoalloftheseterminals. Yetonthesameprinciple,whenthehackercomesacrossagroupofdrones,threateninghisteam mates,theyallhaveindividualsecuritysystemsandpilotprogramsareinfacteachaseparatenode. Thehackerwouldhavetotreateachoneasaseparatetargetunlessperhaps,allthedronestooktheir ordersfromasinglecontrollingsecuritysystem(yetanothernode),butthatwouldbeaseparateissue. Onethingtograsphowever,isthatthenodeisarulesentity.Intheexampleoftheofficenetwork node,ICcouldbeinstalledonthenodeandthatICwouldbeprotectingalloftheterminals.Inthe exampleofthedrones,separateprogramswouldberequiredforeach(thoughmobileICwithsuitable accessrightscouldleapfromdronetodrone). Therearesomecaseswhereitisnotclearwhetheryouaredealingwithagroupofnodesoragroup node.Forexample,thesecuritycamerasinanofficeblock.AGMcouldtreateachcameraasa separatenodeifdesired.Thiswouldbeacumbersomeapproachhowever,bothintermsofthe supposedpracticalitiesandcostsinsettingitupforthecompany,andintermsofgameplaywherethe hackercharacterhadtotackleeachcameraindividually.Thesensibleapproachwouldbetosetupa securitynodetowhicheachofthecamerasissubscribedasadevice.Adeviceisstillanodeofa kind,butthehackerisnotnormallygoingtobetargetingthemindividually,notifhewantstoaffect morethanone,anyway.Instead,thesecuritynodeitselfwillbehacked,enablinghimtocommandall thecamerashoweverhewants.

SecurityLevels
TherearethreesecuritylevelsinShadowrunUser(normal),SecurityandAdministrator.Itisnot alwaysclearwhentousethedifferentlevels.Inparticular,itcanbeunclearwhenyouwouldnot expectadevicetohavedifferentsecuritylevels.Let'stakeafewexamples:Anofficenetwork,a Dobermandrone,acarandyourfridge.Theofficenetworkwillhavethreedistinctsecuritylevels.If hackinginasauser,thenthehackerwillbeabletoaccessstandardfilesonthatnetwork,carryoutthe standardthingsthatnetworkisusedfor,perhapsplantingafakedocument,etc.Ifhackedinwith Securitylevelaccess,thenthehackerwillbeabletodoadditionalthings,suchasmonitorotheruser's usage,accesstimes,perhapsaccessalltheuserfilesregardlessofowner,etc.Ifhackedinwith Administratorlevelaccess,thenthehackercandoallsortsofthingssuchasdeleteuseraccounts,alter accesstimesonfiles(makingthemappearolderornewerthanbefore),perhapsevenerasebackup data.Theseareallexamplesofcourse.AGMcouldhaveanyparticularnodesetupdifferently.Now thedronewillbedifferent.Theuserlevelaccessislikelytograntverylittlefunctionality.Perhapsthe dronecanbeorderedtoreturnsomeinformationonowneridentity(Lonestarwouldprobablyrequire thissortofthingfordronesonUCASterritory),currentchargelevels,maybe.ButaGMwouldbe perfectlyentitledinsayingthattherewasnouserlevelaccessavailableatall.Atleastonasecurity vehiclelikeaDoberman.Securitylevelaccesshowever,wouldprobablybesufficienttoissueorders tothedrone,makeitshutdownorreturntobaseorshootit'sowner.Thereshouldn'tbeanysignificant functionalitythatthedrone'slegitimateownerwouldneedthatwasn'tavailableatthislevel. Administratoraccesswouldonlyberequiredforseriousstuffsuchaseditingthedrone'sregistration detailstodisguisethefactthatit'sstolen,editinguseraccountssonooneelsecancommandit,etc. YoucanhackcontrolofadroneawayfromitsownerwithSecuritylevelaccess,butifyouwantto stopthemfromkeepingtakingitback,youneedAdministratortoshutthemout.Thecarisasimilar casetothedroneinsomeways,butundoubtedlyuserlevelaccesswouldbesufficientformosttasks. Ifyouwanttomakeittakeyouacrosstown,userlevelshouldbesufficient.That'swhatthecaris supposedtodo,afterall.Securitylevelprobablywouldn'thavemuchfunctionality.MaybeaGM wouldrequireitmakethecarrefusetorespondtoaLoneStaroverrideortoexceedthespeedlimit andviolatetrafficlaws.Administratorwouldberequiredtoaddnewfamilymemberstotheuserlist, orperhapseventodisablethecar'ssafetyfeatures.Thefridgeisaspecialcase.Maybeit'sasmart 2070fridgewhichreportsthecurrentcontentsandrequestsserviceswhenappropriateetc.Butit doesn'treallydoanythingmorethanthat.It'shardtoimaginewhatSecurityorAdministratoraccess wouldmeaninthiscase.Therearelotsofdeviceslikethisintheworldof2070.Soifthere'sonlyone levelofaccess,doestheGMsayeverythingisAdministratororeverythingisUser?Inthecaseofthe fridge,it'sprobablybesttosayeverythingisUser.Maybedisablingtherentalrestrictionsthatturnit offwhenyoumissthepaymentsrequiresAdministrator,butsurelynothingelse.Ifweweretalking aboutasecuritycamerathough,wemightgotheotherway.Againit'sasimpledevicewithfew functions,butthistime,we'dprobablyremovetheUserlevelaccessandleaveitwithonlySecurity andAdministratoraccess.AGMdetermineswhatfunctionalityisavailableatagivenlevel,sothere's nothingtostopaGMsayingthereisnoneatallonagivennodeordevice.

