1
00:00:00,000 --> 00:00:18,940
36C3 preroll music
2
00:00:18,940 --> 00:00:23,630
Herald Angel: Good evening, everyone. Our
next speaker is a historian and she is
3
00:00:23,630 --> 00:00:29,360
rolling back time for us, 30 years to the
very beginnings of the Chaos Computer Club
4
00:00:29,360 --> 00:00:36,820
and taking a closer look at the KGB hack,
the infamous KGB hack and what Karl Koch
5
00:00:36,820 --> 00:00:43,180
did back them. So let's journey
back to the 80s with Anja Drephal.
6
00:00:43,180 --> 00:00:54,210
Applause
7
00:00:54,210 --> 00:01:02,640
Anja Drephal: Thank you. I was hoping to
see my presentation.
8
00:01:02,640 --> 00:01:04,391
laughter
Drephal: Why am I not seeing my
9
00:01:04,391 --> 00:01:08,490
presentation, my slides?
10
00:01:18,350 --> 00:01:20,860
Yes. Thank you.
11
00:01:36,820 --> 00:02:00,632
Dial-up noises
12
00:02:13,900 --> 00:02:24,100
Drephal: Thank you.
Applause.
13
00:02:24,940 --> 00:02:31,030
Drephal: That applause, guys, goes to my
amazing hacker who did this little video
14
00:02:31,030 --> 00:02:32,880
as a start to my presentation. Thank you.
15
00:02:38,770 --> 00:02:43,824
Why? No ...
Laughter
16
00:02:43,824 --> 00:02:45,415
Drephal: I guess we'll have to do it again.
17
00:02:45,415 --> 00:02:48,001
No, no. What is happening?
18
00:02:53,437 --> 00:02:55,363
No, no, no, no, no.
19
00:02:55,667 --> 00:02:59,050
Okay, okay. Welcome to 1989.
20
00:02:59,326 --> 00:03:05,950
Before I start, I have to say, when you
start researching a topic like the KGB hack,
21
00:03:05,950 --> 00:03:11,859
you suddenly find out there are so many
sources, not just books that have been
22
00:03:11,859 --> 00:03:17,409
written, movies that have been made,
documentaries. There's articles in
23
00:03:17,409 --> 00:03:22,549
newspapers, on the internet. There's
podcasts you can listen to that go into
24
00:03:22,549 --> 00:03:28,620
every little detail of this case, every
little detail of the early history of the
25
00:03:28,620 --> 00:03:35,549
CCC, the early history of the Internet as
it is, and due to time constraints that we
26
00:03:35,549 --> 00:03:43,139
have, I'm going to have to simplify quite
a few things to just, you know, give you
27
00:03:43,139 --> 00:03:49,239
an overview and tell you a story about
this topic. And I'm counting on you to
28
00:03:49,239 --> 00:03:56,209
raise questions, in the end, at our Q&A,
to maybe go into more detail if you find
29
00:03:56,209 --> 00:04:00,310
out, OK, there is something that should
have been a little more detailed is
30
00:04:00,310 --> 00:04:04,819
something that, hey, I know about -
something about this because I'm sure a
31
00:04:04,819 --> 00:04:12,360
lot of you know maybe more than me about
this story. So that's something that I'm
32
00:04:12,360 --> 00:04:19,400
hoping we can do in 45 minutes, 40
minutes. First of all, I'd like to ask a
33
00:04:19,400 --> 00:04:28,660
question - two questions to the audience.
Does anyone here think that this talk
34
00:04:28,660 --> 00:04:31,744
might mention their name?
35
00:04:35,624 --> 00:04:38,510
Yes. Who are you?
36
00:04:38,510 --> 00:04:43,290
Laughter
Drephal: Well, I'm not going to mention
37
00:04:43,290 --> 00:04:49,620
any real names except for one. So maybe
you would like to join us in the end. Or
38
00:04:49,620 --> 00:04:55,190
you know, if not, then not. Second
question, is anyone here who attended
39
00:04:55,190 --> 00:05:04,850
Congress in the 1980s? Excellent. Well,
personally, I did not because I was busy
40
00:05:04,850 --> 00:05:12,060
with kindergarten and elementary school
and stuff. My first Congress was in 2012
41
00:05:12,060 --> 00:05:19,400
when a friend of mine introduced me to the
Chaos Computer Club. I went to Hamburg.
42
00:05:19,400 --> 00:05:24,820
I spent four amazing days at Congress, and
in the end I thought, oh my God, this is
43
00:05:24,820 --> 00:05:30,870
so great. And I thought, OK, what could I
give back to this amazing community? What
44
00:05:30,870 --> 00:05:39,370
could I add to this experience? And I'm
not a hacker or very much into tech, but
45
00:05:39,370 --> 00:05:44,450
I'm a historian. I can tell you history,
and I'm very thankful that the content
46
00:05:44,450 --> 00:05:50,710
team has now invited me for the fourth
time to tell you about history. I'm very
47
00:05:50,710 --> 00:05:56,430
thankful that this talk has gotten a slot
on day one, because I think it's the
48
00:05:56,430 --> 00:06:04,330
perfect time to take a look back at what
was, to take a look at what has changed,
49
00:06:04,330 --> 00:06:11,640
to remember those who unfortunately cannot
be here today and then spend three more
50
00:06:11,640 --> 00:06:22,040
days in the present, at this Congress. So
let me set the scene for you. It's 1989,
51
00:06:22,040 --> 00:06:29,520
especially it's March 1989. In March,
1989, the world was still very much
52
00:06:29,520 --> 00:06:35,080
divided. Germany was still divided into
West Germany and the German Democratic
53
00:06:35,080 --> 00:06:47,083
Republic. And looking at Leipzig in March
1989, we had the spring fair. Not here,
54
00:06:47,083 --> 00:06:53,720
but in the old fairgrounds. And the German
Democratic Republic proudly presented
55
00:06:53,720 --> 00:07:00,340
their latest and greatest in technology.
They had just developed a four megabit
56
00:07:00,340 --> 00:07:07,390
hybrid memory - four megabits.
Unfortunately, it was way too expensive to
57
00:07:07,390 --> 00:07:16,800
make it on the world market. But they were
proud. West Germany had its own issues.
