Jump to content

Chaos Computer Club: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
History: Bundestrojaner
Eu-Robert (talk | contribs)
m [sp/grammar] were send --> were sent
Line 40: Line 40:
On October 8 2011, the CCC published an analysis of the Bundestrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and for fetching and running arbitrary extra code. The CCC says this functionality being built in is in direct contradiction to the ruling of the constitutional court.
On October 8 2011, the CCC published an analysis of the Bundestrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and for fetching and running arbitrary extra code. The CCC says this functionality being built in is in direct contradiction to the ruling of the constitutional court.


In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were send completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German juristiction.
In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German juristiction.


The CCC's findings were widely reported in the German press.<ref>{{cite web|url=http://ccc.de/en/updates/2011/staatstrojaner|title=Chaos Computer Club analyzes government malware|date=2011-10-08|accessdate=2011-10-10|Publisher=Chaos Computer Club}}</ref><ref>{{cite web|url=http://www.spiegel.de/netzwelt/netzpolitik/0,1518,790756,00.html|title=CCC findet Sicherheitslücken in Bundestrojaner|publisher=Der Spiegel|accessdate=2011-10-10|date=2011-10-09}}</ref>
The CCC's findings were widely reported in the German press.<ref>{{cite web|url=http://ccc.de/en/updates/2011/staatstrojaner|title=Chaos Computer Club analyzes government malware|date=2011-10-08|accessdate=2011-10-10|Publisher=Chaos Computer Club}}</ref><ref>{{cite web|url=http://www.spiegel.de/netzwelt/netzpolitik/0,1518,790756,00.html|title=CCC findet Sicherheitslücken in Bundestrojaner|publisher=Der Spiegel|accessdate=2011-10-10|date=2011-10-09}}</ref>

Revision as of 23:13, 10 October 2011

Template:Infobox computer underground

The Chaos Computer Club (CCC) is an organization of hackers. The CCC is based in Germany and other German-speaking countries.

The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information...." In general, the CCC advocates more transparency in government, freedom of information, and the human right to communication. Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure.[citation needed]

History

The CCC was founded in Berlin on September 12, 1981 at the Kommune 1's table in the rooms of the newspaper Die Tageszeitung by Wau Holland and others in anticipation of the prominent role that information technology would play in the way people live and communicate.

The CCC became world famous when they drew public attention to the security flaws of the German Bildschirmtext computer network by causing it to debit a bank in Hamburg DM 134,000 in favor of the club. The money was returned the next day in front of the press. Prior to the incident, the system provider had failed to react to proof of the security flaw provided by the CCC, claiming to the public that their system was safe. Bildschirmtext was the biggest commercially available online system targeted at the general public in its region at that time, run and heavily advertised by the German telecommunications agency (Deutsche Bundespost) which also strove to keep up-to-date alternatives out of the market.[citation needed]

In 1989, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers and selling operating-system source code to the Soviet KGB.

Several of the CCC's early exploits are documented in a paper,[1] written by Digital Equipment Corporation's lead European Investigator of the CCC's activities in the 1980s and 1990s. These include the CCC protests against French nuclear tests and members of the CCC involved with the German Green Party.

The CCC is more widely known for its public demonstrations of security risks. In 1996, CCC members demonstrated an attack against Microsoft's ActiveX technology, changing personal data in a Quicken database. In April 1998, the CCC successfully demonstrated the cloning of a GSM customer card, breaking the COMP128 encryption algorithm used at that time by many GSM SIMs.[2]

In 2001, the CCC celebrated its twentieth birthday with an interactive light installation dubbed Project Blinkenlights that turned the building Haus des Lehrers in Berlin into a giant computer screen. A follow up installation (dubbed "Arcade") at the Bibliothèque nationale de France was the world's biggest light installation ever.

In March 2008, the CCC acquired and published the fingerprints of German Minister of the Interior Wolfgang Schäuble. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.[3] This was done to protest the use of biometric data in German identity devices such as e-passports.[4]

Later in October 2008, CCC's Project Blinkenlights went to Toronto, Canada with project Stereoscope.[5]

Bundestrojaner

The Bundestrojaner (Federal Trojan horse) is a computer surveillance program installed secretly on a suspect's computer, which the German police uses to wiretap Internet telephony. This "source wiretapping" is necessary, since Internet telephony programs will usually encrypt the data when it leaves the computer. The Federal Constitutional Court of Germany has ruled that the police may only use such programs for telephony wiretapping, and for no other purpose, and that this restriction should be enforced through technical and legal means.

