------------------------------ From: Bill Fischer Subject: Chaos Computer Club Congress Date: Mon, 28 Jan 91 10:00:13 CST ******************************************************************** *** CuD #3.05: File 5 of 8: Chaos Computer Conference (Reprint) *** ******************************************************************** {Reprinted with permission from: Risks Digest, 10.80} ============================================================================= -Date: 24 Jan 91 14:19 GMT+0100 -From: Klaus Brunnstein -Subject: 7th Chaos Computer Congress, Hamburg, 27-29 Dec 1990 In its 7th year, the annual conference of Chaos Computer Club was held in Hamburg (Germany) in the last week of December. A broad spectrum of themes was offered, dominated by networking, but also covering legal aspects, ecological computing, freedom of information, female computer handling, psychology of hackers and others. Among the more than 300 participants, only few people from European countries (Netherland, Italy) and USA participated. The Congress newspaper (covering reports about most sessions, available as *.DOC or *.TXT files, see below) is only in German. Though the printed (DTP-ed) version of it looks more professionally, some essential discussions (e.g. female computer handling, computer viruses, the new German Information Security Agency, GISA) are missing; quality and readability of articles is rather mixed. As there were only few spectacular themes (phreaking, copying bank cards), public interest and coverage in newsmedia, as compared to CCC'89 (the year, when the KGB hack was published) was moderate. Among the spectacular themes, a group HACK-TIC from Netherland demonstrated a machine (about 1,500$) to copy credit and Eurocheque cards (EC); according to Wau Holland (co-founder of CCC), this was arranged "to demonstrate the insecurity of these plastique cards". While the speaker of Hamburg's saving bank (HASPA, which was the victim of CCC's famous "Btx/HASPA-attack") said that this is impossible, a journalist of BILD (a German boulevard newspaper) received a printout of his account with a copy of his card, but when trying to order money from a teller machine, his card was collected. The most spectacular event was a workshop on (phone) "Phreaking". Experiences and methods how "to call as far as possible with as many phreaks as possible at lowest possible price" were described in some detail (few of which were written). Tricks with German PTT's 130-number (and connection to US' 700/800 numbers) as well as with the (PTT-internal) test number 1177 to establish low-cost (at least for the phreaks) teleconferences and voice mailboxes were discussed. It is surprising to hear from a US phreak that the old tricks (2,600 MHz, red boxes to simulate the coins' click) even work today; some new experiences esp. tricks with Calling Cards (due to missing expiration date on some cards or delayed update of MCI databank) were added to "help fight the excessive telephone costs". Dutch phreaks informed about "use" of 008-numbers; a hotel reservation service at a large airport does not check the validity of credit cards (file: PHREAK.DOC). The workshop was not concerned with legal aspects of Phreaking. Several sessions were devoted to networking. Chaos Computer Club runs a network ("Zerberus") with gateways to international networks and a growing number of regional mailbox systems. Despite mixed (or even bad) experiences with new mailbox systems and gateways (the gateway group emailed invitation to this workshop; 50% of the invitations came back, essentially with "error-mail"; file NETWCHAoS.DOC), several sessions were devoted to introductions into networking (file WSI-NET.DOC covering a detailed INTERNET survey; several files on GATOR, a GATEway ORientation guide to regional and international communication and gateways). A special report was devoted to communication of graphic and sound data, where special standards, command languages and software are under development (file SCF.DOC). Special discussions were devoted to applications of mailboxes for ecological purposes (file UMWE-DFU.DOC) and as infrastructure for publications (file Med-DFU.DOC), as well as to aspects of (German) publication laws (file PRESRECH.DOC). One session was devoted to CCCs idea to aid the former GDR (now "5 new federal countries") in establishing a citizen computer network "DDRNET". Despite of significant aid by computer dealers (who spontaneously donated PCs, software and modems in significant numbers) and despite of the interest of local groups and parties (New Forum, essential force in the East-German revolution), tax and organization problems finally stopped the project when German reunification happened. The document (file: DDRNET.DOC) gives a lively example of good ideas and plans being killed by hostile bureaucracy. Following earlier CCC' discussions on sociological aspects of hacking, a student (Tommy) described his examination thesis (diplom work) relating Psychology and Computing (file PSYCHO.DOC, thesis in compacted form: PSYCH.LZH in 109kBytes). According to Tommy, hackers exhibit their self-consciousness as an elite by their techno-speak. "Ordinary" people of same age with no understanding of computing are rather suspicious about hackers, even more as computers appear as threats to their civil rithts and working places. In such controversies, hackers seems to flee reality, mostly unconsciously, and they live in simulated worlds such as Cyberspace ("not as dangerous as other drugs"). Anonymous or technically depersonalized communication (e.g. mailboxes) lowers the threshold of moral scruples, resulting in communication garbage and flames. Btw: as in previous years, a special workshop on Cyberspace demonstrated EEG-coupled graphical devices and software (file: CYBER.DOC); the sub-culture (as initiated by Gibson's book "Neuromancer") developing around this techno-drug has it's first European magazines (Decoder, Cyberpunk). A special discussion developed on computer "viruses". Two speakers working with Ralph Burger (author of the "Big Book of Computer Viruses", also publishing virus code in German, English and Russian) described his work to classify new viruses and to establish a databank of virus code. In their classification, the group starts with a specific model of virus mechanisms including self-encryption; this model is in some contradiction with other classification (e.g. as a virus in their model must always have an effect, parent viruses like DO NOTHING having no effect would not be a virus while their descendants are), and stealth mechanisms other than encryption are not foreseen. The speakers argued that information on virus details should be easily accessible to all relevant parties. A controversial discussion arose when the author of this report informed about the establishment of CARO (=Computer Antivirus Research Organisation, cofounded by V.Bonchev/Sofia, Ch.Fischer/Karlsruhe, F.Skulason/Rejkjavik, A.Solomon/UK, M.Swimmer/Hamburg, M.Weiner/Vienna and the author) to establish a database with virus specimen and procedures to quickly analyse new viruses and distribute the disassemblies for verification and antivirus development. As the number of viruses grows significantly (more than 400 MsDos viruses known, plus new developments visible in Soviet Union, Hungary etc) with advanced stealth methods and more sophisticated damage, restrictions in the access to such virus specimen based on concepts of "trusted persons" and "need to know" are presently discussed (also controversially). In contrast to such concepts, CCC'90 participants and the speakers expressed their view that such virus specimen should be accessible to any interested party. Summary: apart from the session on phone phreaking, Chaos Computer Club visibly demonstrated its distance to criminal activities which dominated the last conferences (e.g. KGB hack). In discussing themes of technical and related interests, they return to the list of items which were described in their foundation document (file THESEN.TXT, October 1981). Themes related to civil rights (e.g. "Freedom of Information") are visibly of more interest than classical hacking techniques. As CCC did not discuss any consequences of the KGB case (after the trial in March 1990) for its members or related persons, CCC omitted the opportunity to prepare for it's role in future hacks in it's environment. While their annual conference was less chaotically organized than last year, it's structure and future developments remain as the name indicates: chaotic and computer-minded, yet with a sense for new ideas and applications. ******************************************************************** >> END OF THIS FILE << ***************************************************************************