58
00:07:16,800 --> 00:07:23,610
Laughter
Drephal: Difficult times. People had to
59
00:07:23,610 --> 00:07:29,370
wear stone washed jeans and pastel colored
sweaters. Number one hit in the West
60
00:07:29,370 --> 00:07:35,090
German charts in March was David
Hasselhoff, Looking for Freedom. And Bill
61
00:07:35,090 --> 00:07:39,500
and Ted were going on an excellent
adventure. Sequel is coming out next year,
62
00:07:39,500 --> 00:07:43,210
don't miss it.
Laughter
63
00:07:43,210 --> 00:07:47,250
Drephal: Speaking about television,
private television in West Germany was
64
00:07:47,250 --> 00:07:52,430
still very much in its infancy. Most
people still had three television channels
65
00:07:52,430 --> 00:07:58,170
first, second, third and they got their
information from the television. The first
66
00:07:58,170 --> 00:08:05,110
program showed the news every night at
8:00. People watched it, much more than
67
00:08:05,110 --> 00:08:11,130
today. And sometimes the first German
television had a special program called Im
68
00:08:11,130 --> 00:08:18,061
Brennpunkt, In Focus. That always came out
when something was so exciting, so
69
00:08:18,061 --> 00:08:22,100
newsworthy that it couldn't be
sufficiently dealt with in the normal
70
00:08:22,100 --> 00:08:29,940
news. So on March 2nd, 1989, the first
German television showed this.
71
00:08:29,940 --> 00:08:35,135
Music
72
00:08:35,135 --> 00:08:40,330
Drephal: Why isn't it moving? Oh, come on,
73
00:08:40,330 --> 00:08:46,461
please. It's moving on my screen.
TV moderator speaking in German
74
00:08:54,531 --> 00:08:57,530
Drephal: Would have been nice, if...
TV moderator speaking in German
75
00:09:07,350 --> 00:09:10,070
Drephal: Well, okay, if it had been
moving, you would have seen a dude in a
76
00:09:10,070 --> 00:09:16,620
suit telling you that the biggest spy case
since Günter Guillaume has just been
77
00:09:16,620 --> 00:09:22,310
uncovered. Günter Guillaume was an East
German spy who worked closely in the
78
00:09:22,310 --> 00:09:28,800
offices of German Chancellor Willy Brandt
in the 1970s. He worked for the East
79
00:09:28,800 --> 00:09:33,180
German Secret Service, and when he was
uncovered, the Chancellor had to step
80
00:09:33,180 --> 00:09:42,050
down. So apparently in March 1989, we have
a spy case of German hackers working for
81
00:09:42,050 --> 00:09:50,550
the KGB that is as big as Günter
Guillaume. Spoiler: It was not. But
82
00:09:50,550 --> 00:09:55,040
anyway. How is that even possible? How can
you, how can German hackers work for the
83
00:09:55,040 --> 00:10:01,740
KGB in 1989? How can they hack anything
over the Internet? Well, there is no
84
00:10:01,740 --> 00:10:13,970
Internet. What there is, is basically
this. Let's say, in the mid 1980s, you're
85
00:10:13,970 --> 00:10:21,130
a teenager and you've got a computer for
Christmas. Lucky you. So what can you do
86
00:10:21,130 --> 00:10:28,700
with it? There's no Internet. There are
computers that are connected. Big
87
00:10:28,700 --> 00:10:33,820
computers made by IBM and by VAX that are
standing in universities, research
88
00:10:33,820 --> 00:10:43,260
institutions, military institutions, big
companies. And you have, in the 1980s, a
89
00:10:43,260 --> 00:10:49,070
network that you can actually dial in to
from your home. So you have a phone that's
90
00:10:49,070 --> 00:10:54,260
connected to a wall, usually, if it's not
cut off, and you have a computer and if
91
00:10:54,260 --> 00:11:01,250
you're lucky, you have a sort of modem.
It's called an acoustic coupler. We have
92
00:11:01,250 --> 00:11:09,170
one here for the C64. The most famous one
was the data phone, it's bigger, but this
93
00:11:09,170 --> 00:11:15,450
one basically works the same. You strap
your phone to it and you call your local
94
00:11:15,450 --> 00:11:25,140
post office. And your local post office in
the 1980s has a network called Data XP,
95
00:11:25,140 --> 00:11:33,420
which stands for data exchange packet
based. It's based on the X.25 protocol and
96
00:11:33,420 --> 00:11:41,500
it gives you the opportunity to connect to
computers all over Germany and all over
97
00:11:41,500 --> 00:11:46,480
Europe and actually all over the world.
What you need is a network user
98
00:11:46,480 --> 00:11:53,170
identification, a so-called new NUI, which
is expensive. The call to your local post
99
00:11:53,170 --> 00:11:57,480
office, not so much, especially in West
Berlin, which was known as sort of a
100
00:11:57,480 --> 00:12:03,000
hacker's paradise because local calls cost
only twenty three Pfennig, twenty three
101
00:12:03,000 --> 00:12:09,940
cents, not per minute, but per call. So if
you had a network user identification from
102
00:12:09,940 --> 00:12:18,140
somewhere, you could just call your local
data XP office and connect. These NUIs
103
00:12:18,140 --> 00:12:25,240
were expensive, but you could find them,
for example, at the computer fair in
104
00:12:25,240 --> 00:12:30,460
Hanover because people weren't watching
their screens, their terminals, and maybe
105
00:12:30,460 --> 00:12:35,230
you could look over somebody's shoulder
and see their log in and use it and run up
106
00:12:35,230 --> 00:12:40,880
charges of thousands of marks and then you
can connect to message boards, which is a
107
00:12:40,880 --> 00:12:48,100
bit, well, not so exciting. Much more
exciting is the big computers standing at
108
00:12:48,100 --> 00:12:58,839
institutions and companies. And so,
through this, possibility, these
109
00:12:58,839 --> 00:13:08,600
possibilities, this network comes a hacker
scene in the 1980s of mostly young people,
110
00:13:08,600 --> 00:13:16,300
teenagers, young guys, not so many girls,
who connect to these big computers because
111
00:13:16,300 --> 00:13:21,420
they can, because they're there and
they're interesting. And you just want to
112
00:13:21,420 --> 00:13:33,600
see what's on them. Especially infamous
was CERN, the nuclear research
113
00:13:33,600 --> 00:13:39,980
organization in Switzerland,
where at some point hackers were actually
114
00:13:39,980 --> 00:13:45,980
having kind of parties in the system
connecting to the computers and chatting
115
00:13:45,980 --> 00:13:55,120
with the systems managers who were a bit
annoyed because they had work to do, but
116
00:13:55,120 --> 00:14:00,996
not that bothered because it wasn't really
seen as anything that could harm them. And
117
00:14:00,996 --> 00:14:07,190
the point was to go into these computers
because you can to show that you can and
118
00:14:07,190 --> 00:14:12,550
to have some fun and not because you're a
criminal or you want to take some data or
119
00:14:12,550 --> 00:14:27,570
make money off it, but just as a sport.
