[Xenon]

Is identity theft possible?

Identity theft (as in "borrowing" or "stealing" someone else's SIN) is not a "thing" in Shadowrun.

But it is also not needed since SIN verification systems are used to verify that you are a legit citizen.
If you wish to pretend that you are a legit citizen then you get a fake SIN (any fake SIN, of high enough rating, will do)
The result of a SIN verification system is one out of the following three:
1. There is a SIN and it is legit
2. There is a SIN and it appear to be legit, but you might or might not want to investigate it further.
3. There is a SIN but it is fake. SIN have been automatically burned and local authorities have been notified.


SIN verification systems are not there to verify who you really are or if you belong.
To do that corps will use all kinds of security devices (facial recognition, palm prints, key codes, ID badges, proximity RFID cards and card readers, retinal scanners, DNA scanners, voice recognition etc).
There are a lot rules on how to successfully breach each of them.

Could you simply pose as a legit user by simply having a mark and a know persona icon?

There is actually an advanced action called Masquerade found at Kill Code p. 40 that let you temporary impersonate another persona. Intercepting calls, using their social media, read their email history.... (but you are not considered the matrix owner of his devices and financial transactions have too many double checks to work). This is an action that a social face/hacker will have a lot of use for.

If you know anything about real life hacking, the primary skill in most hacking is social engineering.  You talk to authorized users, get them to give you their legit credentials, and you use them.

It seem as if 'ownership' is a big thing in the SR5 matrix and that files and devices always 'know' if it is really you or not. Marks are also individual. In order to gain access on something you need to have your own mark on it.

There are only three ways to get your mark on a file or icon:
1. Owner invite you to place mark
2. You force the icon to accept your mark (by taking the illegal brute force action)
3. You trick the icon to accept your mark (by taking the illegal hack on the fly action).

Having said that; You can totally 'influence' the legit owner to invite you to place mark on their icons. For example by using Commanding Voice, Control Actions or Puppeteer to 'force' the owner by using magic or resonance. By using Con, Leadership or Intimidate to trick, command or force the user to invite you to place your mark on his icons by using social skills.

But it does not seem as if you are allowed to 'log in' AS the owner (in a traditional sense anyway) and through that gain all access that he normally have. The closest thing you get to that is the Masquerade action from Kill Code that let you impersonate the owner for awhile.

[Stainless Steel Devil Rat]

If you know anything about real life hacking, the primary skill in most hacking is social engineering.  You talk to authorized users, get them to give you their legit credentials, and you use them.

It seem as if 'ownership' is a big thing in the SR5 matrix and that files and devices always 'know' if it is really you or not. Marks are also individual. In order to gain access on something you need to have your own mark on it.

There are only three ways to get your mark on a file or icon:
1. Owner invite you to place mark
2. You force the icon to accept your mark (by taking the illegal brute force action)
3. You trick the icon to accept your mark (by taking the illegal hack on the fly action).

Having said that; You can totally 'influence' the legit owner to invite you to place mark on their icons. For example by using Commanding Voice, Control Actions or Puppeteer to 'force' the owner by using magic or resonance. By using Con, Leadership or Intimidate to trick, command or force the user to invite you to place your mark on his icons by using social skills.

But it does not seem as if you are allowed to 'log in' AS the owner (in a traditional sense anyway) and through that gain all access that he normally have. The closest thing you get to that is the Masquerade action from Kill Code that let you impersonate the owner for awhile.

The Matrix rules do not address "legitimate" use of the Matrix, really.  And not at all, with regards to Hosts: the rules ONLY govern hacking them and how they respond to being hacked.  It should be fairly self-evident that legit users don't have to Hack on the Fly/Brute Force just to clock in at the beginning of the work day.  Whatever mechanic they use isn't given.  Maybe the GM will make that unspecified mechanic be available to an enterprising hacker.  But, sure, then again maybe not.

This reminds me of a slight tangent:  Certain Hosts are open to the public.  Literally, all you have to do is ask nicely and the host invites your mark.  See pg 220:

Marks are routinely invited and given for normal, everyday,
legal use of various services. They act as keys, permission
slips, invitations, and account privileges on every
icon in the virtual world. For example, the Seattle Public
Library invites over 50,000 marks per day for its VR books,
films, trideos, and other items in its collection.

Sure, "hacking" your way into the Seattle Public Library is hardly a feat to brag about, but the principle exists.  Maybe the Host will invite a mark, but only if you reciprocally accept one or more marks on your own persona (so security can keep an eye on you), or only if you pay 50 nuyen to access the host, or only if an ID badge (that you socially engineered away from an employee) is scanned...

[Xenon]

It should be fairly self-evident that legit users don't have to Hack on the Fly/Brute Force just to clock in at the beginning of the work day.

