0:00:00.000,0:00:18.940
36C3 preroll music
0:00:18.940,0:00:23.630
Herald Angel: Good evening, everyone. Our[br]next speaker is a historian and she is
0:00:23.630,0:00:29.360
rolling back time for us, 30 years to the[br]very beginnings of the Chaos Computer Club
0:00:29.360,0:00:36.820
and taking a closer look at the KGB hack,[br]the infamous KGB hack and what Karl Koch
0:00:36.820,0:00:43.180
did back them. So let's journey[br]back to the 80s with Anja Drephal.
0:00:43.180,0:00:54.210
Applause
0:00:54.210,0:01:02.640
Anja Drephal: Thank you. I was hoping to[br]see my presentation.
0:01:02.640,0:01:04.391
laughter[br]Drephal: Why am I not seeing my
0:01:04.391,0:01:08.490
presentation, my slides?
0:01:18.350,0:01:20.860
Yes. Thank you.
0:01:36.820,0:02:00.632
Dial-up noises
0:02:13.900,0:02:24.100
Drephal: Thank you.[br]Applause.
0:02:24.940,0:02:31.030
Drephal: That applause, guys, goes to my[br]amazing hacker who did this little video
0:02:31.030,0:02:32.880
as a start to my presentation. Thank you.
0:02:38.770,0:02:43.824
Why? No ...[br]Laughter
0:02:43.824,0:02:45.415
Drephal: I guess we'll have to do it again.
0:02:45.415,0:02:48.001
No, no. What is happening?
0:02:53.437,0:02:55.363
No, no, no, no, no.
0:02:55.667,0:02:59.050
Okay, okay. Welcome to 1989.
0:02:59.326,0:03:05.950
Before I start, I have to say, when you[br]start researching a topic like the KGB hack,
0:03:05.950,0:03:11.859
you suddenly find out there are so many[br]sources, not just books that have been
0:03:11.859,0:03:17.409
written, movies that have been made,[br]documentaries. There's articles in
0:03:17.409,0:03:22.549
newspapers, on the internet. There's[br]podcasts you can listen to that go into
0:03:22.549,0:03:28.620
every little detail of this case, every[br]little detail of the early history of the
0:03:28.620,0:03:35.549
CCC, the early history of the Internet as[br]it is, and due to time constraints that we
0:03:35.549,0:03:43.139
have, I'm going to have to simplify quite[br]a few things to just, you know, give you
0:03:43.139,0:03:49.239
an overview and tell you a story about[br]this topic. And I'm counting on you to
0:03:49.239,0:03:56.209
raise questions, in the end, at our Q&A,[br]to maybe go into more detail if you find
0:03:56.209,0:04:00.310
out, OK, there is something that should[br]have been a little more detailed is
0:04:00.310,0:04:04.819
something that, hey, I know about -[br]something about this because I'm sure a
0:04:04.819,0:04:12.360
lot of you know maybe more than me about[br]this story. So that's something that I'm
0:04:12.360,0:04:19.400
hoping we can do in 45 minutes, 40[br]minutes. First of all, I'd like to ask a
0:04:19.400,0:04:28.660
question - two questions to the audience.[br]Does anyone here think that this talk
0:04:28.660,0:04:31.744
might mention their name?
0:04:35.624,0:04:38.510
Yes. Who are you?
0:04:38.510,0:04:43.290
Laughter[br]Drephal: Well, I'm not going to mention
0:04:43.290,0:04:49.620
any real names except for one. So maybe[br]you would like to join us in the end. Or
0:04:49.620,0:04:55.190
you know, if not, then not. Second[br]question, is anyone here who attended
0:04:55.190,0:05:04.850
Congress in the 1980s? Excellent. Well,[br]personally, I did not because I was busy
0:05:04.850,0:05:12.060
with kindergarten and elementary school[br]and stuff. My first Congress was in 2012
0:05:12.060,0:05:19.400
when a friend of mine introduced me to the[br]Chaos Computer Club. I went to Hamburg.
0:05:19.400,0:05:24.820
I spent four amazing days at Congress, and[br]in the end I thought, oh my God, this is
0:05:24.820,0:05:30.870
so great. And I thought, OK, what could I[br]give back to this amazing community? What
0:05:30.870,0:05:39.370
could I add to this experience? And I'm[br]not a hacker or very much into tech, but
0:05:39.370,0:05:44.450
I'm a historian. I can tell you history,[br]and I'm very thankful that the content
0:05:44.450,0:05:50.710
team has now invited me for the fourth[br]time to tell you about history. I'm very
0:05:50.710,0:05:56.430
thankful that this talk has gotten a slot[br]on day one, because I think it's the
0:05:56.430,0:06:04.330
perfect time to take a look back at what[br]was, to take a look at what has changed,
0:06:04.330,0:06:11.640
to remember those who unfortunately cannot[br]be here today and then spend three more
0:06:11.640,0:06:22.040
days in the present, at this Congress. So[br]let me set the scene for you. It's 1989,
0:06:22.040,0:06:29.520
especially it's March 1989. In March,[br]1989, the world was still very much
0:06:29.520,0:06:35.080
divided. Germany was still divided into[br]West Germany and the German Democratic
0:06:35.080,0:06:47.083
Republic. And looking at Leipzig in March[br]1989, we had the spring fair. Not here,
0:06:47.083,0:06:53.720
but in the old fairgrounds. And the German[br]Democratic Republic proudly presented
0:06:53.720,0:07:00.340
their latest and greatest in technology.[br]They had just developed a four megabit
0:07:00.340,0:07:07.390
hybrid memory - four megabits.[br]Unfortunately, it was way too expensive to
0:07:07.390,0:07:16.800
make it on the world market. But they were[br]proud. West Germany had its own issues.
