Chaos Computer Club

Last updated

Chaos Computer Club
Formation12 September 1981;43 years ago (1981-09-12)
West Berlin, West Germany
Type NGO
Purpose Computer security hacking
Headquarters Hamburg, Germany
Location
Website ccc.de/en
ASN

The Chaos Computer Club (CCC) is Europe's largest association of hackers [1] with 7,700 registered members. [2] Founded in 1981, the association is incorporated as an eingetragener Verein in Germany, with local chapters (called Erfa-Kreise) in various cities in Germany and the surrounding countries, particularly where there are German-speaking communities. Since 1985, some chapters in Switzerland have organized an independent sister association called the Chaos Computer Club Schweiz  [ de ] (CCC-CH) instead.

Contents

The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information…". In general, the CCC advocates more transparency in government, freedom of information, and the human right to communication. Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure as well as the use of open-source software. [3] [ failed verification ] The CCC spreads an entrepreneurial vision refusing capitalist control. [4] It has been characterised as "…one of the most influential digital organisations anywhere, the centre of German digital culture, hacker culture, hacktivism, and the intersection of any discussion of democratic and digital rights". [5]

Members of the CCC have demonstrated and publicized a number of important information security problems. [6] The CCC frequently criticizes new legislation and products with weak information security which endanger citizen rights or the privacy of users. Notable members of the CCC regularly function as expert witnesses for the German constitutional court, organize lawsuits and campaigns, or otherwise influence the political process.

Activities

Regular events

Chaos Communication Camp 2003 near Berlin, featuring the Pesthornchen [de] aka Datenpirat
, a Jolly Roger malapropism to the logo of the former Deutsche Bundespost, the Federal Post of Germany Ccc2003PirateTent.jpg
Chaos Communication Camp 2003 near Berlin, featuring the Pesthörnchen  [ de ] aka Datenpirat, a Jolly Roger malapropism to the logo of the former Deutsche Bundespost, the Federal Post of Germany

The CCC hosts the annual Chaos Communication Congress, Europe's biggest hacker gathering. When the event was held in the Hamburg congress center in 2013, it drew 9,000 guests. [7] For the 2016 installment, 11,000 guests were expected, [8] with additional viewers following the event via live streaming.

Every four years, the Chaos Communication Camp is the outdoor alternative for hackers worldwide. The CCC also held, from 2009 to 2013, a yearly conference called SIGINT in Cologne [9] which focused on the impact of digitisation on society. The SIGINT conference was discontinued in 2014. [10] The four-day conference Gulaschprogrammiernacht in Karlsruhe is with more than 1,500 [11] participants the second largest annual event. Another yearly CCC event taking place on the Easter weekend is the Easterhegg, which is more workshop oriented than the other events.

The CCC often uses the c-base station located in Berlin as an event location or as function rooms.

Publications and outreach

Video

The CCC publishes the irregular magazine Datenschleuder (data slingshot) since 1984. The Berlin chapter produces a monthly radio show called Chaosradio  [ de ] which picks up various technical and political topics in a two-hour talk radio show. The program is aired on a local radio station called Fritz  [ de ] and on the internet. Other programs have emerged in the context of Chaosradio, including radio programs offered by some regional Chaos Groups and the podcast spin-off CRE by Tim Pritlove.

Many of the chapters of CCC participate in the volunteer project Chaos macht Schule which supports teaching in local schools. Its aims are to improve technology and media literacy of pupils, parents, and teachers. [12] [13] [14]

CCC members are present in big tech companies and in administrative instances. One of the spokespersons of the CCC, as of 1986, Andy Müller-Maguhn, was a member of the executive committee of the ICANN (Internet Corporation for Assigned Names and Numbers) between 2000 and 2002. [15]

CryptoParty

The CCC sensitises and introduces people to the questions of data privacy. Some of its local chapters support or organize so called CryptoParties to introduce people to the basics of practical cryptography and internet anonymity.

History

Founding

Wau Holland Wau Holland.jpg
Wau Holland

The CCC was founded in West Berlin on 12 September 1981 at a table which had previously belonged to the Kommune 1 in the rooms of the newspaper Die Tageszeitung by Wau Holland and others in anticipation of the prominent role that information technology would play in the way people live and communicate.

BTX-Hack

The CCC became world-famous in 1984 when they drew public attention to the security flaws of the German Bildschirmtext computer network by causing it to debit DM 134,000 (equivalent to €131,600in 2021) in a Hamburg bank in favor of the club. The money was returned the next day in front of the press. Prior to the incident, the system provider had failed to react to proof of the security flaw provided by the CCC, claiming to the public that their system was safe. Bildschirmtext was the biggest commercially available online system targeted at the general public in its region at that time, run and heavily advertised by the German telecommunications agency Deutsche Bundespost which also strove to keep up-to-date alternatives out of the market. [16]

Karl Koch

In 1987, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers, and then selling operating-system source code to the Soviet KGB. This incident was portrayed in the movie 23 .

