Updating Computer Use from D20 Modern
Last week I took a long hard look at Computer Use the skill from the D20 Modern SRD, like Drones it was written in 2004 and a lot has changed since then.
I think the first thing to mention here is between all of the skill uses in Modern and Future the skill takes up 4 pages, I needed to cut that down. Secondly I need to make changes to the skill so that it at least reflected 2014 sensibilities and work for a SciFi setting.
Computer Use (Int)
Check: Most computer operations don’t require a Computer Use check (though a character might have to make a Research check; see the Research skill description). However, searching an unfamiliar system for a particular file, writing programs, altering existing programs to perform differently (better or worse), and breaking through computer security are all relatively difficult and require skill checks.
Find File: Find files or data on an unfamiliar system. The DC and time required vary by system.
Defeat Computer Security: This application of Computer Use can’t be used untrained. DC varies. If the check fails by 5 or more, system alerts security. System security may attempt to identify the intruder or cut off the intruder’s access to the system.
At this point I realized that the Character using the skill might be Attacking or Defending the system, so removing all references to the Character and making it into either Intruder or Defender roles simplified the language. Removed all references to System Administrator and Site in favor of System Security and System. Site has a Website only connotation and I needed a term for Security that wasn’t a Sys Admin and could allow for the Computer System to be defending itself.
Sometimes, when accessing a difficult site, the character has to defeat security at more than one stage of the operation.
I like this, it turns computer hacking into an Extended Challenge or even something like a Chase.
If the character beats the DC by 10 or more when attempting to defeat computer security, the character automatically succeeds at all subsequent security checks at that site until the end of the character’s session (see Computer Hacking below).
Well that sucks, you had a kernel of something interesting and you ripped it out with one good roll. Also lets take into consideration that modern computer hackers usually gain entry through the least difficult means first and work into higher levels of difficulty from there, I see this as an issue. So I’m going to cut it.
Computer Hacking: Breaking into a secure computer or network is often called hacking.
When a character hacks, he or she attempts to infiltrate a system. A system is a location containing files, data, or applications. A system can be as small as a single computer, or as large as a network connecting computers and data archives all over the world—the important thing is system access connects the user to everything within it. Some sites can be accessed over networks; others are not connected to the outside and can only be tapped into by a user with physical access to the system.
When you write adventure modules for Modern games it has been said that it is difficult because Modern encompasses so many Genres. Another caution when writing adventures is that if a story relies on character having one particular skill to succeed you have failed the players. I bring this up because if your players don’t have Computer Use and the story relies on the party getting something from a Computer there are other means, many schemes involve finding people who already have access to the information you need and asking them for it.
Every system is defended by security—the entity in charge of the system, who maintains its security. Often, system security is the only entity with access to all of a site’s functions and data. A site can have multiple system security personnel; large sites have system security on duty at all times. A character is the system security of his or her personal computer.
When a character hacks into a system, the visit is called a session. Once a character stops accessing the site, the session is over. The character can go back to the site in the future; when he or she does, it’s a new session.
There are several steps to hacking into a site:
Covering Tracks: This step is optional. By making a Computer Use check (DC 20), a character can alter his or her identifying information. This imposes a –5 penalty on any attempt made to identify the character if his or her activity is detected.
Identifying the Intruder is a contested Computer Use roll so making the DC 20 check early on is cheap insurance, but by no means foolproof.
Access the Site: There are two ways to do this: physically or over a network.
Physical Access: A character gains physical access to the system, or a computer connected to the system. If the system being hacked is not connected to an open network, this is probably the only way a character can access it. A variety of skill checks may be required, depending on the method used to gain access.
Network Access: Reaching a site over a network requires two Computer Use checks. The first check (DC 10) is needed to find the system on the network. The second is a check to defeat computer security (see the Computer Use skill description). Once a character has succeeded in both checks, the character has accessed the site.
I don’t like this, when you’re looking for information, you don’t always find the computer where the secrets are in a Google search. Companies and Adversaries are under no obligation to publish the information required for their employees or corporate partners to get onto their systems remotely. Since it is basically the same type of thing I am inserting the Type of Information DCs from Gather Information here, finding a system with Protected Information is a DC 25. Since these sites might have Security DCs of 30 or more I hardly think this is going to stop the PCs dead in their tracks.
However going back to my earlier point, if the PCs do struggle to find the information online, look for someone who has access to the information already, hopefully the Party Face has a better Diplomacy than the character doing the hacking.
Locate What You’re Looking For: To find the data (or application, or remote device) the character wants, make a Computer Use check. See Find File under the skill description.