0:07:16.800,0:07:23.610
Laughter[br]Drephal: Difficult times. People had to
0:07:23.610,0:07:29.370
wear stone washed jeans and pastel colored[br]sweaters. Number one hit in the West
0:07:29.370,0:07:35.090
German charts in March was David[br]Hasselhoff, Looking for Freedom. And Bill
0:07:35.090,0:07:39.500
and Ted were going on an excellent[br]adventure. Sequel is coming out next year,
0:07:39.500,0:07:43.210
don't miss it.[br]Laughter
0:07:43.210,0:07:47.250
Drephal: Speaking about television,[br]private television in West Germany was
0:07:47.250,0:07:52.430
still very much in its infancy. Most[br]people still had three television channels
0:07:52.430,0:07:58.170
first, second, third and they got their[br]information from the television. The first
0:07:58.170,0:08:05.110
program showed the news every night at[br]8:00. People watched it, much more than
0:08:05.110,0:08:11.130
today. And sometimes the first German[br]television had a special program called Im
0:08:11.130,0:08:18.061
Brennpunkt, In Focus. That always came out[br]when something was so exciting, so
0:08:18.061,0:08:22.100
newsworthy that it couldn't be[br]sufficiently dealt with in the normal
0:08:22.100,0:08:29.940
news. So on March 2nd, 1989, the first[br]German television showed this.
0:08:29.940,0:08:35.135
Music
0:08:35.135,0:08:40.330
Drephal: Why isn't it moving? Oh, come on,
0:08:40.330,0:08:46.461
please. It's moving on my screen.[br]TV moderator speaking in German
0:08:54.531,0:08:57.530
Drephal: Would have been nice, if...[br]TV moderator speaking in German
0:09:07.350,0:09:10.070
Drephal: Well, okay, if it had been[br]moving, you would have seen a dude in a
0:09:10.070,0:09:16.620
suit telling you that the biggest spy case[br]since Günter Guillaume has just been
0:09:16.620,0:09:22.310
uncovered. Günter Guillaume was an East[br]German spy who worked closely in the
0:09:22.310,0:09:28.800
offices of German Chancellor Willy Brandt[br]in the 1970s. He worked for the East
0:09:28.800,0:09:33.180
German Secret Service, and when he was[br]uncovered, the Chancellor had to step
0:09:33.180,0:09:42.050
down. So apparently in March 1989, we have[br]a spy case of German hackers working for
0:09:42.050,0:09:50.550
the KGB that is as big as Günter[br]Guillaume. Spoiler: It was not. But
0:09:50.550,0:09:55.040
anyway. How is that even possible? How can[br]you, how can German hackers work for the
0:09:55.040,0:10:01.740
KGB in 1989? How can they hack anything[br]over the Internet? Well, there is no
0:10:01.740,0:10:13.970
Internet. What there is, is basically[br]this. Let's say, in the mid 1980s, you're
0:10:13.970,0:10:21.130
a teenager and you've got a computer for[br]Christmas. Lucky you. So what can you do
0:10:21.130,0:10:28.700
with it? There's no Internet. There are[br]computers that are connected. Big
0:10:28.700,0:10:33.820
computers made by IBM and by VAX that are[br]standing in universities, research
0:10:33.820,0:10:43.260
institutions, military institutions, big[br]companies. And you have, in the 1980s, a
0:10:43.260,0:10:49.070
network that you can actually dial in to[br]from your home. So you have a phone that's
0:10:49.070,0:10:54.260
connected to a wall, usually, if it's not[br]cut off, and you have a computer and if
0:10:54.260,0:11:01.250
you're lucky, you have a sort of modem.[br]It's called an acoustic coupler. We have
0:11:01.250,0:11:09.170
one here for the C64. The most famous one[br]was the data phone, it's bigger, but this
0:11:09.170,0:11:15.450
one basically works the same. You strap[br]your phone to it and you call your local
0:11:15.450,0:11:25.140
post office. And your local post office in[br]the 1980s has a network called Data XP,
0:11:25.140,0:11:33.420
which stands for data exchange packet[br]based. It's based on the X.25 protocol and
0:11:33.420,0:11:41.500
it gives you the opportunity to connect to[br]computers all over Germany and all over
0:11:41.500,0:11:46.480
Europe and actually all over the world.[br]What you need is a network user
0:11:46.480,0:11:53.170
identification, a so-called new NUI, which[br]is expensive. The call to your local post
0:11:53.170,0:11:57.480
office, not so much, especially in West[br]Berlin, which was known as sort of a
0:11:57.480,0:12:03.000
hacker's paradise because local calls cost[br]only twenty three Pfennig, twenty three
0:12:03.000,0:12:09.940
cents, not per minute, but per call. So if[br]you had a network user identification from
0:12:09.940,0:12:18.140
somewhere, you could just call your local[br]data XP office and connect. These NUIs
0:12:18.140,0:12:25.240
were expensive, but you could find them,[br]for example, at the computer fair in
0:12:25.240,0:12:30.460
Hanover because people weren't watching[br]their screens, their terminals, and maybe
0:12:30.460,0:12:35.230
you could look over somebody's shoulder[br]and see their log in and use it and run up
0:12:35.230,0:12:40.880
charges of thousands of marks and then you[br]can connect to message boards, which is a
0:12:40.880,0:12:48.100
bit, well, not so exciting. Much more[br]exciting is the big computers standing at
0:12:48.100,0:12:58.839
institutions and companies. And so,[br]through this, possibility, these
0:12:58.839,0:13:08.600
possibilities, this network comes a hacker[br]scene in the 1980s of mostly young people,
0:13:08.600,0:13:16.300
teenagers, young guys, not so many girls,[br]who connect to these big computers because
0:13:16.300,0:13:21.420
they can, because they're there and[br]they're interesting. And you just want to
0:13:21.420,0:13:33.600
see what's on them. Especially infamous[br]was CERN, the nuclear research
0:13:33.600,0:13:39.980
organization in Switzerland,[br]where at some point hackers were actually
0:13:39.980,0:13:45.980
having kind of parties in the system[br]connecting to the computers and chatting
0:13:45.980,0:13:55.120
with the systems managers who were a bit[br]annoyed because they had work to do, but
0:13:55.120,0:14:00.996
not that bothered because it wasn't really[br]seen as anything that could harm them. And
0:14:00.996,0:14:07.190
the point was to go into these computers[br]because you can to show that you can and
0:14:07.190,0:14:12.550
to have some fun and not because you're a[br]criminal or you want to take some data or
0:14:12.550,0:14:27.570
make money off it, but just as a sport.[br]And now... and in this scene, the Chaos
0:14:27.570,0:14:37.640
Computer Club also established itself as[br]sort of a mediator between these hackers
0:14:37.640,0:14:46.390
and the institutions and companies that[br]were being broken into. Always stressing
0:14:46.390,0:14:52.930
that when you're hacking, you should do it[br]with an ethical approach. Never, you know,
0:14:52.930,0:14:58.140
doing any harm. Being excellent. Not[br]making any money. And for God's sake,
0:14:58.140,0:15:03.029
staying away from military or Secret[br]Service computers, don't touch those.
