< Return to Video

36C3 - Hirne Hacken

  • 0:00 - 0:19
    [Intro Music]
  • 0:19 - 0:22
    Engel: Good morning, Linus!
    Linus: Good morning, Sebastian!
  • 0:22 - 0:28
    [Applause]
  • 0:28 - 0:33
    I'm glad, you showed up so numerous
    and fell
  • 0:33 - 0:36
    for this baiting title! I want
    to talk about human
  • 0:36 - 0:40
    factors in IT security and chose "hacking
    brains" for the title.
  • 0:40 - 0:46
    Background to this is the fact, that
    when you talk about "hackers"
  • 0:46 - 0:49
    most people think of halfgods in black.
  • 0:49 - 0:52
    Nobody really knows what they are doing,
    but those hackers
  • 0:52 - 0:57
    get into my device somehow and i don't
    know what they want from me
  • 0:57 - 1:01
    or how they did it.
    And the reality out there is
  • 1:01 - 1:06
    typically pretty different than most
    people imagine it. I stand firm
  • 1:06 - 1:13
    in the believe that basically all
    relevant problems in IT security
  • 1:13 - 1:18
    have been solved in theory. So we don't
    have like... we don't miss the knowledge
  • 1:18 - 1:23
    on solutions for particular problems,
    but we still can't make it work.
  • 1:23 - 1:26
    Even though we've solved everything
    theoretically,
  • 1:26 - 1:32
    the actual IT security is a desaster.
  • 1:32 - 1:37
    And that's most likely, because we build
    some fascinating IT-mechanisms and
  • 1:37 - 1:41
    we test them. As we can see this pole and
    it encloses some animal now, but
  • 1:41 - 1:44
    if we observe it in reality, it looks more
    like that...
  • 1:44 - 1:51
    [audience laughing]
    [someone singing to "Einzug der Gladiatoren"]
  • 1:51 - 1:55
  • 1:55 - 2:00
    That's only a small threat and somehow
  • 2:00 - 2:04
    we imagine, that it will be different
    with bigger threats.
  • 2:04 - 2:11
    Let's have a look: We read about Emotet
    everywhere.
  • 2:11 - 2:15
    Hackers compromise PCs, encrypt all the
    data, demand a lot of ransom,
  • 2:15 - 2:20
    and Heise covered it a lot, until
    they got hit by it themselves.
  • 2:20 - 2:25
    [laughter] That means, even those who
    really should have known better
  • 2:25 - 2:28
    are still effected by it
    and i think that's
  • 2:28 - 2:31
    pretty interresting. And if we have a look
    at what happens in the
  • 2:31 - 2:36
    IT security research, even here on this
    congress, which is why i handed in this
  • 2:36 - 2:39
    talk, so the research has to be avant
    garde.
  • 2:39 - 2:43
    It's like big applause and Voodoo,
    and another exploit there and
  • 2:43 - 2:48
    whatever, and remote code execution, while
    the reality on the other hand
  • 2:48 - 2:53
    what actually happens out there, is
    actually more like this.
  • 2:53 - 2:58
    Am I in already?
    This means, we basically live,
  • 2:58 - 3:02
    because we as hackers and nerds find it
    interessting, we live like in
  • 3:02 - 3:08
    this world, while the real crime that
    happens outside looks more like this!
  • 3:08 - 3:15
    sleight of hands. and theses sleight of
    hands are not addressed or solved!
  • 3:15 - 3:19
    And i think that's kinda counterproductive
    or bad, that we don't care about
  • 3:19 - 3:22
    those problemfields, which prevail and
    are seen everywhere
  • 3:22 - 3:27
    even in the "Heise" publishing company,
    that we don't address them.
  • 3:27 - 3:31
    And we haven't made any progress
    on that front for years.
  • 3:31 - 3:34
    I want to talk a bit about easy Scams,
    a bit about password issues, a little
  • 3:34 - 3:41
    about malware. A scam that amused even
    us in the CCC, is the scam
  • 3:41 - 3:46
    by the Chaos-Hacking-Group. They
    sent E-Mails that said:
  • 3:46 - 3:50
    "Yeah i have compromised your system with
    a trojan and
  • 3:50 - 3:56
    we are aware about your adventures on the
    internet. We know, that you love
  • 3:56 - 4:01
    adult sites and know about
    your sex addiction."
  • 4:01 - 4:05
    And try to blackmail those people. Provide
    a Bitcoin Wallet
  • 4:05 - 4:09
    and, yeah, try to blackmail people.
    Intresstingly
  • 4:09 - 4:13
    there are people, that are
    really concerned. They deny everything!
  • 4:13 - 4:18
    Obviously this isn't true at all and
    there's just no truth to any of it.
  • 4:18 - 4:22
    When you're practiced in blackmailing,
    you know: Don't pay anything until
  • 4:22 - 4:28
    proof is provided. When people then
    try to inform themselfs and
  • 4:28 - 4:33
    goolge it, they land here immediatly.
  • 4:33 - 4:37
    When you google "Chaos-CC group",
    then some random websites explain
  • 4:37 - 4:40
    that it's a trojan and you should
  • 4:40 - 4:47
    download the next malware.
