WEBVTT
00:00:00.000 --> 00:00:18.940
36C3 preroll music
00:00:18.940 --> 00:00:23.630
Herald Angel: Good evening, everyone. Our
next speaker is a historian and she is
00:00:23.630 --> 00:00:29.360
rolling back time for us, 30 years to the
very beginnings of the Chaos Computer Club
00:00:29.360 --> 00:00:36.820
and taking a closer look at the KGB hack,
the infamous KGB hack and what Karl Koch
00:00:36.820 --> 00:00:43.180
did back them. So let's journey
back to the 80s with Anja Drephal.
00:00:43.180 --> 00:00:54.210
Applause
00:00:54.210 --> 00:01:02.640
Anja Drephal: Thank you. I was hoping to
see my presentation.
00:01:02.640 --> 00:01:04.391
laughter
Drephal: Why am I not seeing my
00:01:04.391 --> 00:01:08.490
presentation, my slides?
00:01:18.350 --> 00:01:20.860
Yes. Thank you.
00:01:36.820 --> 00:02:00.632
Dial-up noises
00:02:13.900 --> 00:02:24.100
Drephal: Thank you.
Applause.
00:02:24.940 --> 00:02:31.030
Drephal: That applause, guys, goes to my
amazing hacker who did this little video
00:02:31.030 --> 00:02:32.880
as a start to my presentation. Thank you.
00:02:38.770 --> 00:02:43.824
Why? No ...
Laughter
00:02:43.824 --> 00:02:45.415
Drephal: I guess we'll have to do it again.
00:02:45.415 --> 00:02:48.001
No, no. What is happening?
00:02:53.437 --> 00:02:55.363
No, no, no, no, no.
00:02:55.667 --> 00:02:59.050
Okay, okay. Welcome to 1989.
00:02:59.326 --> 00:03:05.950
Before I start, I have to say, when you
start researching a topic like the KGB hack,
00:03:05.950 --> 00:03:11.859
you suddenly find out there are so many
sources, not just books that have been
00:03:11.859 --> 00:03:17.409
written, movies that have been made,
documentaries. There's articles in
00:03:17.409 --> 00:03:22.549
newspapers, on the internet. There's
podcasts you can listen to that go into
00:03:22.549 --> 00:03:28.620
every little detail of this case, every
little detail of the early history of the
00:03:28.620 --> 00:03:35.549
CCC, the early history of the Internet as
it is, and due to time constraints that we
00:03:35.549 --> 00:03:43.139
have, I'm going to have to simplify quite
a few things to just, you know, give you
00:03:43.139 --> 00:03:49.239
an overview and tell you a story about
this topic. And I'm counting on you to
00:03:49.239 --> 00:03:56.209
raise questions, in the end, at our Q&A,
to maybe go into more detail if you find
00:03:56.209 --> 00:04:00.310
out, OK, there is something that should
have been a little more detailed is
00:04:00.310 --> 00:04:04.819
something that, hey, I know about -
something about this because I'm sure a
00:04:04.819 --> 00:04:12.360
lot of you know maybe more than me about
this story. So that's something that I'm
00:04:12.360 --> 00:04:19.400
hoping we can do in 45 minutes, 40
minutes. First of all, I'd like to ask a
00:04:19.400 --> 00:04:28.660
question - two questions to the audience.
Does anyone here think that this talk
00:04:28.660 --> 00:04:31.744
might mention their name?
00:04:35.624 --> 00:04:38.510
Yes. Who are you?
00:04:38.510 --> 00:04:43.290
Laughter
Drephal: Well, I'm not going to mention
00:04:43.290 --> 00:04:49.620
any real names except for one. So maybe
you would like to join us in the end. Or
00:04:49.620 --> 00:04:55.190
you know, if not, then not. Second
question, is anyone here who attended
00:04:55.190 --> 00:05:04.850
Congress in the 1980s? Excellent. Well,
personally, I did not because I was busy
00:05:04.850 --> 00:05:12.060
with kindergarten and elementary school
and stuff. My first Congress was in 2012
00:05:12.060 --> 00:05:19.400
when a friend of mine introduced me to the
Chaos Computer Club. I went to Hamburg.
00:05:19.400 --> 00:05:24.820
I spent four amazing days at Congress, and
in the end I thought, oh my God, this is
00:05:24.820 --> 00:05:30.870
so great. And I thought, OK, what could I
give back to this amazing community? What
00:05:30.870 --> 00:05:39.370
could I add to this experience? And I'm
not a hacker or very much into tech, but
00:05:39.370 --> 00:05:44.450
I'm a historian. I can tell you history,
and I'm very thankful that the content
00:05:44.450 --> 00:05:50.710
team has now invited me for the fourth
time to tell you about history. I'm very
00:05:50.710 --> 00:05:56.430
thankful that this talk has gotten a slot
on day one, because I think it's the
00:05:56.430 --> 00:06:04.330
perfect time to take a look back at what
was, to take a look at what has changed,
00:06:04.330 --> 00:06:11.640
to remember those who unfortunately cannot
be here today and then spend three more
00:06:11.640 --> 00:06:22.040
days in the present, at this Congress. So
let me set the scene for you. It's 1989,
00:06:22.040 --> 00:06:29.520
especially it's March 1989. In March,
1989, the world was still very much
00:06:29.520 --> 00:06:35.080
divided. Germany was still divided into
West Germany and the German Democratic
00:06:35.080 --> 00:06:47.083
Republic. And looking at Leipzig in March
1989, we had the spring fair. Not here,
00:06:47.083 --> 00:06:53.720
but in the old fairgrounds. And the German
Democratic Republic proudly presented
00:06:53.720 --> 00:07:00.340
their latest and greatest in technology.
They had just developed a four megabit
00:07:00.340 --> 00:07:07.390
hybrid memory - four megabits.
Unfortunately, it was way too expensive to
00:07:07.390 --> 00:07:16.800
make it on the world market. But they were
proud. West Germany had its own issues.
