In the far future, it’s inevitable that many advanced civilizations will use computers to control their vehicles, infrastructure, and data stores. It is equally inevitable that some tech-talented hero will try to use that fact to get something they want. While hacking has some significant limitations in what it can accomplish, it can still be a useful tool for the right kind of hero.
The Polychrome rules for Ghosts are typically required when stealing money, or hacking organizations in "civilized" areas, such as Alliance Space, Instrumentality Space,Circus,ect.
The Digital Environment
Most planets with TL4 or better will rely on computers to operate their infrastructure and maintain their data.
They may or may not have an internet-like global network depending on their political situation and cultural values, but individual buildings or data storehouses will normally have an internal network. If there is no open planetary internet, a hacker will need to be physically present in the networked area to hack the system.
Most hacking requires a physical interface with the system, either through tapping a data line with a metatool or plugging into a connected terminal. Tapping a data line usually takes at least a minute unless a special cable-siphon tool is used, while plugging into a terminal is a Main Action. Some buildings may have a local wireless network that can be used as an entry point, and some planetary internets may allow assaults on arbitrary computers, but such convenient situations are unusual. Advanced security software usually makes such remote assaults impractically difficult.
It’s up to the GM to decide what parts of a facility are susceptible to hacking, and to determine the full scope of what effects a hacker can produce. A high-tech security door in some advanced facility might well be hackable, but every refrigerator, locked closet door, and employee bathroom is not necessarily slaved to the local network.
Executing the Hack
Assuming a hacker is able to make a connection, they can make an Int/Program skill check to hack the system.
If they’ve spent at least an hour planning this specific hack, the skill check requires only a Main Action to execute their prepared code. If they’re performing the hack off-the-cuff, it takes ten minutes. If they’re rushed and don’t have time to either prepare the hack or spend ten minutes dueling with security systems, they can speed it up into a single Main Action at an additional difficulty penalty.
The difficulty of the roll depends on the kind of information or influence they want to get out of the system, adjusted by the quality of the security system and any rush on the hacker’s part. On a success, they get what they want. If what they want is data, the in-formation is downloaded instantly. If what they want is control over an automated system such as a factory control computer or a security system, they maintain control for 1d4 rounds plus their Program skill before the system detects the intrusion and locks them out. The hacker can attempt to regain control, but further hacking attempts become more difficult.
If they fail, they must immediately make a second skill check at the same difficulty. On a success, they avoid an immediate alarm and a trace of their hacking location. On a failure, the system has been alerted to their intrusion attempt and has informed its human overseers of the hacker’s location. Depending on the nature of the system being hacked, the response may range from an annoyed data janitor shutting down the compromised terminal after he’s done eating lunch to a fast-response special weapons team busting through the windows ninety seconds later.
Hacking the same system in a short period of time is progressively more difficult, as the system’s alerts and security measures are increasingly active. Whether or not prior attempts were successful, an additional +1 difficulty penalty is added for every hack attempted in the system after the first within 24 hours.
Line Shunts
Some well-guarded or high-security computer systems require more than a simple hack to obtain data or sub-vert their functionality. These systems have multiple security redundancies and consensus-based backup processors that make it all but impossible to execute a hack from a single point. To overcome these systems or to execute exceptionally long-lived hacks, the hacker must place one or more line shunts at other locations.
A line shunt is a TL4 piece of black-market tech designed to tap into a data line and spoof the contents in concert with a hacking attempt.
Professional, well-maintained computer systems usually require one line shunt to be applied before any hack can be performed. Government or infotech-focused corporation buildings usually need two. Black sites or extremely well-guarded systems need three.
Once a sufficient number of line shunts are applied, any ensuing hacks last until the shunts are disturbed. Thus, if a hacker placed the shunts and then Subverted a System, their control would last as long as the shunts remained in place. The likelihood of a shunt being found will depend on how accessible the location is, how active the guardians are, and how obvious the hacking attempt is.
Line shunts must usually be placed at specific locations in a structure or building in order to tap the right lines, depending on the goal of the hacker. If the hacker doesn’t have a map of the site’s network architecture, they can find the necessary sites with the Answer a Specific Question hack. This basic data probe doesn’t require a line shunt, even if other hacks on the system would need them to be placed.