TravelandHackingintheMatrix
ThequestionoccasionallycomesupofwhatisbetweennodesintheMatrix.ByRAW,itdoesn't

appearthatanythingis.Youareinanodeoryouareoutsideanode,andifyouareoutsideanode,you arewhereverinthematrixyoucurrentlyare.

ExampleSystems
Example1:SmallCompanyOffice
Notes:Thisisanexampleofasmallcompany'snetwork.It'sgearedtowardabeginning Shadowrunnerintermsofchallengeoffered.Moststartinghackingcharactersshouldbeabletogo throughitwithouttoomuchtrouble,andevenacharacterwithsecondaryhackingskillscould manageitwithagreaterdegreeofrisk.Whatitdoesdoisgiveanewhackeraprimerinhowtogo aboutbreakingintoanofficesystem.Thereareenoughpitfallsinhackingfortheinexperienced playerthatalowsecuritysystemsuchasthiscanstillposeplentyofrisk.Theregionallinkisthe dangerousnode.

Node1MatrixGateway(System3,Response3,Firewall3,Analyse1): Purpose:Achokepointsystemthatguardsremoteaccesstotheinternalsystemsofthesiteand managesallexternalconnections. Accessibility:Thisnodehasamatrixaddresstiedtothecompanyandcanbelocatedonthematrix

witha"Easy"DataSearchrollDataSearch+Browse(2,1minute).Thenodecanbeaccessed wirelesslyfromwithinthebuilding. Agent(Pilot:2,Analyze1):Auserinterfacesystemoperatesonthisnodetodealwithvisitors,i.e. takemessagesforthecompany,directpeopletotheappropriatepersonfortheirenquiry,etc.InVR,it takestheimageofajapaneseelfinacrisp,tightsuit.Thecorporatelogoglittersingoldonherlapel andherfaceisVRperfection.IfinAR,thenthesecretary'sfaceappearsasaconnectioniconinthe interface.Itiscapableofholdingmoderatelysophisticatedconversationsinareasofitsexpertise.If unabletodealwithavisitor,itwillcontacta(meta)humanforassistance.Theagentwillapproach anyvisitortothenodethatitdetectswithamatrixperceptiontest(PilotRating+Analyzevs.Hacking +Stealth).If"killed",theagentwillberestartedlater. Node2OfficeNetwork(System4,Response4,Firewall2,Analyse1): Purpose:Themeshofterminalsandserversintheofficewhichtheemployeesusefortheirdaytoday work.Allthesystemscompriseonebigintegratednode.Loggingontoalmostanyterminalinthe buildingisloggingontothisnode. Accessibility:Thisnodehasnodirectexternalaccesstothematrix.Itissubscribedtoboththe gatewaynode(Node1)andtheRegionalOfficeSubSystem(Node3)andcanbeaccessedfromboth ofthese.NotethatanyauthoriseduseraccountsgainedfromhackingNode1arenotnecessarilyvalid forNode2,meaningithastoberehacked.However,thereverseisnottrue.Thismeansthathacking allthewayinfromtheoutsideisharderthanhackingviatheofficebuilding'sinternalwirelesssignal. IC(Pilot2,Analyze2,Attack2,Armour2):ThepurposeofthisICistoinvestigateanddealwithany unauthorisedintrudersonthenetwork.Itisnormallyinactiveandwillonlybetriggeredifthenode itselfdetectsanintruderorifitisapproached/attackedbyanintruder.Afterdoingso,itwillremain onalertforuptoanhour,investigatinganyotherintruders.NotethatwhentheICactivates,this reducesthenode'srepsonsetimeto2.TheICwillnotpursueusersbeyondthecurrentnode,butit willsendanalerttoit'smastersifleftactiveafteraconfirmedencounterwithanunauthoriseduser. Matrix/ARImagery:ThisisastandardofftheshelfRenraku"WhiteSamurai"package.Thecorp haven'tevenmodifiedthestandardorientalswordsmanimageryorgleamingwhitecolour.IfanAR userisattacked,hewilllikelyseediagnosticandsecuritymessagesflashingacrosshisinterface. Node3RegionalOfficeSubsystem(System4,Response4,Firewall3,Analyse2): Purpose:Thisnodeisasubsystemoftheremote,regionalofficesystem.Forpracticalpurposesitis partofanothersystemandactsasachokepointpreventingunauthorisedaccessorusagebyordinary employees.Fromhere,ahackerwouldproceedtootherofficesystemswithinthecompany,butthatis beyondthescopeofthisexample.Thisnodewilllikelynotrepresentanactualmachinewithinthe office,butasharednetworkwithotherofficesandcanbeusedforsecuremeetingsbetweenregional offices,shareddata,etc.Rememberthatanodeneednotbeaphysicaldevice.Itcanalsorepresenta networkanditmakesnodifferenceifthatnetworkfitsintoasingleoffice,oriftheconnectivityruns acrossseveralsites.Thetechnologyremainsthesame.

