Hacker conference
December 29, 2010On Monday, two Berlin mobile security researchers outlined what they've dubbed the "SMS of Death" attack, which they claim could potentially could affect significant portions of mobile phones worldwide, the overwhelming majority of which are non-smartphones, like an iPhone or Android.
By flooding these mobiles with hundreds of thousands of malicious texts, they were able to discover bugs within the phones text-message reading software, that in some cases would force the phone to get stuck in a reboot loop.
And that was just day one of the 27th annual Chaos Communication Congress, the annual gathering of the Chaos Computer Club, currently going on this week in the German capital.
The two German researchers, Collin Mulliner and Nico Golde, from the Technical University of Berlin, claimed that their attack potentially could affect older-generation mobile phones made by Sony Ericsson, Samsung, Motorola, Micromax and LG. Mulliner theorized that a large scale such attack might be overwhelming to a mobile network by inducing "ten thousand mobiles to try to reconnect simultaneously."
Amongst the 3,000 attendees, there's a majority of very pale, sometimes chubby men, with laptops under their arms who look like they haven't seen a lot of sunlight, there are also students, a few hipsters and women in attendance.
During the conference, which concludes on Thursday, participants take part in lectures and workshops on political and technical topics - from censorship, data surveillance and copyright, to VOIP security and hacking smart phones. Attendees can even buy SIM cards to use a special, experimental mobile phone network set up solely for this conference.
WikiLeaks first debuted at the 2007 CCC congress
The Chaos Computer Club, or CCC, was founded in Berlin in 1981 and is one of the world's oldest self-desecribed hacker clubs.
Since that time, the CCC has become known for consistently exposing security flaws and challenged the trend of heightened data surveillance since the September 11, 2001 attacks.
To protest the authorities' increasing use of biometric data, in March 2008, the CCC acquired the German interior minister's fingerprints, which they took from a water glass the politician used at a public speaking event. They took that imprint and published them as a way to protest the increased use of biometric data in Germany and to highlight the insecure nature of such data.
Three years ago, at the 2007 congress, WikiLeaks founder Julian Assange presented an early sketch of the now-contraversial website. There, he met CCC member, Daniel Domscheit-Berg, (then known by his alias, Daniel Schmitt), who until a few months ago was considered Assange's number two at WikiLeaks.
While the two groups are not formally affiliated, Frank Rosengart, a Chaos Computer Club spokesperson, said that his organization supports WikiLeaks because both groups have similar goals, especially around the issues of more transparency in government, or what Rosengart calls "machine-readable government.”
"WikiLeaks, for us, it's the right way to do it, to publish information," said Rosengart. "Keeping the privacy and keeping the sources anonymous - that's a very important part of software and this can be considered a good hack to set up such a system that works in this way."
Rosengart said that first and foremost the Congress is a meeting place for technical collaboration to take place - as was the case with WikiLeaks.
"There are a lot of projects like open-source programming projects and some people they meet here for the first time in real life," he said. "So they know them online, they work together, they do software together, but they meet here for the first time."
Data retention policies on the rise
This week at the CCC congress are a number of talks at the congress about data retention, which has increased dramatically in the last nine years.
In an attempt to prevent further terrorist attacks, many governments, including the United States and Germany, have increased the amount and type of data they keep on each citizen.
One of the groups participating this year is AK Vorrat - the Working Group on Data Retention - that lead a campaign protesting against the introduction of a data retention law in Germany in 2008. The group's efforts were successful and in March 2010 the law was declarecd unconstitutional by the German constitutional court.
However, this year, AK Vorrat has focused its attention on the 2011 census.
"There is some data that should not be collected," said Michael Ebeling, an AK Vorrat spokesperson, who said the group is particularly concerned about certain lines of questioning in the German census.
"If you are not coming from Germany, they are asking you where are you coming from, where are your father, your mother coming from?" he said. "What kind of religion do you believe in? if you are Islamic believer then they ask very precisely, are you Sunni or Shiite. And we ask why do they ask these things?"
He added that for Christians, there are no follow up questions about a person's particular denomination, and noted that people who don't fill out the forms correctly could face further questioning and or a hefty fine.
AK Vorrat is also concerned because the data people put on the census forms will not be made anonymous for four to six years, and given the sensitive nature of much of this personal data, they fear that it could be misused by politicians - in the name of fighting terrorism.
Increasing surveillance across the European Union
But this year's attendees are not just concerned about surveillance measures within Germany.
The Forum of Computer Scientists for Peace and Social Responsibility Association (FIFF), is a German non-profit organization focusing mainly on privacy and security issues, as well as the use of technology in weapons, robots and cyber-warfare.
On Wednesday, FIFF members gave a presentation about a European research project called INDECT that develops surveillance techniques for the authorities.
INDECT was initiated by the Polish Platform for Homeland Security, and according to its website, aims to "develop new, advanced and innovative algorithms and methods aiming at combating terrorism and other criminal activities affecting citizens' safety."
Kai Nothdurft, a student at the University of Bremen, and a FIFF member, said that INDECT is all about meticulously aggregating data from different sources - from websites, social networks, government databases and filming demonstrations using unmanned aerial vehicles, or UAVs.
"They combine [data] with pictures they get from surveillance cameras, CCTV cameras from public places and by using face recognition," he said, adding that social networking photos can also be used as a surveillance tool.
"That's a very dangerous thing because there's an empowerment of all these surveillance techniques by really combining all these things.”
Lockpicking: the original hack
While there's a big focus on political issues at the conference, there are also fun and practical workshops like how to recover your data if your hard drive crashes, how to hack your Playstation 3 console, and there's even a stand for Germany's lockpicking club.
"If you enter a door without a key and if you open a lock without a key, it's a hacking technique too," said one female member of the club, who goes by the nom de hacker, Snow Goose.
However, she was quick to explain that the club has strict ethical ground rules.
"[We don't teach] anybody to break into other peoples' houses," she said. "Always pick your own locks only!"
Similarly, for many attendees, this strong confluence of curiosity, technical inquiry, civic-mindendness and ethics is what unites all hackers.
"For me its more a lifestyle," said Frank Rosengart, the CCC spokesperson.
"Hacking is asking more questions, trying to understand, using electronic devices in a different way than the manual proposes. I think we need to go out to the world with this kind of lifestyle and trying to make a better world."
Author: Cinnamon Nippard, Berlin
Editor: Cyrus Farivar