00:07:16.800 --> 00:07:23.610
Laughter
Drephal: Difficult times. People had to
00:07:23.610 --> 00:07:29.370
wear stone washed jeans and pastel colored
sweaters. Number one hit in the West
00:07:29.370 --> 00:07:35.090
German charts in March was David
Hasselhoff, Looking for Freedom. And Bill
00:07:35.090 --> 00:07:39.500
and Ted were going on an excellent
adventure. Sequel is coming out next year,
00:07:39.500 --> 00:07:43.210
don't miss it.
Laughter
00:07:43.210 --> 00:07:47.250
Drephal: Speaking about television,
private television in West Germany was
00:07:47.250 --> 00:07:52.430
still very much in its infancy. Most
people still had three television channels
00:07:52.430 --> 00:07:58.170
first, second, third and they got their
information from the television. The first
00:07:58.170 --> 00:08:05.110
program showed the news every night at
8:00. People watched it, much more than
00:08:05.110 --> 00:08:11.130
today. And sometimes the first German
television had a special program called Im
00:08:11.130 --> 00:08:18.061
Brennpunkt, In Focus. That always came out
when something was so exciting, so
00:08:18.061 --> 00:08:22.100
newsworthy that it couldn't be
sufficiently dealt with in the normal
00:08:22.100 --> 00:08:29.940
news. So on March 2nd, 1989, the first
German television showed this.
00:08:29.940 --> 00:08:35.135
Music
00:08:35.135 --> 00:08:40.330
Drephal: Why isn't it moving? Oh, come on,
00:08:40.330 --> 00:08:46.461
please. It's moving on my screen.
TV moderator speaking in German
00:08:54.531 --> 00:08:57.530
Drephal: Would have been nice, if...
TV moderator speaking in German
00:09:07.350 --> 00:09:10.070
Drephal: Well, okay, if it had been
moving, you would have seen a dude in a
00:09:10.070 --> 00:09:16.620
suit telling you that the biggest spy case
since Günter Guillaume has just been
00:09:16.620 --> 00:09:22.310
uncovered. Günter Guillaume was an East
German spy who worked closely in the
00:09:22.310 --> 00:09:28.800
offices of German Chancellor Willy Brandt
in the 1970s. He worked for the East
00:09:28.800 --> 00:09:33.180
German Secret Service, and when he was
uncovered, the Chancellor had to step
00:09:33.180 --> 00:09:42.050
down. So apparently in March 1989, we have
a spy case of German hackers working for
00:09:42.050 --> 00:09:50.550
the KGB that is as big as Günter
Guillaume. Spoiler: It was not. But
00:09:50.550 --> 00:09:55.040
anyway. How is that even possible? How can
you, how can German hackers work for the
00:09:55.040 --> 00:10:01.740
KGB in 1989? How can they hack anything
over the Internet? Well, there is no
00:10:01.740 --> 00:10:13.970
Internet. What there is, is basically
this. Let's say, in the mid 1980s, you're
00:10:13.970 --> 00:10:21.130
a teenager and you've got a computer for
Christmas. Lucky you. So what can you do
00:10:21.130 --> 00:10:28.700
with it? There's no Internet. There are
computers that are connected. Big
00:10:28.700 --> 00:10:33.820
computers made by IBM and by VAX that are
standing in universities, research
00:10:33.820 --> 00:10:43.260
institutions, military institutions, big
companies. And you have, in the 1980s, a
00:10:43.260 --> 00:10:49.070
network that you can actually dial in to
from your home. So you have a phone that's
00:10:49.070 --> 00:10:54.260
connected to a wall, usually, if it's not
cut off, and you have a computer and if
00:10:54.260 --> 00:11:01.250
you're lucky, you have a sort of modem.
It's called an acoustic coupler. We have
00:11:01.250 --> 00:11:09.170
one here for the C64. The most famous one
was the data phone, it's bigger, but this
00:11:09.170 --> 00:11:15.450
one basically works the same. You strap
your phone to it and you call your local
00:11:15.450 --> 00:11:25.140
post office. And your local post office in
the 1980s has a network called Data XP,
00:11:25.140 --> 00:11:33.420
which stands for data exchange packet
based. It's based on the X.25 protocol and
00:11:33.420 --> 00:11:41.500
it gives you the opportunity to connect to
computers all over Germany and all over
00:11:41.500 --> 00:11:46.480
Europe and actually all over the world.
What you need is a network user
00:11:46.480 --> 00:11:53.170
identification, a so-called new NUI, which
is expensive. The call to your local post
00:11:53.170 --> 00:11:57.480
office, not so much, especially in West
Berlin, which was known as sort of a
00:11:57.480 --> 00:12:03.000
hacker's paradise because local calls cost
only twenty three Pfennig, twenty three
00:12:03.000 --> 00:12:09.940
cents, not per minute, but per call. So if
you had a network user identification from
00:12:09.940 --> 00:12:18.140
somewhere, you could just call your local
data XP office and connect. These NUIs
00:12:18.140 --> 00:12:25.240
were expensive, but you could find them,
for example, at the computer fair in
00:12:25.240 --> 00:12:30.460
Hanover because people weren't watching
their screens, their terminals, and maybe
00:12:30.460 --> 00:12:35.230
you could look over somebody's shoulder
and see their log in and use it and run up
00:12:35.230 --> 00:12:40.880
charges of thousands of marks and then you
can connect to message boards, which is a
00:12:40.880 --> 00:12:48.100
bit, well, not so exciting. Much more
exciting is the big computers standing at
00:12:48.100 --> 00:12:58.839
institutions and companies. And so,
through this, possibility, these
00:12:58.839 --> 00:13:08.600
possibilities, this network comes a hacker
scene in the 1980s of mostly young people,
00:13:08.600 --> 00:13:16.300
teenagers, young guys, not so many girls,
who connect to these big computers because
00:13:16.300 --> 00:13:21.420
they can, because they're there and
they're interesting. And you just want to
00:13:21.420 --> 00:13:33.600
see what's on them. Especially infamous
was CERN, the nuclear research
00:13:33.600 --> 00:13:39.980
organization in Switzerland,
where at some point hackers were actually
00:13:39.980 --> 00:13:45.980
having kind of parties in the system
connecting to the computers and chatting
00:13:45.980 --> 00:13:55.120
with the systems managers who were a bit
annoyed because they had work to do, but
00:13:55.120 --> 00:14:00.996
not that bothered because it wasn't really
seen as anything that could harm them. And
00:14:00.996 --> 00:14:07.190
the point was to go into these computers
because you can to show that you can and
00:14:07.190 --> 00:14:12.550
to have some fun and not because you're a
criminal or you want to take some data or
00:14:12.550 --> 00:14:27.570
make money off it, but just as a sport.
