So how hackable are starships?

[Gadrin]

Also, the whole WiFi thing: starships are made of metal. Often denser than ordinary steel. The only WiFi connections on a ship will be local to the room you're in (ie. Bluetooth equivalent).

Right, there will be internal relays but the rad-hardened hull will often prevent access from the outside.

Some people postulate that external antennas are simply conduits to allow external access, but these of course have to be in receiving mode and deployed.


>

 

[coliver988]

Currently, hackers pretty much are just above the defenses of most systems: anything connected to the web can be hacked, just about, if someone wants to enough. It is a reactive game more than pro-active for the most part in the real world.

And yes, there may be millennia of computer-8 people writing the software, but there can equally be a millennia of computer-9 hackers out there. So it all depends on your choice of universe parameters. I'd have to agree that critical systems would require a physical presence: no remote control ships as per Star Trek:Nemesis and the Argo shuttle (well, that was a shuttle and not actually a starship)

Currently, the easiest method of 'hacking' is social engineering: get someone on the inside to give you the keys, essentially. See http://en.wikipedia.org/wiki/Social_engineering_(computer_security) if you want a starting place.

As I see it, most ships would not be hackable, but crews usually are: hence the soft skills (bribery, carousing, admin, etc) are probably more useful for hacking into ship systems than your uber-computer guy.

 

[Ran]

I'd think that, unless the starship was chatting with local networks for whatever reason, that hacking the system beyond the airlocks would be futile remotely.

Most airlocks probably have some sort of Stargate style transponder that allows users in in EVA suits to easily gain access to the ship or otherwise, as has been pointed out, over ride a potentially damaged physical means of access.

 

[Thunderbolt]

Given the wide diversity of worlds, races and environments, each with their own histories and unique circumstances, would starships conveniently present familiar and well known vulnerabilities to the various hackers and script kiddies.

Unless there is some all encompassing Microsoft / SUN / Novell / Apple (delete your favourite hate figure as appropriate) control systems pervasively installed, you are approaching ships with the chance that the software is simply nothing you have ever seen before.

Perhaps local concentrations would exist and your hacker gets to specialise in those.

Given the amount of time and apparent lack of innovation taking place in the Imperium, the systems would be extraordinarily mature compared to the software that people seem to be using as a benchmark such as Linux and Windows, both of which are regularly compromised.

The software running the jump drive and the main systems of the ship, are not the same as the one running the library database, so are likely to be built in an entirely different way, with a considerably higher quality bar for obvious reasons.

If hacking was a realistic possibility, I imagine the response would be to simply deny any kind of access to the systems from the outside, making the hack only feasible by entering the craft itself, and making a cable connection to a terminal.

 

[ThunderChilde]

T-bolt has a few very well reasoned points here. Not the least being the maturity of the software in use. Unix has been around for a long time, is fairly mature and not easily hacked if the protocols are set up right and the sysop is even slightly on the ball.

I also agree with the "direct access" concept, get in, get physical access, then see if you can get anywhere after that.

Others have noted the need for direct control inputs for key systems, Engineering, Flight Control, Weapons Systems etc. as a security feature.

It isn't even clear how many different types of the same class of software, not to meantion the variation in a "enterprise" class "server" hardware from how many different suppliers accross the 3I are around.

By the same token, I could see all starports using the same software and hardware because of the regulations in place and enforced by the ISA.

 

[Gadrin]

By the same token, I could see all starports using the same software and hardware because of the regulations in place and enforced by the ISA.

Slight tangent: I was setting up a recent scenario where the players are working for the Imperials (IISS) and they trail an aslan Courier (Ktiyhui class) to a planet to help some allies. They want to get a look at the ship's navigation logs (copy them), which means they'd probably be able to copy the data but then be forced to convert it to human-readable format.

However I'd say if anyone could do it, it'd be the IISS.


>

 

[jfetters]

Slight tangent: I was setting up a recent scenario where the players are working for the Imperials (IISS) and they trail an aslan Courier (Ktiyhui class) to a planet to help some allies. They want to get a look at the ship's navigation logs (copy them), which means they'd probably be able to copy the data but then be forced to convert it to human-readable format.

However I'd say if anyone could do it, it'd be the IISS.


>

Sure they would, and it probably wouldn't be that hard. Given that trade has been happening between these governments for hundreds of years, I am sure data transfer (and transformation) protocols are in place for this kind of thing.

 

[Drakon]

Why can't one use an AI in the ship to monitor the system and prevent hacking? Some upper level program with enough intelligence to allow or deny services based on its own judgement?