Data Protocols
It’s assumed that a competent PC with the Program skill is familiar with the common data formats and computing systems of their home sector. They will be aware of the security measures and technical specifications of worlds that are in common contact with each other. Sometimes, however, the hacker is faced with a completely foreign system, or one built along unknown alien lines. In these cases they will need to have the data protocols for the system before they can make an effective hacking attempt.
Assuming the protocols aren’t restricted information, the hacker can drop a few credits on local tech manuals and practice for a month minus one week per level of Program skill, down to a one-day minimum. At the end of that period, they’ll master the protocols.If manuals aren’t widely available, one option is to find a local hacker willing to share their information. The difficulty of this is up to the GM; it might require nothing more than a Connect skill check, or it may require a full-fledged adventure to find someone willing to stick their neck out for foreigners who are clearly going to cause trouble with their newfound knowledge. Prices range from 1,000 credits for worlds with restricted but not carefully-policed data, to prices of 10,000 and up for worlds with more draconian data controls.
Another option is to obtain a well-secured local computer and simply experiment on it. Of course, local hardware with up-to-date security measures of a breadth and sophistication sufficient to teach a hacker is likely to be either very expensive on the black market or require a “collection expedition” by the party.
Creating Identities
Every citizen of Polychrome has some kind of identity, usually one built up over long years of electronic commerce and corp tagging.
Even slum dwellers usually have some electronic footprint, as they require some notarized identity in order to use electronic credit transfers, use the net, or receive payment in anything but physical credit notes. Contact with corp or Council security creates a trail as well, and all the myriad little contacts with the wider world gradu-ally build up a history.
These identities are usually keyed to identification cards and private passcodes. DNA locks are impractical with the metamorphic effects of the Proteus implant, and retinal and fingerprint identification
can be copied by any halfway-competent stitcher. Even if a card is stolen, it’s useless without the corresponding passcode. Most providers include optional services, such as a passcode which allows a user to gain access to a small amount of money, but flags the card as being stolen and used under duress.
Because every electronic transaction or net log-in requires an identity, corp and Council security have an easy time tracing a person’s activities or fingering the culprit for illicit database intrusions or financial hacking. As a result, most criminals and other borderline types find it necessary to have an alternate identity they can use to conduct their less legitimate business. As long as no one connects their “ghost” to their real identity, the corps have no lead on them.
Ghosts come in multiple levels, depending on their completeness and anonymity, and each requires time and a Computer/Int skill check to create. They can also be purchased on the black market, though the quality of wares is never completely guaranteed.
| GHOST LEVEL | TIME | DIFFICULTY | MARKET PRICE |
| 1 | 1 day | 7 | 500 |
| 2 | 1 week | 9 | 5,000 |
| 3 | 1 month | 12 | 50,000 |
Level 1 ghosts are fairly superficial. Such a ghost can spend and receive credits and conduct activities on the net, but they can’t own real estate or own property worth more than 50,000 credits. Assets greater than that amount trigger automatic integrity checks in the databases that invariably reveal the identity to be false, resulting in the instant confiscation of its credit balance and its flagging for corp security. Dead ghosts are useless, and any hacking attempts with them invariably fail.
Level 2 ghosts are as substantial as real people. They can own real property and own any amount of credits, as they’re woven in deeply with the local databases and impervious to ordinary integrity checks.
They have a plausible credit history and background entry and are for all intents and purposes as real as any living, breathing person.
Level 3 ghosts are more than real- they’re a self-obfuscating identity cluster that regularly mutates to avoid scrutiny. Whenever the Council or a corp attempts to make a change to that identity, whether to confiscate money or flag it as criminal, the GM should roll 1d6. On a 4+, the change silently reverts 24 hours later, without notifying the corp or Council. The bank account attached to a level 3 ghost also has augmented integrity software attached, giving the owner 2 hours to pull out assets before an attempted wipe or confiscation will go through.
Creating a ghost requires substantial skill. The GM rolls the
Computer/Int skill check, rolling twice for Experts and taking the better score. If the check is failed by 3 or more points, the identity seems good, but actually contains flaws that will eventually trigger an alarm. Each time it’s used, the GM should roll 1d6. On 3+, local security is alerted and the ghost is “killed”.