Defeat File Security: Many networks have additional file security. If that’s the case, the intruder needs to make another check to defeat computer security.
This may or may not include encryption. We had Encryption in 2004, files can be secured to a limited number of users, files can be password protected or they can be encrypted requiring access to a password/token or some other means of decrypting the data. Anyways it really is just a sub-use of Defeat Computer Security.
For brevity I should re-write the steps as Find File, Defeat Computer Security,
Do Your Stuff: Finally, the character can actually do what he or she came to do. If the character just wants to look at records, no additional check is needed. (A character can also download data, although that often takes several rounds—or even several minutes, for especially large amounts of information—to complete.) Altering or deleting records sometimes requires yet another check to defeat computer security. Other operations can be carried out according to the Computer Use skill description.
Defend Security: If the character is the system security for a system (which may be as simple as their laptop), he or she can defend the system against intruders. If the system alerts system security to an intruder, system security can attempt to cut off the intruder’s access (end the intruder’s session), or identify the intruder.
Cut off system access: Make an opposed Computer Use check against the intruder. If system security succeeds, the intruder’s session is ended. The intruder might be able to defeat the system’s security and access the system again, but the intruder will have to start the hacking process all over. Attempting to cut off system access takes a full round.
One way to prevent further access is to shut the system down. With a single computer, that’s often no big deal—but on a large site with many computers (or computers controlling functions that can’t be interrupted), it may be time-consuming or even impossible.
Once System Security shuts down the computer where the secrets are kept the Adventure is over, the Characters lose right? Companies often keep backups offsite, so the characters might be able to obtain a backup copy from the offsite location, maybe the backups are in the Cloud or some user takes data home they shouldn’t. A bad roll shouldn’t stop the story.
Identify the intruder: Make an opposed Computer Use check against the intruder. If security succeeds, they locate the system from which the intruder is operating (if it’s a single computer, the character learns the computer’s network location and other identifying information).
Originally this said they find the name of the computer’s owner, computers aren’t really registered like that and it is often very hard to prove attribution in hacking cases. Locating the computer is often hard too and a lot of times when you find it, it is just another victim’s machine that was used as a dummy to attack you while concealing the true enemy location and identity.
Identifying the intruder requires 1 minute and is a separate check from cutting off system access. This check can only be made if the intruder is accessing the character’s site for the entire length of the check—if the intruder’s session ends before the character finishes the check, the character automatically fails.
So it takes a minute to find the bad guy, a minute is a long time in game terms. It might take a minute to find the bad guy by checking all the system logs and in some cases you might tip the bad guy off that you know he is in the system. Wait, what? If the Intruder controls any of the network resources on his end, asking too many questions about that network’s users or traffic might tip off the bad guy somebody knows about the hacking attempt and they are trying to find out who it is.
There are security appliances in existence today that already try to identify potential Intruders, even when they have done nothing wrong. So in game terms the Security would roll to ID the Intruder even if he doesn’t fail his Defeat Computer Security check by 5 or more. Some of these appliances also use an external address database that won’t tip off the Intruder. This is way too much complexity to layer onto a Skill writeup. However if the PCs are defending the System and they fail to ID the Intruder, but if the story relies on them finding him or her then the PC or NPC in charge of the Security finds a suspicious traffic alert from one of the security devices.
The problem here is according to the Rules As Written the computer only alerts Security if the Intruder fails his check to Defeat Security by 5 or more, so the Intruder and Security BOTH know at the same time that the Intruder did not get in OR that someone who got in earlier tried to access a file and couldn’t. However there is no scenario where the Intruder is going along doing his business and Security finds them in the system and slowly starts to figure out who he is or what he’s doing. There is nothing to account for Honeypots. Also if Security does try to find out who the Intruder is, they have to do it WHILE the Intruder is in the system? We have these things called logs, they tells who came from where, what they did and if there ever was going to be enough information to ID the Intruder, it is in the logs.
I think I need to just cut the auto-fail language and keep the contested Computer Use checks.
Degrade Programming: An attacker can destroy/delete or alter applications on a computer to make use of that computer harder or impossible. The DC for the attempt depends on what the character tries to do. Crashing a computer simply shuts it down.
Maybe we should call it shutting a computer down then?
Its user can restart it without making a skill check (however, restarting takes 1 minute).
There are computers in 2014 that boot in less than 10 seconds. Phones, Tablets and other devices are all also about 10 seconds from being completely turned off, all devices are pretty much Instant On from sleep, but lets say anything from the 2014 is going to restart in 2 rounds. SciFi computers might really be Instant On, however dramatic tension seems to demand computers take some time to boot up.