0:15:03.029,0:15:10.370
Here's a quote on one of the first[br]Congresses, which I think sounds pretty
0:15:10.370,0:15:18.279
much like today. This amazing experience[br]and the news crews interested and
0:15:18.279,0:15:28.060
reporting on what's happening with these[br]sort of harmless tech freaks and hackers
0:15:28.060,0:15:37.029
that were just having fun. And this is the[br]scene where a group of young men met in
0:15:37.029,0:15:43.540
the mid 1980's and started hanging out,[br]started sitting in front of computers,
0:15:43.540,0:15:49.190
hacking together, talking, consuming[br]drugs, also, and just, you know, having
0:15:49.190,0:15:59.370
fun. And these are their nicknames. They[br]were all, sort of, some were programmers,
0:15:59.370,0:16:06.170
some were teenagers who were into hacking.[br]One of them, the last one here, wasn't
0:16:06.170,0:16:11.680
really a hacker. He worked at a casino and[br]he made some money on his side selling
0:16:11.680,0:16:16.649
drugs. And they were just hanging out and[br]and just feeling like they were the
0:16:16.649,0:16:24.690
greatest. They were... Someone has[br]compared them to sort of graffiti kids.
0:16:24.690,0:16:28.890
They did it because they could, just[br]leaving their mark everywhere in the
0:16:28.890,0:16:38.430
computers. And... Well, they were just, you[br]know, talking and somebody had the idea,
0:16:38.430,0:16:43.430
OK, what can we do to get recognized as[br]the greatest hackers or how can we make
0:16:43.430,0:16:50.480
something off it? There's always the issue[br]of money problems that you might have,
0:16:50.480,0:16:57.610
stupid ideas that you have when you're a[br]teenager or a young kid. And one of them
0:16:57.610,0:17:01.005
came up with the idea, Hey, I know[br]somebody in East Berlin who might be
0:17:01.005,0:17:06.959
interested in what we're doing and maybe[br]we could sell that. I know someone, a
0:17:06.959,0:17:11.980
Russian, and it might be, you know, it[br]might actually be a contribution to world
0:17:11.980,0:17:16.359
peace because the Russians need technology[br]that they don't have and we have it. We
0:17:16.359,0:17:24.449
could kind of equalize the scales a bit.[br]It's a stupid idea, of course. But this
0:17:24.449,0:17:31.760
guy, Pedro, his name was Peter, he[br]actually went to East Berlin, walked into
0:17:31.760,0:17:37.049
the Soviet trade mission and said he[br]wanted to talk someone about a deal, super
0:17:37.049,0:17:47.200
stupid, walking in the front door and[br]someone actually listened to him. A guy
0:17:47.200,0:17:52.310
who introduced himself as Sergei, who[br]officially worked at the trade mission,
0:17:52.310,0:18:02.810
which in my opinion means KGB, was willing[br]to listen and our hackers offered, OK, we
0:18:02.810,0:18:08.500
can get you like log-ins to computers in[br]West Germany and even America. We can even
0:18:08.500,0:18:14.170
teach you how to hack, you know, for like[br]a million marks. How about that? And
0:18:14.170,0:18:20.490
Sergei was like, Okay, that's nice, but I[br]need something else. Because he had a
0:18:20.490,0:18:31.559
shopping list which came pretty much[br]directly from the embargo list made by the
0:18:31.559,0:18:38.600
Coordinating Committee on Multilateral[br]Export Controls. There was an embargo,
0:18:38.600,0:18:47.210
technology and, yeah, electronic parts.[br]Computers weren't allowed to be sold into
0:18:47.210,0:18:52.700
the Soviet Union or the Eastern Bloc in[br]general. And that was basically his
0:18:52.700,0:18:58.200
shopping list. What the Soviets wanted was[br]not so much, you know, log-ins to military
0:18:58.200,0:19:04.431
computers. They wanted source code, for[br]example... According to the sources, he
0:19:04.431,0:19:09.090
actually had a list that said, OK, UNIX[br]source code, twenty five thousand marks,
0:19:09.090,0:19:14.290
maybe a compiler for this and that, five[br]thousand marks. And our hackers were able
0:19:14.290,0:19:20.080
to provide. They didn't exactly make a[br]million, but about ninety thousand marks
0:19:20.080,0:19:23.899
exchanged hands in the following months.