On October 8 2011, the CCC published an analysis of the Bundestrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and for fetching and running arbitrary extra code. The CCC says this functionality being built in is in direct contradiction to the ruling of the constitutional court.

In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German juristiction.

The CCC's findings were widely reported in the German press.[6][7]

Events

CCC 2003 camp near Berlin

The CCC hosts the annual Chaos Communication Congress, Europe's biggest hacker congress, with up to 4,500 participants. Every four years, the Chaos Communication Camp is the outdoor alternative for hackers worldwide.

The CCC started a new yearly conference called SIGINT in May 2009 in Cologne, Germany.[8]

Another yearly CCC event taking place on the Easter weekend is the Easterhegg, which is more workshop oriented than the other events.

Members of the CCC also participate in various technological and political conferences around the planet.

Publications

The CCC publishes the quarterly magazine Datenschleuder (data catapult), and the CCC in Berlin also produces a monthly radio show called Chaosradio which picks up various technical and political topics in a two-hour talk radio show. The program is aired on a local radio station named Fritz. There is also a podcast spin-off named Chaosradio Express, an international podcast called Chaosradio International (which has been inactive for a couple of years now), and other radio programs offered by some regional Chaos Groups.

Members

Famous members are co-founder Wau Holland and Andy Müller-Maguhn, who was a member of the ICANN board of directors for Europe until 2002. Former WikiLeaks spokesman Daniel Domscheit-Berg was expelled from CCC in August 2011, during its annual camp.[9][10]

Chaos Computer Club France

The Chaos Computer Club France (CCCF) was a fake hacker organization created in 1989 in Lyon (France) by Jean-Bernard Condat, under the commandment of Jean-Luc Delacour, an agent of the Direction de la surveillance du territoire governmental agency. The primary goal of the CCCF was to watch and to gather information about the French hacker community.[11] Journalist Jean Guisnel said that this organization also worked with the French National Gendarmerie.

The name of the organization is directly inspired by the name of the German Chaos Computer Club organization, which in contrast is a real hacker organization.

The CCCF had a electronic magazine called Chaos Digest (ChaosD). Between January 4, 1993 and August 5, 1993, 73 issues were published (ISSN 1244-4901).

See also

References

  1. ^ Anderson, Kent (2006), Hacktivism and Politically Motivated Computer Crime (PDF), retrieved 2008-05-14
  2. ^ CCC | CCC klont D2 Kundenkarte
  3. ^ CCC publishes fingerprints of Wolfgang Schäuble, the German Home Secretary, Heise Online, published 2008-03-31, accessed 2008-04-17
  4. ^ CCC publiziert die Fingerabdrücke von Wolfgang Schäuble [Update] - heise Security
  5. ^ http://blinkenlights.net/stereoscope
  6. ^ "Chaos Computer Club analyzes government malware". 2011-10-08. Retrieved 2011-10-10. {{cite web}}: Unknown parameter |Publisher= ignored (|publisher= suggested) (help)
  7. ^ "CCC findet Sicherheitslücken in Bundestrojaner". Der Spiegel. 2011-10-09. Retrieved 2011-10-10.
  8. ^ https://events.ccc.de/sigint/2009/wiki/Hauptseite Willkommen - SIGINT 2009
  9. ^ Top German Hacker Slams OpenLeaks Founder, Der Spiegel, 15 August 2011
  10. ^ Heather Brooke, Inside the secret world of hackers, The Guardian, 25 August, 2011
  11. ^ Transclusion error: {{En}} is only for use in File namespace. Use {{langx|en}} or {{in lang|en}} instead. Phrack #64, "A personal view of the french underground (1992-2007)", 2007: "A good example of this was the fake hacking meeting created in the middle 1990' so called the CCCF (Chaos Computer Club France) where a lot of hackers got busted under the active participation of a renegade hacker so called Jean-Bernard Condat."