  • 4:47 - 4:52
    Basically how to remove this damage. That
    means people are getting out of the
  • 4:52 - 4:57
    frying pan into the fire. "Haha you
    want to get fooled! There i got another
  • 4:57 - 5:04
    one for you. That means the world
    outside is relativly dangerous
  • 5:04 - 5:07
    for our unknowing users.
    Let's have a look
  • 5:07 - 5:12
    how this looks like when done by
    expierienced folks. The Linux
  • 5:12 - 5:17
    Kernelmailinglist is known by a bunch
    of you. There recently was an E-Mail
  • 5:17 - 5:23
    on the 31st of October, so a while ago.
    They even provided the password, yeah
  • 5:23 - 5:25
    that's the next Level Scam: You just
    write some password leak
  • 5:25 - 5:28
    with it and folks will get their pumps
    racing, because their password
  • 5:28 - 5:35
    is written in the Mail and as before they
    wanted Bitcoins, amongst
  • 5:35 - 5:39
    other things, from the Kernel-Devs
    themselfs. Bitcoin is pretty nice,
  • 5:39 - 5:42
    You can have a look in the Blockchain and
    see how many the devs paid.
  • 5:42 - 5:48
    In this wallet are 2.98 Bitcoin which has
    been about 19000€
  • 5:48 - 5:51
    some days ago. There are still
    people out there claiming
  • 5:51 - 5:54
    you can't make a profit on linux.
    [laughter]
  • 5:54 - 6:01
    [applause]
    This E-Mail
  • 6:01 - 6:06
    was sent to many many more people outside
    the Kernellist, but i think, you get my
  • 6:06 - 6:08
    point, and ask yourself: Why do we
    even do all that stuff we do
  • 6:08 - 6:11
    ,when we could easily get people
    to send us their money
  • 6:11 - 6:17
    with some spam mails. But there's more:
    transfer money, the classic! The CEO fraud
  • 6:17 - 6:22
    Big topic. This is one of the big
    scenarios, that middle size and big
  • 6:22 - 6:26
    size companys are exposed to. You
    get a mail, where it states
  • 6:26 - 6:30
    "Ey, we need to pay those bills!
    It hast to happen TODAY"
  • 6:30 - 6:34
    most of the time it's
  • 6:34 - 6:37
    small amounts, that get overlooked.
  • 6:37 - 6:43
    but can also be a lot worse.
    Acutally
  • 6:43 - 6:49
    happend pretty often already, with a story
    like: "Yeah the big deal with the chinease
  • 6:49 - 6:53
    is almost through and you mustn't
    talk to anybody about it,
  • 6:53 - 6:57
    but you have to
    transfer 2 Mils to the Seychelles "
  • 6:57 - 7:01
    and then folks do that and those
    Mails work
  • 7:01 - 7:06
    a litte with authority, trust, haste
    and pressure and guide people
  • 7:06 - 7:12
    to do what they shouldn't.
  • 7:12 - 7:15
    This might sound funny in the first moment
    but when you talk to
  • 7:15 - 7:19
    someone that fell for it, they are really
    rattled, because they know
  • 7:19 - 7:22
    that it wasn't smart and damaging
    for the company.
  • 7:22 - 7:28
    and that's not that entertaining anymore. :(
  • 7:28 - 7:35
    Let's get back to entertaining stuff: The
    authentication. A thing that many folks
  • 7:35 - 7:39
    have problems with, is their password and
    the problem is
  • 7:39 - 7:43
    that they only have one
    and it lingers in such a collection
  • 7:43 - 7:49
    you and everyone has them and
  • 7:49 - 7:55
    you can look up you passwords,
    i.e. 23bonobo42, Tim Pritlove, so on
  • 7:55 - 8:03
    The beauty of these lists: even WE who
    should know better are in those lists.
  • 8:03 - 8:07
    When you enter my E-Mail adress in
    "haveibeenpwned"
  • 8:07 - 8:11
    - a website where you can check if you've
    been inlcuded in a leak
  • 8:11 - 8:16
    you can also find ME. So, i will explain
    how that might have happend.
  • 8:16 - 8:22
    The thing that makes me furious about
    this, is that since there have beeen
  • 8:22 - 8:26
    computers we have never really done
    anything against this password problem.
  • 8:26 - 8:30
    We tell people: Ok your password shouldn't
    be guessable, best case random,
  • 8:30 - 8:34
    whithout any system. It should be as long
    as possible, best case not a word
  • 8:34 - 8:40
    And it should be different everywhere.
    And NOBODY does that.