GSM-Hack

In April 1998, the CCC successfully demonstrated the cloning of a GSM customer card, breaking the COMP128 encryption algorithm used at that time by many GSM SIMs. [17]

Project Blinkenlights

Blinkenlights at the 22nd Chaos Communication Congress Blinkenlights CCC at 22C3.jpg
Blinkenlights at the 22nd Chaos Communication Congress

In 2001, the CCC celebrated its twentieth birthday with an interactive light installation dubbed Project Blinkenlights that turned the building Haus des Lehrers in Berlin into a giant computer screen. A follow-up installation, Arcade, was created in 2002 by the CCC for the Bibliothèque nationale de France. [18] Later in October 2008 CCC's Project Blinkenlights went to Toronto, Ontario, Canada with project Stereoscope. [19]

Schäuble fingerprints

In March 2008, the CCC acquired and published the fingerprints of German Minister of the Interior Wolfgang Schäuble. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers. [20] This was done to protest the use of biometric data in German identity devices such as e-passports. [21]

Staatstrojaner affair

Mascot used to protest against the Staatstrojaner, a trojan horse Bundestrojaner.jpg
Mascot used to protest against the Staatstrojaner, a trojan horse

The Staatstrojaner (Federal Trojan horse ) is a computer surveillance program installed secretly on a suspect's computer, which the German police uses to wiretap Internet telephony. This "source wiretapping" is the only feasible way to wiretap in this case, since Internet telephony programs will usually encrypt the data when it leaves the computer. The Federal Constitutional Court of Germany has ruled that the police may only use such programs for telephony wiretapping, and for no other purpose, and that this restriction should be enforced through technical and legal means.

On 8 October 2011, the CCC published an analysis of the Staatstrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and to fetch and run arbitrary extra code. The CCC says that having this functionality built in is in direct contradiction to the ruling of the constitutional court.

In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German jurisdiction.

The CCC's findings were widely reported in the German press. [22] [23] [24] This trojan has also been nicknamed R2-D2 [25] [26] because the string "C3PO-r2d2-POE" was found in its code; [27] another alias for it is 0zapftis ("It's tapped!" in Bavarian, a sardonic reference to Oktoberfest). [27] According to a Sophos analysis, the trojan's behavior matches that described in a confidential memo between the German Landeskriminalamt and a software firm called DigiTask  [ de ]; the memo was leaked on WikiLeaks in 2008. [27] Among other correlations is the dropper's file name scuinst.exe, short for Skype Capture Unit Installer. [28] The 64-bit Windows version installs a digitally signed driver, but signed by the non-existing certificate authority "Goose Cert". [29] [30] DigiTask later admitted selling spy software to governments. [31]

The Federal Ministry of the Interior released a statement in which they denied that R2-D2 has been used by the Federal Criminal Police Office (BKA); this statement however does not eliminate the possibility that it has been used by state-level German police forces. The BKA had previously announced however (in 2007) that they had somewhat similar trojan software that can inspect a computer's hard drive. [24]

Domscheit-Berg affair

Former WikiLeaks spokesman Daniel Domscheit-Berg was expelled from the national CCC (but not the Berlin chapter) in August 2011. [32] [33] This decision was revoked in February 2012. [34] As a result of his role in the expulsion, board member Andy Müller-Maguhn was not reelected for another term.

Phone authentication systems

The CCC has repeatedly warned phone users of the weakness of biometric identification in the wake of the 2008 Schäuble fingerprints affair. In their "hacker ethics" the CCC includes "protect people data", but also "Computers can change your life for the better". [35] The club regards privacy as an individual right: the CCC does not discourage people from sharing or storing personal information on their phones, but advocates better privacy protection, and the use of specific browsing and sharing techniques by users.

Apple TouchID

From a photograph of the user's fingerprint on a glass surface, using "easy everyday means", [36] the biometrics hacking team of the CCC was able to unlock an iPhone 5S.

Samsung S8 iris recognition

The Samsung Galaxy S8's iris recognition system claims to be "one of the safest ways to keep your phone locked and the contents private" as "patterns in your irises are unique to you and are virtually impossible to replicate", as quoted in official Samsung content. [37] However, in some cases, using a high resolution photograph of the phone owner's iris and a lens, the CCC claimed to be able to trick the authentication system.

