Security and Hacking

It's the dawn of the twenty-first century, and Los Angeles is a center of technological consumerism, if not research or development. Computer networks carry millions of dollars in and out of the city every hour. Cell phone networks are jammed with tens of thousands of users. Only a nobody walks in L.A., but anyone who is anyone has a PDA in their pocket and a broadband internet connection at home. Functions combine in increasingly smaller packages - though perfect portable wireless internet is still experimental — and things become more and more automated.

In many ways, vampires appreciate the anonymity, the ability to act from behind an email address. But at the same time it empowers vampires, it empowers each and every human in the city. Dominate doesn't work through email, or through a cell phone. Technology is ripping vampires away from their traditional power structures. Technology advances quickly, and many vampires find that they simply cannot keep up - they are too old, too set in their ways. Remember that vampires are not as adaptable as mortals, they do not paradigm shift as quickly as humans do.

Security and Hacking Systems


Inevitably, in a world of vampires, intrigue, and scheming, characters will want to set up or defeat security systems - both physical security, and computer security. As with many other areas of roleplay, often the character knows more (or less) about the subject than the player does.

The following system will be used as a basis for modeling all security systems break-ins and computer hacking attempts on this MUSH. It is a system for defeating security systems, not picking locks on front doors that aren't wired to anything. That should be handled with a simple negotiated contest.

Attempts to break into another players property or computer should be negotiated with that player - attempts to break into an NPC installation should be negotiated with an architect through a +feedback.

Essentially, trying to defeat a security system of any sort is a contest of skill between the designers of the system, and the person trying to defeat it. Various other factors have to be taken into consideration though, including the resources available to either side. The Department of Defense has a great technological advantage over a typical small company, and likewise a security-oriented company has a great resource advantage over a street-thief or amateur computer hacker.

All attempts to break into a security system of any sort will be modeled as a contest between the attacker and the designers of the system.

Two contests are made:

The first contest determines Success or Failure. A tie indicates the attacker has spent some time trying but not succeeded yet, but may try again. A failure on this contest means that the attacker can find no way in, and may not try again by the same method.

The second contest is to see if the attempt was detected. Success for the attacker means the attempt was undetected, failure means clear evidence of the attempt was left - a tie means evidence was left but will not be noticed unless there is some other reason to suspect the attempt was made.

For characters with stats, use Perception or Intelligence plus Security or Computer as appropriate. Where a security system has been designed by an NPC, values in the following ranges are suggested. The audit bonus applies to the second contest only.

Computer Systems Skill Total Audit Bonus
Public Access System 4 to 5 0
Academic System 4 to 7 0
Business System 3 to 5 -1 to +1
Financial System 6 to 8 +1 to +2
Military System 7 to 9 +2 to +4

Physical Security Skill Total Audit Bonus
Private House 3 to 5 0
Small Business 4 to 6 -1 to +1
Large Company 5 to 7 0 to +1
Financial Institution 6 to 8 +2 to +3
Military Facility 7 to 10 +2 to +3

* For Government Facilities choose Large Company, Financial or Military.

The attacker may attempt to be especially careful not to leave evidence, and give away Advantage on the first contest, while claiming Advantage on the second. Or they may be reckless, and claim advantage on the first contest, while giving away Advantage on the second.

Social Engineering
Social engineering is the attempt to defeat a security system by manipulating the people who run it, rather than the system itself. Successfully defeating the systems skill total with a social contest gives Advantage on the success contest. It has no effect on the Audit contest.

The party with greater Resources gets Advantage on both contests. This is to reflect quality of equipment, ability to hire consultants etc. It may be possible to use certain Influences in this capacity also.

Security Cameras

"Just look at the *tapes*!" he cried, "The security tapes from the Elysium cameras will show I've been wronged!"
Unfortunately, no.

Some notes about security cameras, regardless of Security/Influence/Resources:

  1. Security cameras will never have useful audio in monitoring environments unless specifically and carefully prepared with both local microphones and controlled positioning of participants (each time) in the conversation. Random encounter audio will NEVER be intelligible.
  2. Tapes of past events will essentially be lost after 24 hours. Either erased wholesale or effectively labor-restrictive in un-archiving. These are just not typically handled well. An extremely expensive system may allow for a poor-quality time-indexed visual-only image to pull up an event if a specific span of time is requested.
  3. Cameras designed to counter Obfuscate in real-time suffer a number of possible difficulties, from monitoring folk being uncertain of what is normal and not, to a very real IC conspiracy by Clan Nosferatu to infiltrate security systems manufacturers and introduce intentional defects.
  4. (And most importantly) This world has a theme of Darkness. Fear and uncertainty are key elements. Security is not something to be relied upon. Insecurity is theme-appropriate, and an understanding as to the unreliability of such monitoring helps us promote the unnerving feeling of detachment.
White Wolf © White Wolf
Original Work is licensed under a CC Attribution-Noncommercial-No Derivative Works 3.0 US License.