And now... and in this scene, the Chaos
120
00:14:27,570 --> 00:14:37,640
Computer Club also established itself as
sort of a mediator between these hackers
121
00:14:37,640 --> 00:14:46,390
and the institutions and companies that
were being broken into. Always stressing
122
00:14:46,390 --> 00:14:52,930
that when you're hacking, you should do it
with an ethical approach. Never, you know,
123
00:14:52,930 --> 00:14:58,140
doing any harm. Being excellent. Not
making any money. And for God's sake,
124
00:14:58,140 --> 00:15:03,029
staying away from military or Secret
Service computers, don't touch those.
125
00:15:03,029 --> 00:15:10,370
Here's a quote on one of the first
Congresses, which I think sounds pretty
126
00:15:10,370 --> 00:15:18,279
much like today. This amazing experience
and the news crews interested and
127
00:15:18,279 --> 00:15:28,060
reporting on what's happening with these
sort of harmless tech freaks and hackers
128
00:15:28,060 --> 00:15:37,029
that were just having fun. And this is the
scene where a group of young men met in
129
00:15:37,029 --> 00:15:43,540
the mid 1980's and started hanging out,
started sitting in front of computers,
130
00:15:43,540 --> 00:15:49,190
hacking together, talking, consuming
drugs, also, and just, you know, having
131
00:15:49,190 --> 00:15:59,370
fun. And these are their nicknames. They
were all, sort of, some were programmers,
132
00:15:59,370 --> 00:16:06,170
some were teenagers who were into hacking.
One of them, the last one here, wasn't
133
00:16:06,170 --> 00:16:11,680
really a hacker. He worked at a casino and
he made some money on his side selling
134
00:16:11,680 --> 00:16:16,649
drugs. And they were just hanging out and
and just feeling like they were the
135
00:16:16,649 --> 00:16:24,690
greatest. They were... Someone has
compared them to sort of graffiti kids.
136
00:16:24,690 --> 00:16:28,890
They did it because they could, just
leaving their mark everywhere in the
137
00:16:28,890 --> 00:16:38,430
computers. And... Well, they were just, you
know, talking and somebody had the idea,
138
00:16:38,430 --> 00:16:43,430
OK, what can we do to get recognized as
the greatest hackers or how can we make
139
00:16:43,430 --> 00:16:50,480
something off it? There's always the issue
of money problems that you might have,
140
00:16:50,480 --> 00:16:57,610
stupid ideas that you have when you're a
teenager or a young kid. And one of them
141
00:16:57,610 --> 00:17:01,005
came up with the idea, Hey, I know
somebody in East Berlin who might be
142
00:17:01,005 --> 00:17:06,959
interested in what we're doing and maybe
we could sell that. I know someone, a
143
00:17:06,959 --> 00:17:11,980
Russian, and it might be, you know, it
might actually be a contribution to world
144
00:17:11,980 --> 00:17:16,359
peace because the Russians need technology
that they don't have and we have it. We
145
00:17:16,359 --> 00:17:24,449
could kind of equalize the scales a bit.
It's a stupid idea, of course. But this
146
00:17:24,449 --> 00:17:31,760
guy, Pedro, his name was Peter, he
actually went to East Berlin, walked into
147
00:17:31,760 --> 00:17:37,049
the Soviet trade mission and said he
wanted to talk someone about a deal, super
148
00:17:37,049 --> 00:17:47,200
stupid, walking in the front door and
someone actually listened to him. A guy
149
00:17:47,200 --> 00:17:52,310
who introduced himself as Sergei, who
officially worked at the trade mission,
150
00:17:52,310 --> 00:18:02,810
which in my opinion means KGB, was willing
to listen and our hackers offered, OK, we
151
00:18:02,810 --> 00:18:08,500
can get you like log-ins to computers in
West Germany and even America. We can even
152
00:18:08,500 --> 00:18:14,170
teach you how to hack, you know, for like
a million marks. How about that? And
153
00:18:14,170 --> 00:18:20,490
Sergei was like, Okay, that's nice, but I
need something else. Because he had a
154
00:18:20,490 --> 00:18:31,559
shopping list which came pretty much
directly from the embargo list made by the
155
00:18:31,559 --> 00:18:38,600
Coordinating Committee on Multilateral
Export Controls. There was an embargo,
156
00:18:38,600 --> 00:18:47,210
technology and, yeah, electronic parts.
Computers weren't allowed to be sold into
157
00:18:47,210 --> 00:18:52,700
the Soviet Union or the Eastern Bloc in
general. And that was basically his
158
00:18:52,700 --> 00:18:58,200
shopping list. What the Soviets wanted was
not so much, you know, log-ins to military
159
00:18:58,200 --> 00:19:04,431
computers. They wanted source code, for
example... According to the sources, he
160
00:19:04,431 --> 00:19:09,090
actually had a list that said, OK, UNIX
source code, twenty five thousand marks,
161
00:19:09,090 --> 00:19:14,290
maybe a compiler for this and that, five
thousand marks. And our hackers were able
162
00:19:14,290 --> 00:19:20,080
to provide. They didn't exactly make a
million, but about ninety thousand marks
163
00:19:20,080 --> 00:19:23,899
exchanged hands in the following months.
164
00:19:23,899 --> 00:19:30,480
Until a systems administrator in
165
00:19:30,480 --> 00:19:35,920
California noticed something. And now I
have to tell you, the legend of Clifford
166
00:19:35,920 --> 00:19:45,170
Stoll. Clifford Stoll has become famous
for uncovering the KGB hackers, and a sort
167
00:19:45,170 --> 00:19:51,410
of legend has been built around him,
telling his story again and again. He,
168
00:19:51,410 --> 00:19:56,960
there was a funny documentary made. He had
a book coming out. And there are some
169
00:19:56,960 --> 00:20:03,670
weird aspects in this story, but maybe we
can talk about them later. So, first of
170
00:20:03,670 --> 00:20:10,300
all, I'm just going to give you the story
as he tells it. And I would like to show
171
00:20:10,300 --> 00:20:18,080
you, because you can describe this man,
but you just have to see him. And if this
172
00:20:18,080 --> 00:20:23,040
video isn't working again, then I'm gonna
be a really, really sad. Please.