Accessibility:Thisnodeisaccessibleonlyfromtheinternalnetworkofthisoffice(andotherregional offices).Itisnotdirectlyaccessiblewirelessly.Thatisnottosaythatausercouldnotbeconnectedto thesystemthroughawirelesscommlink,butthattheywouldbeconnectedfirsttoNode2andthen maketheirwayfromtheretoNode3.AuseraccountvalidforNode2,isnotnecessarilyvalidfor Node3,meaningthatthenodemustbehackedindependentlyofanyprevioussuccessfulhacksinto Node2.Thereverseisnottrue,however,shouldauserenterfromtheregionaloffice. IC(Pilot4,Analyze4,Stealth5,Track3):Thesecurityofthisnodeisimportantanditisnot sufficienttomerelybootoffanintruder.Instead,itisnecessarytolocateandinvestigatetheintruder. TheIConthisnodeisactive,butwillnormallyberunningonStealthandAnalyze.Ondetectingan intruder(whetherthroughit'sownanalysisofsubscribedusersorthroughthenodegoingonthe alert),itwillloadtheTraceprogramfromadatastoreinthenodeitself.Thiscanalertsavvyhackers whonoticethesuddendegradationofthenode'sresponsetimebutdidnotdetecttheIConentering. TheICattemptstolocatetheuserwithanextendedTracktest(SR4,pg.219).Iftheuserisconnected toaphysicallocationoffsitetheneithercorporatesecurityorLonestarwillbepassedthedetails.If theuserislocatedwithinthepremisesthendetailsareimmediatelypassedtothesecuritysystems.In allcases,informationispreservedforfutureinvestigation.Ifdetected,theIChasavisual representationasagreycladelectroninja.Again,Renrakuofftheshelfimagery. Node4SecuritySystem(System2,Response2,Firewall4,Analyse3): Purpose:Thisnodecontrolsthesecuritycameras,doorlocks,etc.throughoutthesite.Itonlyhas SecurityandAdminlevelsofaccess,meaninganyhackingattemptmustacceptthesepenalties. Individualcameras,doors,etc,canbeattackedontheirownofcourse,butaccesstothesecuritynode istherealprize.ThereisnoIConthesecuritynode,butitisfrequentlyinteractedwithbythesecurity staff,socaremustbetakennottotakeanyactionsthatwillalertthoseusingit.E.g.Editactions shouldbetakentopassfalseimagesbacktotheterminalsinthesecurityoffice,sothatcamerasthat areturnedoffcontinuetoappeartofunction,etc. Accessibility:Thenodeisaccessiblewirelesslythroughoutthesite,buthasnodirectconnectionto theothernodes. Agent(Pilot:3,Analyze2,):Auserinterfacesystemoperatesonthisnodetodealwithvisitors,i.e. takemessagesforthecompany,directpeopletotheappropriatepersonfortheirenquiry,etc.InVR,it takestheimageofajapaneseelfinacrisp,tightsuit.Thecorporatelogoglittersingoldonherlapel andherfaceisVRperfection.IfinAR,thenthesecretary'sfaceappearsasaconnectioniconinthe interface.Itiscapableofholdingmoderatelysophisticatedconversationsinareasofitsexpertise.If unabletodealwithavisitor,itwillcontacta(meta)humanforassistance.Theagentwillapproach anyvisitortothenodethatitdetectswithamatrixperceptiontest(PilotRating+Analyzevs.Hacking +Stealth).If"killed",theagentwillberestartedlater. Suggestionsforchanges: SwaptheIContheregionalsubsystemnodeforsomethingmoredirectifthatsuitsyoubetter.And

youmightwanttoaddanArmourprogramifyoufeelit'stoovulnerable.Runningasampleencounter betweenthePCandthatnode/ICtoseeifithitsthebalanceisagoodidea.

Example2:LargeCorporateSite
Notes:Thisisintendedtobeareasonablysecurecorporateoffice.Itcouldbetheheadquartersofa midsizedcorp,oraregionalofficeofoneoftheAAAMegacorps.Ifit'sthelatter,thenthematrix sitewillundoubtedlyhavealotofcorporateimageryandthemesrunningthroughit.Whilstthesiteis notunbeatablebyalongshot,itiswellstructuredandanincautiousorweakhackerhasagood chanceofgettingintotrouble.Aswillbeseen,evenapureARhackermightendupinseriousdrek, whilstthehackerthatgoesfullVRwillappreciateherextradice.Theexpectationisthatthehacker willprobablygoinwiththerestofateamandthustakeadvantageofdirectaccesstosomeofthesite. Itisstillpossibletosuccessfullyachievethesamethingsbyhackinginremotely,however.Acoupleof suggestionsforalteringthisareattheendoftheexample.