Fake Chaos Computer Club France

The Chaos Computer Club France (CCCF) was a fake hacker organisation created in 1989 in Lyon (France) by Jean-Bernard Condat, under the command of Jean-Luc Delacour, an agent of the Direction de la surveillance du territoire governmental agency. The primary goal of the CCCF was to watch and to gather information about the French hacker community, identifying the hackers who could harm the country. [38] [15] Journalist Jean Guisnel  [ fr ] said that this organization also worked with the French National Gendarmerie.

The CCCF had an electronic magazine called Chaos Digest (ChaosD). Between 4 January 1993 and 5 August 1993, seventy-three issues were published ( ISSN   1244-4901).

See also

Related Research Articles

Wiretapping, also known as wire tapping or telephone tapping, is the monitoring of telephone and Internet-based conversations by a third party, often by covert means. The wire tap received its name because, historically, the monitoring connection was an actual electrical tap on an analog telephone or telegraph line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it.

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<i>Datenschleuder</i>

Die Datenschleuder. Das wissenschaftliche Fachblatt für Datenreisende, literally translated as The Data Slingshot: The scientific trade journal for data voyagers, is a German hacker magazine that is published at irregular intervals by the Chaos Computer Club (CCC).

<span class="mw-page-title-main">Mass surveillance</span> Intricate surveillance of an entire or a substantial fraction of a population

Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

<span class="mw-page-title-main">Chaos Communication Congress</span> Annual hacker meeting

The Chaos Communication Congress is an annual hacker conference organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography, privacy and online freedom of speech. It has taken place regularly at the end of the year since 1984, with the current date and duration established in 2005. It is considered one of the largest events of its kind, alongside DEF CON in Las Vegas.

Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing and especially relate to mass surveillance.

<span class="mw-page-title-main">Project Blinkenlights</span> Light installation in Berlin

Project Blinkenlights was a light installation in the Haus des Lehrers building at the Alexanderplatz in Berlin that transformed the building front into a giant low-resolution monochrome computer screen. The installation was created by the German Chaos Computer Club (CCC) and went online on 11 September 2001 as a celebration of the club's 20th birthday. Some novel uses of the screen are for people to call a number and play Pong via mobile phone or display animations sent in by the public.

<span class="mw-page-title-main">Chaos Communication Camp</span> International meeting of hackers

The Chaos Communication Camp is an international meeting of hackers that takes place every four years, organized by the Chaos Computer Club (CCC). So far all CCCamps have been held near Berlin, Germany.

<span class="mw-page-title-main">Tim Pritlove</span>

Tim Pritlove is a British/German podcaster, media artist and Discordian. He lives and works in Berlin.

<span class="mw-page-title-main">Bernd Fix</span> German hacker and computer security expert

Bernd Fix is a German hacker and computer security expert.

<span class="mw-page-title-main">FinFisher</span> Surveillance software

FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">Chaosdorf</span>

Chaosdorf is a hackerspace operated by non-profit association Chaos Computer Club Düsseldorf / Chaosdorf e.V. in the city of Düsseldorf, Germany. It is Düsseldorf’s Chaos Computer Club chapter.

<span class="mw-page-title-main">Litigation over global surveillance</span>

Litigation over global surveillance has occurred in multiple jurisdictions since the global surveillance disclosures of 2013.

BuggedPlanet.info is a wiki created in 2011 by Andy Müller-Maguhn, former spokesman of the Chaos Computer Club, that tries to list and track down the activities of the surveillance industry in the fields of "Lawful interception", Signals intelligence (SIGINT), Communications intelligence (COMINT) as well as tactical and strategical measures used to intercept communications and the vendors and governmental and private operators of this technology.

Jean-Bernard Condat is a French computer security expert and former hacker who became a consultant to the Directorate of Territorial Surveillance (DST). Using the name concombre, he achieved status as one of the best-known French hackers in the 1990s.

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

<span class="mw-page-title-main">Jan Krissler</span> German computer scientist and biometry hacker

Jan Krissler, better known by his pseudonym starbug, is a German computer scientist and hacker. He is best known for his work on defeating biometric systems, most prominently the iPhone's TouchID. He is also an active member of the German and European hacker community.

<span class="mw-page-title-main">Karsten Nohl</span> German cryptography expert and hacker (born 1981)

Karsten Nohl is a German cryptography expert and hacker. His areas of research include Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection.