173
00:20:23,040 --> 00:20:26,691
TV announcer: Tonight, on Nova...
Drephal: Are you fucking kidding me?
174
00:20:26,691 --> 00:20:30,590
TV character 1: Where's Decker again?
TV character 2: He's in an Army Base.
175
00:20:30,590 --> 00:20:35,620
Gibberish
TV announcer: A lone scientist is on the
176
00:20:35,620 --> 00:20:38,820
trail of a computer spy...
Drephal: Yeah, because that would be
177
00:20:38,820 --> 00:20:43,910
really awesome if we could actually watch
it.
178
00:20:43,910 --> 00:21:02,799
Shouting
Drephal: Huh? Oh, man. Um, can we just go
179
00:21:02,799 --> 00:21:14,229
to the slide that we need, maybe? This
is... okay. Should we try it? Well, it
180
00:21:14,229 --> 00:21:23,783
shows a picture at least. That's good.
Yeah. Let's just try this. Do some-thing.
181
00:21:23,783 --> 00:21:26,340
Technical Angel: You have to start the
presentation.
182
00:21:26,340 --> 00:21:39,271
Drephal: Yeah, I'm trying. Here, right?
Oh, no. Come on, come on. Well, we're
183
00:21:39,271 --> 00:21:43,230
going to get there.
184
00:21:43,230 --> 00:21:45,610
TV announcer: Tonight, on Nova...
185
00:21:45,610 --> 00:21:48,530
Drephal: Yes!
Applause
186
00:21:48,530 --> 00:21:55,540
TV announcer: A lone scientist on the
trail of a computer spy. The hacker is out
187
00:21:55,540 --> 00:21:59,120
there somewhere, raiding computers,
stealing government files.
188
00:21:59,120 --> 00:22:02,440
Clifford Stoll: Hi, Manny. Some computer
hacker's looking for him.
189
00:22:02,440 --> 00:22:06,299
TV announcer: The true story of Cliff
Stoll's real life adventure, featuring the
190
00:22:06,299 --> 00:22:12,070
actual participants recreating the events
is The KGB, The Computer and Me.
191
00:22:12,070 --> 00:22:14,365
Laughter
192
00:22:14,365 --> 00:22:19,280
Drephal: I like his hair. Okay, so,
193
00:22:19,280 --> 00:22:25,740
Clifford Stoll's story is that he was a
systems administrator at Lawrence Berkeley
194
00:22:25,740 --> 00:22:32,480
Laboratory and he noticed in his
accounting system 75 cents missing because
195
00:22:32,480 --> 00:22:39,460
some user had accrued 75 cents of computer
time and not paid for it. And he found out
196
00:22:39,460 --> 00:22:44,770
that there was a weird user he didn't
know. And he just deleted him. A couple of
197
00:22:44,770 --> 00:22:49,400
days later, somebody else was on his
computer and had system privileges. And he
198
00:22:49,400 --> 00:22:54,240
says, he just got interested. He didn't
want to shut this person out, he wanted to
199
00:22:54,240 --> 00:23:01,000
know who it was and what they were doing.
So he started tracking whoever was coming
200
00:23:01,000 --> 00:23:07,350
into his computers for months, actually a
whole year in the end, that he was
201
00:23:07,350 --> 00:23:16,690
tracking this person. He got help from a
friendly district attorney who got him a
202
00:23:16,690 --> 00:23:25,910
warrant to trace the phone lines. And,
long story short... Can you actually see
203
00:23:25,910 --> 00:23:33,880
something? That's nice. He found out that
his intruder came in through TimeNet, the
204
00:23:33,880 --> 00:23:39,660
equivalent, the American equivalent of
Data XP. And he wasn't even in the US. He
205
00:23:39,660 --> 00:23:46,560
was in Germany. He came in through Data XP
at the University of Bremen. And the trace
206
00:23:46,560 --> 00:23:51,250
ended in Hanover. And in Hanover, the
problem was that they had really old
207
00:23:51,250 --> 00:23:58,679
switches from the 1950s, and it would have
taken about an hour to track the hacker
208
00:23:58,679 --> 00:24:07,730
back to his own phone at home. And the
problem was the hacker never stayed long
209
00:24:07,730 --> 00:24:13,190
enough on Stoll's computers. He used them
as a gateway to get into much more
210
00:24:13,190 --> 00:24:21,990
interesting computers. For example, the
Pentagon database at the Pentagon, the Air
211
00:24:21,990 --> 00:24:30,930
Force, the Navy, the Army, even Army
computers in Japan. Computers in the
212
00:24:30,930 --> 00:24:38,690
Ramstein, Germany. So Stoll was at a loss:
How to keep him in a system long enough so
213
00:24:38,690 --> 00:24:45,070
he could actually, or the German post
could actually track this person back to
214
00:24:45,070 --> 00:24:52,460
his own phone line. So he says that his
girlfriend came up with the idea: If
215
00:24:52,460 --> 00:24:56,330
there's nothing on your computer that
interests him, then then put something
216
00:24:56,330 --> 00:25:01,280
there. Put some files there that look
super secret and are super big so that he
217
00:25:01,280 --> 00:25:09,740
needs time to look at them. And that
actually worked. They made up a bunch of
218
00:25:09,740 --> 00:25:14,370
Big Data and they even put in a mailing
list that said, OK, if you want more
219
00:25:14,370 --> 00:25:19,980
information about Strategic Defense
Initiative, also known as Star Wars, send
220
00:25:19,980 --> 00:25:25,660
us a letter because it's so much data, we
have to send it through the post. And
221
00:25:25,660 --> 00:25:32,370
surprisingly enough, that worked. First of
all, The German post was able to track
222
00:25:32,370 --> 00:25:39,802
Clifford Stoll's hacker back to the house
of one of our KGB hackers, Urmel.