When they were first employed they were probably offered an invitation to place their mark on the host. They accepted the invitation, placed their mark on the host and since then they have been allowed to take the the Enter host action.

Since a regular wage slave is not considered to be the owner of the host he or she cannot invite you to place a mark on the host no matter how good your social skills are. The wage slave can only invite you to place marks on their own file icons and device icons.



SR5 p. 236 Recognition Keys
There are three ways to get a mark on an icon. The first is the legitimate way: the icon invites you to add a mark. For example, when you pay the cover to get into the host of Dante’s Inferno, the host sends you an invite to mark it so you can enter and join the party. The other two ways are by hacking, both Matrix actions: Brute Force (the loud way) or Hack on the Fly (the sneaky way).

[Stainless Steel Devil Rat]

Well remember marks expire at the end of every session. Employees need to gain marks on the Host likely every day.  Maybe more than once per day, if you have a crappy commlink that needs to be rebooted periodically.

But, sure.  Maybe employees simply use the "Host invites a Mark" mechanic.  So, you've just kicked the can on the Social Engineering:  A hacker can use social skills to get what she needs in order for the Host to "think" she's an employee and invite the Mark.

[Michael Chandra]

Maybe you should just steal an employee's commlink and change ownership of that one.

[Xenon]

Maybe more than once per day, if you have a crappy commlink that needs to be rebooted periodically.

I can't honestly remember the last time I rebooted my smartphone. Two months ago? three? Odds are that future wage slaves are connected 24/7 and pretty much never reboot their commlinks at all. And even if they do, the host you work in will probably simply invite you to place a new mark directly when you come back on-line anyway.

SR5 p. 236 Recognition Keys
Marks only last a single Matrix session and are deleted when you reboot. This is rarely an issue for most devices because they almost never need to reboot, and when they do the hosts and other services usually have a standing offer, so re-marking them takes seconds.

Maybe you should just steal an employee's commlink and change ownership of that one.

Once reboot your persona to start it up on your new commlink it seem as if you still need to place your own unique marks in order for your persona to enter hosts, edit files or control devices (doesn't seem to matter who the commlink's previous owner was).

[Fatespinner]

But, sure.  Maybe employees simply use the "Host invites a Mark" mechanic.  So, you've just kicked the can on the Social Engineering:  A hacker can use social skills to get what she needs in order for the Host to "think" she's an employee and invite the Mark.

Probably there is somewhere a list with commlink codes that identify users who belong to the host or who are allowed to have access. So if you could bring the HR to list you as a temporary allowed user (maybe via a subcontrator or something like that), then you will get invited to the host as long as you are listed.

That allows not only social engineering, but also hacking that file. If you hack a host and then find and modify this file, you will get normal access to the host. Which might be very useful for data search in the host and entering the host during a run. Of course you have to succeed at the first hack, but it offers you the possibility to reenter and monitor and search a host for a longer time of period without having to worry about Overwatch, but you are legally in the host. Maybe you have to hack to get access to certain files and areas of the host, but until then you should not be bothered by IC.

[Fatespinner]

Maybe more than once per day, if you have a crappy commlink that needs to be rebooted periodically.

I can't honestly remember the last time I rebooted my smartphone. Two months ago? three?

Well Android at least reminds you that you should reboot your phone periodically. And I can imagine that commlinks regularly reboot in order to have a consistent system state and the remove any unwanted marks from ads or hacker.

[Stainless Steel Devil Rat]

Matrix sessions also don't persist while you're asleep. Even if your commlink never needs a reboot, your brain still does.

[Michael Chandra]

Spoken like a quitter. Use Long Haul and work for 120 hours, then you get 48 hours off.

[Xenon]

Probably there is somewhere a list with commlink codes that identify users who belong to the host or who are allowed to have access.

More likely that the host is set to automatically re-invite specific matrix personas.

If you hack a host and then find and modify this file, you will get normal access to the host.

SR5 p. 236 seem to be pretty explicit that there are only three ways to gain a mark on an icon.

1. Owner of the icon invite you to place your mark on the icon
2. You illegally force the icon to accept your mark
3. You illegally trick the icon to accept your mark

Editing files does not seem to be one of them...

it offers you the possibility to reenter and monitor and search a host for a longer time of period without having to worry about Overwatch...

I am pretty sure this does not work in SR5.

If you wish to stay on-line longer even after causing ripples in the matrix you might want to have a technomancer sustain a static veil and/or repeat thread low level cleaner on your matrix persona.

Matrix sessions also don't persist while you're asleep.

Book seem to suggest otherwise...

SR5 p. 229 Dumpshock & Link-Locking
Usually, if you fall unconscious in VR, your commlink or deck automatically switches you to AR.

SR5 p. 236 Recognition Keys
Marks only last a single Matrix session and are deleted when you reboot. This is rarely an issue for most devices because they almost never need to reboot