And now... and in this scene, the Chaos
00:14:27.570 --> 00:14:37.640
Computer Club also established itself as
sort of a mediator between these hackers
00:14:37.640 --> 00:14:46.390
and the institutions and companies that
were being broken into. Always stressing
00:14:46.390 --> 00:14:52.930
that when you're hacking, you should do it
with an ethical approach. Never, you know,
00:14:52.930 --> 00:14:58.140
doing any harm. Being excellent. Not
making any money. And for God's sake,
00:14:58.140 --> 00:15:03.029
staying away from military or Secret
Service computers, don't touch those.
00:15:03.029 --> 00:15:10.370
Here's a quote on one of the first
Congresses, which I think sounds pretty
00:15:10.370 --> 00:15:18.279
much like today. This amazing experience
and the news crews interested and
00:15:18.279 --> 00:15:28.060
reporting on what's happening with these
sort of harmless tech freaks and hackers
00:15:28.060 --> 00:15:37.029
that were just having fun. And this is the
scene where a group of young men met in
00:15:37.029 --> 00:15:43.540
the mid 1980's and started hanging out,
started sitting in front of computers,
00:15:43.540 --> 00:15:49.190
hacking together, talking, consuming
drugs, also, and just, you know, having
00:15:49.190 --> 00:15:59.370
fun. And these are their nicknames. They
were all, sort of, some were programmers,
00:15:59.370 --> 00:16:06.170
some were teenagers who were into hacking.
One of them, the last one here, wasn't
00:16:06.170 --> 00:16:11.680
really a hacker. He worked at a casino and
he made some money on his side selling
00:16:11.680 --> 00:16:16.649
drugs. And they were just hanging out and
and just feeling like they were the
00:16:16.649 --> 00:16:24.690
greatest. They were... Someone has
compared them to sort of graffiti kids.
00:16:24.690 --> 00:16:28.890
They did it because they could, just
leaving their mark everywhere in the
00:16:28.890 --> 00:16:38.430
computers. And... Well, they were just, you
know, talking and somebody had the idea,
00:16:38.430 --> 00:16:43.430
OK, what can we do to get recognized as
the greatest hackers or how can we make
00:16:43.430 --> 00:16:50.480
something off it? There's always the issue
of money problems that you might have,
00:16:50.480 --> 00:16:57.610
stupid ideas that you have when you're a
teenager or a young kid. And one of them
00:16:57.610 --> 00:17:01.005
came up with the idea, Hey, I know
somebody in East Berlin who might be
00:17:01.005 --> 00:17:06.959
interested in what we're doing and maybe
we could sell that. I know someone, a
00:17:06.959 --> 00:17:11.980
Russian, and it might be, you know, it
might actually be a contribution to world
00:17:11.980 --> 00:17:16.359
peace because the Russians need technology
that they don't have and we have it. We
00:17:16.359 --> 00:17:24.449
could kind of equalize the scales a bit.
It's a stupid idea, of course. But this
00:17:24.449 --> 00:17:31.760
guy, Pedro, his name was Peter, he
actually went to East Berlin, walked into
00:17:31.760 --> 00:17:37.049
the Soviet trade mission and said he
wanted to talk someone about a deal, super
00:17:37.049 --> 00:17:47.200
stupid, walking in the front door and
someone actually listened to him. A guy
00:17:47.200 --> 00:17:52.310
who introduced himself as Sergei, who
officially worked at the trade mission,
00:17:52.310 --> 00:18:02.810
which in my opinion means KGB, was willing
to listen and our hackers offered, OK, we
00:18:02.810 --> 00:18:08.500
can get you like log-ins to computers in
West Germany and even America. We can even
00:18:08.500 --> 00:18:14.170
teach you how to hack, you know, for like
a million marks. How about that? And
00:18:14.170 --> 00:18:20.490
Sergei was like, Okay, that's nice, but I
need something else. Because he had a
00:18:20.490 --> 00:18:31.559
shopping list which came pretty much
directly from the embargo list made by the
00:18:31.559 --> 00:18:38.600
Coordinating Committee on Multilateral
Export Controls. There was an embargo,
00:18:38.600 --> 00:18:47.210
technology and, yeah, electronic parts.
Computers weren't allowed to be sold into
00:18:47.210 --> 00:18:52.700
the Soviet Union or the Eastern Bloc in
general. And that was basically his
00:18:52.700 --> 00:18:58.200
shopping list. What the Soviets wanted was
not so much, you know, log-ins to military
00:18:58.200 --> 00:19:04.431
computers. They wanted source code, for
example... According to the sources, he
00:19:04.431 --> 00:19:09.090
actually had a list that said, OK, UNIX
source code, twenty five thousand marks,
00:19:09.090 --> 00:19:14.290
maybe a compiler for this and that, five
thousand marks. And our hackers were able
00:19:14.290 --> 00:19:20.080
to provide. They didn't exactly make a
million, but about ninety thousand marks
00:19:20.080 --> 00:19:23.899
exchanged hands in the following months.
00:19:23.899 --> 00:19:30.480
Until a systems administrator in
00:19:30.480 --> 00:19:35.920
California noticed something. And now I
have to tell you, the legend of Clifford
00:19:35.920 --> 00:19:45.170
Stoll. Clifford Stoll has become famous
for uncovering the KGB hackers, and a sort
00:19:45.170 --> 00:19:51.410
of legend has been built around him,
telling his story again and again. He,
00:19:51.410 --> 00:19:56.960
there was a funny documentary made. He had
a book coming out. And there are some
00:19:56.960 --> 00:20:03.670
weird aspects in this story, but maybe we
can talk about them later. So, first of
00:20:03.670 --> 00:20:10.300
all, I'm just going to give you the story
as he tells it. And I would like to show
00:20:10.300 --> 00:20:18.080
you, because you can describe this man,
but you just have to see him. And if this
00:20:18.080 --> 00:20:23.040
video isn't working again, then I'm gonna
be a really, really sad. Please.
00:20:23.040 --> 00:20:26.691
TV announcer: Tonight, on Nova...
Drephal: Are you fucking kidding me?
00:20:26.691 --> 00:20:30.590
TV character 1: Where's Decker again?
TV character 2: He's in an Army Base.
00:20:30.590 --> 00:20:35.620
Gibberish
TV announcer: A lone scientist is on the
00:20:35.620 --> 00:20:38.820
trail of a computer spy...
Drephal: Yeah, because that would be
00:20:38.820 --> 00:20:43.910
really awesome if we could actually watch
it.
00:20:43.910 --> 00:21:02.799
Shouting
Drephal: Huh? Oh, man. Um, can we just go
00:21:02.799 --> 00:21:14.229
to the slide that we need, maybe? This
is... okay. Should we try it? Well, it
00:21:14.229 --> 00:21:23.783
shows a picture at least. That's good.
Yeah. Let's just try this. Do some-thing.
00:21:23.783 --> 00:21:26.340
Technical Angel: You have to start the
presentation.
00:21:26.340 --> 00:21:39.271
Drephal: Yeah, I'm trying. Here, right?
Oh, no. Come on, come on. Well, we're
00:21:39.271 --> 00:21:43.230
going to get there.
00:21:43.230 --> 00:21:45.610
TV announcer: Tonight, on Nova...
00:21:45.610 --> 00:21:48.530
Drephal: Yes!
Applause
00:21:48.530 --> 00:21:55.540
TV announcer: A lone scientist on the
trail of a computer spy. The hacker is out
00:21:55.540 --> 00:21:59.120
there somewhere, raiding computers,
stealing government files.
00:21:59.120 --> 00:22:02.440
Clifford Stoll: Hi, Manny. Some computer
hacker's looking for him.
00:22:02.440 --> 00:22:06.299
TV announcer: The true story of Cliff
Stoll's real life adventure, featuring the
00:22:06.299 --> 00:22:12.070
actual participants recreating the events
is The KGB, The Computer and Me.
00:22:12.070 --> 00:22:14.365
Laughter
00:22:14.365 --> 00:22:19.280
Drephal: I like his hair. Okay, so,
00:22:19.280 --> 00:22:25.740
Clifford Stoll's story is that he was a
systems administrator at Lawrence Berkeley
00:22:25.740 --> 00:22:32.480
Laboratory and he noticed in his
accounting system 75 cents missing because
00:22:32.480 --> 00:22:39.460
some user had accrued 75 cents of computer
time and not paid for it. And he found out
00:22:39.460 --> 00:22:44.770
that there was a weird user he didn't
know. And he just deleted him. A couple of
00:22:44.770 --> 00:22:49.400
days later, somebody else was on his
computer and had system privileges. And he
00:22:49.400 --> 00:22:54.240
says, he just got interested. He didn't
want to shut this person out, he wanted to
00:22:54.240 --> 00:23:01.000
know who it was and what they were doing.
So he started tracking whoever was coming
00:23:01.000 --> 00:23:07.350
into his computers for months, actually a
whole year in the end, that he was
00:23:07.350 --> 00:23:16.690
tracking this person. He got help from a
friendly district attorney who got him a
00:23:16.690 --> 00:23:25.910
warrant to trace the phone lines. And,
long story short... Can you actually see
00:23:25.910 --> 00:23:33.880
something? That's nice. He found out that
his intruder came in through TimeNet, the
00:23:33.880 --> 00:23:39.660
equivalent, the American equivalent of
Data XP. And he wasn't even in the US. He
00:23:39.660 --> 00:23:46.560
was in Germany. He came in through Data XP
at the University of Bremen. And the trace
00:23:46.560 --> 00:23:51.250
ended in Hanover. And in Hanover, the
problem was that they had really old
00:23:51.250 --> 00:23:58.679
switches from the 1950s, and it would have
taken about an hour to track the hacker
00:23:58.679 --> 00:24:07.730
back to his own phone at home. And the
problem was the hacker never stayed long
00:24:07.730 --> 00:24:13.190
enough on Stoll's computers. He used them
as a gateway to get into much more
00:24:13.190 --> 00:24:21.990
interesting computers. For example, the
Pentagon database at the Pentagon, the Air
00:24:21.990 --> 00:24:30.930
Force, the Navy, the Army, even Army
computers in Japan. Computers in the
00:24:30.930 --> 00:24:38.690
Ramstein, Germany. So Stoll was at a loss:
How to keep him in a system long enough so
00:24:38.690 --> 00:24:45.070
he could actually, or the German post
could actually track this person back to
00:24:45.070 --> 00:24:52.460
his own phone line. So he says that his
girlfriend came up with the idea: If
00:24:52.460 --> 00:24:56.330
there's nothing on your computer that
interests him, then then put something
00:24:56.330 --> 00:25:01.280
there. Put some files there that look
super secret and are super big so that he
00:25:01.280 --> 00:25:09.740
needs time to look at them. And that
actually worked. They made up a bunch of
00:25:09.740 --> 00:25:14.370
Big Data and they even put in a mailing
list that said, OK, if you want more
00:25:14.370 --> 00:25:19.980
information about Strategic Defense
Initiative, also known as Star Wars, send
00:25:19.980 --> 00:25:25.660
us a letter because it's so much data, we
have to send it through the post. And
00:25:25.660 --> 00:25:32.370
surprisingly enough, that worked. First of
all, The German post was able to track
00:25:32.370 --> 00:25:39.802
Clifford Stoll's hacker back to the house
of one of our KGB hackers, Urmel.
00:25:39.802 --> 00:25:44.049
His apartment was searched, his office was
searched, but the police didn't really
00:25:44.049 --> 00:25:47.970
know what they were looking for because
they didn't find any disk that said Super
00:25:47.970 --> 00:25:54.750
Secret SDInet Files or something and
nothing much came of it. And the second
00:25:54.750 --> 00:25:58.651
thing that happened was that somebody
actually answered this mailing list.
00:25:58.651 --> 00:26:04.440
A Hungarian immigrant in Pittsburgh sent a
letter to Clifford Stoll asking for
00:26:04.440 --> 00:26:10.600
information on SDInet files. Was he
working for the KGB or was he working for
00:26:10.600 --> 00:26:14.145
somebody else? It's a weird story.
00:26:14.145 --> 00:26:20.566
In any case, so, in the summer of 1987,
Clifford
00:26:20.566 --> 00:26:25.559
Stoll finally knew, OK, there's some dude
in Germany who's been hacking my computer,
00:26:25.559 --> 00:26:31.410
but nothing much happened of it. And it
kind of calmed down a bit until the media
00:26:31.410 --> 00:26:37.559
got interested. Who got the media
interested is another interesting
00:26:37.559 --> 00:26:45.310
question. But in any case, in April of
1988, German magazine Quick reported on
00:26:45.310 --> 00:26:52.850
the case using Clifford Stoll's notes. In
May 1988, he published a paper suggesting
00:26:52.850 --> 00:26:57.660
that this hacker in his system had
something to do with the KGB and our
00:26:57.660 --> 00:27:07.419
hackers got a bit nervous. At this point,
we have to talk about about Hagbard. His
00:27:07.419 --> 00:27:14.500
name, his real name was Karl Koch. And in
1988, he was in a difficult place. He had
00:27:14.500 --> 00:27:20.520
psychological issues, he had drug issues,
he had money problems. And he started
00:27:20.520 --> 00:27:25.710
talking to journalists, offering to tell
wild stories about the KGB and what he
00:27:25.710 --> 00:27:32.400
could do, offering to hack into nuclear
reactors, which obviously was not
00:27:32.400 --> 00:27:39.910
possible. But he just wanted to get a lot
of money for it. And the others got a bit
00:27:39.910 --> 00:27:48.520
nervous. And in July, the youngest in the
group went to the authorities and offered
00:27:48.520 --> 00:27:55.389
to be a witness if he got immunity for
anything that he might have done. And this
00:27:55.389 --> 00:28:02.210
led to the video I wanted to show you in
the beginning when in March 1989, arrests
00:28:02.210 --> 00:28:06.370
were made, all five of them were arrested.
Two had to stay in jail because they had
00:28:06.370 --> 00:28:12.340
prior convictions. Houses were searched
and the media descended on the Chaos
00:28:12.340 --> 00:28:19.000
Computer Club because these five guys were
somehow related. And suddenly, the Chaos
00:28:19.000 --> 00:28:25.309
Computer Club was not this harmless group
anymore. But the media portrayed them as,
00:28:25.309 --> 00:28:34.030
you know, working for the KGB, hacking
basically everything. And dramatizing the
00:28:34.030 --> 00:28:36.985
whole situation.
00:28:36.985 --> 00:28:43.860
What actually came out of
it was not so much. The process, in early
00:28:43.860 --> 00:28:50.840
1990, focused on questions like if any
classified information was actually
00:28:50.840 --> 00:28:57.399
transferred or stored anywhere,
downloaded. Nobody could prove that.
00:28:57.399 --> 00:29:03.149
If the USA or Germany were actually
compromised in any way. Not really. And
00:29:03.149 --> 00:29:09.809
how... The main question was how did this
Hungarian immigrant get this mailing list?
00:29:09.809 --> 00:29:15.540
Because only Clifford Stoll and the hacker
could have had access to it. And the
00:29:15.540 --> 00:29:23.280
question is, did he actually get it from
the KGB or was it, as one of, one of our
00:29:23.280 --> 00:29:29.500
hackers suggested a couple of years ago in
a podcast, maybe it might have been, he
00:29:29.500 --> 00:29:35.140
might have been an agent provocateur, he
might have been set up by somebody to push
00:29:35.140 --> 00:29:40.860
these investigations after the German
authorities didn't really do much with it.
00:29:40.860 --> 00:29:43.808
That's the question.
00:29:44.490 --> 00:29:53.030
So this biggest spy case since
Guillaume ended with probation
00:29:53.030 --> 00:30:00.280
sentences and some fines because there was
no proof that any real harm had been done.
00:30:00.280 --> 00:30:10.360
The most tragic outcome maybe was the
death of Karl Koch, who was our hacker
00:30:10.360 --> 00:30:18.700
Hagbard. He was a very troubled young man.
He was orphaned early. He inherited a lot
00:30:18.700 --> 00:30:24.310
of money when he was young, which is
always difficult. He bought a computer. He
00:30:24.310 --> 00:30:30.410
had a nice apartment. He had parties with
his friends. He consumed drugs. And he was
00:30:30.410 --> 00:30:36.930
from a young age obsessed with the novel
Illuminatus!, and the number 23. A movie
00:30:36.930 --> 00:30:43.620
was made about him in 1998, it's nice, you
can find it on YouTube. I didn't include
00:30:43.620 --> 00:30:49.390
it in my links because I'm not sure about
the copyright situation. But it's
00:30:49.390 --> 00:30:58.770
interesting, nice soundtrack. And this
whole situation in 1989, the media
00:30:58.770 --> 00:31:05.789
pressing down on him and him having these
illusions... He thought the Illuminati
00:31:05.789 --> 00:31:10.220
were in his head controlling his thoughts.
He thought they were controlling the
00:31:10.220 --> 00:31:17.250
international networks and he had to do
something about it. Ended on May 23rd,
00:31:17.250 --> 00:31:22.145
1989, when he was 23 years old.
00:31:22.145 --> 00:31:25.840
He officially committed suicide by burning
00:31:25.840 --> 00:31:32.679
himself. And that is such a gruesome way
to die that immediately there were
00:31:32.679 --> 00:31:38.600
conspiracy theories that maybe he didn't
commit suicide, maybe he had help doing
00:31:38.600 --> 00:31:42.100
it. And that's something I
cannot answer, obviously.
00:31:42.100 --> 00:31:49.670
The much more lasting result of
00:31:49.670 --> 00:31:56.210
this whole case was the image loss that
the Chaos Computer Club suffered. Because
00:31:56.210 --> 00:32:04.460
suddenly they weren't harmless pranksters
joyriding through computers and, you know,
00:32:04.460 --> 00:32:12.520
showing companies flaws in their systems,
showing the post flaws in their BTX
00:32:12.520 --> 00:32:20.770
system, for example. Suddenly they were
portrayed as dangerous hackers, selling
00:32:20.770 --> 00:32:29.550
secrets, being spies, and, you know, they
can't be trusted. And as far as I read,
00:32:29.550 --> 00:32:39.970
the club almost dissolved about this issue
in 1990, but luckily survived. But this is
00:32:39.970 --> 00:32:44.780
an image that is still lingering today.
And I think this image of hackers being
00:32:44.780 --> 00:32:49.990
somehow untrustworthy and being somehow
dangerous, you don't know really what they
00:32:49.990 --> 00:32:55.910
do and why they do it, but they're
dangerous, that is still lingering today.
00:32:58.670 --> 00:33:03.700
Whenever the media tells you something
about hackers, they always show you
00:33:03.700 --> 00:33:10.710
something like, hi. Something like this.
An anonymous, Anonymous dude with a hoodie
00:33:10.710 --> 00:33:15.520
sitting in front of a computer. Some
random numbers flashing. They don't make
00:33:15.520 --> 00:33:22.340
any sense, but it looks dangerous. And,
oh, yeah. And these hackers, they're
00:33:22.340 --> 00:33:25.570
everywhere. They won't stop at anything.
00:33:25.570 --> 00:33:28.340
Laughter
00:33:28.340 --> 00:33:31.417
Drephal: Just two days ago on Christmas.
00:33:31.417 --> 00:33:39.851
Laughter and applause
00:33:39.851 --> 00:33:42.490
German supermarket chain REWE had to call
00:33:42.490 --> 00:33:50.349
back their chopped almonds because they've
been hacked. Beware. And so I was
00:33:50.349 --> 00:33:56.840
interested in taking a look at how the
media portrays hackers these days.
00:33:56.840 --> 00:34:02.460
So I did some Google searches. I thought,
okay, what are famous hacking groups
00:34:02.460 --> 00:34:06.850
that you read about a lot? And for
example, you know, we were talking about
00:34:06.850 --> 00:34:14.779
the KGB. So what about Russian hackers? So
the first results I saw was Russian
00:34:14.779 --> 00:34:20.460
hacking: How did it affect the 2016
elections? So apparently Russian hackers
00:34:20.460 --> 00:34:25.679
are still very much busy with the United
States and the elections leaking
00:34:25.679 --> 00:34:31.240
documents, supporting Trump for some
reason. That's what you find on the media
00:34:31.240 --> 00:34:36.780
about Russian hackers. And then I thought,
OK, what else is there today? What about
00:34:36.780 --> 00:34:41.560
China? Chinese hackers sounds dangerous.
What are they doing? So Chinese hackers
00:34:41.560 --> 00:34:49.429
apparently are busy hacking two factor
authentication these days. They're in your
00:34:49.429 --> 00:34:56.770
phone, beware. Hacking you, right now, as
I speak. But what about German hackers?
00:34:56.770 --> 00:35:01.359
We've been talking about these German
hackers who basically crashed the image of
00:35:01.359 --> 00:35:07.609
hacking forever. So what are they up to
today? When you google German hackers, the
00:35:07.609 --> 00:35:12.310
first result is Clifford Stoll.
Laughing
00:35:12.310 --> 00:35:19.520
Drephal: After 30 years, really, still?
That's the news? I don't know, maybe it's
00:35:19.520 --> 00:35:21.814
time to make German Hacking Great Again.
00:35:21.904 --> 00:35:29.039
Laughter and applause
00:35:31.258 --> 00:35:39.500
Drephal: Very good. So. And finally, what
about the Chaos Computer Club? What has
00:35:39.500 --> 00:35:47.160
changed in the past 30 years? Here's
another quote that I've found of a
00:35:47.160 --> 00:35:53.910
Congress and the issues that were
discussed at Congress. Someone standing up
00:35:53.910 --> 00:36:02.480
and telling the audience that he was
unhappy with where he saw Chaos going. The
00:36:02.480 --> 00:36:06.460
political direction is unacceptable.
Concentrating on things like environmental
00:36:06.460 --> 00:36:11.580
protection, climate change or something,
is diverting the group from its technical
00:36:11.580 --> 00:36:17.320
origins. And it's little wonder that truly
talented hackers are beginning to abandon
00:36:17.320 --> 00:36:21.305
the club. This is from 1988.
00:36:23.385 --> 00:36:28.250
So are we still having the same
issues today? Are we
00:36:28.250 --> 00:36:33.708
still discussing the same thing? Where is
the CCC going? Is it too political? Should
00:36:33.708 --> 00:36:42.580
it focus more on real hacking, on the
technology or what? But fortunately, a lot
00:36:42.580 --> 00:36:48.070
has changed. For example, when you think
about those guys who were at the Congress
00:36:48.070 --> 00:36:55.850
in the 1980s, how many people were there,
like 400? At a Congress in 85? How many
00:36:55.850 --> 00:37:01.210
people are here today? 16.000? I mean, not
in this room, but I think last year was
00:37:01.210 --> 00:37:08.360
16.000. That's amazing. And something else
I mentioned, when I was this big, I didn't
00:37:08.360 --> 00:37:12.849
attend Congress. But today you walk around
and there's tiny hackers whizzing on
00:37:12.849 --> 00:37:20.170
scooters everywhere, which is awesome.
People are bringing their kids and you
00:37:20.170 --> 00:37:27.170
have a much wider cross section of society
today. And something else... I don't know
00:37:27.170 --> 00:37:31.109
if you noticed, but when I told you the
story about the KGB hack, what was
00:37:31.109 --> 00:37:35.729
missing? There was something
that did not show up.
00:37:35.729 --> 00:37:38.330
Women. The only women, the only
00:37:38.330 --> 00:37:42.691
woman in this story is Clifford Stoll's
girlfriend, who allegedly came up with the
00:37:42.691 --> 00:37:47.280
idea of planting a honey pot in his
system. There is no other woman in this
00:37:47.280 --> 00:37:53.860
story. It's all young dudes hacking away.
And that certainly has changed. There
00:37:53.860 --> 00:38:00.480
are... I don't know the percentage. I
can't tell. But there's so many women and
00:38:00.480 --> 00:38:07.200
other non male participants that, like I
said, it's a much wider cross-section of
00:38:07.200 --> 00:38:14.230
society today. But apart from these
issues, what else what do you think are
00:38:14.230 --> 00:38:19.850
the issues we have today and we're going
to have in the future? That's my question
00:38:19.850 --> 00:38:26.320
to you. And I would like some answers. And
if you want to confess about hacking
00:38:26.320 --> 00:38:35.030
something, my DECT is 6623. You can
telegram me or tell us now.
00:38:35.030 --> 00:38:44.254
Applause
00:38:46.790 --> 00:38:51.380
Herald: Thank you very much for this
excellent talk. We do have six microphones
00:38:51.380 --> 00:38:55.950
here in the hall. Please line up there.
Are there questions from the Internet via
00:38:55.950 --> 00:38:58.420
our Signal Angel?
Signal Angel: No, there are none.
00:38:58.420 --> 00:39:03.630
Herald: There are no questions from the
Internets. Do we have questions here?
00:39:03.630 --> 00:39:09.349
We have question at microphone three.
Question: Yes. Oh, my goodness. Thanks a
00:39:09.349 --> 00:39:15.450
lot for a talk. It was amazing. Can you
please just show us the first video?
00:39:15.450 --> 00:39:20.620
Laughter
Drephal: Oh, yeah. I hope so.
00:39:20.620 --> 00:39:24.390
Herald: Yes, we have plenty of time.
Drephal: Yeah. Let's just try to...
00:39:24.390 --> 00:39:27.680
Herald: In the meantime, if you have
questions, please line up at the
00:39:27.680 --> 00:39:32.800
microphones.
Drephal: I don't want to... Okay, getting
00:39:32.800 --> 00:39:39.760
close. Getting close. Getting close. Okay.
You mean this one?
00:39:39.760 --> 00:39:47.080
Audience: No!
Drephal: Yeah, that one doesn't work. Oh,
00:39:47.080 --> 00:39:53.693
not this one? Oh, yeah. The next one.
Let's try.
00:39:54.885 --> 00:39:56.760
Intro music
00:39:56.760 --> 00:40:00.010
Ah!
Applause
00:40:07.450 --> 00:40:08.580
Laughter
00:40:08.590 --> 00:40:12.600
TV announcer: Guten Abend, meine Damen und
Herren, zu so später Stunde. Sie haben es
00:40:12.600 --> 00:40:16.640
ja gerade eben schon gehört. Laut Programm
sollten sie jetzt einen Wirtschaftskrimi
00:40:16.640 --> 00:40:21.139
mit dem Titel Tanker sehen, den bringen
wir heute abend nicht. Dafür aber einen
00:40:21.139 --> 00:40:25.590
Spionagekrimi, und zwar einen echten.
Einen authentischen Report über den
00:40:25.590 --> 00:40:30.295
schwersten Spionagefall seit der
Enttarnung des Kanzleramtsagenten Günter
00:40:30.295 --> 00:40:33.920
Guillaume.
Drephal: You can find the whole Brennpunkt
00:40:33.920 --> 00:40:41.710
on YouTube. It's very interesting. It's
like 30 minutes. There's a lot of the same
00:40:41.710 --> 00:40:50.599
images as in the other documentation I
showed. Dudes in black sunglasses, the CIA
00:40:50.599 --> 00:40:56.280
and stuff. Also, this documentation about
Clifford Stoll is hilarious. Not just the
00:40:56.280 --> 00:41:00.627
scene where where he runs out the shower
in his towel to his computer because the
00:41:00.627 --> 00:41:05.090
hacker is on. It's hilarious.
Herald: So do we have any more questions
00:41:05.090 --> 00:41:08.280
from the Internet, from the hall.
Drephal: No?
00:41:08.280 --> 00:41:14.010
Herald: No, it does not... Well, then
there is something up at microphone 5.
00:41:14.010 --> 00:41:17.520
Question: Can you hear me? Yeah.
Drephal: Where? Ah, there!
00:41:17.520 --> 00:41:20.450
Q: Do we know anything about the rest of
the group?
00:41:20.450 --> 00:41:24.080
Drephal: Yes.
Q: Working today, for example?
00:41:24.080 --> 00:41:33.560
Drephal: Yes. Well, about... let me, go
back or go front. Well, I did... I looked
00:41:33.560 --> 00:41:40.570
into them. DOB, I could not find anything
about him. He was actually one of the two
00:41:40.570 --> 00:41:44.520
who had to stay in prison for almost a
year because he was fleeing the army
00:41:44.520 --> 00:41:49.930
service and they were looking for him.
I couldn't find anything about what he's
00:41:49.930 --> 00:41:55.710
doing today. Pengo is very active. He has
a Twitter. He's into vintage computing.
00:41:55.710 --> 00:42:01.450
And he's, he's the one who's always been
interviewed. You know, every 10 years, 10
00:42:01.450 --> 00:42:06.750
years after the KGB hack, 20 years after
the KGB hack, he's been on TV, he's been
00:42:06.750 --> 00:42:11.314
on podcasts. You can find a lot about him.
00:42:11.314 --> 00:42:16.440
But, about 10 years ago, he was on Tim
00:42:16.440 --> 00:42:23.040
Pritlove's podcast. Very interesting. It's
two hours long, but it's super
00:42:23.040 --> 00:42:29.490
interesting, very detailed in, into the
beginnings of the Internet. And there he
00:42:29.490 --> 00:42:33.920
said, OK. He's being asked about this
again and again. And sometimes you just
00:42:33.920 --> 00:42:39.010
don't want to talk about it anymore. I can
totally understand that. Well, you know
00:42:39.010 --> 00:42:43.400
what happened about, what happened with
Hagbard. Urmel, I couldn't find out
00:42:43.400 --> 00:42:46.120
anything either.
00:42:47.080 --> 00:42:53.280
Also, Pedro, no.
Not so much.
00:42:53.280 --> 00:42:56.030
Herald: So we have another question on
microphone three.
00:42:56.030 --> 00:43:01.770
Question: Hi. Well, first of all, thank
you very much. I did read The Kuckuck's
00:43:01.770 --> 00:43:03.770
Egg.
Drephal: Excellent!
00:43:03.770 --> 00:43:08.740
Q: And thank you for posing the German
perspective towards it. It really
00:43:08.740 --> 00:43:13.710
elaborates the story quite a lot. You
finished your presentation with the
00:43:13.710 --> 00:43:19.109
question, what is missing, currently, at
the Chaos Computer Club. I love it
00:43:19.109 --> 00:43:21.884
probably as much as you do.
00:43:21.884 --> 00:43:25.710
I come from the Netherlands and
I have the feeling that in
00:43:25.710 --> 00:43:29.010
Holland, hackers collaborate much more
with governments and companies.
00:43:29.010 --> 00:43:31.970
Drephal: Okay.
Q: It's good to be critical against
00:43:31.970 --> 00:43:37.040
government, but to criticize everything
and to shut out government for everything
00:43:37.040 --> 00:43:41.609
doesn't solve the problem. So what I'm
hoping for is a more constructive
00:43:41.609 --> 00:43:46.010
collaboration with the German government
and I hope I'm not making myself very
00:43:46.010 --> 00:43:50.310
impopular here. I perhaps do, but I'm
Dutch.
00:43:50.760 --> 00:43:52.980
Laughter
Drephal: Thank you.
00:43:52.990 --> 00:43:57.840
Applause
00:43:57.840 --> 00:44:03.790
Herald: Another question, microphone one.
Question: Hi. Just to get the facts
00:44:03.790 --> 00:44:10.220
straight. So, I mean, I guess we all know
here the story, the development of the
00:44:10.220 --> 00:44:16.770
term hacking since the IT hacks, et
cetera. Would you say that explicitly, the
00:44:16.770 --> 00:44:23.079
story with the German hacking is the thing
that stained the name of hacking in our
00:44:23.079 --> 00:44:28.380
mainstream consciousness?
Drephal: Not, not alone. I mean, there's
00:44:28.380 --> 00:44:33.810
obviously when you look at the US, there's
cases of hacking. I mean, talking about
00:44:33.810 --> 00:44:39.960
Kevin Mitnick, for example, Robert Tappan
Morris, who shut down all the computers in
00:44:39.960 --> 00:44:47.730
the US for days. That's something that,
obviously, formed the image of hacking in
00:44:47.730 --> 00:44:53.430
the US and I, I'm not sure about other
countries to be, to be honest. But I'm
00:44:53.430 --> 00:44:59.609
thinking that it was around the same time,
so end of the 80s, hacking kind of lost
00:44:59.609 --> 00:45:05.754
its innocence through various infamous
hacks like the KGB hack.
00:45:05.754 --> 00:45:07.846
Q: Thank you very much.
Drephal: Thank you.
00:45:07.846 --> 00:45:12.140
Herald: Next question, microphone three.
Question: Yes. Thank you, interesting
00:45:12.140 --> 00:45:17.410
talk. And is there a list or has...
Herald: Please talk a bit closer to the
00:45:17.410 --> 00:45:20.470
microphone. Thank you.
Q: Has anyone a list of which kind of
00:45:20.470 --> 00:45:26.280
information has been leaked or which kind
of facilities have been compromised? And
00:45:26.280 --> 00:45:31.440
second questions, have the Russians ever
confirmed this hack?
00:45:31.440 --> 00:45:39.160
Drephal: First question. Yes. Well,
there's the official documents that came
00:45:39.160 --> 00:45:47.050
out in, in the process. There's actually,
if you, if you read German, there is an
00:45:47.050 --> 00:45:53.200
interesting book that came out in 1990
about this case. And it has very detailed
00:45:53.200 --> 00:45:58.770
information about what kind of
institutions have been hacked and what
00:45:58.770 --> 00:46:08.070
kind of information has been given to the
Soviets. But most of it, I guess, is, is,
00:46:08.070 --> 00:46:14.170
comes from confessions, because there was
no proof. The Russians did never confirm
00:46:14.170 --> 00:46:20.300
that, yeah, OK, We got this and we got
that. No, of course not. And so most of it
00:46:20.300 --> 00:46:30.470
is what the hackers actually confessed.
Herald: Do we have any more questions? It
00:46:30.470 --> 00:46:35.350
does not look like that. So for anyone who
left already. You're going to miss out on
00:46:35.350 --> 00:46:37.350
the outro video.
Drephal: Yeah.
00:46:37.350 --> 00:46:44.050
Herald: Take it away.
Drephal: If I can actually do that because
00:46:44.050 --> 00:46:50.672
there's no more questions. Are we seeing
this? Excellent. It's just one thing, for
00:46:50.672 --> 00:46:54.413
me, left to do.
00:46:57.793 --> 00:46:59.656
Why am I...
00:47:10.450 --> 00:47:11.820
Drephal: Thank you!
00:47:11.820 --> 00:47:15.360
Applause
Herald: Thank you. Big one, round of
00:47:15.360 --> 00:47:20.271
applause.
Applause
00:47:20.271 --> 00:47:24.466
postroll music
00:47:24.466 --> 00:47:47.000
subtitles created by c3subtitles.de
in the year 2019. Join, and help us!