223
00:25:39,802 --> 00:25:44,049
His apartment was searched, his office was
searched, but the police didn't really
224
00:25:44,049 --> 00:25:47,970
know what they were looking for because
they didn't find any disk that said Super
225
00:25:47,970 --> 00:25:54,750
Secret SDInet Files or something and
nothing much came of it. And the second
226
00:25:54,750 --> 00:25:58,651
thing that happened was that somebody
actually answered this mailing list.
227
00:25:58,651 --> 00:26:04,440
A Hungarian immigrant in Pittsburgh sent a
letter to Clifford Stoll asking for
228
00:26:04,440 --> 00:26:10,600
information on SDInet files. Was he
working for the KGB or was he working for
229
00:26:10,600 --> 00:26:14,145
somebody else? It's a weird story.
230
00:26:14,145 --> 00:26:20,566
In any case, so, in the summer of 1987,
Clifford
231
00:26:20,566 --> 00:26:25,559
Stoll finally knew, OK, there's some dude
in Germany who's been hacking my computer,
232
00:26:25,559 --> 00:26:31,410
but nothing much happened of it. And it
kind of calmed down a bit until the media
233
00:26:31,410 --> 00:26:37,559
got interested. Who got the media
interested is another interesting
234
00:26:37,559 --> 00:26:45,310
question. But in any case, in April of
1988, German magazine Quick reported on
235
00:26:45,310 --> 00:26:52,850
the case using Clifford Stoll's notes. In
May 1988, he published a paper suggesting
236
00:26:52,850 --> 00:26:57,660
that this hacker in his system had
something to do with the KGB and our
237
00:26:57,660 --> 00:27:07,419
hackers got a bit nervous. At this point,
we have to talk about about Hagbard. His
238
00:27:07,419 --> 00:27:14,500
name, his real name was Karl Koch. And in
1988, he was in a difficult place. He had
239
00:27:14,500 --> 00:27:20,520
psychological issues, he had drug issues,
he had money problems. And he started
240
00:27:20,520 --> 00:27:25,710
talking to journalists, offering to tell
wild stories about the KGB and what he
241
00:27:25,710 --> 00:27:32,400
could do, offering to hack into nuclear
reactors, which obviously was not
242
00:27:32,400 --> 00:27:39,910
possible. But he just wanted to get a lot
of money for it. And the others got a bit
243
00:27:39,910 --> 00:27:48,520
nervous. And in July, the youngest in the
group went to the authorities and offered
244
00:27:48,520 --> 00:27:55,389
to be a witness if he got immunity for
anything that he might have done. And this
245
00:27:55,389 --> 00:28:02,210
led to the video I wanted to show you in
the beginning when in March 1989, arrests
246
00:28:02,210 --> 00:28:06,370
were made, all five of them were arrested.
Two had to stay in jail because they had
247
00:28:06,370 --> 00:28:12,340
prior convictions. Houses were searched
and the media descended on the Chaos
248
00:28:12,340 --> 00:28:19,000
Computer Club because these five guys were
somehow related. And suddenly, the Chaos
249
00:28:19,000 --> 00:28:25,309
Computer Club was not this harmless group
anymore. But the media portrayed them as,
250
00:28:25,309 --> 00:28:34,030
you know, working for the KGB, hacking
basically everything. And dramatizing the
251
00:28:34,030 --> 00:28:36,985
whole situation.
252
00:28:36,985 --> 00:28:43,860
What actually came out of
it was not so much. The process, in early
253
00:28:43,860 --> 00:28:50,840
1990, focused on questions like if any
classified information was actually
254
00:28:50,840 --> 00:28:57,399
transferred or stored anywhere,
downloaded. Nobody could prove that.
255
00:28:57,399 --> 00:29:03,149
If the USA or Germany were actually
compromised in any way. Not really. And
256
00:29:03,149 --> 00:29:09,809
how... The main question was how did this
Hungarian immigrant get this mailing list?
257
00:29:09,809 --> 00:29:15,540
Because only Clifford Stoll and the hacker
could have had access to it. And the
258
00:29:15,540 --> 00:29:23,280
question is, did he actually get it from
the KGB or was it, as one of, one of our
259
00:29:23,280 --> 00:29:29,500
hackers suggested a couple of years ago in
a podcast, maybe it might have been, he
260
00:29:29,500 --> 00:29:35,140
might have been an agent provocateur, he
might have been set up by somebody to push
261
00:29:35,140 --> 00:29:40,860
these investigations after the German
authorities didn't really do much with it.
262
00:29:40,860 --> 00:29:43,808
That's the question.
263
00:29:44,490 --> 00:29:53,030
So this biggest spy case since
Guillaume ended with probation
264
00:29:53,030 --> 00:30:00,280
sentences and some fines because there was
no proof that any real harm had been done.
265
00:30:00,280 --> 00:30:10,360
The most tragic outcome maybe was the
death of Karl Koch, who was our hacker
266
00:30:10,360 --> 00:30:18,700
Hagbard. He was a very troubled young man.
He was orphaned early. He inherited a lot
267
00:30:18,700 --> 00:30:24,310
of money when he was young, which is
always difficult. He bought a computer. He
268
00:30:24,310 --> 00:30:30,410
had a nice apartment. He had parties with
his friends. He consumed drugs. And he was
269
00:30:30,410 --> 00:30:36,930
from a young age obsessed with the novel
Illuminatus!, and the number 23. A movie
270
00:30:36,930 --> 00:30:43,620
was made about him in 1998, it's nice, you
can find it on YouTube. I didn't include
271
00:30:43,620 --> 00:30:49,390
it in my links because I'm not sure about
the copyright situation. But it's
272
00:30:49,390 --> 00:30:58,770
interesting, nice soundtrack. And this
whole situation in 1989, the media
273
00:30:58,770 --> 00:31:05,789
pressing down on him and him having these
illusions... He thought the Illuminati
274
00:31:05,789 --> 00:31:10,220
were in his head controlling his thoughts.
He thought they were controlling the
275
00:31:10,220 --> 00:31:17,250
international networks and he had to do
something about it. Ended on May 23rd,
276
00:31:17,250 --> 00:31:22,145
1989, when he was 23 years old.
277
00:31:22,145 --> 00:31:25,840
He officially committed suicide by burning
278
00:31:25,840 --> 00:31:32,679
himself. And that is such a gruesome way
to die that immediately there were
279
00:31:32,679 --> 00:31:38,600
conspiracy theories that maybe he didn't
commit suicide, maybe he had help doing
280
00:31:38,600 --> 00:31:42,100
it. And that's something I
cannot answer, obviously.
281
00:31:42,100 --> 00:31:49,670
The much more lasting result of
282
00:31:49,670 --> 00:31:56,210
this whole case was the image loss that
the Chaos Computer Club suffered. Because
283
00:31:56,210 --> 00:32:04,460
suddenly they weren't harmless pranksters
joyriding through computers and, you know,
284
00:32:04,460 --> 00:32:12,520
showing companies flaws in their systems,
showing the post flaws in their BTX
285
00:32:12,520 --> 00:32:20,770
system, for example. Suddenly they were
portrayed as dangerous hackers, selling
286
00:32:20,770 --> 00:32:29,550
secrets, being spies, and, you know, they
can't be trusted. And as far as I read,
287
00:32:29,550 --> 00:32:39,970
the club almost dissolved about this issue
in 1990, but luckily survived. But this is
288
00:32:39,970 --> 00:32:44,780
an image that is still lingering today.
And I think this image of hackers being
289
00:32:44,780 --> 00:32:49,990
somehow untrustworthy and being somehow
dangerous, you don't know really what they
290
00:32:49,990 --> 00:32:55,910
do and why they do it, but they're
dangerous, that is still lingering today.
291
00:32:58,670 --> 00:33:03,700
Whenever the media tells you something
about hackers, they always show you
292
00:33:03,700 --> 00:33:10,710
something like, hi. Something like this.
An anonymous, Anonymous dude with a hoodie
293
00:33:10,710 --> 00:33:15,520
sitting in front of a computer. Some
random numbers flashing. They don't make
294
00:33:15,520 --> 00:33:22,340
any sense, but it looks dangerous. And,
oh, yeah. And these hackers, they're
295
00:33:22,340 --> 00:33:25,570
everywhere. They won't stop at anything.
296
00:33:25,570 --> 00:33:28,340
Laughter
297
00:33:28,340 --> 00:33:31,417
Drephal: Just two days ago on Christmas.
298
00:33:31,417 --> 00:33:39,851
Laughter and applause
299
00:33:39,851 --> 00:33:42,490
German supermarket chain REWE had to call
300
00:33:42,490 --> 00:33:50,349
back their chopped almonds because they've
been hacked. Beware. And so I was
301
00:33:50,349 --> 00:33:56,840
interested in taking a look at how the
media portrays hackers these days.
302
00:33:56,840 --> 00:34:02,460
So I did some Google searches. I thought,
okay, what are famous hacking groups
303
00:34:02,460 --> 00:34:06,850
that you read about a lot? And for
example, you know, we were talking about
304
00:34:06,850 --> 00:34:14,779
the KGB. So what about Russian hackers? So
the first results I saw was Russian
305
00:34:14,779 --> 00:34:20,460
hacking: How did it affect the 2016
elections? So apparently Russian hackers
306
00:34:20,460 --> 00:34:25,679
are still very much busy with the United
States and the elections leaking
307
00:34:25,679 --> 00:34:31,240
documents, supporting Trump for some
reason. That's what you find on the media
308
00:34:31,240 --> 00:34:36,780
about Russian hackers. And then I thought,
OK, what else is there today? What about
309
00:34:36,780 --> 00:34:41,560
China? Chinese hackers sounds dangerous.
What are they doing? So Chinese hackers
310
00:34:41,560 --> 00:34:49,429
apparently are busy hacking two factor
authentication these days. They're in your
311
00:34:49,429 --> 00:34:56,770
phone, beware. Hacking you, right now, as
I speak. But what about German hackers?
312
00:34:56,770 --> 00:35:01,359
We've been talking about these German
hackers who basically crashed the image of
313
00:35:01,359 --> 00:35:07,609
hacking forever. So what are they up to
today? When you google German hackers, the
314
00:35:07,609 --> 00:35:12,310
first result is Clifford Stoll.
Laughing
315
00:35:12,310 --> 00:35:19,520
Drephal: After 30 years, really, still?
That's the news? I don't know, maybe it's
316
00:35:19,520 --> 00:35:21,814
time to make German Hacking Great Again.
317
00:35:21,904 --> 00:35:29,039
Laughter and applause
318
00:35:31,258 --> 00:35:39,500
Drephal: Very good. So. And finally, what
about the Chaos Computer Club? What has
319
00:35:39,500 --> 00:35:47,160
changed in the past 30 years? Here's
another quote that I've found of a
320
00:35:47,160 --> 00:35:53,910
Congress and the issues that were
discussed at Congress. Someone standing up
321
00:35:53,910 --> 00:36:02,480
and telling the audience that he was
unhappy with where he saw Chaos going. The
322
00:36:02,480 --> 00:36:06,460
political direction is unacceptable.
Concentrating on things like environmental
323
00:36:06,460 --> 00:36:11,580
protection, climate change or something,
is diverting the group from its technical
324
00:36:11,580 --> 00:36:17,320
origins. And it's little wonder that truly
talented hackers are beginning to abandon
325
00:36:17,320 --> 00:36:21,305
the club. This is from 1988.
326
00:36:23,385 --> 00:36:28,250
So are we still having the same
issues today? Are we
327
00:36:28,250 --> 00:36:33,708
still discussing the same thing? Where is
the CCC going? Is it too political? Should
328
00:36:33,708 --> 00:36:42,580
it focus more on real hacking, on the
technology or what? But fortunately, a lot
329
00:36:42,580 --> 00:36:48,070
has changed. For example, when you think
about those guys who were at the Congress
330
00:36:48,070 --> 00:36:55,850
in the 1980s, how many people were there,
like 400? At a Congress in 85? How many
331
00:36:55,850 --> 00:37:01,210
people are here today? 16.000? I mean, not
in this room, but I think last year was
332
00:37:01,210 --> 00:37:08,360
16.000. That's amazing. And something else
I mentioned, when I was this big, I didn't
333
00:37:08,360 --> 00:37:12,849
attend Congress. But today you walk around
and there's tiny hackers whizzing on
334
00:37:12,849 --> 00:37:20,170
scooters everywhere, which is awesome.