Node1MatrixSite(System3,Response3,Firewall4,Analyse4): Purpose:Thisnodeservesasaswitchboardfortheoffice,acceptingincomingmessagesandcallsand enquiries,anddirectingthemtotheappropriaterecipientifunabletodealwiththemitself.Thereis noICinstalled,butthesystemwillreportanyalertstotherestofthenodesonthesiteattractingthe noticeofeitheranagentorasecuritydecker. Accessibility:Thisnodehasamatrixaddresstiedtothecompanyandcanbelocatedonthematrix witha"Easy"DataSearchrollDataSearch+Browse(2,1minute).Thenodecanalsobeaccessed wirelesslyfromwithinthebuilding.Notethatforuserlevelaccess,nohackingattemptisactually requiredasthisisapublicnode.However,userlevelaccessislimitedtorequestinginformationand servicesfromtheresidentagent. Agent(Pilot:3,Analyze2,Armour1,Medic1):Asophisticatedandrobustuserinterfacesystem operatesonthisnodetodealwithvisitors,providinganefficientinformationserviceforvisitors,e.g. directingcallstothesuitablepersonordepartment,providinginformationonservices,etcetera.Itisa qualityprogram,notone,buttwocutsabovetheaverageUIagentandwillcarryonanearhuman levelofconversationwithinitsareasofknowledge.Theagentwillapproachanyvisitortothenode thatitdetectswithamatrixperceptiontest(PilotRating+Analyzevs.Hacking+Stealth).If"killed", theagentwillberestartedlater.Itisalsocapableofconductingbasicrepairsonitselfifnecessary.It isnotintendedasasecuritymeasure,butitisintendedtoberesistanttomildcyberattacks. Node2SiteManagement(System2,Response2,Firewall2,Analyse2): Purpose:Thisnodehaslimitedfunctionalityandprovidesarangeofsimplefunctionsforsubscribed users.TheseincludegeneratingAROstoguidevisitorstotheappropriatearea(typicallybyarrows appearingonthefloor,visibleonlytothem),similarlydirectingpeopleduringafirealarm,room bookingsformeetings,choiceofpipedmusicandothersuchtasks,usefultoonlythemost imaginativeofrunners. Accessibility:Thisnodeisavailablewirelesslythroughoutthesite,thoughitspillsoutonlymarginally beyondthecompany'sactualboundary.Validaccountsgainedfromhackingthisnode,willnotbe validforothernodesinthesite. AccessLevel:Mostofthisnode'sfunctionalityisavailableatuserlevel.SecurityandAdministrator accessdonotoffermuchmore,thoughAdministratormightofferaccesstologfiles,etc.,orallowone toshutthingsdown. ImportantNote:ThedisplayofARinformationtovisitorsorstaffdoesnotindicatethatthenodeis trackingeveryoneonsite(andsocannotbeusedtolocateguards,etc).Itworksonarequestresponse basis,meaningpeoplehavetoaskitforinformationfirst,i.e.fromtheircommlink. Node3DepartmentA(System4,Response4,Firewall3,Analyse3): Purpose:Thismeshofterminalsandserverscovermostofafloorandrepresentasinglebranchof thecompany'sbusiness.Whentheemployeescomeintotheofficeandlogintoaterminal,theyare

loggingintothisnodeorthesimilarnodeonthefloorabove(DepartmentB).Throughouttheday, theiriconscanbeseenbuzzingabouttheinternalVRimageryofthenode,engagedinallsortsof hecticwork. Accessibility:Thewirelesssignalratingofthisnode(managedthroughmanysmallrepeaters throughoutthebuilding)doesnotextendmuchbeyondthemainofficebuildingandcertainlynot beyondtheperimeterofthephysicalsiteitself.ItdoesnothaveadirectMatrixconnection,butis connectedtotheMatrixinterface(Node1)sothatconnectionscanbemadefromwithintotheoutside worldandviceversaviatheproperroute(i.e.ahackermustfirstgothroughtheconnectingnode). Accountsvalidforthisnodearenotnecessarilyvalidforothernodesinthesite. IC#1(Pilot3,Analyze4,Attack4,Armour4):ThisICisnormallyinactivebutwillspawnifthenode goesonalert,whetherfromadirecthackattemptorbecauseitreceivesageneralalertfromother nodes.Thoughitmaynotentirelybeathreatinandofitself,itcanprovideadistractionand protectionforitscompaniontrackerIC. IC#2(Pilot4,Analyze4,Stealth4,Track3):ThisICwillnormallyactivatealongsidethemoreactive ICinthesamenode.Forthatreason,ahackermaynotnoticethestealthedICthatposesamuchmore sinisterthreattothembecausetheywilleithernottaketheSimpleActiontoobserveindetail(and eventhen,thenethitsmaybeinsufficienttoprovidedetailedinformationonwhattheagentis doing)orelsemaynotkeepAnalyserunningasaprogramwhilstengagedincybercombat.Ifthe hackerhasnotspoofedhisdatatraileffectively,thenthisICmaydeterminehisreallocationfast enoughtobeaseriousthreat. Node4DepartmentB(System3,Response4,Firewall4,Analyse4): ThisnodeissimilarinmostwaystoNode3(DepartmentA)andservesasimilarfunction.Itisa smaller,slightlymoresecurenetwork,however.ReplaceIC#1withthestatisticsbelow,however: IC#2(Pilot4,Analyze5,Attack5,Armour5,Medic4) Thisisasubstantialanddangeroussecurityprogram,averyprofessionalpieceofsoftware. Node5Accounts(System3,Response3,Firewall4,Analyse4): Purpose:Thisisasmall,securenodethathasamuchreducedlistoflegitimateusers.Userlevel accesscangainaccesstofiles,butnotdamageanyrecordsormakealterations.Todothatwould requireSecuritylevelaccess,andtoconcealevidenceoftamperingbyalteringhistoricalrecords, wouldrequireAdministratorlevelaccess,duetothepermissionssetonthearchiving/auditing process. Accessibility:Thewirelesssignalratingofthisnode(managedthroughseveralsmallrepeatersdoes notextendmuchbeyondtheaccountsofficeinthebuilding.Thusauserwhohasmadeherwayinto theaccountsofficecansubscribetothis,andcansubscribetotheDepartmentNodesatthesametime

