Chaos Computer Club

The Chaos Computer Club (CCC) is one of the world’s biggest hackers organizations. The CCC is based in Germany and other German-speaking countries. The CCC describes itself as ‘a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information….’ In general, the CCC advocates more transparency in government, freedom of information, and the human right to communication.

Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure. The CCC was founded in Berlin in 1981 at a table which had previously belonged to the Kommune 1 (the first politically motivated commune in Germany) in the rooms of the newspaper ‘Die Tageszeitung’ by Wau Holland and others in anticipation of the prominent role that information technology would play in the way people live and communicate.

The CCC became world famous when they drew public attention to the security flaws of the German Bildschirmtext computer network by causing it to debit DM 134,000 in a Hamburg bank in favor of the club. The money was returned the next day in front of the press. Prior to the incident, the system provider had failed to react to proof of the security flaw provided by the CCC, claiming to the public that their system was safe. Bildschirmtext was the biggest commercially available online system targeted at the general public in its region at that time, run and heavily advertised by the German telecommunications agency, which also strove to keep up-to-date alternatives out of the market.

In 1989, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers and selling operating-system source code to the Soviet KGB. Several of the CCC’s early exploits are documented in a paper, written by Digital Equipment Corporation’s lead European Investigator of the CCC’s activities in the 1980s and 1990s. These include the CCC protests against French nuclear tests and members of the CCC involved with the German Green Party. The CCC is more widely known for its public demonstrations of security risks. In 1996, CCC members demonstrated an attack against Microsoft’s ActiveX technology, changing personal data in a Quicken database. In 1998, the CCC successfully demonstrated the cloning of a GSM customer card, breaking the COMP128 encryption algorithm used at that time by many GSM SIMs.

In 2001, the CCC celebrated its twentieth birthday with an interactive light installation dubbed ‘Project Blinkenlights’ that turned the building Haus des Lehrers in Berlin into a giant computer screen. A follow up installation (dubbed ‘Arcade’) at the Bibliothèque nationale de France was the world’s biggest light installation. In 2008, the CCC acquired and published the fingerprints of German Minister of the Interior Wolfgang Schäuble. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers. This was done to protest the use of biometric data in German identity devices such as e-passports.

The ‘Bundestrojaner’ (‘Federal Trojan horse’) is a computer surveillance program installed secretly on a suspect’s computer, which the German police uses to wiretap Internet telephony. This ‘source wiretapping’ is the only feasible way to wiretap in this case, since Internet telephony programs will usually encrypt the data when it leaves the computer. The Federal Constitutional Court of Germany has ruled that the police may only use such programs for telephony wiretapping, and for no other purpose, and that this restriction should be enforced through technical and legal means.

In 2011, the CCC published an analysis of the Bundestrojaner software, which was found to have the ability to remote control the target computer, capture screenshots, and to fetch and run arbitrary extra code. The CCC says that having this functionality built in is in direct contradiction to the ruling of the constitutional court. In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German jurisdiction.

The CCC hosts the annual ‘Chaos Communication Congress,’ Europe’s biggest hacker congress. Every four years, the ‘Chaos Communication Camp’ is the outdoor alternative for hackers worldwide. The CCC publishes the quarterly magazine ‘Datenschleuder’ (‘data catapult’) since 1984, and the CCC in Berlin also produces a monthly radio show called ‘Chaosradio’ which picks up various technical and political topics in a two-hour talk radio show. Notable members include co-founder Wau Holland and Andy Müller-Maguhn, who was a member of the ICANN board of directors for Europe until 2002, and Karl Koch, who was a Cold War-era hacker featured in the movie ’23.’ Former WikiLeaks spokesman Daniel Domscheit-Berg was temporarily expelled from CCC in 2011, during its quadrennial camp.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.