People are bringing their kids and you
335
00:37:20,170 --> 00:37:27,170
have a much wider cross section of society
today. And something else... I don't know
336
00:37:27,170 --> 00:37:31,109
if you noticed, but when I told you the
story about the KGB hack, what was
337
00:37:31,109 --> 00:37:35,729
missing? There was something
that did not show up.
338
00:37:35,729 --> 00:37:38,330
Women. The only women, the only
339
00:37:38,330 --> 00:37:42,691
woman in this story is Clifford Stoll's
girlfriend, who allegedly came up with the
340
00:37:42,691 --> 00:37:47,280
idea of planting a honey pot in his
system. There is no other woman in this
341
00:37:47,280 --> 00:37:53,860
story. It's all young dudes hacking away.
And that certainly has changed. There
342
00:37:53,860 --> 00:38:00,480
are... I don't know the percentage. I
can't tell. But there's so many women and
343
00:38:00,480 --> 00:38:07,200
other non male participants that, like I
said, it's a much wider cross-section of
344
00:38:07,200 --> 00:38:14,230
society today. But apart from these
issues, what else what do you think are
345
00:38:14,230 --> 00:38:19,850
the issues we have today and we're going
to have in the future? That's my question
346
00:38:19,850 --> 00:38:26,320
to you. And I would like some answers. And
if you want to confess about hacking
347
00:38:26,320 --> 00:38:35,030
something, my DECT is 6623. You can
telegram me or tell us now.
348
00:38:35,030 --> 00:38:44,254
Applause
349
00:38:46,790 --> 00:38:51,380
Herald: Thank you very much for this
excellent talk. We do have six microphones
350
00:38:51,380 --> 00:38:55,950
here in the hall. Please line up there.
Are there questions from the Internet via
351
00:38:55,950 --> 00:38:58,420
our Signal Angel?
Signal Angel: No, there are none.
352
00:38:58,420 --> 00:39:03,630
Herald: There are no questions from the
Internets. Do we have questions here?
353
00:39:03,630 --> 00:39:09,349
We have question at microphone three.
Question: Yes. Oh, my goodness. Thanks a
354
00:39:09,349 --> 00:39:15,450
lot for a talk. It was amazing. Can you
please just show us the first video?
355
00:39:15,450 --> 00:39:20,620
Laughter
Drephal: Oh, yeah. I hope so.
356
00:39:20,620 --> 00:39:24,390
Herald: Yes, we have plenty of time.
Drephal: Yeah. Let's just try to...
357
00:39:24,390 --> 00:39:27,680
Herald: In the meantime, if you have
questions, please line up at the
358
00:39:27,680 --> 00:39:32,800
microphones.
Drephal: I don't want to... Okay, getting
359
00:39:32,800 --> 00:39:39,760
close. Getting close. Getting close. Okay.
You mean this one?
360
00:39:39,760 --> 00:39:47,080
Audience: No!
Drephal: Yeah, that one doesn't work. Oh,
361
00:39:47,080 --> 00:39:53,693
not this one? Oh, yeah. The next one.
Let's try.
362
00:39:54,885 --> 00:39:56,760
Intro music
363
00:39:56,760 --> 00:40:00,010
Ah!
Applause
364
00:40:07,450 --> 00:40:08,580
Laughter
365
00:40:08,590 --> 00:40:12,600
TV announcer: Guten Abend, meine Damen und
Herren, zu so später Stunde. Sie haben es
366
00:40:12,600 --> 00:40:16,640
ja gerade eben schon gehört. Laut Programm
sollten sie jetzt einen Wirtschaftskrimi
367
00:40:16,640 --> 00:40:21,139
mit dem Titel Tanker sehen, den bringen
wir heute abend nicht. Dafür aber einen
368
00:40:21,139 --> 00:40:25,590
Spionagekrimi, und zwar einen echten.
Einen authentischen Report über den
369
00:40:25,590 --> 00:40:30,295
schwersten Spionagefall seit der
Enttarnung des Kanzleramtsagenten Günter
370
00:40:30,295 --> 00:40:33,920
Guillaume.
Drephal: You can find the whole Brennpunkt
371
00:40:33,920 --> 00:40:41,710
on YouTube. It's very interesting. It's
like 30 minutes. There's a lot of the same
372
00:40:41,710 --> 00:40:50,599
images as in the other documentation I
showed. Dudes in black sunglasses, the CIA
373
00:40:50,599 --> 00:40:56,280
and stuff. Also, this documentation about
Clifford Stoll is hilarious. Not just the
374
00:40:56,280 --> 00:41:00,627
scene where where he runs out the shower
in his towel to his computer because the
375
00:41:00,627 --> 00:41:05,090
hacker is on. It's hilarious.
Herald: So do we have any more questions
376
00:41:05,090 --> 00:41:08,280
from the Internet, from the hall.
Drephal: No?
377
00:41:08,280 --> 00:41:14,010
Herald: No, it does not... Well, then
there is something up at microphone 5.
378
00:41:14,010 --> 00:41:17,520
Question: Can you hear me? Yeah.
Drephal: Where? Ah, there!
379
00:41:17,520 --> 00:41:20,450
Q: Do we know anything about the rest of
the group?
380
00:41:20,450 --> 00:41:24,080
Drephal: Yes.
Q: Working today, for example?
381
00:41:24,080 --> 00:41:33,560
Drephal: Yes. Well, about... let me, go
back or go front. Well, I did... I looked
382
00:41:33,560 --> 00:41:40,570
into them. DOB, I could not find anything
about him. He was actually one of the two
383
00:41:40,570 --> 00:41:44,520
who had to stay in prison for almost a
year because he was fleeing the army
384
00:41:44,520 --> 00:41:49,930
service and they were looking for him.
I couldn't find anything about what he's
385
00:41:49,930 --> 00:41:55,710
doing today. Pengo is very active. He has
a Twitter. He's into vintage computing.
386
00:41:55,710 --> 00:42:01,450
And he's, he's the one who's always been
interviewed. You know, every 10 years, 10
387
00:42:01,450 --> 00:42:06,750
years after the KGB hack, 20 years after
the KGB hack, he's been on TV, he's been
388
00:42:06,750 --> 00:42:11,314
on podcasts. You can find a lot about him.