astheseexpandthroughoutthebuilding,butsomeoneataterminalinDepartmentAforexample,may notbeabletomaketheirwaytotheaccountsnodeunlesstheycanfindanintermediarylink,suchas thementioneduserwhoissubscribedtoboth(andinwhichcasetheywouldalsohavetomaketheir wayviathatuserscommorterminal).However,atcertain(GMdeterminedtimes),theaccountsnode doesneedtoaccessothernodesinthebuildingandwillactivateawiredlinkwhichisnormallyturned offatitsend.Withtheappropriatephysicalsecurity,aGMcanusethistoaddaninterestingschedule tothestructureoftherun. IC#2(Pilot4,Analyze4,Attack4,Armour4,Medic4):ThisICisnormallyinactivebutwillspawn ifthenodegoesonalert,whetherfromadirecthackattemptorbecauseitreceivesageneralalert fromothernodes.Itisquitedangerous. Node6Personnel ThisissimilartoNode3andalsocontainsaccesslogsandworkschedulesforthestaff. Node7UpperManagement(System5,Response5,Firewall4,Analyse4): Purpose:Thisistheseriousnodewherepaydataismostlikelylocated.Ithasaveryexclusiveuser list.ItsmatrixattributesareaboveaveragebecausetheICwithinitremainsactiveevenwhenthenode isnotonalert. Accessibility:Thisnodeisnotaccessiblewirelessly.Itisonlyaccessiblethroughjacksinthe directorsandcompanysecretary'soffices.Ifauserissubscribedtoboththisandanothernode,thenit mayformabridgeifthecommlinkorterminalcanbehacked,aswiththeaccountsnode.Also,one possibilitywouldbetohaveadronephysicallyconnectacommlinktothejacktoprovideawireless link(thoughitwouldofcoursehavetobeloadedwithanagentthatwascapableofhackingaccess). IC#1(Pilot4,Analyze4,Attack4,Armour4,BlackHammer4):Whateverthiscompanyisupto,it can'tbegood,becausethey'rerunningblackIContheirnode.Therewasnothingaboutthatinthe companybrochure,chummer!TheICwillinvestigateanyvisitortothenodeindependentlyofthe nodeitself.TheGMmayalsowishittoreactifitisabletoidentifyillegalprogramsrunningonthe visitingpersona(theMDdoesn'tnormallyloadAttack).Giventheexclusivelistofthoseeligiblefor accesstothisnode,itwouldnotbeunreasonablefortheICtoeventrytocontactthelegitimateuser listtoseeiftheyreallyareintheoffice,ortuckedupathomeinbed.Thehackershouldbeallowed MatrixperceptionteststogetanideaofwhattheICmaybedoing,however.Whateveritdoes,thisIC ishighlyunpleasant. PayData(Encrypt3,DataBomb3):Thisfileiswhatthehackerwants.Alas,poorhacker,itisboth encryptedandbombed.Whatthismeansisthatthefileisarunningprogram.IntheMatrixof2070, almostnothingisapure,staticfileofdata.Everythingisarunningprocessthatcomeswithitsown interface,matrixiconography,etc.Totakethedatafromthenode,theHackermustfirstdefusethe databombandthendecryptthefile.Anyattempttodecryptthefilewithoutdefusingthebombwill destroythedataandquitepossiblydamagingtheaccessingpersona(thehacker).Andallthismustbe doneunderthenoseyinterestofthenodesblackIC(orelseinthefrantictimerunningoutperiod