Destroying/Deleting programming makes the computer unusable (less useful) until the programming is repaired. Damaging programming imposes a –4 penalty on all Computer Use checks made with the computer (sometimes this is preferable to destroying the programming, since the user might not know that anything is wrong, and won’t simply decide to use a different computer).
A character can degrade the programming of multiple computers at a single site; doing so adds +2 to the DC for each additional computer.
Fixing the degraded programming requires 1 hour and a Computer Use check against a DC equal to the DC for degrading it + 5.
Why don’t or can’t I restore from an image or backup? Nothing takes an hour anymore. Windows XP had Windows File Protection to stop exacly this kind of thing in 2001. Attackers rarely bring down their targets anymore as they need them on and useable to take whatever information they came for.
Denial of Service attacks which would do what the RAW are suggesting consume many resources on the target computer, however a DoS attack is noisy and possibly better suited to distract System Security from your actual target than as an end in and of itself.
Write Program: A character can create a program to help with a specific task. Doing so grants the character a +2 circumstance bonus to the task.
A specific task, in this case, is one type of operation with one target.
The DC to write a program is 20; the time required is 1 hour.
I’ll leave the time on that one alone, except is the one target thing subject to change with +2 to DC for each extra? People manage networks with thousands of machines off of simple scripts.
Operate Remote Device: Many devices are computer-operated via remote links. If the character has access to the computer that controls such systems, the character can either shut them off or change their operating parameters. The DC depends on the nature of the operation. If the intruder fails the check by 5 or more, the system alerts its system security that there has been an unauthorized use of the equipment. Once alerted, system security may attempt to identify the intruder or cut off his or her system access.
Interestingly enough the Operator in this case might not be an Intruder or System Security, it might just be a User. Now we get into ‘normal’ skill uses not needing rolls, but what if I need to stop all the trash compactors on all the levels and I’m not a rebel robot, but the guy who processes the trash.
In addition to all the standard uses, Computer Use can be used to operate shipboard sensors as well as send, jam, scramble, and unscramble transmissions sent through space or across dimensions.
Check: The following applications of the Computer Use skill can be used untrained:
Conduct Active Sensor Scan: Using a starship’s sensors to analyze another ship or object in sensory range requires a Computer Use check (DC 15). An active sensor scan conducted over a vast distance (for example, across a star system) or subjected to some form of disturbance (such as interference from a solar flare) applies a –5 or higher penalty on the check.
This is an advanced use of the Sensors, normal Sensor checks are just going to be Perception checks to notice something on the Sensors. Making the Sensors do something outside normal takes a check.
Send Transmission: Routine communications (hailing a nearby ship, using a subspace or dimensional transceiver, and so on) are accomplished with a Computer Use check (DC 10). Communications sent over incredibly long distances (such as between star systems) are subject to distortion; correcting that distortion to ensure a message reaches its intended destination requires a successful Computer Use check (DC 20).
Ansibles are going to change the long distance to a normal check, but anything being interfered with would need a higher roll.
The following applications of the Computer Use skill can’t be used untrained:
Jam Transmission: This skill can be used to prevent a ship or facility from receiving an incoming transmission. An opposed Computer Use check between the individual receiving the message and the individual attempting to jam the message determines whether or not the message gets through. If an unmanned computer receives the transmission, jamming the transmission requires a Computer Use check (DC 15).
Scramble/Unscramble Transmission: Computer Use can be used to scramble a transmission. This is done with an opposed Computer Use check between the individual sending the message and anyone attempting to intercept or unscramble it.
Time: Scrambling or unscrambling a transmission are all full-round actions. Conducting an active sensor scan or sending/ jamming a transmission is a move action.
A lot of Computer Use checks up until now have been 1 round or longer, so a Move action is a big deal, you could do 2 sensor checks, or a check and an attack or something now.
Special: A character can take 10 when using the Computer Use skill. A character can take 20 in some cases, but not in those that involve a penalty for failure. (A character cannot take 20 to defeat computer security or defend security.)
A character with the Gearhead feat gets a +2 bonus on all Computer Use checks.
Time: Computer Use requires at least a full-round action. The GM may determine that some tasks require several rounds, a few minutes, or longer, as described above.
Hmm, the Time thing at the end conflicts with uses of the skill above that are only Move actions.
I’m going to be working on a revised Computers system for 21st century hacking as well as the Galaxy Pirates setting and probably 2 action system with degree of success. There might also be some card for sort of hacker attacks or security systems defending themselves.
If you have any feedback about this post or our books please feel free to contact us.
Paul
Evilrobotgames at Gmail.com