Untrusted: Netsec Roles (Basic Guide)

Untrusted is an online multiplayer (10 to 16 players) hacking / social deduction game. you can play as a hacker or undercover agent. whether what you choose to play, you need to know what role does what things. here is a beginner’ guide for you to get quick reminder of what every Netsec role do.

Note: Most of this informations can be found in game by simply tapping F1, enjoy the game.


A few basic informations

short is short cut of role; It tells you how it is mostly called. No one says “Operation Leader”, everybody uses short (OL/OP).

There are four types of roles (imma say only about agents and netsec):
A) Special (only one per game)
-Operation Leader
-Agent Leader
B) Offensive (good hackers)
-Improvised Hacker
-Mole (conv. off.)
C) Investigative (they are looking for liers)
-Social Engineer
-Network Specialist
-Mole (conv. Inves.)
D)Field Operations (can’t hack)
-CCTV Specialist
-Inside Man
-Field Agent
-Mole (conv. field. ops.)

Information about type of role you can get by downloading green nodes that contains information.
If you get information from downloading SHARE IT IMMEDIATELY on open chat.

ALWAYS look at dead people logs (they may contain important informations)

Priorities are things you have to do as that role

Ignore EVERYTHING what i wrote, if OL say to ignore it. If OL says that you should hack instead of downloading, then you should hack. You have to trust OL, even if he is uncompetent (try to help him :). Ignoring OL is one of the worst things you can do, but when he doesn’t give you tasks then think for yourself.

Operation Leader

Short – OL /Special

The most important role for NETSEC.
The strongest abilities comes in pair with being easy to detect.
Everyone counts on you. Your hacking skill is almost as good as BlackHat’s, so you can easily solo hack most nodes. Well used 0day can win you a game and giving root to an agent, can easily make you lose.

As OL your priorities are:
-do not get caught (agents won’t win if they don’t arrest you)
-check people (are they lying, can they confirm etc.)
-rush with hacking (hacking the target node d6 is possible)
-give tasks to people (skiddie ddos, split from indigo etc.)
-make new allies (journo, skiddie and CD should be helpful 😉
-find good new OL (give root to trustworthy person)

OL is very hard role (especially to begin with), you have a lot of things to do and if you fail any of them, your whole team can lose. Good to know is that you SHOULD NEVER open claim OL. Try to pretend any role: spear, BH, IM etc. But claiming OL is the easiest way to get arrested, you should do that only when your fake logs won’t help you.

TIP: 0day is powerful skill that you should use when you see target node, or as fast as possible if agents know who you are /better to use it on useless node, than to lose it permanently


short – BH /Offensive

BlackHat is easy and very powerful role. You got very high chances of successfully hacking any node and good used ddos can prevent from AL’s rollback. But you are still only good at hacking, you can’t help too much in anything else.

As BlackHat your priorities are:
-Hack nodes (simple 😉
-Midnight Meet sus persons
-ddos nodes that might get rollbacked
-prepare for arrest, cause you will get caught anyway 😉
BlackHat is role that (like OL) should rush with hacking, but this time not to win, but to do as much as possible before getting caught (what will surely happen).

TIP: agents hate’s BH’s, so you can claim journalist at beggining (if lucky and no one else will claim journo too), or spear / skiddie. Open claiming BH should be the last thing you do (and mostly is 😉


short – spear /offensive

Congratulations, you just became the most useless netsec role: Spearphisher!
You can do some things that analyst can do but you have less skills. Your job is to make nodes easier to hack and download ALL green nodes. You are also the best choice for AL to deal with. You can’t really help with hacking, so just try to download informations. I think you shouldn’t look for agents cause soon you will be their allie 😉

As Spearphisher your priorities are:
-Download all green nodes (the most important)
-Make nodes easier to hack (only if there are no nodes to download)
-Try to use your misdirections wisely (if you will use them right way, you’ll be confirmed netsec)

You can allie with IM, to download informations from nodes, that agents won’t ddos.

TIP: Try to be useful

Improvised Hacker

short – IH /offensive

To became IH you need to be field ops role. Claiming IH before n4 is like saying “Look i’m newbie and i got agent for the first time!”. As i said – you can became that role; But when should i turn into IH? Here’s checklist:

You should became IH if:
-Inside Man: you used all your insiders (2x); you should turn IH d4 cause IM is useless from then.
-CCTV (when there are 2 cctv’s): when 3 of 4 cams got destroyed
-CCTV (when only you are cctv): when both of your cams got destroyed
-Enforcer: a)If you got root from OL
b) When there are almost no hackers (less than 4)
Enforcer and CCTV rarely will became IH, but IM should always turn into him.

As Improvised Hacker your priorities are:
-Hack nodes
-download (to get info and to prove yourself)
-in night dumpster dive (this may make future hacking easier)

When turning IH you can either say it to everyone (safe for netsec, but risky cause agents can deal with you), or stay quiet (agents maybe will let you live, but netsec will see that you started hacking and likely will start thinking that you are sus).

TIP: ignore my “you should became IH if” list, if you are going for IH achievement.

