Tron (hacker)

From Wikipedia, the free encyclopedia
  (Redirected from Boris Floricic)
Jump to: navigation, search
Boris Floricic
Born June 8, 1972
West Berlin
Died October 17, 1998(1998-10-17) (aged 26)
Nationality German
Other names Tron
Education Technical University of Berlin
Alma mater Technical University of Applied Sciences of Berlin
Known for hacking, the "Cryptophon"

Boris Floricic, better known by his pseudonym Tron (8 June 1972 – 17–22 October 1998), was a German hacker and phreaker whose death in unclear circumstances has led to various conspiracy theories. He is also known for his Diplom thesis presenting one of the first public implementations of a telephone with built-in voice encryption, the "Cryptophon".

Floricic's pseudonym was a reference to the eponymous character in the 1982 Disney film Tron. Floricic was interested in defeating computer security mechanisms; amongst other hacks, he broke the security of the German phonecard and produced working clones. He was subsequently sentenced to 15 months in jail for the physical theft of a public phone (for reverse engineering purposes) but the sentence was suspended on probation.

From December 2005 to January 2006, media attention was drawn to Floricic when his parents and Andy Müller-Maguhn brought legal action in Germany against the Wikimedia Foundation and its German chapter Wikimedia Deutschland e.V. The first preliminary injunction tried to stop Wikipedia from publishing Floricic's full name, and a second one followed, temporarily preventing the use of the German Internet domain wikipedia.de as a redirect address to the German Wikipedia.

Early life, education[edit]

Floricic grew up in Gropiusstadt, a suburb in southern Berlin (West Berlin at the time). His interests in school focused on technical subjects. He left school after ten years and completed a three-year Vocational education (Berufsausbildung) offered by the Technical University of Berlin and graduated as a specialist in communication electronics with a major in information technology (Kommunikationselektroniker, Fachrichtung Informationstechnik). He subsequently earned the Abitur and began studies in computer science at the Technical University of Applied Sciences of Berlin.

During his studies, Floricic attended an internship with a company developing electronic security systems. In the winter term 1997/1998, Floricic successfully finished his studies and published his diploma thesis, in which he developed and described the "Cryptophon", an ISDN telephone with built-in voice encryption. Since parts of this work, which were to be provided by another student, were missing, he could not finish his work on the Cryptophon. His thesis, however, was rated as exceptional by the evaluating university professor. After graduation, Floricic applied for work, but was unsuccessful. In his spare time he continued, among other activities, his work on the Cryptophon.

Interests[edit]

Floricic was highly interested in electronics and security systems of all kinds. He engaged in, amongst other things, attacks against the German phonecard and Pay TV systems. As part of his research he exchanged ideas and proposals with other hackers and scientists. On the mailing list "tv-crypt", operated by a closed group of Pay TV hackers, Floricic reported about himself in 1995 that his interests were microprocessors, programming languages, electronics of all kinds, digital radio data transmission and especially breaking the security of systems perceived as secure. He claimed to have created working clones of a chipcard used for British Pay TV and would continue his work to defeat the security of the Nagravision/Syster scrambling system which was then used by the German Pay TV provider "PREMIERE".

Later, American scientists outlined a theoretical attack against SIM cards used for GSM mobile phones. Together with hackers from the Chaos Computer Club, Floricic successfully created a working clone of such a SIM card, thus showing the practicability of the attack. He also engaged in cloning the German phonecard and succeeded. While Floricic only wanted to demonstrate the insecurity of the system, the proven insecurity was also abused by criminals which led to the attention of law enforcement agencies and the German national phone operator Deutsche Telekom. After Deutsche Telekom changed the system, Floricic tried to remove a complete public card phone from a booth by force (using a sledgehammer) on 3 March 1995 in order to, as he told, adapt his phonecard simulators to the latest changes. He and a friend were, however, caught by the police upon this attempt. Floricic was later sentenced to a prison term of 15 months which was suspended on probation.

Cryptophon[edit]

"Cryptophon" (or "Cryptofon") was the name Floricic chose for his prototype of an ISDN telephone with integrated voice encryption. It was created in the winter term 1997–1998 as part of his diploma thesis, titled "Realisierung einer Verschlüsselungstechnik für Daten im ISDN B-Kanal" (German, meaning, "Implementation of Cryptography for Data contained in the ISDN Bearer channel"), at the Technische Fachhochschule Berlin. Floricic focused on making the Cryptophon cheap and easy to build for hobbyists. The phone encrypts telephone calls using the symmetric encryption algorithm IDEA. As IDEA is patented, the cipher was implemented on a replaceable daughter module which would have allowed the user to exchange IDEA for another (probably patent-unencumbered) algorithm. In addition, the system was about to be supplemented with a key exchange protocol based on the asymmetric algorithm RSA in order to achieve security against compromised remote stations.