afterknockingitofflinewhilethealertsareshootingroundthesystemandthecompanyhackersare gettingoutofbed).Rulesfordefeatingencryptionanddatabombsareinthemainrulebook. Node8SecuritySystem(System4,Response4,Firewall4,Analyse4): Purpose:Thisnodeisthesecurityinterfacefortheguardsandmaintainsallofthephysicalsecurity measures.Ifamotionsensortripsoracameramalfunctions,itisreportedtothisnode.Ifthisnode crashes,thenthesecurityofficelosesaccesstoallitscamerafeeds,locationtrackingofguardsetc. Foraphysicalintrusionbyashadowrunningteam,thisnodeisaprizegoal. AccessLevels:ThissystemhasvirtuallynofunctionalityatUserlevelaccess.Itwillbasicallyregister yourlocationandacceptalertsfromthatuser.Thisisusedbythestandardguards.Thehackerplayer willnotnecessarilyknowhowuselessuserlevelisbeforeattemptingtohackin,however,sovaluable timemaybewasted.Atsecuritylevel,accesstocamerafeeds,dronelocations,etc.,becomes available.Essentially,itremainsreadonly,however.Administratoraccessisrequiredtodosuchthings asstanddowndrones,bootsecuritylevelusersoffthesystem,killcameras,etc.Withoutthis,the hackerisreducedtosabotagingcamerasandmotionsensorsonebyone,etc. Accessibility:Thisnodeisaccessiblewirelesslythroughoutthesitebuthasonlyonedirect connectionwhichistotheDroneHive.IfaGMwantstocomplicatethings,thenthenodecanhave wiredconnectionstomostofthecameras,doors,etc.andonlyhaveoneortwolowsignalwireless accesspointsforcommunicationwiththedronesastheygopastthesepointsaspartofaroutine circuitofthecomplex.Thiswouldbeinconvenientforthesecuritystaffgenerally,however.They couldperhapsalertdronesviatheircommsbutthismayopenupalargersecurityweakness. IC#1(Pilot4,Analyze4,Attack4,Armour4,Attack4):ThisICconductsitsownanalysisofany visitors.Additionally,therearelikelytobeseveralpersonasrepresentingtheguardcaptainandstaff alreadyactiveinthenodewhowillnoticeanewuserloggingonunlesssuccessfullystealthed.A hackerwhocanhidefromtheICcanprobablyhidefromtheusers...butthenumberofthemcan shortentheodds. Node9DroneHive(System4,Response4,Firewall4,Analyse4): Purpose:Thisnodeisadistributednetworkrunbythedronesonthesite.Itprovidescoordination functionalityaswellasanadditionallevelofsecuritytoguardagainstadronebeingsubverted. AccessLevels:Userlevelaccessispointlessforanythingbutadroneasallitallowsistoreport location,conditionandalerts.Unlessthehackerhassomeingeniousplantomasqueradeasadrone (actually,that'squiteagoodplanasitwouldbypassthemotionsensors,etc.),thehackerwillneed securitylevelaccessorabove.Securitylevelaccessissimilartothesameonthesecuritynodeasit willprovideaccesstolargeamountsofinformation.Itmayalsoallowthehackertodirectdrones,or standthemdown,etc.,butnottoshutthemdownandcommandswillbeveryquicklycountermanded bythenodeitself,leadingtoamusingnowtheyshootyounowtheydon'tattacksbythedrone squad.Administratoraccesswillberequiredtoachieveanythingmore.

Accessibility:Thisnodeexistswirelesslythroughoutthesite.However,thedronesthatcompriseitall operateinHiddenmodemakingithardtoinitiallydetectthenode(seerulesfordetectingHidden commsinthemainbook).Itdoesmaintainacontinuouslink(subscription)toNode8(Security) however,socanbemorereadilynoticedfromthere.Likewiseitwillbeobviousfromanydronethatis hackedastheyareallsubscribedtoit. IC#1(Pilot4,Analyze4,Attack4,Armour4,Exploit4(TrackincludedonNode,butnotnormally loaded):ThisICexistsonthenodetoensurethereisnosubversionofanyofthedronesunderits command.Ondetectingadronedoinganythingthatwasnotinstructedbythenodeitself,theICwill travelintothatdronetoengageanyintruderthatitfinds(anyoneotherthantheresidentpilotprogram ineffect).Asithassecuritylevelaccesstoalldrones,itwillbedifficulttoshutoutunlessthehacker hasadministratoraccessonthatdroneandimmediatelystartsremovingotheraccounts.Ifthehacker isspoofing,hemayfindtheICtryingtohackhiscommlinktogetathim. DeviceafDrones(System4,Response4,Firewall4,Analyse3): Pilot:(Rating3):Thisprogramrunsthedrone.Ifthehackerwishestokeepcontrolofthedrone,he willprobablyneedtoshutdownthisprogramincybercombat.Spoofingcommandstothedronemay bemoreeffective,butwillresultincontinuousbattlesforcontrolwiththeDroneHivenode.The droneshaveonlySecurityandAdministratorlevelaccessandalloperateinHiddenmode. Devicem1m5MotionSensors(System2,Response2,Firewall4,Analyse3): Rating2(allattributes):Eachofthesecanbehackedanddisabled,ortheirfeedbackedited,buteach mustbedoneindividuallyandanyfailurewillgostraighttothesecuritynodetowhicheachis subscribed.Thebetterapproachistohackthesecuritynodeitself,ifthehackeriscapableofthat. Devicev1v40Cameras(System2,Response2,Firewall4,Analyse3): Rating2(allattributes):Eachofthesecanbehackedanddisabled,ortheirfeedbackedited,buteach mustbedoneindividuallyandanyfailurewillgostraighttothesecuritynodetowhicheachis subscribed.Thebetterapproachistohackthesecuritynodeitself,ifthehackeriscapableofthat. Devicel1l15Locks(System2,Response2,Firewall4,Analyse3): Rating4externallocks(allattributes)/Rating2internallocks:Eachofthesecanbehackedand disabled,ortheirfeedbackedited,buteachmustbedoneindividuallyandanyfailurewillgostraight tothesecuritynodetowhicheachissubscribed.Thebetterapproachistohackthesecuritynode itself,ifthehackeriscapableofthat.Accesslogsarekeptoflockopeningsoutsideofnormalhours. Thesecuritynodewillflagupusageoftheexternallocksduringthistimeforthesecuritycaptain's attention. SupposedHackingRoute:Partofthedesignofthissystemisthatthesecuritysystemisaclosed network.Thismakesthingsextraordinarilydifficultforthehackerintheinitialphases.Inorderto disableorsubvertthecamerasandmotionsensorsenmassethehackermustfirstgetpastsomeof theminordertoreachthesecuritysystem.Thisisaninterestingtacticalsituation.Theteam'sfirst priorityongainingaccessshouldbetotakecontrolofthesecuritysystemgenerally.

