Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: Max Rible <cheshire@*****.com>
Subject: The Nature of Fake ID's
Date: Mon, 07 Oct 1996 11:37:19 -0800
There are rules in the source material for obtaining fake ID's by paying money
for them. However, there is no information given as to how you create one,
how you improve one, and how one might degrade, and there's no given method
to differentiate between a legitimate one and a fake one of arbitrarily high
quality. Any suggestions that might lead to coming up with a useful system
would be welcome.

Some speculation:

The most important question for fake ID quality is: How does a credstick
verifier work? The only thing that makes sense to me is that there are a
lot of databases that hold personal information that grant read access to
properly authorized search programs. The higher the rating of the verifier,
the more cross-correlation it puts in on the data it can find, and the more
databases it searches. (The problem with this is that there's
no point to having a Rating N credstick verifier in your shop. You just
get one that reads the right information from someone's credstick and
transmits it to a mainframe somewhere that functions as a top-rating
verifier.)

Presumably, the data that a credstick verifier looks for includes birth
and death records, medical records, credit history, educational history, and
miscellaneous financial transactions. A fake ID would be created by adding
the appropriate records to the appropriate databases. (A temporary fake ID
could be created by doing so in such a way that the backups for the
databases weren't altered, so that it would be cleaned up fairly quickly.
This would be the sort of fake ID that would blow up as soon as someone
figured it out, though, rather than one that degrades in quality over time
like the ones in Divided Assets.)

Given that megacorps often have their own housing, hospitals, and so on, I
expect it's quite possible for someone to have records only in a single corp's
databases and the UCAS birth/death records up through their entire youth.
(Though a few financial transactions representing leaving corporate housing
to spend your allowance might be good for verisimilitude.) This suggests that
any megacorp with a black ops division probably reports more births than
standard and quietly maintains their records for these "children" to grow
their own fake ID's that are basically legitimate (unless you crack into
the right computers with something a little more powerful than a mere
credstick verifier).

I would expect that if someone simply made use of a fake ID for a long time,
its rating would improve as more data accumulated around its use. (This
suggests that a fixer who supplies fake ID's would be in the habit of keeping
a few people on staff to simply wander around exercising these ID's for
trivial matters. You could have someone whose whole job was just maintaining
groceries for safe houses, picking up books, having meals and going to
movies on the various different credsticks...)
--
%%% Max Rible %%% cheshire@*****.com %%% http://www.amurgsval.org/~cheshire %%%
%%% "Before enlightenment: sharpen claws, catch mice. %%%
%%% After enlightenment: sharpen claws, catch mice." - me %%%
Message no. 2
From: "Gurth" <gurth@******.nl>
Subject: Re: The Nature of Fake ID's
Date: Tue, 8 Oct 1996 13:19:52 +0100
Max Rible said on 11:37/ 7 Oct 96...

> The most important question for fake ID quality is: How does a credstick
> verifier work? The only thing that makes sense to me is that there are a
> lot of databases that hold personal information that grant read access to
> properly authorized search programs. The higher the rating of the verifier,
> the more cross-correlation it puts in on the data it can find, and the more
> databases it searches.

That's how FASA describe the ID verification to work in the NAGRL. The
checker links up with various databases to see if there is the data which
the credstick claims is there.

> (The problem with this is that there's no point to having a Rating N
> credstick verifier in your shop. You just get one that reads the right
> information from someone's credstick and transmits it to a mainframe
> somewhere that functions as a top-rating verifier.)

It is also ridiculously easy to crack if you've got a decker. Take this
example: Jack goes into a shop with a credstick that claims to have
10,000 nuyen on it. He uses it to buy a lot of stuff, and goes to the
check-out counter. The clerk there inserts the sitck into the reader,
which Jane has just decked into through the line that connects the reader
to the rest of the world. Jane blocks the data request, waits a second or
so, and lets the reader display "Transaction completed" on the screen.

And one-way datalines don't work to stop this, either -- data (the
verification request) has to go out of the shop, and other data (the
answer to the request) has to get back in.

--
Gurth@******.nl - http://www.xs4all.nl/~gurth/index.html
Learn their rules, play their game, deceive yourself in haste.
-> NERPS Project Leader & Unofficial Shadowrun Guru <-
-> The Plastic Warriors Page: http://www.xs4all.nl/~gurth/plastic.html <-

-----BEGIN GEEK CODE BLOCK-----
Version 3.1:
GAT/! d-(dpu) s:- !a>? C+(++)@ U P L E? W(++) N o? K- w+ O V? PS+ PE
Y PGP- t(+) 5+ X++ R+++>$ tv+(++) b++@ DI? D+ G(++) e h! !r(---) y?
------END GEEK CODE BLOCK------
Message no. 3
From: "Norbert G. Matausch (BulletShower)" <NMATAUSC@****.cip.fak14.uni-muenchen.de>
Subject: Re: The Nature of Fake ID's
Date: Tue, 8 Oct 1996 13:38:34 +1000
Hia.

Gurth wrote on Tue, 8 Oct 1996:_

> It is also ridiculously easy to crack if you've got a decker. Take this
> example: Jack goes into a shop with a credstick that claims to have
> 10,000 nuyen on it. He uses it to buy a lot of stuff, and goes to the
> check-out counter. The clerk there inserts the sitck into the reader,
> which Jane has just decked into through the line that connects the reader
> to the rest of the world. Jane blocks the data request, waits a second or
> so, and lets the reader display "Transaction completed" on the screen.
>
> And one-way datalines don't work to stop this, either -- data (the
> verification request) has to go out of the shop, and other data (the
> answer to the request) has to get back in.

IMC, such fragile and vulnerable points are ICEd to the hilt ...
I think one of the lessons yesterday's banks and other credit
institutions really have learned, is that the data concerning
monetary transactions must be heavily secured. No bush-league
here.

C'ya,

Bullet
-------------------------------------------------------------------
The eight goons are slowly approaching you. You can see their Uzis.
What do you do?
"I shoot, aim, load and fire in an uncontrolled way" Lord Nord

Further Reading

If you enjoyed reading about The Nature of Fake ID's, you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!