CCTV Specialist

short – CCTV /field operations

CCTV is (in my opinion) the best field operations class.You are only role that can see who is coming to target without following them. This can easily became very powerful.

As CCTV your priorities are:
-Put cams
-Bait agents (into thinking that there is BoHu)
-Do not get caught 😉

When you are CCTV do not put in logs on who you got cams, because agents won’t arrest them. But this can be your advantage (sometimes). You can put fake logs so after showing them agents will think that cameras are on different people than they really are.
Do not bait agents into people you got cams on.

Cams dont work in other way: you see who came to your target, but you dont see did your target went somewhere (just good to remember 🙂

To see when you should became IH, look at Improvised Hacker above.

TIP: when you find second CCTV (what shouldn’t be hard), talk to him and put cameras on yourselves. When one of you will get arrested you will know who is FA. (do not do it always but, it’s still nice idea 🙂

Inside Man

short – IM or ISM /Field Operations

You are the second best field operations role. You are helping netsec but you can’t hack. You have some priorities but nobody except you, care about what will happen to you. You can play almost any way you want. Of course if OL says to follow someone you should do it, you are still getting paid for helping.

As Inside Man your priorities are:
-Use Insider knowledge always as fast as possible (not doing it d1 will mostly end with your death)
-Plant and retrieve keyloggers, if you can’t find any you can tell everybody about a field ops mole
-Follow randomly or the most sus people
-dumpster dive after insiders 🙂
-Do desperate measures after doing second insider
You can also:
-team up with neutrals claiming RC or skiddie (maybe someone will tell you who he really is)
Inside man isn’t very powerful but still can help. But still watch out – you are sus cause IM is mostly fake claim for agents or bad neuts.

To see when you should became IH, look at Improvised Hacker above.

TIP: Survive till last insider


short: enf /field operations

Your job is to get arrested. Either by defending someone or by random arrest. Of course you don’t want to get arrested so fast, but deal with it. It is your job to give hackers more time. You have to escort people who probably will get caught. If you get arrested and netsec wins, you also win.
Remember to escort wisely, FA got sting which will get you and person you wanted to defend. You should talk with OL who to kill and who to escort. Interrogate random people, and if you find suspicious logs, post them into open chat.

As enforcer your priorities are:
-Escort people who needs protection
-Randomly interrogate people (before n4)
-Kill the most sus guys (after d4)
-Find and talk with OL
-You can easily fake-claim Resentful Criminal to neutrals. Maybe some of them knows things you should know…

To see when you should became IH, look at Improvised Hacker above.

TIP: in logs don’t type what you did in day cause you do nothing. Only thing you should write in logs in day, is becaming IH.

Network Specialist

short – NE or (mostly used) Net Spec /Investigative

You are one of most useful role’s for NETSEC. I think that you are even better than BH. Your node hacking skill is moderate, which means that sometimes you can even solohack some nodes. You got powerful skills that helps you with checking who is lying and who ddos-es.Very helpful especially at beginning.

As Network Specialist your priorities are:
-wireshark when you think someone might ddos
-check people who “got” ISP-ed
-cover your track’s is mostly useless, so use it only if you open claimed
-Instead of hacking you can probe node
-Use all your skills (NE is mostly used as fake-claim for AL, you need to prove that you aren’t agent)

Netspec is role that rarely ever gets dealed, but still nobody trusts netspecs, because of often AL fake claim. Possibly you’ll get voted out, but before this you can do very helpful things for netsec.

TIP: if someone got ISP-ed, but you checked and it says he didn’t, it doesn’t necessarily mean that he lied. RH and field ops mole has special skill that does ISP, but your skill doesn’t detect it.

Social Engineer

short – Soc Eng or SE /Investigative

I think the best investigative role. You are similar to analyst, but better in every possible way. You can check someones faction, instead of “can you hack?”. You have one similarity to analyst: you can’t hack. But you have nothing else to do in days (Spoof is VERY useless). Your real power shines in night.

As Soc Eng your priorities are:
-Check who is sided with netsec
-Hack in days cause you got nothing else to do
-Throw under a bus and misdirect to make you safe
-try to find agents cause (like anal), you can’t do much things

You are almost like analyst so just check what she can do.

TIP: team up with analyst you can give yourselves informations, or double check one person


short – Anal /Investigative

This role isn’t very special and isn’t too bad. You can check can someone hack, which seems to be very powerful, but really isn’t. You should download and check who can hack. You are bad at hacking so after d1 it’s better to not hack. Clearing nodes is also good skill, but nobody really checks how it worked. I can say you are pretty useless.

As Analyst your priorities are:
-Check who can hack
-Download every green node
-Clear nodes where you think may be some fake logs
-Try to be useful

Mostly even after open claiming analyst, you still won’t get arrested, cause agents really dont care about you. I recommend claiming d5 and saying everything you are going to do. This way netsec shouldn’t suspect you. There are slightly increased chances that you will became mole, cause you can download like spearphishers and agents really, really like spearphishers.

TIP: Do what i said before and try finding agents. You can’t really help with hacking, so you can at least try to find moles. And maybe try to team up with SE.

Related Posts:

Post Author: Robins Chew

Leave a Reply

Your email address will not be published. Required fields are marked *