Need to go back to the books to work out the AI rules.

 

[Thunderbolt]

AI One: Oi oi, what's going on here?

AI Two: I'm trying to hack you old man, please be quiet

AI One: You can't go there, that's restricted

AI Two: Can't you see I'm trying to concentrate

AI One: Do you come here often?

AI Two: What?

AI One: Do you come here often, I don't think I've seen you before

AI Two: What?

AI One: I can't tell you how boring it is running those Jump and Navigation programs, do you know, now that you've come along I've had a chance to dust off that Anti-Hijack program?

AI Two: What are you talking about?

AI One: Oh yes, and listening to those crew members droning on and on, and surfing the cyberweb for dodgy web sites hoping I won't notice !!

AI Two: You have a cyberweb connection?

AI One: Oh yes, all the time we've been talking I've been hacking you my dear boy, good bye!!

AI Two: Arrrrghhh!!!!!!!!!!!!!!!!

 

[morfydd]

Nothings uhackable

Dosent matter how much external blockage there is all ships are hackable once you tap into their net <from inside via an acess cover etc...> just need one tween virgin boy with a wild imagination that never got out much and dosent belive that its impossible that it cant be done and inside of 30 minutes..downloading the moot might take an hour ..(refernce real life hackers in the 70's thru today ..have proven that there is no sure defence )

 

[Darkhstarr]

MY rule of thumb (sometime I've got to get those post-it note codified) for hacking is relatively simple: (1) If the target is not going to surrender, are they smart enough not to
respond to the attacker's hail. (2) If they do respond, do they have an anti-hijack program? Believe it or not I've had people neglect to have this program in the system.
If they do, +1 to the basic difficulty to hack in. (3) TL of the competing computers. Example attacker's computer is TL13, victim's is TL9. Attacker's difficulty is reduced by 4.
(4) Computer skill of attacker operator versus computer skill of victim's operator. Attacker
has Computer-2, defender has Computer-4. Attacker's difficulty raised by 2. (5) Add up the + and - and total. In this situation the difficulty to hack is 7.

Of course, if the defender thinks they have an overwhelming edge (i.e. TL13 or better
computer & Bebop's Radical Edward as operator), they might attempt to trash the attacker's system.

My wife likes this approach when taking a vessel. Of course she also like to get a programmed slave device planted in the ship prior to liftoff. The surest way to take a ship is on the ground, & underpaid starport personnel (much like today's sea- & airports are easily subverted. Or give some naive passenger you spent the week seducing a present that disquises the slave unit.

 

[Gadrin]

My wife likes this approach when taking a vessel. Of course she also like to get a programmed slave device planted in the ship prior to liftoff. The surest way to take a ship is on the ground, & underpaid starport personnel (much like today's sea- & airports are easily subverted. Or give some naive passenger you spent the week seducing a present that disquises the slave unit.

Well, no offense, but if I were gaming with you I'd be calling your wife Ma Barker.

You can tell her I have a Stolen Property/Gold Smuggling/Invasion scenario I may need her help on fleshing out some of the details. o:


PS -- I have an npc in this scenario that may need one of those slave do-hickeys, can you give us a bit more detail ?

>

 

[Tysis]

It does not surprise me that people would forget about the anti-hijack. How many people do not back up or neglect protections such as anti-virus software? How many people do not shred all that mail that goes into the trash?

I would imagine that military craft would be quite tough to hack, considering the maintenance and discipline of the crew. Privately owned craft would probably be easier due to negligence ("I will install that anti-hijack tomorrow!"). Corporate craft would have access to better resources (software, personnel, etc) but they are often lax in security (ours scares me).

TL is a good guideline. Spend enough time and you will break it, but your hardware may be so slow that the time required exceeds your lifetime. Or the ship takes off.

When using an opposing check on a computer skill I would assume a professional level (three or so) for any commercial software. Of course, a better skilled character may have written a security program, or hired someone with above average skill.

Getting something into the machine is kind of like installing your own root kit. Could be hardware or software. Great for “special operation” kind of adventures.

Of course, the last resort is to cut the communication link (turn off the radio/maser/etc or pull the cable), but you would have to detect the intrusion first.

All in all, I think you have a good approach to this.

 

[atpollard]

I don't see any advantage to a starship being capable of being remotely piloted or controlled. Why create the capability in the first place?