References

  1. "Chaos Computer Club". Chaos Computer Club. Retrieved 2016-08-23.
  2. annual general assembly minutes 2018, Chaos Computer Club, 2018
  3. Satzung des CCC e.V. (German). Accessed 2013-09-23.
  4. Boullier, Dominique (2016-04-27). Sociologie du numérique (in French). Armand Colin. ISBN   978-2-20061207-8.
  5. Cadwalladr, Carole (2014-11-09). "Berlin's digital exiles: where tech activists go to escape the NSA". The Observer. Retrieved 2018-12-28 via www.theguardian.com.
  6. Anderson, Kent (2006). "Hacktivism and Politically Motivated Computer Crime" (PDF). Archived from the original (PDF) on 2008-02-27. Retrieved 2008-05-14.
  7. "Hacks and Highlights of the Chaos Communication Congress". Tech the Future. Archived from the original on 2014-07-05. Retrieved 2014-08-20.
  8. "33C3 Call For Papers".
  9. https://events.ccc.de/sigint/2009/wiki/Hauptseite Archived 2017-07-08 at the Wayback Machine SIGINT Willkommen 2009
  10. "SIGINT". Archived from the original on 2015-04-19.
  11. "19. Gulaschprogrammiernacht: Chaos im Lichthof" (PDF) (in German). Archived (PDF) from the original on 2021-06-27. Retrieved 2019-06-03.
  12. CCC. "Chaos macht Schule" (in German). Retrieved 2016-01-11.
  13. Anna Biselli (2014-03-24). "Medienkompetenz, quo vadis? Teil III: Interview zum Projekt "Chaos macht Schule"" (in German). Retrieved 2016-01-11.
  14. Tim Pritlove, Florian Grunow, Peter Hecko (2012-01-06). "CRE189 Chaos macht Schule" (in German). Retrieved 2016-01-11.{{cite web}}: CS1 maint: multiple names: authors list (link)
  15. 1 2 "Les " bidouilleurs " de la société de l'information". Le Monde diplomatique (in French). 2008-09-01. Retrieved 2018-03-12.
  16. "Hacker remembered as computer age hero / Wau Holland fought to free information". SFGate. 2001-08-13. Retrieved 2019-04-19.
  17. CCC | CCC klont D2 Kundenkarte Archived 2008-05-30 at the Wayback Machine
  18. "Nuit Blanche 2002 : jeux de lumière sur une tour de la BnF". blog.bnf.fr (in French). Retrieved 2021-01-26.
  19. "Welcome to Project Blinkenlights – Project Blinkenlights". blinkenlights.net. Retrieved 2018-12-28.
  20. CCC publishes fingerprints of Wolfgang Schäuble, the German Home Secretary, Heise Online, 2008-03-31, archived from the original on 2013-12-08, retrieved 2008-04-17
  21. online, heise (2008-03-29). "CCC publiziert die Fingerabdrücke von Wolfgang Schäuble [Update]". Security. Retrieved 2018-12-28.
  22. "Chaos Computer Club analyzes government malware". Chaos Computer Club. 2011-10-08. Retrieved 2011-10-10.
  23. "CCC findet Sicherheitslücken in Bundestrojaner". Der Spiegel . 2011-10-09. Retrieved 2011-10-10.
  24. 1 2 "Electronic Surveillance Scandal Hits Germany". Der Spiegel. 2011-10-10. Retrieved 2011-10-31.
  25. Basil Cupa, Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware), LISS 2013, pp. 419–428
  26. German federal Trojan eavesdrops on 15 applications, experts find. The R2-D2 surveillance Trojan also has support for 64-bit Windows systems Archived 2014-02-01 at the Wayback Machine
  27. 1 2 3 "German 'Government' R2D2 Trojan FAQ". 2011-10-10. Retrieved 2018-12-28.
  28. Leyden, John. "German states defend use of 'Federal Trojan'". The Register.
  29. Zorz, Zeljka (2011-10-19). "Federal Trojan has more capabilities than previously thought". Help Net Security. Retrieved 2018-12-28.
  30. Werner, Tillman (2011-10-18). "Federal Trojan's got a "Big Brother"". Securelist. Retrieved 2021-03-16.
  31. "German company behind government spyware admits sale to Bavaria – DW – 11.10.2011". DW.COM. Retrieved 2018-12-28.
  32. Top German Hacker Slams OpenLeaks Founder, Der Spiegel , 2011-08-15
  33. Heather Brooke, Inside the secret world of hackers, The Guardian , 2011-08-25
  34. "CCC – Ergebnis der außerordentlichen Mitgliederversammlung". www.ccc.de. Retrieved 2018-12-28.
  35. "CCC | Hackerethik". www.ccc.de. Retrieved 2018-03-13.
  36. "CCC | Chaos Computer Club breaks Apple TouchID". www.ccc.de. Retrieved 2018-03-12.
  37. "Security – Iris Scanner | Samsung Galaxy S8 and S8+". The Official Samsung Galaxy Site. Retrieved 2018-03-12.
  38. Phrack No. 64, "A personal view of the french underground (1992–2007)", 2007: "A good example of this was the fake hacking meeting created in the middle 1990' so called the CCCF (Chaos Computer Club France) where a lot of hackers got busted under the active participation of a renegade hacker so called Jean-Bernard Condat."

Further reading