29C3 - Not My Department

Chaos Communication Congress (CCC or C3 for short) is traditionally held between Christmas and New Year. This date is chosen not only because most hackers are free during this time, but also because organizers like to avoid people who go to conferences to escape their job and actual work. An unusual but effective solution.


In addition to the traditional time, the place was traditional too - at least for the older ones among us. The 29th Congress returned from Berlin to the original city of CCC - Hamburg. An acronym of this year’s conference is 29C3 (29th Chaos Communication Congress). The tagline of this year’s congress is “Not My Department”. The name suggests something that most hackers don’t like to see - when someone (especially an officer) makes excuses about something being beyond their competence.

If some of the descriptions of lectures sound interesting, feel free to check them online - the streams are free.

The conference was opened by a keynote address by Jacob Appelbaum. As the author of Tor and a Wikileaks collaborator, he has experienced what it is like to come into conflict with a powerful state. Interrogations lasting hours at airports are common practice, yet he has never been accused of anything. Jacob tried to inspire hackers to develop technologies that support individual freedom - privacy, anonymity, circumventing censorship. Later, he also delivered a technical lecture on Tor ecosystem - programs and libraries that people can use (with Tor) for anonymous access/posting and circumventing censorship. Sadia Afroza Islam and Aylin Caliskan gave a lecture on stylometry that reminded us of the fact that anonymity it is not easy - even if you are using a completely anonymous connection to the Internet, your writing style can give you up. The authors presented their toolkit for stylometry (JStylo) and partial anonymization of writing style (do not trust it for strong anonymity though).

The traditional theme of the congress is of hacking GSM communication. This time it was not focused on the interception of communication. Sylvain Munaut presented his “hack” - creating a BTS (base transreceiver station in GSM network) from an old Motorola C123 mobile phone with his own firmware. Thus, it is possible (under controlled conditions) to create your own GSM network, which is able to send short text messages (SMS). The phone must be connected to the computer that is running OpenBTS clone at all times, so the Motorola C123 is used as a GSM radio peripheral.

GSM network - along with DECT and VoIP networks (which are all interconnected) - has traditionally been used at the Congress. The private network was used by many members of the congress for intra-congress communication.

Mark van Cuijk from Holland presented his “open” GSM service provider Limesco. It allows you to adjust the routing of calls the way you want - in fact you bring mobile calls to your VoIP PBX where you can route them or do other interesting things with them. The lecture was an overview of the background of commercial mobile operators and various companies (network operator, vendor, virtual operator, …) and pricing, or interconnection charges.

The second top issue was a serious conflict of states vs hackers. From the use of the Internet in protests (Arab spring, Occupy movement) to the so-called whistleblowing, 29C3 covered almost the full spectrum of the conflict. The highlight of this topic was a talk called “Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime.” It was led by two former NSA employees who worked on surveillance technology. Both left NSA after their superiors decided to develop and deploy an interception programme called Stellar Wind, which (according to them) is intercepting and storing all communications (regardless of citizenship) without a court order. Thomas Drake said several times that this is against the U.S. Constitution. William Binney explained how an eavesdropping technology works and what the capacity of the new NSA data center being built in Utah is.

Americans are not the only ones that are building and using mass-surveilance technologies - Russia is now doing it too and is not so secretive about it. The “Russian way” of intercepting everything is being exported beyond the borders of Russia, and even the original Soviet Union. Mexico decided to purchase listening technology from Russian companies and the company persuaded the government to also adapt Russian lawful interception procedures - this means that the competent authorities receive all unfiltered traffic and then filter things out. There is no independent party to check if they have a court order for that interception.

29C3 Hamburg Tag 1Hackers hacked even the title “CCH” (Congress Center Hamburg) at the “CCC”.

The cryptology and attacks on ciphers have special dedicated professional conferences, but cryptographic analysis of Russian cipher GOST was quite interesting even at the CCC. An analysis of RFID security cards was presented in a very funny and interesting way by Timo Kasper. They described also the hacking of Prague Opencard. However, the most interesting lecture (according to us) was the factorization of RSA public keys (FactHacks), which was presented by DJB (DJ Bernstein, author of djbdns and qmail mail package), Nadia Heninger and Tanja Lange. They pointed out the real problems in the development of encryption systems, such as insufficient entropy when generating keys. They showed a field-tested method to factorize a number of keys in parallel, and their project is available at where you can verify if the public key is weak and has well-known factors. An important take-away from this lecture is that it is no longer safe to use 1024-bit RSA keys.

Sebastian Schinz introduced side-channel attacks (timing). The idea of this attack is that some operations take longer and some shorter. Based on the time it takes to perform an operation, an attacker can get information that is not public. Textbook example is the algorithm that first verifies your user name and then your password. If the operation is performed faster (statistically), it can be inferred that the user is not found. If it takes longer it means that the application found the user and checked the password, so the user exists. This works even if in both cases, the server replies “Incorrect user name or password”. Sebastian released a set of tools for measuring and evaluating time-based side channels and showed us some techniques to prevent these types of attacks.

The CCC consists of many interesting things, not only talks. Even though it is already the 29th annual conference, the organisers are not afraid to experiment. The new space hosted nearly a hundred so-called “assemblies”, i.e. sites (from few tables to a large hacking area) that have a common theme. Assemblies also organized workshops and technology demonstrations outside the main program. There were over 100 independent workshops that were not part of the official programme. The conference network was also interesting - peak usage was 3059 users, 40% of the traffic was IPv6. During the conference, the aggregate traffic of Hamburg increased by one third (conference used over 8GBit/s). The conference organizers declared this usage as “booooring” and concluded that people do not follow the recommendation on the screens: “Please use more bandwidth”.

A number of accompanying events, spontaneously organized workshops and meetings, interesting and high quality lectures, open access (low entrance fees, conference organized purely by volunteers and a free stream) made Chaos Communication Congress the best technical (hacking) Conference at least in Europe. Sister events of the Congress are two camps, one organized by the German Chaos Communication Club and the second organized in the Netherlands. This year the Dutch camp is called Observe, Hack, Make (OHM) and tickets are already sold on Join us in the summer, it will be an awesome event!


Related blogs