Chaos Computer Club

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Chaos Computer Club
Logo CCC.svg
CCC Logo (Chaosknoten)
Formation 1981
Purpose Hacking
Location
Origin Berlin
Founders Wau Holland
Products Datenschleuder
Chaos Communication Congress
Chaos Communication Camp
Chaosradio
Project Blinkenlights
Website ccc.de

The Chaos Computer Club (CCC) is Europe's largest association of hackers.[1] The CCC is based in Germany and other German-speaking countries.

The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information...." In general, the CCC advocates more transparency in government, freedom of information, and the human right to communication. Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure.[2]

History[edit]

The CCC was founded in Berlin on September 12, 1981 at a table which had previously belonged to the Kommune 1 in the rooms of the newspaper die tageszeitung by Wau Holland and others in anticipation of the prominent role that information technology would play in the way people live and communicate.

The CCC became world famous when they drew public attention to the security flaws of the German Bildschirmtext computer network by causing it to debit DM 134,000 in a Hamburg bank in favor of the club. The money was returned the next day in front of the press. Prior to the incident, the system provider had failed to react to proof of the security flaw provided by the CCC, claiming to the public that their system was safe. Bildschirmtext was the biggest commercially available online system targeted at the general public in its region at that time, run and heavily advertised by the German telecommunications agency Deutsche Bundespost which also strove to keep up-to-date alternatives out of the market.[citation needed]

In 1989, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers and selling operating-system source code to the Soviet KGB.

Several of the CCC's early exploits are documented in a paper, written by Digital Equipment Corporation's lead European Investigator of the CCC's activities in the 1980s and 1990s.[3] These include the CCC protests against French nuclear tests and members of the CCC involved with the German Green Party.

The CCC is more widely known for its public demonstrations of security risks. In 1996, CCC members demonstrated an attack against Microsoft's ActiveX technology, changing personal data in a Quicken database. In April 1998, the CCC successfully demonstrated the cloning of a GSM customer card, breaking the COMP128 encryption algorithm used at that time by many GSM SIMs.[4]

In 2001, the CCC celebrated its twentieth birthday with an interactive light installation dubbed Project Blinkenlights that turned the building Haus des Lehrers in Berlin into a giant computer screen. A follow up installation (dubbed "Arcade") at the Bibliothèque nationale de France was the world's biggest light installation.

In March 2008, the CCC acquired and published the fingerprints of German Minister of the Interior Wolfgang Schäuble. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.[5] This was done to protest the use of biometric data in German identity devices such as e-passports.[6]

Later in October 2008, CCC's Project Blinkenlights went to Toronto, Canada with project Stereoscope.[7]

Staatstrojaner[edit]

The Staatstrojaner (Federal Trojan horse) is a computer surveillance program installed secretly on a suspect's computer, which the German police uses to wiretap Internet telephony. This "source wiretapping" is the only feasible way to wiretap in this case, since Internet telephony programs will usually encrypt the data when it leaves the computer. The Federal Constitutional Court of Germany has ruled that the police may only use such programs for telephony wiretapping, and for no other purpose, and that this restriction should be enforced through technical and legal means.

On October 8, 2011, the CCC published an analysis of the Staatstrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and to fetch and run arbitrary extra code. The CCC says that having this functionality built in is in direct contradiction to the ruling of the constitutional court.

In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German jurisdiction.

The CCC's findings were widely reported in the German press.[8][9][10] This trojan has also been nicknamed R2D2[11][12] because the string "C3PO-r2d2-POE" was found in its code;[13] another alias for it is 0zapftis.[13] According to a Sophos analysis, the trojan's behavior matches that described in a confidential memo between the German Landeskriminalamt and a software firm called DigiTask (de); the memo was leaked on WikiLeaks in 2008.[13] Among other correlations is the dropper's file name scuinst.exe, short for Skype Capture Unit Installer.[14] The 64-bit Windows version installs a digitally signed driver, but signed by the non-existing certificate authority "Goose Cert".[15][16]

The Federal Ministry of the Interior released a statement in which they denied that R2D2 has been used by the Federal Criminal Police Office (BKA—roughly equivalent to the US FBI); this statement however does not eliminate the possibility that it has been used by state-level German police forces. The BKA had previously announced however (in 2007) that they had somewhat similar trojan software that can inspect a computer's hard drive.[10]

Events[edit]

CCC 2003 camp near Berlin

The CCC hosts the annual Chaos Communication Congress, Europe's biggest hacker gathering. The event moved from Berlin to Hamburg in 2012, and drew 9,000 guests attendees in 2013.[17] Every four years, the Chaos Communication Camp is the outdoor alternative for hackers worldwide.