0:19:23.899,0:19:30.480
Until a systems administrator in
0:19:30.480,0:19:35.920
California noticed something. And now I[br]have to tell you, the legend of Clifford
0:19:35.920,0:19:45.170
Stoll. Clifford Stoll has become famous[br]for uncovering the KGB hackers, and a sort
0:19:45.170,0:19:51.410
of legend has been built around him,[br]telling his story again and again. He,
0:19:51.410,0:19:56.960
there was a funny documentary made. He had[br]a book coming out. And there are some
0:19:56.960,0:20:03.670
weird aspects in this story, but maybe we[br]can talk about them later. So, first of
0:20:03.670,0:20:10.300
all, I'm just going to give you the story[br]as he tells it. And I would like to show
0:20:10.300,0:20:18.080
you, because you can describe this man,[br]but you just have to see him. And if this
0:20:18.080,0:20:23.040
video isn't working again, then I'm gonna[br]be a really, really sad. Please.
0:20:23.040,0:20:26.691
TV announcer: Tonight, on Nova...[br]Drephal: Are you fucking kidding me?
0:20:26.691,0:20:30.590
TV character 1: Where's Decker again?[br]TV character 2: He's in an Army Base.
0:20:30.590,0:20:35.620
Gibberish[br]TV announcer: A lone scientist is on the
0:20:35.620,0:20:38.820
trail of a computer spy...[br]Drephal: Yeah, because that would be
0:20:38.820,0:20:43.910
really awesome if we could actually watch[br]it.
0:20:43.910,0:21:02.799
Shouting[br]Drephal: Huh? Oh, man. Um, can we just go
0:21:02.799,0:21:14.229
to the slide that we need, maybe? This[br]is... okay. Should we try it? Well, it
0:21:14.229,0:21:23.783
shows a picture at least. That's good.[br]Yeah. Let's just try this. Do some-thing.
0:21:23.783,0:21:26.340
Technical Angel: You have to start the[br]presentation.
0:21:26.340,0:21:39.271
Drephal: Yeah, I'm trying. Here, right?[br]Oh, no. Come on, come on. Well, we're
0:21:39.271,0:21:43.230
going to get there.
0:21:43.230,0:21:45.610
TV announcer: Tonight, on Nova...
0:21:45.610,0:21:48.530
Drephal: Yes![br]Applause
0:21:48.530,0:21:55.540
TV announcer: A lone scientist on the[br]trail of a computer spy. The hacker is out
0:21:55.540,0:21:59.120
there somewhere, raiding computers,[br]stealing government files.
0:21:59.120,0:22:02.440
Clifford Stoll: Hi, Manny. Some computer[br]hacker's looking for him.
0:22:02.440,0:22:06.299
TV announcer: The true story of Cliff[br]Stoll's real life adventure, featuring the
0:22:06.299,0:22:12.070
actual participants recreating the events[br]is The KGB, The Computer and Me.
0:22:12.070,0:22:14.365
Laughter
0:22:14.365,0:22:19.280
Drephal: I like his hair. Okay, so,
0:22:19.280,0:22:25.740
Clifford Stoll's story is that he was a[br]systems administrator at Lawrence Berkeley
0:22:25.740,0:22:32.480
Laboratory and he noticed in his[br]accounting system 75 cents missing because
0:22:32.480,0:22:39.460
some user had accrued 75 cents of computer[br]time and not paid for it. And he found out
0:22:39.460,0:22:44.770
that there was a weird user he didn't[br]know. And he just deleted him. A couple of
0:22:44.770,0:22:49.400
days later, somebody else was on his[br]computer and had system privileges. And he
0:22:49.400,0:22:54.240
says, he just got interested. He didn't[br]want to shut this person out, he wanted to
0:22:54.240,0:23:01.000
know who it was and what they were doing.[br]So he started tracking whoever was coming
0:23:01.000,0:23:07.350
into his computers for months, actually a[br]whole year in the end, that he was
0:23:07.350,0:23:16.690
tracking this person. He got help from a[br]friendly district attorney who got him a
0:23:16.690,0:23:25.910
warrant to trace the phone lines. And,[br]long story short... Can you actually see
0:23:25.910,0:23:33.880
something? That's nice. He found out that[br]his intruder came in through TimeNet, the
0:23:33.880,0:23:39.660
equivalent, the American equivalent of[br]Data XP. And he wasn't even in the US. He
0:23:39.660,0:23:46.560
was in Germany. He came in through Data XP[br]at the University of Bremen. And the trace
0:23:46.560,0:23:51.250
ended in Hanover. And in Hanover, the[br]problem was that they had really old
0:23:51.250,0:23:58.679
switches from the 1950s, and it would have[br]taken about an hour to track the hacker
0:23:58.679,0:24:07.730
back to his own phone at home. And the[br]problem was the hacker never stayed long
0:24:07.730,0:24:13.190
enough on Stoll's computers. He used them[br]as a gateway to get into much more
0:24:13.190,0:24:21.990
interesting computers. For example, the[br]Pentagon database at the Pentagon, the Air
0:24:21.990,0:24:30.930
Force, the Navy, the Army, even Army[br]computers in Japan. Computers in the
0:24:30.930,0:24:38.690
Ramstein, Germany. So Stoll was at a loss:[br]How to keep him in a system long enough so
0:24:38.690,0:24:45.070
he could actually, or the German post[br]could actually track this person back to
0:24:45.070,0:24:52.460
his own phone line. So he says that his[br]girlfriend came up with the idea: If
0:24:52.460,0:24:56.330
there's nothing on your computer that[br]interests him, then then put something
0:24:56.330,0:25:01.280
there. Put some files there that look[br]super secret and are super big so that he
0:25:01.280,0:25:09.740
needs time to look at them. And that[br]actually worked. They made up a bunch of
0:25:09.740,0:25:14.370
Big Data and they even put in a mailing[br]list that said, OK, if you want more
0:25:14.370,0:25:19.980
information about Strategic Defense[br]Initiative, also known as Star Wars, send
0:25:19.980,0:25:25.660
us a letter because it's so much data, we[br]have to send it through the post. And
0:25:25.660,0:25:32.370
surprisingly enough, that worked. First of[br]all, The German post was able to track
0:25:32.370,0:25:39.802
Clifford Stoll's hacker back to the house[br]of one of our KGB hackers, Urmel.
0:25:39.802,0:25:44.049
His apartment was searched, his office was[br]searched, but the police didn't really
0:25:44.049,0:25:47.970
know what they were looking for because[br]they didn't find any disk that said Super
0:25:47.970,0:25:54.750
Secret SDInet Files or something and[br]nothing much came of it. And the second
0:25:54.750,0:25:58.651
thing that happened was that somebody[br]actually answered this mailing list.
0:25:58.651,0:26:04.440
A Hungarian immigrant in Pittsburgh sent a[br]letter to Clifford Stoll asking for
0:26:04.440,0:26:10.600
information on SDInet files. Was he[br]working for the KGB or was he working for
0:26:10.600,0:26:14.145
somebody else? It's a weird story.
0:26:14.145,0:26:20.566
In any case, so, in the summer of 1987,[br]Clifford
0:26:20.566,0:26:25.559
Stoll finally knew, OK, there's some dude[br]in Germany who's been hacking my computer,
0:26:25.559,0:26:31.410
but nothing much happened of it. And it[br]kind of calmed down a bit until the media
0:26:31.410,0:26:37.559
got interested. Who got the media[br]interested is another interesting
0:26:37.559,0:26:45.310
question. But in any case, in April of[br]1988, German magazine Quick reported on
0:26:45.310,0:26:52.850
the case using Clifford Stoll's notes. In[br]May 1988, he published a paper suggesting
0:26:52.850,0:26:57.660
that this hacker in his system had[br]something to do with the KGB and our
0:26:57.660,0:27:07.419
hackers got a bit nervous. At this point,[br]we have to talk about about Hagbard. His
0:27:07.419,0:27:14.500
name, his real name was Karl Koch. And in[br]1988, he was in a difficult place. He had
0:27:14.500,0:27:20.520
psychological issues, he had drug issues,[br]he had money problems. And he started
0:27:20.520,0:27:25.710
talking to journalists, offering to tell[br]wild stories about the KGB and what he
0:27:25.710,0:27:32.400
could do, offering to hack into nuclear[br]reactors, which obviously was not
0:27:32.400,0:27:39.910
possible. But he just wanted to get a lot[br]of money for it. And the others got a bit
0:27:39.910,0:27:48.520
nervous. And in July, the youngest in the[br]group went to the authorities and offered
0:27:48.520,0:27:55.389
to be a witness if he got immunity for[br]anything that he might have done. And this
0:27:55.389,0:28:02.210
led to the video I wanted to show you in[br]the beginning when in March 1989, arrests
0:28:02.210,0:28:06.370
were made, all five of them were arrested.[br]Two had to stay in jail because they had
0:28:06.370,0:28:12.340
prior convictions. Houses were searched[br]and the media descended on the Chaos
0:28:12.340,0:28:19.000
Computer Club because these five guys were[br]somehow related. And suddenly, the Chaos
0:28:19.000,0:28:25.309
Computer Club was not this harmless group[br]anymore. But the media portrayed them as,
0:28:25.309,0:28:34.030
you know, working for the KGB, hacking[br]basically everything. And dramatizing the
0:28:34.030,0:28:36.985
whole situation.
0:28:36.985,0:28:43.860
What actually came out of[br]it was not so much. The process, in early
0:28:43.860,0:28:50.840
1990, focused on questions like if any[br]classified information was actually
0:28:50.840,0:28:57.399
transferred or stored anywhere,[br]downloaded. Nobody could prove that.
0:28:57.399,0:29:03.149
If the USA or Germany were actually[br]compromised in any way. Not really. And
0:29:03.149,0:29:09.809
how... The main question was how did this[br]Hungarian immigrant get this mailing list?
0:29:09.809,0:29:15.540
Because only Clifford Stoll and the hacker[br]could have had access to it. And the
0:29:15.540,0:29:23.280
question is, did he actually get it from[br]the KGB or was it, as one of, one of our
0:29:23.280,0:29:29.500
hackers suggested a couple of years ago in[br]a podcast, maybe it might have been, he
0:29:29.500,0:29:35.140
might have been an agent provocateur, he[br]might have been set up by somebody to push
0:29:35.140,0:29:40.860
these investigations after the German[br]authorities didn't really do much with it.
0:29:40.860,0:29:43.808
That's the question.
0:29:44.490,0:29:53.030
So this biggest spy case since [br]Guillaume ended with probation
0:29:53.030,0:30:00.280
sentences and some fines because there was[br]no proof that any real harm had been done.
0:30:00.280,0:30:10.360
The most tragic outcome maybe was the[br]death of Karl Koch, who was our hacker
0:30:10.360,0:30:18.700
Hagbard. He was a very troubled young man.[br]He was orphaned early. He inherited a lot
0:30:18.700,0:30:24.310
of money when he was young, which is[br]always difficult. He bought a computer. He
0:30:24.310,0:30:30.410
had a nice apartment. He had parties with[br]his friends. He consumed drugs. And he was
0:30:30.410,0:30:36.930
from a young age obsessed with the novel[br]Illuminatus!, and the number 23. A movie
0:30:36.930,0:30:43.620
was made about him in 1998, it's nice, you[br]can find it on YouTube. I didn't include
0:30:43.620,0:30:49.390
it in my links because I'm not sure about[br]the copyright situation. But it's
0:30:49.390,0:30:58.770
interesting, nice soundtrack. And this[br]whole situation in 1989, the media
0:30:58.770,0:31:05.789
pressing down on him and him having these[br]illusions... He thought the Illuminati
0:31:05.789,0:31:10.220
were in his head controlling his thoughts.[br]He thought they were controlling the
0:31:10.220,0:31:17.250
international networks and he had to do[br]something about it. Ended on May 23rd,
0:31:17.250,0:31:22.145
1989, when he was 23 years old.
