In the simplified netrunning system, we will not be using any of the existing cinematic, “Matrix”-style netrunning rules. Instead, use the following heavily abstracted rules, written by noted hacktivist CH33Z5T1X.
The AI’s that a netrunner will face in 2095 are usually hardware based, relatively inflexible, but extremely stable – this is a contrast to the pre-war “Infomorph” AI’s that led to the atrocities in 2030’s Siberia. Such self-aware software based AI’s are now banned all around the world, and thus so rare as to be more urban legend than reality. Modern AI’s are experts within a limited capacity, but not especially creative. The most common one encountered by hackers is the “Security AI” which acts as a 24/7 tireless sysop, monitoring system and network functions, dealing with routine threats, and notifying humans when needed.
BASIC MECHANIC: For most tasks that are not being directly opposed by a Sysop or an AI (which uses the standard opposed test rules), the Netrunner has to beat a target number based on the quality of the operating system to connect or issue commands. The basic task is:
INT + Interface + Situational Modifiers (+/-) +d10 versus DIFFICULTY
ACCESS LEVELS: Once a Netrunner succeeds in gaining entry to a system, they have "Basic User Access". That means they will have basic read and write access to most things in that particular system. If they want to edit anything on the system or run malicious programming they will need "Super User Access", which they can get by rolling the DIFFICULTY for the system at one level higher, (+5). The highest level of access is "Root User", which essentially owns the system and can do anything at all. Gaining "Root User Access" is two levels higher DIFFICULTY, or a +10. Once a Netrunner has achieved a particular access level, actions become much easier to perform, and the DIFFICULTY number drops considerably.
Access Level Benefits
Basic User Access: No modifiers to DIFFICULTY
Super User Access: All tasks one level easier (-5 to target DIFFICULTY)
Root Access: All tasks two levels easier (-10 to target DIFFICULTY)
SYSTEM TRACE: This important number is the number of failed attempts a Netrunner has in any particular system, until alarms start blaring and a Sysop or Security Spider shows up in the system to investigate. This includes both attempts to enter the system, and tasks carried out within the system once entry is achieved.
Once the alarms start going off, the hacker has one chance to shut the alarms off and mask themselves as a "false alarm". This roll is at the same DIFF required to gain entry to a system. A success does not reset the Trace Count - a system exhibiting a false alarm will still remain on alert for some time.
WIRELESS HACKING: When hacking a system through an existing network, it makes no real difference whether one's connection is wireless or landline in most cases. On the other hand, wireless connections are vulnerable to jamming, detection, and simple background interference. In environments where the signal may be interrupted by ECM or interference, increase the DIFFICULTY by one or two levels - one (+5) for interference, two (+10) for deliberate jamming, possibly even more. If the hacker has no means to counteract the interference or jamming, the hack is simply impossible. Boosting signal strength is the usual method of coping with these challenges, though other more sophisticated means are possible.
HACKING OF DRONES, UTILITIES, AND CYBERNETIC SYSTEMS: Traditional computer networks are not the only targets for the enterprising hacker. Drones, physically isolated utility systems like remote cameras and gun installations, and even cybernetics installed in a human being may all be hijacked using a cyberdeck. Interfacing with things like drones, utilities, and cyber is the difficult part. Access will nearly always be wireless, through connections not intended to be used in the manner the netrunner will undoubtedly use them. Once inside, these devices rarely have effective countermeasures of the sort that would interfere with a netrunner.
For game mechanic purposes, all of these can simply be treated as though they were normal systems. Increase DIFFICULTY one step (+5) to access using a wireless port. If the netrunner can directly access the devices in question - jacking into the robo-gun's diagnostic port, or plugging into "Boosterboy"'s socket directly while he is strapped to a gurney, et cetera - lower all DIFFICULTY one step (-5). Most remote devices are DIFF = 10, though some few systems might be protected more effectively.
In any case, this sort of hacking is relatively limited in range, requiring that the hacker have line of sight, and be within fifty yards of the target. If the target is not in line of sight, or out of effective range, increase DIFFICULTY one step (+5) for each that applies. Both of these conditions can be compensated for using signal boosters, but this dramatically increases the odds of detection by someone who will not appreciate the hacking attempt.
Hacking into something connected directly to the human nervous system adds a new layer of complexity. To hijack a cybernetic system, the DIFFICULTY is the victim's COOL x 2.5 rounded up. Getting in unnoticed is even harder - increase DIFFICULTY one step (+5). The victim will certainly notice when their own arm starts attacking them. HARDWARE (written by 83N70N)
Cyberdecks are no different, though being portable they are usually no match for a static system AI. This is where the Netrunner comes in, supplying his human reflexes and intuition to do battle with the system AI, aided by carefully chosen software. The cyberdeck is the hardware that allows a human brain to compete with an AI on an equal footing. By 2095, system memory is so abundant and cheaply available that there is no real point in tracking it. Assume that if it matters, there is enough memory for most software or files on a typical computer. Systems, including cyberdecks, have only one attribute worth tracking:
System Quality represents the raw speed and processing power of the system, as well as the effective intellect and decision making power of the unit. This determines the base cost of the system, and greatly affects its utility. The cyberdeck is rated as -1 to +3, though it is exceedingly rare to find anything above +1 commercially available. This number serves as an upper limit on the program power... if you have a +1 deck, that's a decent deck, but you won't get more than +1 out of your programs.