Example3:HackerBar
ThishackerbarexistspurelywithintheMatrix.Ithasnophysicalequivalentandifthedatawithinit existsanywhere,itisscatteredacrossahundreddatastoresscatteredaroundtheworld,shiftingfrom onetotheotheraccordingtothesystemsthathavebeencrackedtosupportitthatweek.Onlywith diligentsearchingoracontactintheknow,canitsMatrixaddressbelocatedandwitheachshift,that addresswillchange.Whilstregularswill(carefully)swapdetailsofwhereitmaybefoundwitheach other,thosenotintheloop,orwhohavemadethemselvesunpopular,mustbeginthesearchanew. Node1:(name:Caladan)(System4,Response4,Firewall4,Analyse4): Purpose:Thisnodeisthepublicfrontofthebar. AccessLevels:ThissystemhasaPublic(user)levelaccesswhichisavailabletovisitorsanddoesnot requirehackingtoobtain.Thenodeisprotectedprimarilythroughitsobscurityanditwouldbeof littleuseifpeoplewhocametothebarwereunabletoenter.Userlevelaccessallowsonetoenterthe nodeandtakeadvantageofthebasicfunctionality.Itdoesnotallowonetorunindependentprograms onthenode(e.g.Agents).Anagentcouldrunelsewhereandvisitthenodehowever.Securitylevel accessisnotnormallygrantedtoanyonebutthepeoplewhorunthebaritself.Ahackercanhacktheir wayuptoSecurity,butthiswillverylikelybenoticedbyeithertheadministratorsthemselves(atleast oneofwhichisnormallyonline)orpassedalongbyotherusers.Onethingthathappensalotinthis bar,ispeopleanalysingeachother'spersona. Accessibility:Thisnodemovesabout,switchingfromdisposablematrixaddresstodisposablematrix address,sometimesafictionalemployee'spersonalsiteatacompany,sometimesahomeowner oblivioustothevirtualcommotiongoingonunderhisnose,linkedtohisaddress.Ifacharacterknows wherethenodeistobefound,thentheycangodirectlytoitfromanywhereontheMatrix.Ifa characterdoesnotknowwheretofinditandcan'tbeganaddressfromacontactorfriend,thenthey areinforalongsearch.RollDataSearch+Browse(16,1minute).Needlesstosay,itcanbequite difficultforlesserhackerstolocate(usetherulesforcappingthenumberofrollsinanextendedtest) andmosttrytocultivateagoodnetworkoffriendsthereinordertoavoidthishassle.Naturallythe peopleinchargeoftheplaceknowwherethey'veputthenode,andtheinformationusuallytrickles downfromthemquitequickly. IC#1(Pilot4,BlackOut4,Armour4):TheHackersdon'tmessaroundwhensomeonestarts interferingwiththeirgoodtimes.Thoughnormallypassive,thisbruiserICstandsreadytoremove anyhackersthatcauseproblemsandthey'llwakeupwithalessthanpleasantheadache,too.TheIC obeysthemostseniorpersonpresent(adm inistrator,thensecurity,butneverjustpublic/useraccess) butfailingthat,isusuallysmartenoughtorecognizetheinitiatorofanyaggressionandwillact accordingly.NotethatmobruletendstoprevailinCaladan,andanaggressivehackermightendup wishingtheIChadgottohimbeforetheotherpatrons. NodeFunctionality: Inadditiontoprovidingasimulatedbarwithmanyboothsandtableswherepersonascan relaxovera