The Cryptophon is built on the foundation of an 8051 compatible microprocessor which controls the whole system and peripherals (e.g. ISDN controller, keypad and display). For the cryptography, Floricic used cheap DSPs from Texas Instruments which he scrapped out of old computer modems, but which could also be bought at affordable prices. As this type of DSP is not powerful enough for the cryptography algorithm chosen, Floricic used two of them for the Cryptophon – one for sending and one for receiving. He planned to extend the phone so it would also be possible to encrypt data-connections. Floricic developed both the operating software of the phone as well as the cryptography implementation in the DSPs. He found a new way to implement IDEA to save significant processing time.

Death[edit]

Floricic disappeared on 17 October 1998 and was found dead in a local park in Britz in the Neukölln district of Berlin on 22 October[1] after being hanged from a waistbelt wrapped around his neck. The cause of death was officially recorded as suicide. Some of his peers in the Chaos Computer Club, as well as his family members and some outside critics, have been vocal in their assertions that Floricic may have been murdered.[2] It is argued that his activities in the areas of Pay TV cracking and voice scrambling might have disturbed the affairs of an intelligence agency or organized crime enough to provide a motive.

The German journalist Burkhard Schröder published a book about the death titled "Tron - Tod eines Hackers" ("Tron - Death of a Hacker") in 1999 in which he presents the facts about the case known at the time. Because he concludes that Floricic took his own life, the author was harshly criticized by both members of the Chaos Computer Club and Floricic's parents.

Naming controversy[edit]

As Floricic's family did not wish his full name (Boris Floricic) to be used, many German newspapers referred to him as "Boris F." On 14 December 2005, his parents obtained a temporary restraining order in a Berlin court against Wikimedia Foundation Inc. because its freely editable online encyclopedia, Wikipedia, mentioned the full name in its German language version. The order prohibited the Foundation from mentioning the full name on any website under the domain "wikipedia.org". It furthermore required the Foundation to name a representative in Germany within two weeks following the decision.[3]

This was widely reported in the Dutch and German press.[4] The initial order was mistakenly addressed to Saint Petersburg, Russia rather than to St. Petersburg, Florida, United States; this was corrected five days later.

Index page of www.wikipedia.de on 19 January 2006.

On 17 January 2006, a second preliminary injunction from a court in Berlin prohibited the Wikimedia Deutschland e.V. local chapter from linking to the German Wikipedia, resulting in the change of the wikipedia.de address from a link to German Wikipedia to a page explaining the situation, although the page did not mention Tron.[5] Despite media reports to the contrary, the German Wikipedia itself was never closed or became inaccessible in Germany. Wikimedia Deutschland e.V. confirmed to the Internet news site golem.de that the new injunction was related to the prior case against the Wikimedia Foundation and was issued on behalf of the same plaintiffs. Wikimedia Deutschland e.V. was reported as intending to fight the injunction, arguing that no valid case was presented and the freedom of the press must be defended.[6]

As Müller-Maguhn, one of the spokespersons of the Chaos Computer Club, was deeply involved in the case on the side of the plaintiffs, some media reported this as a case of Chaos Computer Club against Wikipedia. The Chaos Computer Club had issued a public statement that this was a case between a few of its members and Wikipedia, and that the CCC itself did not take any position in the matter.[7]

The Austrian online magazine Futurezone interviewed Andy Müller-Maguhn on 19 January 2006 about the case and its background. Maguhn admitted that the true reason behind the incident was a fictitious work recently published by a German author in which the main character had the same (civil) name as Floricic. The parents sent a protest to the publisher but were turned down with the argument that the German Wikipedia was using the name as well. Müller-Maguhn then asked the German Wikipedia to remove the name, but was turned down for a number of reasons, including failure to present proof that he was entitled to speak and act on behalf of the parents.[8]

On 9 February 2006, the injunction against Wikimedia Deutschland was overturned.[9] The plaintiffs appealed to the Berlin state court, but were turned down in May 2006.

References[edit]

  1. ^ zdnet.co.uk: "High-stakes hacking, Euro-style", by Bob Sullivan, 25 October 2000
  2. ^ Wired News: "Out of Chaos Comes Order", by David Hudson, 28 December 1998
  3. ^ Telepolis: "Hacker leben nicht gefährlich", by Burkhard Schröder, January 10, 2006 (in German)
  4. ^ Spiegel Online: "Streit um Tron: Darf man einen Hacker beim Namen nennen?", by Holger Dambeck, January 10, 2006 (in German)
  5. ^ Heise Newsticker: "Domain Wikipedia.de ist zurzeit außer Betrieb", by Andreas Wilkens, January 19, 2006 (in German)
  6. ^ golem.de: "Wikipedia.de derzeit abgeschaltet", by Andreas Donath, January 19, 2006. (in German)
  7. ^ CCC: "Klarstellung zu Wikipedia vs. Tron", by Frank Rieger, January 13, 2006. (in German)
  8. ^ futurezone: "'Einstweilige Verfügung' gegen Wikipedia.de", by unnamed author, 19 January 2006 (in German)
  9. ^ Heise Online: "Court overturns temporary restraining order against Wikimedia Deutschland, by Torsten Kleinz, 9 February 2006.

Further reading[edit]

  • Burkhard Schröder: Tron: Tod eines Hackers ("Tron: Death of a hacker"). rororo, 1999, ISBN 3-499-60857-X

External links[edit]