Date: Tue, 14 Jan 92 12:15 MST
From: Moderators <[email protected]>
Subject: File 4--Report: 8th Chaos Computer Congress

((For those who do not receive either RISKS-L or TELECOM Digest,
we reprint the following form TELECOM Digest, Vol 13 #35 (14 Jan '92)).

         ***********************************************

Date: Tue, 14 Jan 1992 06:33:50 PST
From: [email protected]
Subject: Report: 8th Chaos Computer Congress

The following message was copied from RISKS-L.  Of particular interest
to TELECOM reader will be where the writer speaks of HACKTIC. That
such gatherings are becoming more sparsely populated is a positive
step.  But is it, perhaps, time for people such as the UN , or perhaps
the ITU, to invoke sanctions against countries that allow such groups
to thrive? ( Comments are my own ... I don't expect anyone else to
have the guts to agree with me.) (Grin)

                      -=-=-=--=-=-=

Date: 9  Jan 92 16:37 +0100
From: Klaus Brunnstein <[email protected]>
Subject: Chaos Congress 91 Report

                Report: 8th Chaos Computer Congress

On occasion of the 10th anniversary of its foundation, Chaos Computer
Club (CCC) organised its 8th Congress in Hamburg (Dec.27-29, 1991). To
more than 400 participants (largest participation ever, with growing
number of students rather than teen-age scholars), a rich diversity of
PC and network related themes was offered, with significantly less
sessions than before devoted to critical themes, such as phreaking,
hacking or malware construction.  Changes in the European hacker scene
became evident as only few people from Netherlands (see: Hacktick) and
Italy had come to this former hackers' Mecca.  Consequently, Congress
news are only documented in German.  As CCC's founding members develop
in age and experience, reflection of CCC's role and growing diversity
(and sometimes visible alienity between leading members) of opinions
indicates that teen-age CCC may produce less spectacular events than
ever before.

This year's dominating theme covered presentations of communication
techniques for PCs, Ataris, Amigas and Unix, the development of a
local net (mousenet.txt: 6.9 kByte) as well as description of regional
(e.g.  CCC's ZERBERUS; zerberus.txt: 3.9 kByte) and international
networks (internet.txt: 5.4 kBytes), including a survey (netzwerk.txt:
53.9 kByte).  In comparison, CCC'90 documents are more detailed on
architectures while sessions and demonstrations in CCC'91 (in "Hacker
Center" and other rooms) were more concerned with practical navigation
in such nets.

Phreaking was covered by the Dutch group HACKTIC which updated its
CCC'90 presentation of how to "minimize expenditures for telephone
conversations" by using "blue" boxes (simulating specific sounds used
in phone systems to transmit switching commands) and "red" boxes
(using telecom-internal commands for testing purposes), and describing
available software and recent events.  Detailed information on
phreaking methods in specific countries and bugs in some telecom
systems were discussed (phreaking.txt: 7.3 kByte). More information
(in Dutch) was available, including charts of electronic circuits, in
several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten"
(=news for techno-anarchists).

    Remark #1: recent events (e.g. "Gulf hacks") and material presen-
ted on Chaos Congress '91 indicate that Netherland emerges as a new
European center of malicious attacks on systems and networks.  Among
other potentially harmful information, HACKTIC #14/15 publishes code
of computer viruses (a BAT-virus which does not work properly;
"world's shortest virus" of 110 bytes, a primitive non-resident virus
significantly longer than the shortest resident Bulgarian virus: 94
Bytes).  While many errors in the analysis show that the authors lack
deeper insight into malware technologies (which may change), their
criminal energy in publishing such code evidently is related to the
fact that Netherland has no adequate computer crime legislation.  In
contrast, the advent of German computer crime legislation (1989) may
be one reason for CCC's less devotion to potentially harmful themes.

   Remark #2: While few Netherland universities devote research and
teaching to in/security, Delft university at least offers introductory
courses into data protection (an issue of large public interest in NL)
and security.  Professors Herschberg and Aalders also analyse the
"robustness" of networks and systems, in the sense that students may
try to access connected systems if the addressed organisations agree.
According to Prof. Aalders (in a recent telephone conversation), they
never encourage students to attack systems but they also do not punish
students who report on such attacks which they undertook on their own.
(Herschberg and Alpers deliberately have no email connection.)

Different from recent years, a seminar on Computer viruses (presented
by Morton Swimmer of Virus Test Center, Univ. Hamburg) as deliberately
devoted to disseminate non-destructive information (avoiding any
presentation of virus programming).  A survey of legal aspects of
inadequate software quality (including viruses and program errors) was
presented by lawyer Freiherr von Gravenreuth (fehlvir.txt: 5.6 kByte).

Some public attention was drawn to the fact that the "city-call"
telephone system radio-transmits information essentially as ASCII.  A
demonstration proved that such transmitted texts may easily be
intercepted, analysed and even manipulated on a PC.  CCC publicly
warned that "profiles" of such texts (and those addressed) may easily
be collected, and asked Telecom to inform users about this insecurity
(radioarm.txt: 1.6 kByte); German Telecom did not follow this advice.

Besides discussions of emerging voice mailboxes (voicebox.txt: 2.8
kBytes), an interesting session presented a C64-based chipcard
analysis systems (chipcard.txt: 3.3 kBytes).  Two students have built
a simple mechanism to analyse (from systematic IO analysis) the
protocol of a German telephone card communicating with the public
telephone box; they described, in some detail (including an
elctronmicroscopic photo) the architecture and the system behaviour,
including 100 bytes of communication data stored (for each call, for
80 days!)  in a central German Telecom computer. Asked for legal
implications of their work, they argued that they just wanted to
understand this technology, and they were not aware of any legal
constraint.  They have not analysed possibilities to reload the
telephone account (which is generally possible, due to the
architecture), and they didnot analyse architectures or procedures of
other chipcards (bank cards etc).

Following CCC's (10-year old charta), essential discussions were
devoted to social themes.  The "Feminine computer handling" workshop
deliberately excluded men (about 25 women participating), to avoid
last year's experience of male dominancy in related discussions
(femin.txt: 4.2 kBytes).  A session (mainly attended by informatics
students) was devoted to "Informatics and Ethics" (ethik.txt: 3.7
kByte), introducing the international state-of-discussion, and
discussing the value of professional standards in the German case.

A discussion about "techno-terrorism" became somewhat symptomatic for
CCC's actual state.  While external participants (von Gravenreuth,
Brunnstein) were invited to this theme, CCC-internal controversies
presented the panel discussion under the technical title "definition
questions".  While one fraction (Wernery, Wieckmann/terror.txt: 7.2
kByte) wanted to discuss possibilities, examples and dangers of
techno-terrorism openly, others (CCC "ol'man" Wau Holland) wanted to
generally define "terrorism" somehow academically, and some undertook
to describe "government repression" as some sort of terrorism.  In the
controversial debate (wau_ter.txt: 9.7 kByte), few examples of
technoterrorism (WANK worm, development of virus techniques for
economic competition and warfare) were given.

More texts are available on: new German games in Multi-User
Domain/Cyberspace (mud.txt: 3.8 kByte), and Wernery's "Btx
documentation" (btx.txt: 6.2 kByte); not all topics have been
reported.  All German texts are available from the author (in
self-extracting file: ccc91.exe, about 90 kByte), or from CCC (e-mail:
[email protected], fax: +49-40-4917689).

Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.