Stealing Money
Hackers can plunder electronic bank accounts or alter ownership records on valuable financial instruments. Unfortunately, there’s always a time limit associated with these alterations, as the financial system’s backups and integrity checkers will invariably correct the loss sooner or later. Once that happens, the stolen money disappears from whatever account it currently occupies. This temporary cash is known as “joss paper” or “joss” after the ritual money burnt by certain local faiths at funerals.
Passing joss requires speed and discretion. As individual credit transactions are tagged to a buyer, and as those credits will soon disappear from the recipient’s account, it is generally a very poor idea to spend joss through a real identity. Private citizens and small merchants can do little more than file a complaint about theft, but corps that receive joss from a buyer will often flag that identity for security attention. Most joss is used to buy valuable commodities from a small business or private seller through a level 1 ghost identity that can be dumped after the transaction goes through.
Before rolling to acquire joss, a hacker needs to decide how large an amount he or she will attempt to steal. Joss lasts a minimum of 24 hours. For each point by which the hacker beats the difficulty, the joss lasts an additional 24 hours.
If the hacker beats the difficulty by four points, the infiltration was so perfect that the theft is permanent, and the credits are real money.
Stealing money requires 1d6 hours of work for a single skill check.
Permanent theft of electronic credit is possible through other means, but it usually requires the physical infiltration of a corp office and the perfectly-executed alteration of numerous financial records. Accomplishing a feat like that should be an adventure in itself rather than a single skill check.
| AMOUNT | DIFFICULTY |
| 1d6 x 100 | 7 |
| 1d6 x 500 | 8 |
| 1d6 x 1,000 | 9 |
| 1d20 x 1,000 | 10 |
| 1d10 x 10,000 | 12 |
| Common Hacking Actions | Difficulty |
| Answer a Specific Question | 8 |
| Get General Information | 10 |
| Complete Database Acquisition | 12 |
| Suppress a System | 8 |
| Subvert a System | 10 |
| Sabotage a System | 10 |
| Hacking Circumstances | Modifier |
| Human overseers are alarmed | +1 |
| Rushed work for an unplanned hack | +2 |
| Each hack after the first per 24 hours | +1 |
| Especially sensitive system | +1 |
| Types of Systems | |
| Ordinary personal system | -1 |
| Small business system/savvy personal | +0 |
| Minor gov/major corporation | +1 |
| Major government/megacorp | +2 |
Example Hacking Actions
These are some of the usual actions taken by a hacker. A GM can extrapolate others as the situation requires.
Answer a Specific Question (Difficulty 8)
Get a specific fact or piece of information from the system. Find a person’s home address, find a path to a desired destination in a building, locate active security cameras, pull criminal records on a person, or some other direct query.Get General Information (Difficulty 10)
Pull all avail-able information on a particular topic from the system. Get a full map of a site, get all information about security systems, pull a subject’s complete personnel file from a corporate database, acquire all files related to a secret project, or some other exhaustive data dump on a single specific topic.Complete Database Acquisition (Difficulty 12)
Copy an entire database to another computer or data storage unit. A single database might be a corporation’s personnel records, the records of a particular police precinct, the full database of a complex technical project, a starship’s operations record and system log, or another entire corpus of data. The database must be entirely present in the local system and any significant database requires at least an hour to decrypt and download, thus necessitating the use of at least one line shunt. The hacker must either have an adequate data storage unit, a landline connection to another computer or a wireless connection to a remote server.Suppress a System (Difficulty 8)
Shut down a particular automated system connected to this network. Cameras stop recording, sensors stop sensing, open powered doors won’t close, and automated gun turrets won’t fire. The hacker can affect several individual sensors or systems, but only of the same type. Thus, they could shut down an electrified fence for the duration of the hack, but they’d have to make a second hack to deactivate the cameras. When the hack ends, the system will resume operation without registering the interruption.Subvert a System (Difficulty 10)
Much as suppressing a system, except that the hacker can control its operation within the device’s normal parameters. They can upload fake input to a sensor system, fire automated defenses, or open sealed vault doors. The hacker can control the system each round by using a Main Action to do so; if uncontrolled, the system simply repeats or maintains its last state.Sabotage a System (Difficulty 10)
The hacker completely fries a specific system, either causing it to physically self-destruct or jamming it with malignant code. Unlike most hacks performed without link shunts, this damage is permanent until the owners repair the broken hardware, a process that usually requires several hours. Sabotage always triggers immediate alerts to any human overseers.