0:31:22.145,0:31:25.840
He officially committed suicide by burning
0:31:25.840,0:31:32.679
himself. And that is such a gruesome way[br]to die that immediately there were
0:31:32.679,0:31:38.600
conspiracy theories that maybe he didn't[br]commit suicide, maybe he had help doing
0:31:38.600,0:31:42.100
it. And that's something I[br]cannot answer, obviously.
0:31:42.100,0:31:49.670
The much more lasting result of
0:31:49.670,0:31:56.210
this whole case was the image loss that[br]the Chaos Computer Club suffered. Because
0:31:56.210,0:32:04.460
suddenly they weren't harmless pranksters[br]joyriding through computers and, you know,
0:32:04.460,0:32:12.520
showing companies flaws in their systems,[br]showing the post flaws in their BTX
0:32:12.520,0:32:20.770
system, for example. Suddenly they were[br]portrayed as dangerous hackers, selling
0:32:20.770,0:32:29.550
secrets, being spies, and, you know, they[br]can't be trusted. And as far as I read,
0:32:29.550,0:32:39.970
the club almost dissolved about this issue[br]in 1990, but luckily survived. But this is
0:32:39.970,0:32:44.780
an image that is still lingering today.[br]And I think this image of hackers being
0:32:44.780,0:32:49.990
somehow untrustworthy and being somehow[br]dangerous, you don't know really what they
0:32:49.990,0:32:55.910
do and why they do it, but they're[br]dangerous, that is still lingering today.
0:32:58.670,0:33:03.700
Whenever the media tells you something[br]about hackers, they always show you
0:33:03.700,0:33:10.710
something like, hi. Something like this.[br]An anonymous, Anonymous dude with a hoodie
0:33:10.710,0:33:15.520
sitting in front of a computer. Some[br]random numbers flashing. They don't make
0:33:15.520,0:33:22.340
any sense, but it looks dangerous. And,[br]oh, yeah. And these hackers, they're
0:33:22.340,0:33:25.570
everywhere. They won't stop at anything.
0:33:25.570,0:33:28.340
Laughter
0:33:28.340,0:33:31.417
Drephal: Just two days ago on Christmas.
0:33:31.417,0:33:39.851
Laughter and applause
0:33:39.851,0:33:42.490
German supermarket chain REWE had to call
0:33:42.490,0:33:50.349
back their chopped almonds because they've[br]been hacked. Beware. And so I was
0:33:50.349,0:33:56.840
interested in taking a look at how the[br]media portrays hackers these days.
0:33:56.840,0:34:02.460
So I did some Google searches. I thought,[br]okay, what are famous hacking groups
0:34:02.460,0:34:06.850
that you read about a lot? And for[br]example, you know, we were talking about
0:34:06.850,0:34:14.779
the KGB. So what about Russian hackers? So[br]the first results I saw was Russian
0:34:14.779,0:34:20.460
hacking: How did it affect the 2016[br]elections? So apparently Russian hackers
0:34:20.460,0:34:25.679
are still very much busy with the United[br]States and the elections leaking
0:34:25.679,0:34:31.240
documents, supporting Trump for some[br]reason. That's what you find on the media
0:34:31.240,0:34:36.780
about Russian hackers. And then I thought,[br]OK, what else is there today? What about
0:34:36.780,0:34:41.560
China? Chinese hackers sounds dangerous.[br]What are they doing? So Chinese hackers
0:34:41.560,0:34:49.429
apparently are busy hacking two factor[br]authentication these days. They're in your
0:34:49.429,0:34:56.770
phone, beware. Hacking you, right now, as[br]I speak. But what about German hackers?
0:34:56.770,0:35:01.359
We've been talking about these German[br]hackers who basically crashed the image of
0:35:01.359,0:35:07.609
hacking forever. So what are they up to[br]today? When you google German hackers, the
0:35:07.609,0:35:12.310
first result is Clifford Stoll.[br]Laughing
0:35:12.310,0:35:19.520
Drephal: After 30 years, really, still?[br]That's the news? I don't know, maybe it's
0:35:19.520,0:35:21.814
time to make German Hacking Great Again.
0:35:21.904,0:35:29.039
Laughter and applause
0:35:31.258,0:35:39.500
Drephal: Very good. So. And finally, what[br]about the Chaos Computer Club? What has
0:35:39.500,0:35:47.160
changed in the past 30 years? Here's[br]another quote that I've found of a
0:35:47.160,0:35:53.910
Congress and the issues that were[br]discussed at Congress. Someone standing up
0:35:53.910,0:36:02.480
and telling the audience that he was[br]unhappy with where he saw Chaos going. The
0:36:02.480,0:36:06.460
political direction is unacceptable.[br]Concentrating on things like environmental
0:36:06.460,0:36:11.580
protection, climate change or something,[br]is diverting the group from its technical
0:36:11.580,0:36:17.320
origins. And it's little wonder that truly[br]talented hackers are beginning to abandon
0:36:17.320,0:36:21.305
the club. This is from 1988.
0:36:23.385,0:36:28.250
So are we still having the same [br]issues today? Are we
0:36:28.250,0:36:33.708
still discussing the same thing? Where is[br]the CCC going? Is it too political? Should
0:36:33.708,0:36:42.580
it focus more on real hacking, on the[br]technology or what? But fortunately, a lot
0:36:42.580,0:36:48.070
has changed. For example, when you think[br]about those guys who were at the Congress
0:36:48.070,0:36:55.850
in the 1980s, how many people were there,[br]like 400? At a Congress in 85? How many
0:36:55.850,0:37:01.210
people are here today? 16.000? I mean, not[br]in this room, but I think last year was
0:37:01.210,0:37:08.360
16.000. That's amazing. And something else[br]I mentioned, when I was this big, I didn't
0:37:08.360,0:37:12.849
attend Congress. But today you walk around[br]and there's tiny hackers whizzing on
0:37:12.849,0:37:20.170
scooters everywhere, which is awesome.[br]People are bringing their kids and you
0:37:20.170,0:37:27.170
have a much wider cross section of society[br]today. And something else... I don't know
0:37:27.170,0:37:31.109
if you noticed, but when I told you the[br]story about the KGB hack, what was
0:37:31.109,0:37:35.729
missing? There was something [br]that did not show up.
0:37:35.729,0:37:38.330
Women. The only women, the only
0:37:38.330,0:37:42.691
woman in this story is Clifford Stoll's[br]girlfriend, who allegedly came up with the
0:37:42.691,0:37:47.280
idea of planting a honey pot in his[br]system. There is no other woman in this
0:37:47.280,0:37:53.860
story. It's all young dudes hacking away.[br]And that certainly has changed. There
0:37:53.860,0:38:00.480
are... I don't know the percentage. I[br]can't tell. But there's so many women and
0:38:00.480,0:38:07.200
other non male participants that, like I[br]said, it's a much wider cross-section of
0:38:07.200,0:38:14.230
society today. But apart from these[br]issues, what else what do you think are
0:38:14.230,0:38:19.850
the issues we have today and we're going[br]to have in the future? That's my question
0:38:19.850,0:38:26.320
to you. And I would like some answers. And[br]if you want to confess about hacking
0:38:26.320,0:38:35.030
something, my DECT is 6623. You can[br]telegram me or tell us now.
0:38:35.030,0:38:44.254
Applause
0:38:46.790,0:38:51.380
Herald: Thank you very much for this[br]excellent talk. We do have six microphones
0:38:51.380,0:38:55.950
here in the hall. Please line up there.[br]Are there questions from the Internet via
0:38:55.950,0:38:58.420
our Signal Angel?[br]Signal Angel: No, there are none.
0:38:58.420,0:39:03.630
Herald: There are no questions from the[br]Internets. Do we have questions here?
0:39:03.630,0:39:09.349
We have question at microphone three.[br]Question: Yes. Oh, my goodness. Thanks a
0:39:09.349,0:39:15.450
lot for a talk. It was amazing. Can you[br]please just show us the first video?
0:39:15.450,0:39:20.620
Laughter[br]Drephal: Oh, yeah. I hope so.
0:39:20.620,0:39:24.390
Herald: Yes, we have plenty of time.[br]Drephal: Yeah. Let's just try to...
0:39:24.390,0:39:27.680
Herald: In the meantime, if you have[br]questions, please line up at the
0:39:27.680,0:39:32.800
microphones.[br]Drephal: I don't want to... Okay, getting
0:39:32.800,0:39:39.760
close. Getting close. Getting close. Okay.[br]You mean this one?
0:39:39.760,0:39:47.080
Audience: No![br]Drephal: Yeah, that one doesn't work. Oh,
0:39:47.080,0:39:53.693
not this one? Oh, yeah. The next one.[br]Let's try.
0:39:54.885,0:39:56.760
Intro music
0:39:56.760,0:40:00.010
Ah![br]Applause
0:40:07.450,0:40:08.580
Laughter
0:40:08.590,0:40:12.600
TV announcer: Guten Abend, meine Damen und[br]Herren, zu so später Stunde. Sie haben es
0:40:12.600,0:40:16.640
ja gerade eben schon gehört. Laut Programm[br]sollten sie jetzt einen Wirtschaftskrimi
0:40:16.640,0:40:21.139
mit dem Titel Tanker sehen, den bringen[br]wir heute abend nicht. Dafür aber einen
0:40:21.139,0:40:25.590
Spionagekrimi, und zwar einen echten.[br]Einen authentischen Report über den
0:40:25.590,0:40:30.295
schwersten Spionagefall seit der[br]Enttarnung des Kanzleramtsagenten Günter
0:40:30.295,0:40:33.920
Guillaume.[br]Drephal: You can find the whole Brennpunkt
0:40:33.920,0:40:41.710
on YouTube. It's very interesting. It's[br]like 30 minutes. There's a lot of the same
0:40:41.710,0:40:50.599
images as in the other documentation I[br]showed. Dudes in black sunglasses, the CIA
0:40:50.599,0:40:56.280
and stuff. Also, this documentation about[br]Clifford Stoll is hilarious. Not just the
0:40:56.280,0:41:00.627
scene where where he runs out the shower[br]in his towel to his computer because the
0:41:00.627,0:41:05.090
hacker is on. It's hilarious.[br]Herald: So do we have any more questions
0:41:05.090,0:41:08.280
from the Internet, from the hall.[br]Drephal: No?
0:41:08.280,0:41:14.010
Herald: No, it does not... Well, then[br]there is something up at microphone 5.
0:41:14.010,0:41:17.520
Question: Can you hear me? Yeah.[br]Drephal: Where? Ah, there!
0:41:17.520,0:41:20.450
Q: Do we know anything about the rest of[br]the group?
0:41:20.450,0:41:24.080
Drephal: Yes.[br]Q: Working today, for example?
0:41:24.080,0:41:33.560
Drephal: Yes. Well, about... let me, go[br]back or go front. Well, I did... I looked
0:41:33.560,0:41:40.570
into them. DOB, I could not find anything[br]about him. He was actually one of the two
0:41:40.570,0:41:44.520
who had to stay in prison for almost a[br]year because he was fleeing the army
0:41:44.520,0:41:49.930
service and they were looking for him.[br]I couldn't find anything about what he's
0:41:49.930,0:41:55.710
doing today. Pengo is very active. He has[br]a Twitter. He's into vintage computing.
0:41:55.710,0:42:01.450
And he's, he's the one who's always been[br]interviewed. You know, every 10 years, 10
0:42:01.450,0:42:06.750
years after the KGB hack, 20 years after[br]the KGB hack, he's been on TV, he's been
0:42:06.750,0:42:11.314
on podcasts. You can find a lot about him.
0:42:11.314,0:42:16.440
But, about 10 years ago, he was on Tim
0:42:16.440,0:42:23.040
Pritlove's podcast. Very interesting. It's[br]two hours long, but it's super
0:42:23.040,0:42:29.490
interesting, very detailed in, into the[br]beginnings of the Internet. And there he
0:42:29.490,0:42:33.920
said, OK. He's being asked about this[br]again and again. And sometimes you just
0:42:33.920,0:42:39.010
don't want to talk about it anymore. I can[br]totally understand that. Well, you know
0:42:39.010,0:42:43.400
what happened about, what happened with[br]Hagbard. Urmel, I couldn't find out
0:42:43.400,0:42:46.120
anything either.
0:42:47.080,0:42:53.280
Also, Pedro, no. [br]Not so much.
0:42:53.280,0:42:56.030
Herald: So we have another question on[br]microphone three.
0:42:56.030,0:43:01.770
Question: Hi. Well, first of all, thank[br]you very much. I did read The Kuckuck's
0:43:01.770,0:43:03.770
Egg.[br]Drephal: Excellent!
0:43:03.770,0:43:08.740
Q: And thank you for posing the German[br]perspective towards it. It really
0:43:08.740,0:43:13.710
elaborates the story quite a lot. You[br]finished your presentation with the
0:43:13.710,0:43:19.109
question, what is missing, currently, at[br]the Chaos Computer Club. I love it
0:43:19.109,0:43:21.884
probably as much as you do.
0:43:21.884,0:43:25.710
I come from the Netherlands and [br]I have the feeling that in
0:43:25.710,0:43:29.010
Holland, hackers collaborate much more[br]with governments and companies.
0:43:29.010,0:43:31.970
Drephal: Okay.[br]Q: It's good to be critical against
0:43:31.970,0:43:37.040
government, but to criticize everything[br]and to shut out government for everything
0:43:37.040,0:43:41.609
doesn't solve the problem. So what I'm[br]hoping for is a more constructive
0:43:41.609,0:43:46.010
collaboration with the German government[br]and I hope I'm not making myself very
0:43:46.010,0:43:50.310
impopular here. I perhaps do, but I'm[br]Dutch.
0:43:50.760,0:43:52.980
Laughter[br]Drephal: Thank you.
0:43:52.990,0:43:57.840
Applause
0:43:57.840,0:44:03.790
Herald: Another question, microphone one.[br]Question: Hi. Just to get the facts
0:44:03.790,0:44:10.220
straight. So, I mean, I guess we all know[br]here the story, the development of the
0:44:10.220,0:44:16.770
term hacking since the IT hacks, et[br]cetera. Would you say that explicitly, the
0:44:16.770,0:44:23.079
story with the German hacking is the thing[br]that stained the name of hacking in our
0:44:23.079,0:44:28.380
mainstream consciousness?[br]Drephal: Not, not alone. I mean, there's
0:44:28.380,0:44:33.810
obviously when you look at the US, there's[br]cases of hacking. I mean, talking about
0:44:33.810,0:44:39.960
Kevin Mitnick, for example, Robert Tappan[br]Morris, who shut down all the computers in
0:44:39.960,0:44:47.730
the US for days. That's something that,[br]obviously, formed the image of hacking in
0:44:47.730,0:44:53.430
the US and I, I'm not sure about other[br]countries to be, to be honest. But I'm
0:44:53.430,0:44:59.609
thinking that it was around the same time,[br]so end of the 80s, hacking kind of lost
0:44:59.609,0:45:05.754
its innocence through various infamous[br]hacks like the KGB hack.
0:45:05.754,0:45:07.846
Q: Thank you very much.[br]Drephal: Thank you.
0:45:07.846,0:45:12.140
Herald: Next question, microphone three.[br]Question: Yes. Thank you, interesting
0:45:12.140,0:45:17.410
talk. And is there a list or has...[br]Herald: Please talk a bit closer to the
0:45:17.410,0:45:20.470
microphone. Thank you.[br]Q: Has anyone a list of which kind of
0:45:20.470,0:45:26.280
information has been leaked or which kind[br]of facilities have been compromised? And
0:45:26.280,0:45:31.440
second questions, have the Russians ever[br]confirmed this hack?
0:45:31.440,0:45:39.160
Drephal: First question. Yes. Well,[br]there's the official documents that came
0:45:39.160,0:45:47.050
out in, in the process. There's actually,[br]if you, if you read German, there is an
0:45:47.050,0:45:53.200
interesting book that came out in 1990[br]about this case. And it has very detailed
0:45:53.200,0:45:58.770
information about what kind of[br]institutions have been hacked and what
0:45:58.770,0:46:08.070
kind of information has been given to the[br]Soviets. But most of it, I guess, is, is,
0:46:08.070,0:46:14.170
comes from confessions, because there was[br]no proof. The Russians did never confirm
0:46:14.170,0:46:20.300
that, yeah, OK, We got this and we got[br]that. No, of course not. And so most of it
0:46:20.300,0:46:30.470
is what the hackers actually confessed.[br]Herald: Do we have any more questions? It
0:46:30.470,0:46:35.350
does not look like that. So for anyone who[br]left already. You're going to miss out on
0:46:35.350,0:46:37.350
the outro video.[br]Drephal: Yeah.
0:46:37.350,0:46:44.050
Herald: Take it away.[br]Drephal: If I can actually do that because
0:46:44.050,0:46:50.672
there's no more questions. Are we seeing[br]this? Excellent. It's just one thing, for
0:46:50.672,0:46:54.413
me, left to do.
0:46:57.793,0:46:59.656
Why am I...
0:47:10.450,0:47:11.820
Drephal: Thank you!
0:47:11.820,0:47:15.360
Applause[br]Herald: Thank you. Big one, round of
0:47:15.360,0:47:20.271
applause.[br]Applause
0:47:20.271,0:47:24.466
postroll music
0:47:24.466,0:47:47.000
subtitles created by c3subtitles.de[br]in the year 2019. Join, and help us!