VRcoffee,tradeinfoanddata,Caladanprovidesarangeoffunctionality.Userscanhookthemselves upwithoneofthemanySIMsthataretradedabouttheplace.Ifthey'rehotsimming,thenafew nuyenwillletthemtryoutsomeoftheBTLSIMsthatthenodehasonhand,too.Additionalnodes canbeactivated,tocreateprivateroomsforthosethatneedthem.VisitorscanalsoadapttheVR stylingofthenodewithinreasonablelimitations,thoughsecuritylevelusersandabovecanoverride orremovetheseprivilegesanduserswhoanno yotherpatronsquicklyfindthemselvesputbackin place. Node2:(name:GiediPrime)(System5,Response5,Firewall5,Analyse5): Purpose:Thisnodeservesadualpurpose.Firstly,itprovidesamoreselect'backroom'toCaladan,in whichmoresecureorlongtermpatronscanconversewiththeirpeersandenjoylessinterruptionsby newcomers.Secondly,itprovidesanarenainwhichhackerscansettletheirdifferencespersonato persona,whetherinfriendlycombat...ortosettleagrudge. AccessLevels:ThisnodehasaUserlevelaccessbutthisisnotavailabletovisitorsnormally membersonly.ThosewhohacktheirwayinmaybehassledbytheresidentIC,buttypicallythe residentsecuritylevelmembersallowanyonewhohackstheirwayintoremainandcallitoff.User levelaccessdoesnotallowonetorunindependentprogramsonthenode(e.g.Agents).Anagent couldrunelsewhereandvisitthenodehowever.Securitylevelaccessisnotnormallygrantedto anyonebutthepeoplewhorunthebaritself.AhackercanhacktheirwayuptoSecurity,butthiswill verylikelybenoticedbyeithertheadministratorsthemselves(atleastoneofwhichisnormally online)orpassedalongbyotherusers.Dependingonwhothehackerisandwhetherornotthey behave,theymaybeallowedtokeeptheirsecuritystatus,having'earnt'it.Ortheymaygetdumped. Accessibility:ThisnodeisonlydirectlyaccessiblefromCaladanandArrakis.Theoretically,itcould behackeddirectlyifahackerknewwhereinthevast,sprawlingarchitectureoftheMatrixitwas beingrunatanygiventime,butlackinganactualMatrixaddress,thisisanearimpossibletask. Essentially,usersmustfirstenterCaladanandtheneitherentertheGiediPrimenodeusinga legitimateuseraccount,orelsehacktheirwayin.Itisquitecommonfornewcomerstofirstgain accessthroughhackingtheirwayin,andtheywilleventuallybegivenaregularuseraccountin recognitionofthis. IC#1(Pilot5,BlackOut5,Attack5,Armour5):AnextremelynastypieceofICsoftwareoriginally boostedfromaRenrakusystemandthoroughlysanitised,thisICwilluseBlackOutwheneveritcan, orfallbackontheAttackprogramonlyifitmust. NodeFunctionality: AswiththeCaladannode,sideroomscanbecreatedifprivacyisrequired.Userscanalsodisplay informationinvariousmediainthenode.Chiefly,though,GiediPrime'smainresourceisavenue wherehackerscandiscussinterestingdevelopmentsinprogrammingandtheMatrixwithskilled hackers.

Node3:(name:Arrakis)(System6,Response6,Firewall6,Analyse6,Stealth6): Purpose:EveryoneguessesthatArrakisisthere,butnotmanyknowhowtogettoit.Evenfewerare ableto.UsedprimarilybythehackersthatsetupandruntheBar,itisasecureplacetodiscuss preciousexploits,thetrustworthinessofotherhackersandwhatthesecretmanoeuveringsofthe megacorps.Sometimesothersarebroughthereasguests.It'sarareeventforsomeonenewtobe grantedregularaccess,andusuallyonlyiftheyhavesuccessfullyhackedthemselvesinanddefeated theresidentICincybercombat,too.Eventhen,iftheadministratorsdonotfeeltheycantrustthe newcomer,thenexploitswillbefixedandtheuserwillberemoved.Muchofthesoftware(including theIC)iscustomisedorwrittenbythebar'sadministrators,everyoneofwhomisaskilledhacker,and everythingisofaveryhighstandard. AccessLevels:ThissystemhasonlyaSecuritylevelandanAdministratoraccesslevel.There'slittle pointincreatingauserlevelaccountastheonlypeoplewhoaregivenaccessarethosethatwould typicallyhavesuchaccess.TherearenocasualvisitorstoArrakis,andtheremovalofUserlevel access,merelyaddstothedifficultyofgettingin. Accessibility:ThisnodeisaccessibleonlyfromtheGiediPrimenode.Itmaintainsnoconnectionsto anyothernodeandtheadministratorsnevercreatesuchaconnection.Additonally,theconnection fromGiediPrimeisitselfhidden,requiringaMatrixPerceptiontestagainstthenode'sFirewall+ Stealth.Onlyifitislocated,isitthenpossibletoproceedtohackit. IC#1(Pilot6,BlackHammer6,Armour6):Acombinedeffortofseveralverytalentedhackers,this ICprogram(affectionatelycalledFeyd)isliterallylethal.Thenodedoescontainotherprograms thattheICcanloadinplaceofBlackHammer(eitherBlackOutor,intheunlikelyeventthat someoneusingARgetsin,Attack),andtheAdministratorsmayadjustdependingonwhetherthey thinkthevisitorisjustahackerwithideasabovehisstation,oriftheythinkthevisitorisanactual threat.Atleastoneoftheadministratorshasprovenherselfwillingtokilltoprotectthesecretsof whatgoesonhereanddependingwhoisaround,ahackermayormaynotfindmercy.Typically,the ICattackswiththewordsYouarenottheKwisatzHaderachbeforepummellingthehaplessvisitor. NodeFunctionality: ThemainserviceprovidedbyArrakis,issimplybeingthereandbeingsecure,buttheGMcanassume thatitprovidesarangeoftoolstoexaminecode,analyseandencrypt/decryptinformation,etc.

Example4:HomeOfficeSystem Example5:CorporateEnclave

GameNode SecuritySystem PrivateSites(parents?residentialspokespersons?)andcommunityforum

homenodes mediadistribution lightingsystems,powerandotherinfrastructure parking/garagesystem accountsandbillingsystems(powerusage,etc).