A major part of the Chaos Communication Congress has always been a critical examination of state structures. Fighting against hacker laws and decriminalizing the creative use of technology is part of the club’s DNA. There were also people on the stage in Hamburg who condemned tax fraud and unfair monopolies. For this, standing applause was also given.
Advertisement
A team of Network Politics and BR journalists explained their research in a A treasure trove of cell phone location dataWhich was openly offered to buy them. They had not received any conspiratorial information from a whistleblower – as was the case with the recent VW data breach – but they had gone shopping on a data trading platform. As free “samples”, a retailer gave them billions of location records containing unique device identifiers. Using these advertising IDs, journalists were able to build detailed activity profiles of suspected Secret Service and government employees, including potential NSA agents.
Errors in the system and telephone monopoly
Lilith “Riot Influencer” Wittman shows viewers what she was like The prison telephone system was hacked And publicly accessible API endpoints were used to extract sensitive information about prisoners. The worker also took a closer look at the manufacturer of the system and software and found something fishy. The company had not only charged unusually high call rates for a long period of time, but had now become a de facto monopolist, to which the legal authorities had to resort reluctantly. In a live demo, Wittman also showed the audience the “Wazettechain” program, which is still used for administration in some juvenile detention centers and contains all kinds of problematic stuff in the GUI and source code.
Wittmann’s research took advantage of the Freedom of Information Act (IFG), which Arne Semsrot of “Ask the State” also sees as a tool to monitor officials and the government. an increasingly dull, However, the worker saidBecause officials and courts did not always follow legal requirements. Furthermore, anonymous inquiries are no longer allowed, which makes IFG less useful as a means of authorization control. Transparency is a bargaining chip, criticized Semsrot, who distributed the final edition of the newspaper Fragdenstaat (DE) with assistants – DE stands for printed product.
The two lectures were on a topic that was unusual for Congress: tax fraud. Pentester “Martin” in his lecture showed how tax fraud à la Comex and Comex is a kind of art. Former government prosecutor Anne Broerhilker, who was the central driving force behind the first Come-X investigation, outlines the fraud scheme and explains how she fought the fraudsters. He criticized the fact that there is no culture of cooperation between officials and that they often take inconsistent decisions, for example on data protection issues. Mail encryption via PGP is sometimes explicitly required and sometimes outright forbidden, which makes their daily work more difficult. Brorhilkar, who now works for an NGO, earned the money for her educational work Finanzwende e.V When he works, a hall full of three thousand spectators gets a standing ovation.
Free hacking into assemblies
If you want to treat 38C3 like a traditional conference, you can put together an entire lecture program with over 140 contributions and hop back and forth between halls for four days – queuing included Is. However, such a lecture misses an equally important part of the Hopper Congress. Because besides the lectures, that is, the meetings, there is a lot to see. In CCH’s many halls, hackers sit at rows and islands of tables, tinkering, chatting, and showing off their projects. There are also regional groups Allen Chipping Plant and project-related assemblies such as the OpenStreetMap project. While some hackers only need a table, sockets and network cables, the Center for Political Beauty has brought a former prison bus to Hamburg and other assemblies have created their own workshop rooms outside partition walls.
The mix of technology, art and politics is what makes the gatherings so attractive and represents a further evolution of previous events Hack Center Editor Keyvan met Florian from Hamburg and his football-playing robot at one of the gatherings.
auracast is good but unsafe
AuraCast is a component of Bluetooth Low Energy Audio and is for streaming audio in public places. Its main purpose is to make things easier for hearing aid wearers: if multiple people with hearing aids sit in front of an Auracast-enabled TV, they can subscribe to the same Bluetooth stream.
With greater transmission power, Auracast installations are possible in train stations and airports or sports bars, where each person with hearing aids or normal Bluetooth earbuds subscribes to a specific station or announcement channel. This also makes the technology interesting for audio advertising that is played in the offered stream. The purpose of encryption specified in Auracast is to prevent unwanted hijacking of sound streams.
on 38C3 Security researchers Frieder Steinmetz and Dennis Heinze showed How to break Auracast encryption in just seconds with BISCrack. Austrian researchers first used bison (PDF) showed how unencrypted Auracast streams could be manipulated. The abbreviation BIS contained in both acronyms stands for Broadcast Isochronic Streams of Auracast. Steinmetz and Heinz appealed to the makers of Auracast streaming tools to ensure secure encryption so that the “cool technology” could be widely accepted in the future.
The 38th Chaos Communication Congress will take place at the Congress Center Hamburg (CCH) and run until December 30, 2024. Congress tickets have sold out and day tickets are no longer available. However, almost all lectures are available on the Congress website record Offered.
(CKU)
