A Guide to Botnets in Shadowrun

May 5, 2013 - Matrix, Shadowrun 4E

BotnetThe Hacker core book, Unwired, introduced the concept of botnets or a collection of agents to Shadowrun. Able to identify vulnerable nodes and overwhelm them with a well timed denial of service attack, botnets are one of the many weapons of a capable hacker. In this article I hope to condense the creation and operation of a botnet to provide players and GMs with better understanding of this potent attack vector.

Building the botnet

The easiest way to build a botnet is to perform a mass probe and install botnet agents1 on all of the vulnerable hosts found. It takes a minimum of 1 day of mass-probing to identify and possibly exploit several vulnerable systems.

Mass Probe Test

Test: Hacking + Exploit (dependent on the level of access – see below, 1 day)

Level of access Threshold
Backdoor2 4
User 7
Security 13
Admin 20


For every successful test the hacker has detected or compromised 5 vulnerable nodes depending on the level of access he required. Usually these will be basic systems like unpatched commlinks, public workstations, etc. If the hacker glitches while searching for vulnerable systems he will unknowingly receive a honeypot in his returned results (Honeypots, Unwired, page 73). Additionally, due to the amount of noise generated during the reconnaissance attack vulnerable systems gain 2 free Analyze + Firewall (Hacker’s Stealth) test to detect intrusion attempts when the hacker first logs on.

Once the hacker has successfully compromised multiple hosts and installed the botnet agent software he can begin issuing commands to the botnet.

Command and Control

Botnet command and control is handled through the botnet program which allows the botnet and hacker to communicate through a single access ID. However a caveat of communicating to 10s or 100s of nodes through a single access ID is the communication is very limited and the hacker is only provided with a status summary of the botnets health and operations.

To perform any of the tasks below the hacker needs to issue a command  to the botnet that it supports (see Issue Command, p. 229, SR4A).

Distributed Denial of Service

A distributed denial of service DDOS attack constitutes multiple nodes overloading a target node reducing the target node’s response by 1 for every  (system x 4) bots connecting to it. This method of attack not only allows the hacker to shutdown target nodes but assess the capabilities of the target node albeit in a overt manner.

Mass Probe

The botnet can be deployed to find other vulnerable hosts by having it execute a mass probe on the matrix. This option requires the botnet to have the exploit program loaded and uses the botnet’s rating in place of the hacker’s skill.


A niche area for most botnets but by cultivating certain nodes in a botnet and discarding the rest Hackers can create a botnet of identical nodes. Hackers can then monitor and manage them depending on what they are. One example would be targeting Seattle traffic lights and having a botnet issue a command to switch them all to green to cause widespread panic and reduce the effectiveness of the local police force. This task requires the botnet to have the command program installed and the hacker to actively maintain this botnet.


Botnets are a useful but noisy tool for every hacker that are unfortunately presented in an unwieldy manner in Unwired. Hopefully the article made it easier to create and deploy botnets so that hackers have a better understanding of how a botnet works and is it can be utilized in Shadowrun.

Foot Notes

1. Unfortunately Unwired does not provide the costs for the unrated botnet program, as a placeholder until this is corrected I suggest using a cost of 1500¥ with an availability of 12.
2. A backdoor confers a +6 dice pool modifier to a hacking test to gain access to a system. It represents the knowledge but not the execution of an exploit.

Leave a Reply