In High technology setting, the hacking skill is incredibly powerful, and a shortcut in many investigation scenarios. By hacking the CCTV camera, I could see that Joe did it, by checkin [insert social media] I know were the evil gad guys live.
Either you go old shadowrun-style with a whole mini game where decker can be killed by AI but it’s pretty heavy and weird, or you end-up with 3 success on my roll and give a lot of info for just one roll.
What are your trick/house-rules to prevent that ? And how would you actually protect from panopticon. Especially looking how stupid people are in today’s real world
hacking skill is incredibly powerful, and a shortcut in many investigation scenarios
(From cyberpunk-ish perspective)
Let’s re-frame this. Instead of thinking about hacking, let’s think the goal here is to shoot someone. Of course, they can just walk up and shoot. But that is not enough to spend time on this. Especially when one of the PCs is a cybered-up shoot-first-ask-later kind of character. So what do we do, so there is a challenge to that? You can have bodyguards, secure buildings, time-frames, additional entanglements. Just as we don’t envision a mission where they could just walk up to the target on the street and pull the trigger, we need to add layers to hacking too.
And before I get to giving some examples. Take a look how investigation flows in noir films. Our hero is often and oddball that somehow manages to sleaze his way into possession of some info but then hits a snag, it all ties to someone with power. Some scheme where a few bad steps can buy you a bullet. So the hero had their shining moment but there’s more to it. And btw that tie is why we are telling the story in the first place.
Of course, there is little point to saturate every investigation hack with so much happening in the background. But again, it’s the same as with shooting. A trigger-finger-character is trying to get some info on the street and dice or pacing says you want to spend some additional time on that? The ensuing shoot out on the streets doesn’t have to be machinated by a corp secret forces, it can be just a case of Monday.
Same with hacking, if what they are looking for is just one piece of intel that is needed to continue, and PCs will obtain it this way or the other because that’s where story is going, just toss them an IC or two to keep things real and let’s call it a day
So the real hack, the beat-important hack is not just a hack on the go of a low level place. It should be like shooting a mid-level manager in the face. So layer it up with air-gapped systems, time-based response, public visibility, rouge AI, mysterious AI, script-kiddies wrecking the place, prototype ICE, etc. A complication that makes it a story and provides pressure
And just to rant a little bit, I think Shadowrun and Cyberpunk really dropped the ball on hacking. It shouldn’t have been a dungeon crawl. Currently we either have matrix-crawl or whole full-narrative systems. There is little in between and IMO in no way it resembles the source material like Neuromancer hacking
And how would you actually protect from panopticon.
That’s a big part of games like Shadowrun and Cyberpunk. Players can do a thing, but they’ll need to make sure they don’t leave evidence pointing to themselves, be that ballistics analysis, on cameras, or trace DNA.
Have degrees of success that require multiple escalating rolls. You can describe it as penetrating layers of security. Layer one has a relatively easy difficulty but only gets you basic info. It lets the player feel like their skill is useful but lets you tune how much you want to give them. You can even let them make additional attempts to break through each layer but this takes time, e.g. each attempt is a week of game time. You can also have legwork decrease difficulties to give the rest of the party something to do, e.g. talking to/threatening/kidnapping employees for passwords.
I also highly encourage what other comments have said about physical access. Physically breaking into the relevant building and accessing the system from there bypasses some of the layers, and specific physical targets bypass even more, e.g. plugging into the executive’s computer on the top floor gets you straight to the deepest layer.
Maybe a dose of realism? To hack anything serious from the outside it would probably take weeks or months of investigation, programming, testing, … So if the players don’t have the time, physical access, or previous knowledge and tools, that’s a big nay. It depends on what type of sci-fi though, if it’s the movie / tv type where hacking is a shortcut to anything in record time, welp.
I’ve tried this a couple times with limited success.
- Hacking something remotely was a default Very Hard challenge. Very difficult to do without spending fate points.
- Hacking something on the same network was hard. Could maybe hit it with a lucky roll, but still would probably require a fate point
- Hacking something with physical access was in the realm of “the PC who specializes in this can likely do it without trouble”
Those were then bumped up or down depending on if it was “budget”, “consumer grade”, or “corporate grade”. Hacking into some nobody chump’s security system from across the street is something the hacker PC get done for free with a little luck. Hacking into the ASI Corporate HQ maglock door subsystem from across town would be a feat of legend, not something someone can likely do just off the cuff.
I do like that Fate encourages players to do some preparation for hard tasks. Have someone use their talky skills to talk up some junior workers, and learn something about the network. That’s an advantage you can invoke. Have someone spend resources to bribe someone, that’s another advantage.
A problem that’s come up each time I’ve tried this kind of game is not having a shared understanding of what “hacking” can do. Fate kind of helps here because the actions are kind of agnostic about what skills are creating them. If you’re trying to remove someone from the scene, that’s likely an Attack whether you’re using “hacking” or “fight” or “intimidate”. The hacker might fake a text from the boss telling the bouncer he’s fired where the bruiser might just deck him, but they go down the same kind of mechanical funnel. The tactical considerations for the players comes from like “what looks like a softer target: his face or his phone? is anyone going to see?”
I don’t really run a lot of cyberpunk, but I’m all about subverting player expectations. The trick is usually to make them feel like they got something out of the skill, while also ensuring that they don’t circumvent the whole thing with a single check.
So say you look up the evil bad guy’s social media to find out where they live. Then you discover that they live in a hardened bunker only accessible from the private elevator of their corporate penthouse office. The knowledge of their whereabouts is useful, but it’s still going to require more strategizing to figure out how to penetrate it.
Or if they’re a major public figure, you might discover that their social media is being run by a botnet. You might not get your target’s exact location, but it gives you a chance to direct the players in an investigation at the botnet’s physical address.
Hacking the CCTV camera might determine that Joe did it. But maybe the assailant was disguised, or Joe got deepfaked, or your hacker discovers that someone has deleted / corrupted the footage. All of these scenarios have potential to turn the investigation in another direction.
If you have a hack-happy player then you probably want to do something to beef up the villains’ technological prowess. Ultimately you do want to reward the player for using their skillset, but you also want to challenge them too. Every hero needs a foil, after all.
It would probably be disingenuous to have every villain suddenly be a computer prodigy though. But it’s not unreasonable to have a few high-profile hacking antagonists or organizations. And if you’re the sort of villain who has the resources to wield a private army or a lavish ultra-rich lifestyle, it stands to reason that you’ve probably contracted out your IT needs