The CCC started a new yearly conference called SIGINT in May 2009 in Cologne, Germany.[18]

Another yearly CCC event taking place on the Easter weekend is the Easterhegg, which is more workshop oriented than the other events.

Members of the CCC also participate in various technological and political conferences around the planet.

Publications[edit]

The CCC publishes the quarterly magazine Datenschleuder (data slingshot) since 1984, and the CCC in Berlin also produces a monthly radio show called Chaosradio (de) which picks up various technical and political topics in a two-hour talk radio show. The program is aired on a local radio station named Fritz (de). There is also a podcast spin-off named CRE, an international podcast called Chaosradio International (which as of 2012 has been inactive for several years), and other radio programs offered by some regional Chaos Groups.

Members[edit]

Famous members are co-founder Wau Holland and Andy Müller-Maguhn, who was a member of the ICANN board of directors for Europe until 2002, and Karl Koch, who was a Cold War-era hacker featured in the movie 23. Former WikiLeaks spokesman Daniel Domscheit-Berg was expelled from the national CCC in August 2011, despite not actually being a member, during its quadrennial camp.[19][20] This decision was revoked on February 2012.[21]

Chaos Computer Club France[edit]

The Chaos Computer Club France (CCCF) was a fake hacker organization created in 1989 in Lyon (France) by Jean-Bernard Condat, under the command of Jean-Luc Delacour, an agent of the Direction de la surveillance du territoire governmental agency. The primary goal of the CCCF was to watch and to gather information about the French hacker community.[22] Journalist Jean Guisnel said that this organization also worked with the French National Gendarmerie.

The name of the organization is directly inspired by the name of the German Chaos Computer Club organization, which in contrast is a real hacker organization.

The CCCF had an electronic magazine called Chaos Digest (ChaosD). Between January 4, 1993 and August 5, 1993, seventy-three issues were published (ISSN 1244-4901).

See also[edit]

References[edit]

  1. ^ http://www.ccc.de/en/
  2. ^ Satzung des CCC e.V. (German). Accessed September 23, 2013.
  3. ^ Anderson, Kent (2006), Hacktivism and Politically Motivated Computer Crime, retrieved 2008-05-14 
  4. ^ CCC | CCC klont D2 Kundenkarte
  5. ^ CCC publishes fingerprints of Wolfgang Schäuble, the German Home Secretary, Heise Online, published 2008-03-31, Retrieved 2008-04-17
  6. ^ CCC publiziert die Fingerabdrücke von Wolfgang Schäuble [Update] – heise Security
  7. ^ http://blinkenlights.net/stereoscope
  8. ^ "Chaos Computer Club analyzes government malware". Chaos Computer Club. 2011-10-08. Retrieved 2011-10-10. 
  9. ^ "CCC findet Sicherheitslücken in Bundestrojaner". Der Spiegel. 2011-10-09. Retrieved 2011-10-10. 
  10. ^ a b "Electronic Surveillance Scandal Hits Germany". Der Spiegel. 2011-10-10. Retrieved 2011-10-31. 
  11. ^ Basil Cupa, Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware), LISS 2013, pp. 419-428
  12. ^ German federal Trojan eavesdrops on 15 applications, experts find. The R2D2 surveillance Trojan also has support for 64-bit Windows systems
  13. ^ a b c http://nakedsecurity.sophos.com/2011/10/10/german-government-r2d2-trojan-faq/
  14. ^ Leyden, John. "German states defend use of 'Federal Trojan'". The Register. 
  15. ^ http://www.net-security.org/malware_news.php?id=1882
  16. ^ http://kasperskycontenthub.com/securelist/2011/10/18/federal-trojans-got-a-big-brother-17/
  17. ^ "Hacks and Highlights of the Chaos Communication Congress". Tech the Future. Retrieved 20 August 2014. 
  18. ^ https://events.ccc.de/sigint/2009/wiki/Hauptseite SIGINT Willkommen 2009
  19. ^ Top German Hacker Slams OpenLeaks Founder, Der Spiegel, August 15, 2011
  20. ^ Heather Brooke, Inside the secret world of hackers, The Guardian, August 25, 2011
  21. ^ CCC revokes decision to expel Domscheit-Berg
  22. ^ Phrack No. 64, "A personal view of the french underground (1992–2007)", 2007: "A good example of this was the fake hacking meeting created in the middle 1990' so called the CCCF (Chaos Computer Club France) where a lot of hackers got busted under the active participation of a renegade hacker so called Jean-Bernard Condat."

External links[edit]