SOFTWARE
In this abstracted system, software is rated by Program Quality, which can range from -1 to +3, though it is exceedingly rare to find anything above +1 commercially available. A system cannot run software with a rating higher than its System Quality, as noted above. While it may seem counterintuitive to have software with a penalty, you must have the appropriate software to even attempt most tasks - software can in theory be coded on the fly, but this is exceedingly difficult and happens more in fiction than in actual net runs.
Each category of programs actually represents a useful cluster of individual sub-programs, each with cool in-setting names like "Flatline", "Aegis", "Safecracker 6.1" or whatever.
Utilities – Software designed to perform various functional tasks, such as file management, hardware maintenance, remote/drone operation, et cetera. This software acts as a bonus for various tasks unrelated to actual intrusion and evasion.
Intrusion Software – Software designed to infiltrate computer security, mask one’s electronic signal or trace, and slip pass password/ID verification protection. This software acts as a bonus to evading a Trace Alarm, as well as to avoid detection by sysops and "security spiders".
Counter-Intrusion Software – Software designed to detect intrusion, alert system management, and protect systems against electronic attack of various sorts. This software acts as a bonus to detection of intruders or otherwise cloaked systems and combatants.
Defensive Software – Software designed to defend other software, hardware, or users from direct attack by offensive software. This software acts as a bonus to the defense roll to avoid the effects of offensive software.
Offensive Software – Software designed to directly damage programs, hardware, or even directly attack the nervous system (so-called “Black ICE”). Exact effects depend on the software involved, and must be specified when purchased. Most of these programs produce a temporary effect, though some can be designed for permanent damage. There are three main varieties of offensive software, based on their intended target: anti-software, anti-system, and anti-personnel. Within these three, there are many different sorts of specific effects that can be created.
Offensive Software is modified according to the following:
Anti-Software is base price, unmodified from the main table.
Anti-System is x2 base price, reflecting the more sophisticated programming required to actually damage hardware.
Black ICE is generally illegal, costs x5 base price, and only affects users that are connected to the target system via interface cables. There are several types available, differing in flavor and targeted attributes:
"Zapper" inflicts simple damage against the target, like a weapon attack.
“Mindwipe” software attacks the brain directly, reducing INT and/or COOL
“Nerve Burn” attacks the nervous system and cerebellum, reducing REF.
“Shutdown” interferes with cardiac function, reducing BOD.
Damage is healed at the normal rate. Recovery of lost attributes requires hospitalization and therapy, but they can be healed given time and money.
OPTIONAL RULE - OBSOLESCENCE - Software is constantly becoming obsolete, so add a penalty to the older software in any contest, -1 if a month older, -3 if a year older, -5 if older than that. This means that successful netrunners are constantly on the prowl for the latest and greatest software.
CYBERSPACE COMBAT - When a hacker engages in "combat" against a sysop, another hacker, or a "security spider", it is treated as a series of rolls, Attacker vs. Defender.
Initiative = INT + Interface + Deck Bonus + d10
Attack Roll - INT + Interface + Situational Modifiers (+/- deck and offensive software) + d10
Defense Roll - INT + Interface + Situational Modifiers (+/- deck and defensive software) + d10
The "Margin of Success" determines the actual results, with the defender winning a tie.
Anti-Software: Software damage can be repaired by a reinstallation of programs. This is relatively quick, and can often be done within minutes if backups are available.
+1 to +4: Inflicts a cumulative -1 to all software bonuses
+5 or more: Inflicts a cumulative -1d6 to any software bonuses
Critical Success: Wipes the system, forcing the target offline, leaving them stunned for 1 round. Software replacement will require a DIFF=20 programming roll.
Anti-System: Hardware damage requires component replacement to repair, which takes longer and is sometimes impossible.
+1 to +4: Inflicts a -1 to all hardware bonuses, including initiative
+5 or more: Inflicts a cumulative -1d6 to any hardware bonuses, including initiative
Critical Success: Cripples the system, forcing the target offline, and inflicting 1d6/2 points of feedback through interface plugs. The deck will require repair or possibly replacement.
Anti-Personnel
+1 to +4: Inflicts 1pt of damage or attribute loss as appropriate to the attack.
+5 or more: Inflicts 1d6pts of damage or attribute loss as appropriate to the attack.
Critical Success: Reduces the attribute to 0, leaving the user in a coma, at Mortal 0.