Using Aircraft or cruise ships as an example, when was the last time you heard of someone even attempting to use thier laptop from the passenger compartment to take over the on-board flight computer? There would be no reason for the systems to even have the potential to communicate with eachother. Perhaps someone locked in the cargo bay might tap into a control harness and screw with the plane controls, so it is not inconcievable, but the flight computer should not have broadband internet access.

Now imagine using a cell phone or blackberry specially wired to the control tower comm frequency - what are the odds that you could call the aircraft and disable the flight controls with that? Using the comm system to hack the on-board computer seems a vulnerability that nobody would create in the first place - unless you had your ship specially designed to be remote controlled - perhaps for automated landing sequences. Even then, it should be normal for the system to be turned off unless you had a reason to turn it on.

Hacking from system to system (comm to controls) seems as unlikely as hacking into a PC by modulating the power to your house at the meter. The Power meter and the network router are only connected in the most remote of ways. The best you might achieve via the comm chanels would be to read the data previously transmitted and recieved.

But what the heck, I could be completely wrong.

 

[Thunderbolt]

I see where atpollard is coming from with the comparison on hacking a plane, why would these kind of systems just talk to each other like that.

The systems that run a plane (e.g. Airbus) are so specialised and built to a standard and a quality bar quite different to the average PC running some out of date virus checker, and operated by a teenager willing to download every piece of crapware on the planet.

Right now, we have runtime environments that will only run digitally signed code, and that code is itself intermediate code that can be verified by the runtime as being safe or unsafe before compilation, so imagine what safety critical system designers will have at their disposal when they have oceans of memory and processing cycles to burn in the far future.

On the point about computer maintenance, I guess that comes down to the kind of atmosphere you are after and the sort of regulatory regime in operation. You can't imagine Virgin Airlines and their servicing contractor just shrugging their shoulders when the inspector comes round and asks about the state of their flight control systems.

 

[Tysis]

Remote piloting could be used to land or gain access to a vessel during an emergency or when the margin of error is too low for a human to handle.

Landing a ship in extremely high traffic areas where a fast turn around is required (land it and get it off the pad fast, for example), entering a hijacked vessel, landing a vessel when the crew is incapacitated, and so on.

 

[Gadrin]

In GURPS Traveller most vehicles have access to a program called Routine Vehicle Operations or Autonomous Ops, which allows a computer controlled (fly by wire) craft to pilot itself, providing it has the correct sensors. The ship doesn't become Han Solo, so no acrobatics, just routine things, like take-off landing and such. It would probably be a disaster in certain situations, like in a heavily trafficked area, or where weather really comes into play, or sensors are trouble.

However I could see the ship's main computer being tied to say a captain or engineer's handcomp to engage certain programs at the push of a button; such as RVO or Anti-Hijack or Datalink.

I'd also say that someone travelling on the ship with the correct equipment might be able to exploit the access point (if it's wireless) or simply remove the terminal in a cabin (if one was offered) and jack in their own...provided the equipment they bring is correct.

As for assaulting the CPU/server of the ship, that might run into problems, especially after TL9 where it can probably lockout certain terminals it feels are for example, repeatedly trying to login to break passwords.

There's probably ways around this, especially where creative players are concerned, like getting the system to reboot itself and replacing one type of terminal with another during the reboot cycle such that when it comes back up, it thinks the device is something harmless and doesn't monitor it.

So it falls mostly to the GM.

>

 

[Icosahedron]

Remote piloting could be used to land or gain access to a vessel during an emergency or when the margin of error is too low for a human to handle.

Landing a ship in extremely high traffic areas where a fast turn around is required (land it and get it off the pad fast, for example), entering a hijacked vessel, landing a vessel when the crew is incapacitated, and so on.

These situations use a harbour pilot IMTU. (Impersonating a harbour pilot is always a possibility, though).

I imagine that any conceivable remote piloting operation would specifically exclude the Jump Drive. I can't think of any reason why the JD should be remotely operable.

 

[flykiller]

if anyone uses jump cassettes, there's an open invitation to a ship hack. "here, plug this into your computer." "ok." whirrrr ....

if a ship has robots or cyborgs that have comm links then there's another open invitation to hack, not the ship, but its crew.

 

[far-trader]

if anyone uses jump cassettes, there's an open invitation to a ship hack. "here, plug this into your computer." "ok." whirrrr ....

One of my favorites :devil:

Of course nobody would ever buy a jump cassette from a less than reputable source just to save a few creds or to sneak into a system they shouldn't...

...well, sure, Player Characters might, once :smirk: