The Alexandrian

Go to Part 1

Neuromancer - William GibsonA cyberpunk character concept I would dearly love to play some day is that of the uber-competent hacker: Case from Neuromancer. Batman’s Oracle. Edward from Cowboy Bebop. Boris Grishenko from GoldenEye. Luther Stickell from the Mission Impossible movies. Half the main characters from Ghost in the Shell.

In my ideal version of the character, I’m the guy who stays in the van three out of five times, providing overwatch and support for my teammates while they mount their raid.

So why haven’t I played this character?

Because what I’ve discovered is that a surprisingly vast number of GMs seem to consider the entire concept of using hacking to solve a problem to be some sort of anathema. So even when I’ve tried to play the character concept, I’ve ended up not actually being able to play the concept.

  • Hack the security cameras to scope out the interior of the building you’re raiding? Can’t do it.
  • Hack the security guard’s cellphone to track her movement? Impossible!
  • Play R2-D2 in a Star Wars game and hack an electronic lock? No way. Pull out your lockpicks!
  • Hack the rigging ports on the pursuit car to seize control of it? Obviously no one would want you to remotely seize control of a vehicle, so they would build a perfect security system that was completely unhackable, and therefore you can’t hack it.

(That last rationalization seems to crop up a lot. It’s like saying that obviously no one would want you to poke them with a sword; ergo it’s impossible to hit someone who’s wearing full plate.)

Quibble here and there with the plausibility of some of these scenarios in particular settings, but I’ve seen this behavior even in settings and games which include mechanics for handling these specific types of hacks! What I’m talking about is a systemic pattern of behavior in which the hacker basically can’t do their thing. It’s the equivalent of finding an antimagic field everywhere you go in a D&D game, except that I’ve found it to be a peculiarly ubiquitous attitude.

Of course, flat out denial isn’t the only way this manifests: Setting disproportionately high difficulty numbers or using roll to failure techniques are probably the most common versions, actually.

I’ve found this particularly pernicious in many convention scenarios: The designers of the game want to show off its breadth, so they include a hacker archetype pregen. But the volunteer GM running the scenario subscribes to the doctrine of Thou Shalt Not Hack, so the pregen is a trap and the person picking it finds themselves sidelined for four hours.

The worst case scenario is, sadly, one of my favorite games: Eclipse Phase. Wanting to show off everything that’s possible in this cool, kitchen sink transhuman setting, the designers regularly include an infomorph pregen: A character without a body who exists only as a digital construct and can only take actions through the Mesh network.

Combine that with a GM who doesn’t allow any meaningful action to take place through the Mesh network (which I’ve seen happen either first- or second-hand in no less than four convention scenarios) and you have a character who literally can’t do anything.

Many of these GMs don’t seem to be consciously aware of what they’re doing, so you’ll even find them saying things during character creation like, “Who wants to be hacker?” I used to hear that and think, “Okay! This guy is going to actually let me hack!” But, oddly, no. They recognize on a conscious level that a team of cyberpunk characters is supposed to have a hacker, but when it comes to actual play the hacker nevertheless finds themselves stymied at every turn.


Infinity the Roleplaying Game

I suspect part of the problem here is that a lot of GMs reflexively cling to the modes of play they learned running D&D dungeon crawls. Their expectation for how a facility raid is supposed to play out features people physically sneaking around and getting ambushed by security guards, and the hacker’s attempt to grab the security cameras disrupts that expectation. Their vision of the game world (inaccurately) doesn’t include hacking, so the hacker’s solution to any given problem comes out of left field, and the GM reflexively shuts it down.

This is, obviously, a form of railroading: A preconceived idea of not just how a specific problem is meant to be solved, but a broad preconception of how entire classes of problems are supposed to be solved.

So the solution to this problem is relatively simple: Don’t do that.

Conversely, however, hacking shouldn’t be a magic button that can trivially solve all problems. When that happens, it creates a spotlight problem where the hacker upstages every other character and flattens the challenges presented by the scenario.

To counteract this problem, there are a couple things the GM should do. First, check the potential consequences a hacker faces: They should be comparable to those faced by other types of action. (Just as the hacker should not find it impossible to hack an automated car; the hacker themselves should not benefit from a foolproof firewall.) Second, check your vectors: Make sure that “solving” the scenario requires a multi-step resolution and, importantly, make sure that hacking can’t be used to trivially solve all the vectors.

The most obvious example of this is, “I can’t hack that system until you plug in my remote router!” But it can become an easy trap to always design scenarios in which the team does a bunch of stuff and “unlocks” the hacker so that the hacker can then win the day. Look at ways in which hacks are invaluable at the beginning and in the middle of scenarios.

Also remember that you don’t always need to lock these things in: Players hot-swapping in vectors you’d never thought of to solve their problems is what makes the game fun. Generally speaking, the rest of the group will find ways to advocate for plans which feature the strengths of their own characters if you give them the chance. You can encourage that by creating scenarios which require multiple problems to be resolved simultaneously. Also experiment with using hard scene framing techniques to move the action “onsite”, which will discourage the players from lingering in remote “planning” sequences where the hacker (and only the hacker) is capable of taking direction action.

Infinity the Roleplaying Game

Go to Part 5: Not Knowing the Rules

Share on TumblrTweet about this on TwitterShare on StumbleUponShare on FacebookShare on RedditShare on Google+Digg this

21 Responses to “GM Don’t List #4: Thou Shalt Not Hack”

  1. Nicholathotep says:

    Thanks for this post!
    My most recent game has featured hacking by way of a jenga set. And over all it’s been great letting them break into cameras, track people, and get huge amounts of information.
    I marked some of the jenga blocks ahead of time with “virus” and marked three of them specially with a green circle. Any time they get a virus block they can test their computer skill to avoid a annoying and damaging virus, while if they get all three of the special blocks I reveal way more information about their target then they might gain elsewhere.
    They’ve driven cars, tracked yakuza around town, and had to do an entirely remote rescue involving finding ways to let a player communicate who only had a mouse and was drugged in a basement.

  2. Alex says:

    Love the Jenga idea!

    The problems I’ve generally had with hackers in cyberpunk games are:
    – Sits at home being much safer than the rest of the group (I don’t assume black ICE is common).
    – They end up playing a solitaire game while everyone else twiddles their fingers.

    The solutions I’m pretty happy with for my current game:
    – The game has discrete tiers of tech. You can’t hack a system of equal or higher tier (i.e. the most important stuff) to your own gear without being on-site, and thus in greater danger (tech excuse: it’s too easy to isolate and blacklist your signal when its coming from outside). Makes the hacker share the peril; they might be in a van across the street, but not across the city.
    – Hacking is a thing many characters can do to varying degrees, more Ghost in the Shell than Neuromancer.
    – The ICE always wins, eventually. The more you poke it, the more it adapts and the harder it hits back. Hacking becomes about how far you want to push your luck and where you choose to spend your successes. Lets you shine, but not solve everything.
    – I’m using an Apocalypse World-like move structure where you make a quick roll periodically, make some choices, and move on, rather than something like the old Cyberpunk 2020 approach, which was more like a private dungeon crawl.

    I wonder if the “where do you spend your limited amount of hacking currency” approach would help people get over the impulse to deny the hacker? It becomes more like a wizard’s spells in a fantasy game. It can do a certain amount of stuff, probably better than any other means, but endlessly.

  3. Jeff says:

    It is the same as the age-old problem of trying to stop the Mage from wiping out the BBEG with their top tier spell, the swordsman who can one-shot any one enemy, or the undetectable sneaky guy! If you see a player building to a peak concept, don’t try to block it handwavium, don’t just make a nemesis that’s even better at it than them, instead, make sure they have a chance to do what they want to do! With your Hacker, it’s the same thing- make sure at least several of the “scenes” in your scenario -do- have hackable components that provide some sort of advantage to the party. But also make sure that the hacking isn’t an instant-win button. Compartmentalize!

    Cameras can be hacked so the PCs can know where the guards are, but they still have to get around them (or through them) to get the objective, and there are enough guards that they can’t be completely avoided. A security door can be hacked to get it to open, but then the party still has to deal with what’s on the other side. Hack the BBEG’s phone to know where he or she is, but then don’t be surprised when the BBEG has his or her own hacker to find the Hacker PC or some other important member of the team, resulting in a conflict. These are all easy fixes to make sure the Hacker PC has something to do that is important!

  4. Gamosopher says:

    Justin, you said in one article that most games are built around a core of Combat and Railroading. To me, the “thou shalt no hack” is a specific instance of the mindset that goes with this : everything that bypass either the railroaded plot OR the combat sequences “break” the game, so the GM default to “no”. It’s the same with some spells, but also with a lot of “sneaky infiltration” and “smooth talker”.

    I made the same realization about the “master infiltrator” some years ago : I just could not play it. Either it was impossibly hard to succeed, or failure meant such terrible consequences (death, even TPK) that it just was not worth it. I recently came to the same conclusion about the smooth talker archetype : solve the problem
    (even, in some case, discover our enemies nefarious plans) through charm and negotication was incredibly hard, even often counter productive. (My high-level magic-user used many high-level charm spells to interrogate many enemies, including some leaders; the only thing I “won” was the ability to come back unscathed without real intel. The next morning, they lauch a highly coordinated attack and we learn that some powerful patrons were helping them.)

    So, basically, when you play with the average GM, anything that bypass combat or reveal plot points before it was planed is going to become super hard to pull off. Hacking is only one example of that, in my opinion.

  5. Justin Alexander says:

    @Jeff: Exactly. There seems to be a whole school of GMing that worries compulsively about the players succeeding or (god forbid!) feeling awesome as they succeed.

    @Gamosopher: Excellent observation! Even when not overtly railroading, it seems like these GMs feel that these solutions are “cheating” because they “bypass” the game as they’ve come to understand it.

  6. Beoric says:

    Isn’t a D&D thief/rogue just a low tech hacker? Put another way, how to you “pick” an electronic lock except by hacking? I suppose a seriously stubborn GM would ignore these details.

    I note that the guy hacking form the safety of his home while the team goes out and does the dangerous stuff is a lot less safe if the enemy detects and traces back his hack while the team isn’t there to support him.

  7. paulierockets says:

    Good article!

    My favorite hacker character was Hardison in the “Leverage” television series. He was phenomenally skilled, but was always running into things he didn’t think he coud hack, and which he couldn’t without help from his colleagues.

    Actually, Leverage is worth re-watching for hints on integrating the hacker wih the action. For example, a lot of times Hardison had to actually get on-site to access the frammistan router that allowed him to tap into the handwavium server. He could hack people’s phone, but often his skilled thief friend had to pickpocket the phone, scan it, and then put it back in the mark’s pocket. In short, some of the gates that stopped him required other skills to allow his hacking—thus he had to work closely with the rest of the crew.

    Great series and a wonderful example on how to integrate the whole party.

  8. Wyvern says:

    @ Beoric: How do you defeat an electronic lock without hacking? Here’s how:

  9. Brotherwilli says:

    This strikes a cord with me. The first time I encountered hacking was playing Alternity. Rules as written it was a mess of multiple checks that encouraged failure. In practice, we made it one check and the party had a blast with it. They hacked Janitor Bots in the facility they were going to infiltrate. It led to unexpected comedy, and role-playing stories that have lasted for twenty years.

    Most recently I ran a game of the Cypher System for a sci-fi campaign. The party used hacking frequently, and it advanced the game. Taking a lesson from that first Alternity game and your Three Clue Rule, hacking gave the party information and advanced the story in excellent ways.

    In particular, I learned that hacking doesn’t need to be an immediate success or failure. Successful hacking doesn’t necessarily grant access to all systems – it may grant access to some, or have limited successes. You might not get control of security, but you can view all cameras, etc.

    I think the other comments are on point: GMs who push back against hacking are unable to deal with multiple approaches to a problem. I don’t think it’s “hacking” as a problem, it’s the general idea of bypassing problems in more than one way.

  10. Accommondo says:

    Shadowrun is a system that builds the hacking combat-like, that basicly have built in counters that have guidelines for most hacker actions and most everything has its risks, which might lower the risk of GMs subconsciously nerfing it.

    1. Network ‘noise’ makes it hard to hack from too far away, so the hacker is generally in a van nearby, or gets inside with everyone.
    2. There are powerful A.I monitoring the matrix for illegal activities, so hackers are on the clock to do all their actions.
    3. Jamming guns remotely, hacking cameras, hacking doors are a common stuff that comes up a lot, and the enemy might have a hacker who can use same features to interfere with the party.
    4. Hackers can soft-hack by observing the matrix through vr, or deepdive and run in the matrix with an digital avatar running the risk of frying his brain in cybercombat.
    5. Most data or similar that is hackable is quite possible to find on the black market from some shady infobroker, for the right price.

  11. Jack V says:

    Ideally there’d be specific hacker mechanics like those for a rogue or something.

    But for a one-off game, I can probably wing it similarly to any other “can I bypass part of this by using a skill check”, to which the answer is, yes, definitely, somewhere between ‘oops, i tripped an alarm’ and ‘ok, I turned the cameras off but I can’t open the doors’ depending on die roll.

    But yes, if that character type exists, you’d think the scenarios would explicitly include some support for what can and can’t be done. I see *why* GMs can cope with a bunch of characters taking physical actions but get antsy about characters reaching through cyberspace to do something of undefined scope. But generally speaking, all your characters need to succeed some of the time, ideally most of the time, especially at “their thing”.

  12. Chrysophylax says:

    TL;DR: it makes more sense (to me, at least) to frame this advice as “treat the computers as part of the dungeon”. It’s part of prepping tools instead of plots: you need to have tools to use when the PCs decide to use a non-combat approach. (See

    Quoting Alex: “– The ICE always wins, eventually. The more you poke it, the more it adapts and the harder it hits back. Hacking becomes about how far you want to push your luck and where you choose to spend your successes. Lets you shine, but not solve everything.”

    I think this is an important part of it. To be balanced, hacking has to have a cost to go with the benefits. (Of course, the cost might simply be that a brilliant hacker won’t also be a brilliant fighter, if hacking isn’t enough to resolve all problems on its own.)

    I agree with Justin that the more fundamental problem is what Gamosopher points out: hacking, sinking and social manipulation are seen as a ways to bypass the game. But this can be reframed: the problem is that GMs are designing games where these options are not part of the world.

    It’s as though the player is trying to use the third dimension to solve a 2D puzzle. The GM is unprepared for that, and so is likely to either block that tactic completely or let it immediately solve the problem.

    To illustrate what I mean, consider a simple scenario where the players are expected to break into an EvilCorp warehouse, fight some security guards and steal a McGuffin. A poor GM will create just a floorplan, enemy stats, and locations of items and guards, suitable for a brief dungeon-crawl. Hacking, sneaking and manipulation haven’t been planned for, so the GM blocks them when they are attempted.

    A better GM will think about the computer systems, the security cameras, the infrared lasers across the doors, the security guard with a guilty conscience, the janitor with gambling debts and so on. The scenario becomes “higher-dimensional”. If the PCs plan to kick the door down, beat up the guards and smash the safe open, they can still do that.

    But if they want to sneak in and steal the McGuffin, they have to deal with the cameras and sensors, or else rouse the guards. If they want to hack the computers for information and send looped video to the CCTV operator, they may have advantages during the break-in attempt, but they risk being detected in advance or having EvilCorp’s own hackers try to track down the PCs’ base. Similarly, they may be able to manipulate some of the employees into helping with their break-in, but clumsy manipulation could be reported and lead to an ambush.

  13. Pteryx says:

    I agree with those people who liken the hacking problem to other noncombat approaches like infiltration and charm. Heck, I was once in a MUSH that offered Infiltration as a character ability, and described it as something that essentially gave you permission to negotiate a scenario with enemy faction’s mods wherein your character tried to break into enemy territory and other people tried to stop them. When I made a character centered on this, however, I quickly discovered that actually trying to start up such a conversation was immediately shot down as unreasonable. It was a very combat-oriented MUSH in practice. All the community ACTUALLY allowed you to do with Infiltration was, in the event of an attack on an enemy base, let you fight indoors against someone with Enhanced Senses instead of outdoors with everyone else.

    I eventually gave up on the character. Later, they tried to court me back into playing that character by offering me the chance to completely restat him as a competent combatant instead of the specialized thief he was supposed to be. I turned them down, and they were baffled as to why. It never seemed to occur to them that if I’m playing a thief in a war, I MIGHT WANT TO STEAL FROM THE ENEMY.

  14. Landon Winkler says:

    This reminds me a lot of the problem in Pathfinder/D&D where the GM will shut down divination spells every time, rather than using those as ways to provide clues. It’s like letting someone play Sherlock Holmes, but making sure tobacco ash never shows up in the game.

    I do like requiring most hacking to be done on-site, though, or require some physical item. They’re both ways things go in the real world and make hacking feel like more part of the same game. I ended up doing that in Metroplexity, even though it’s a single player game, and it really brought the worlds together. It’s even more important with everyone sitting around a table.

    Anyway, good article. Lots to think about, thanks!

  15. Jamie Le Rossignol says:

    As a player I know that most GMs don’t have easy ways of dealing with the hacker that does not require; lots of preparation, have the other players waiting for the hacker to do their thing, or badly break the adventure. Sometimes all three.

    I had something similar happen when a Mage from “Mage the Ascension” badly failed 3 magic roles in a row. The upshot was that all the characters were sucked into a pocket realm of that character’s nightmares, but as the GM I found it impossible to jump the adventure sideways without a lot of 1 on 1 discussion with the player. This breaks the flow of the game, much like hacking does in cyberpunk games.

    Hacks appear to fill a few roles, similar to wizards in D&D.
    1. Information gathering.
    2. Disable & bypass security/defenses.
    3. Override/take over machines (this can include cybernetically enhanced humans, like the Ghost in the Shell Anime)

    Hackers add many more attack vectors to the game that makes it difficult as a GM to predict. So how do you deal with planning for the unplannable, all the while maintaining the flow of the game?

  16. Wintermute says:

    Thanks for the post. This does happen a lot. Many GM’s, not just new ones, pre-conceive how the plot should play out and how problems will be solved. Your work-around is spot on. The GM should build in early and mid-game problems a hacker can solve. Making the hacker a key component of accomplishing a side quest works great too. Basically, everyone at the table (or logged into the game) should get fairly equal spotlight time, GM face time, and times to be the potential hero.

    If you are a GM who can’t get his head around hacking, have one of your players help out by running the hack portions of the game, preferably simultaneously with the rest of the game, until you get more used to the concept. ALL of your players will thank you!

  17. 5 Stone Games says:

    Jamie, re: hackers.

    any GM running Cyberpunk or any other system where hacking systems is a big part of it needs to be able to improvise quickly

    A lot of GM’s can’t do this well. They should stick to playing a bit till their skills improve than start slow but the gaming environment doesn’t support the same time investment and the culture isn’t there, there are either too few GM’s which pushes under skilled people into the roll or has constant churn with everyone wanting to run liek my last groups

    Alternately they can stick to more structured games like the various Powered by Apocalypse ones, Dungeon World et all but not everyone likes those games, me included.

    This problem also dovetails into issue of power and how to deal with it. I’ve met only a handful of GM’s max who can cope with things like high level D&D and still enjoy running it in a balanced manner. Games tend to fizzle out at around 8-10 max.

    Given your shrewd comparison of Hackers and Mages , the same applies . The extra power of hackers, riggers (drone guys) guys with robots swarms and the like is simply something GM’ can’t deal with

    A small squad of guys with small arms /side arms and limited powers is all they can manage and so a lot of very interesting material included i games is basically never used, never will be

    This sucks but solutions are thin on the ground as they say.

  18. Mellonbread says:

    I can’t really blame anyone for not wanting to deal with hacking in Eclipse Phase. Not only are the mechanics badly put together, they take forever and require lots of table time, multiple opposed rolls, etc. Additionally they require the GM to build an extra layer of interactivity into the game world, which in Eclipse Phase means another line item added to the GM workload, along with the setting’s social reputation mechanics and omnipresent surveillance. It’s something ripe for a fix in 2E, but I have my doubts about whether it’ll get done.

  19. bbullock says:

    Hello, only heard about your stuff recently (through WebDM), and am enjoying reading your stuff, especially this older stuff about GMing.
    This particular essay about hacking I feel relates to a larger issue, what you might call, “Thou Shalt Not Cut the Knot.”
    Which is to say, the GM who won’t let the players handle an issue any way except the way he planned for them to… it’s one part railroading, and one part an inability to imagine alternative possibilities.

  20. VDW says:

    I’ve also run into that problem – already in my first session as a GM. I’ve setup a beautyful adventure full of flaws, holes and whatnot. And then -to make the situation even worse- one of my players decided to be a hacking thief and i hadn’t prepared anything on the computers they would eventually find. (because in a realistic setting in the present time it wouldn’t be logical to NOT have any electronic devices)
    So one laptop went missing and i hastly copied some clues from somewhere else into the Emails he searched through, when he hacked into the other computer. After he went through such lenghts to hack something, the reward was rather dull…

    After a week i run the same adventure with another group. I don’t know why, but another player decided to put points into hacking and bring a hacking device with him. it didn’t sound logical to forbid him the item, so after consideration we decided we would limit the amount of hacking programs like you’d do with spells in a classic d&d.

    what i see is that a hacker can offset the balance of an adventure quiet a bit and it becomes really difficult to handle. i’ve yet to come up with a suitable solution, but this article has already helped a lot. thanks for that.

  21. Justin Alexander says:

    You might also find this tactical hacking system inspired by the Deus Ex video games useful.

Leave a Reply



Recent Posts

Recent Comments