389
00:42:11,314 --> 00:42:16,440
But, about 10 years ago, he was on Tim
390
00:42:16,440 --> 00:42:23,040
Pritlove's podcast. Very interesting. It's
two hours long, but it's super
391
00:42:23,040 --> 00:42:29,490
interesting, very detailed in, into the
beginnings of the Internet. And there he
392
00:42:29,490 --> 00:42:33,920
said, OK. He's being asked about this
again and again. And sometimes you just
393
00:42:33,920 --> 00:42:39,010
don't want to talk about it anymore. I can
totally understand that. Well, you know
394
00:42:39,010 --> 00:42:43,400
what happened about, what happened with
Hagbard. Urmel, I couldn't find out
395
00:42:43,400 --> 00:42:46,120
anything either.
396
00:42:47,080 --> 00:42:53,280
Also, Pedro, no.
Not so much.
397
00:42:53,280 --> 00:42:56,030
Herald: So we have another question on
microphone three.
398
00:42:56,030 --> 00:43:01,770
Question: Hi. Well, first of all, thank
you very much. I did read The Kuckuck's
399
00:43:01,770 --> 00:43:03,770
Egg.
Drephal: Excellent!
400
00:43:03,770 --> 00:43:08,740
Q: And thank you for posing the German
perspective towards it. It really
401
00:43:08,740 --> 00:43:13,710
elaborates the story quite a lot. You
finished your presentation with the
402
00:43:13,710 --> 00:43:19,109
question, what is missing, currently, at
the Chaos Computer Club. I love it
403
00:43:19,109 --> 00:43:21,884
probably as much as you do.
404
00:43:21,884 --> 00:43:25,710
I come from the Netherlands and
I have the feeling that in
405
00:43:25,710 --> 00:43:29,010
Holland, hackers collaborate much more
with governments and companies.
406
00:43:29,010 --> 00:43:31,970
Drephal: Okay.
Q: It's good to be critical against
407
00:43:31,970 --> 00:43:37,040
government, but to criticize everything
and to shut out government for everything
408
00:43:37,040 --> 00:43:41,609
doesn't solve the problem. So what I'm
hoping for is a more constructive
409
00:43:41,609 --> 00:43:46,010
collaboration with the German government
and I hope I'm not making myself very
410
00:43:46,010 --> 00:43:50,310
impopular here. I perhaps do, but I'm
Dutch.
411
00:43:50,760 --> 00:43:52,980
Laughter
Drephal: Thank you.
412
00:43:52,990 --> 00:43:57,840
Applause
413
00:43:57,840 --> 00:44:03,790
Herald: Another question, microphone one.
Question: Hi. Just to get the facts
414
00:44:03,790 --> 00:44:10,220
straight. So, I mean, I guess we all know
here the story, the development of the
415
00:44:10,220 --> 00:44:16,770
term hacking since the IT hacks, et
cetera. Would you say that explicitly, the
416
00:44:16,770 --> 00:44:23,079
story with the German hacking is the thing
that stained the name of hacking in our
417
00:44:23,079 --> 00:44:28,380
mainstream consciousness?
Drephal: Not, not alone. I mean, there's
418
00:44:28,380 --> 00:44:33,810
obviously when you look at the US, there's
cases of hacking. I mean, talking about
419
00:44:33,810 --> 00:44:39,960
Kevin Mitnick, for example, Robert Tappan
Morris, who shut down all the computers in
420
00:44:39,960 --> 00:44:47,730
the US for days. That's something that,
obviously, formed the image of hacking in
421
00:44:47,730 --> 00:44:53,430
the US and I, I'm not sure about other
countries to be, to be honest. But I'm
422
00:44:53,430 --> 00:44:59,609
thinking that it was around the same time,
so end of the 80s, hacking kind of lost
423
00:44:59,609 --> 00:45:05,754
its innocence through various infamous
hacks like the KGB hack.
424
00:45:05,754 --> 00:45:07,846
Q: Thank you very much.
Drephal: Thank you.
425
00:45:07,846 --> 00:45:12,140
Herald: Next question, microphone three.
Question: Yes. Thank you, interesting
426
00:45:12,140 --> 00:45:17,410
talk. And is there a list or has...
Herald: Please talk a bit closer to the
427
00:45:17,410 --> 00:45:20,470
microphone. Thank you.
Q: Has anyone a list of which kind of
428
00:45:20,470 --> 00:45:26,280
information has been leaked or which kind
of facilities have been compromised? And
429
00:45:26,280 --> 00:45:31,440
second questions, have the Russians ever
confirmed this hack?
430
00:45:31,440 --> 00:45:39,160
Drephal: First question. Yes. Well,
there's the official documents that came
431
00:45:39,160 --> 00:45:47,050
out in, in the process. There's actually,
if you, if you read German, there is an
432
00:45:47,050 --> 00:45:53,200
interesting book that came out in 1990
about this case. And it has very detailed
433
00:45:53,200 --> 00:45:58,770
information about what kind of
institutions have been hacked and what
434
00:45:58,770 --> 00:46:08,070
kind of information has been given to the
Soviets. But most of it, I guess, is, is,
435
00:46:08,070 --> 00:46:14,170
comes from confessions, because there was
no proof. The Russians did never confirm
436
00:46:14,170 --> 00:46:20,300
that, yeah, OK, We got this and we got
that. No, of course not. And so most of it
437
00:46:20,300 --> 00:46:30,470
is what the hackers actually confessed.
Herald: Do we have any more questions? It
438
00:46:30,470 --> 00:46:35,350
does not look like that. So for anyone who
left already. You're going to miss out on
439
00:46:35,350 --> 00:46:37,350
the outro video.
Drephal: Yeah.
440
00:46:37,350 --> 00:46:44,050
Herald: Take it away.
Drephal: If I can actually do that because
441
00:46:44,050 --> 00:46:50,672
there's no more questions. Are we seeing
this? Excellent. It's just one thing, for
442
00:46:50,672 --> 00:46:54,413
me, left to do.
443
00:46:57,793 --> 00:46:59,656
Why am I...
444
00:47:10,450 --> 00:47:11,820
Drephal: Thank you!
445
00:47:11,820 --> 00:47:15,360
Applause
Herald: Thank you. Big one, round of
446
00:47:15,360 --> 00:47:20,271
applause.
Applause
447
00:47:20,271 --> 00:47:24,466
postroll music
448
00:47:24,466 --> 00:47:47,000
subtitles created by c3subtitles.de
in the year 2019. Join, and help us!