  • 8:40 - 8:44
    Recently i went to the dentist and
    when you talk with him, he's always like:
  • 8:44 - 8:47
    Yeah, floss morning, lunch, evening and
    everytime and so on
  • 8:47 - 8:51
    "yeah, yeah, first you change all your
    passwords and then we can talk about
  • 8:51 - 8:55
    that"
    [laughter]
  • 8:55 - 9:03
    [applause]
    and yeah i've done that
  • 9:03 - 9:06
  • 9:06 - 9:10
  • 9:10 - 9:13
  • 9:13 - 9:16
  • 9:16 - 9:20
  • 9:20 - 9:24
  • 9:24 - 9:27
  • 9:27 - 9:32
  • 9:32 - 9:36
  • 9:36 - 9:39
  • 9:39 - 9:43
  • 9:43 - 9:49
  • 9:49 - 9:53
  • 9:53 - 10:03
  • 10:03 - 10:07
  • 10:07 - 10:10
  • 10:10 - 10:15
  • 10:15 - 10:19
  • 10:19 - 10:22
  • 10:22 - 10:29
  • 10:29 - 10:32
  • 10:32 - 10:37
  • 10:37 - 10:45
  • 10:45 - 10:48
  • 10:48 - 10:52
  • 10:52 - 10:56
  • 10:56 - 11:00
  • 11:00 - 11:06
  • 11:06 - 11:10
  • 11:10 - 11:13
  • 11:13 - 11:16
  • 11:16 - 11:20
  • 11:20 - 11:28
  • 11:28 - 11:34
  • 11:34 - 11:40
  • 11:40 - 11:45
  • 11:45 - 11:47
  • 11:47 - 11:53
  • 11:53 - 11:56
  • 11:56 - 12:02
  • 12:02 - 12:07
  • 12:07 - 12:12
  • 12:12 - 12:15
  • 12:15 - 12:19
  • 12:19 - 12:24
  • 12:24 - 12:29
  • 12:29 - 12:34
  • 12:34 - 12:40
  • 12:40 - 12:45
  • 12:45 - 12:50
  • 12:50 - 12:54
  • 12:54 - 13:01
  • 13:01 - 13:06
  • 13:06 - 13:10
  • 13:10 - 13:14
  • 13:14 - 13:24
  • 13:24 - 13:27
  • 13:27 - 13:32
  • 13:32 - 13:36
  • 13:36 - 13:41
  • 13:41 - 13:45
  • 13:45 - 13:49
  • 13:49 - 13:52
  • 13:52 - 13:57
  • 13:57 - 14:02
  • 14:02 - 14:08
  • 14:08 - 14:13
  • 14:13 - 14:18
  • 14:18 - 14:23
  • 14:23 - 14:28
  • 14:28 - 14:32
  • 14:32 - 14:41
  • 14:41 - 14:48
  • 14:48 - 14:52
  • 14:52 - 14:57
  • 14:57 - 15:01
  • 15:01 - 15:06
  • 15:06 - 15:10
  • 15:10 - 15:15
  • 15:15 - 15:20
  • 15:20 - 15:24
  • 15:24 - 15:26
  • 15:26 - 15:29
  • 15:29 - 15:35
  • 15:35 - 15:39
  • 15:39 - 15:43
  • 15:43 - 15:48
  • 15:48 - 15:54
  • 15:54 - 16:00
  • 16:00 - 16:08
  • 16:08 - 16:13
  • 16:13 - 16:17
  • 16:17 - 16:23
  • 16:23 - 16:30
  • 16:30 - 16:34
  • 16:34 - 16:38
  • 16:38 - 16:46
  • 16:46 - 16:51
  • 16:51 - 16:56
  • 16:56 - 16:59
  • 16:59 - 17:04
  • 17:04 - 17:09
  • 17:09 - 17:16
  • 17:16 - 17:22
  • 17:22 - 17:25
  • 17:25 - 17:29
  • 17:29 - 17:36
  • 17:36 - 17:42
  • 17:42 - 17:46
  • 17:46 - 17:51
  • 17:51 - 17:56
  • 17:56 - 18:01
  • 18:01 - 18:04
  • 18:04 - 18:09
  • 18:09 - 18:14
  • 18:14 - 18:19
  • 18:19 - 18:25
  • 18:25 - 18:29
  • 18:29 - 18:34
  • 18:34 - 18:38
  • 18:38 - 18:42
  • 18:42 - 18:47
  • 18:47 - 18:54
  • 18:54 - 18:59
  • 18:59 - 19:04
  • 19:04 - 19:08
  • 19:08 - 19:13
  • 19:13 - 19:17
  • 19:17 - 19:21
  • 19:21 - 19:24
  • 19:24 - 19:30
  • 19:30 - 19:35
  • 19:35 - 19:40
  • 19:40 - 19:46
  • 19:46 - 19:52
  • 19:52 - 19:56
  • 19:56 - 20:00
  • 20:00 - 20:03
  • 20:03 - 20:07
  • 20:07 - 20:12
  • 20:12 - 20:19
  • 20:19 - 20:25
  • 20:25 - 20:28
  • 20:28 - 20:33
  • 20:33 - 20:38
  • 20:38 - 20:43
  • 20:43 - 20:47
  • 20:47 - 20:50
  • 20:50 - 20:54
  • 20:54 - 20:58
  • 20:58 - 21:04
  • 21:04 - 21:06
  • 21:06 - 21:10
  • 21:10 - 21:14
  • 21:14 - 21:18
  • 21:18 - 21:20
  • 21:20 - 21:24
  • 21:24 - 21:28
  • 21:28 - 21:32
  • 21:32 - 21:34
  • 21:34 - 21:38
  • 21:38 - 21:42
  • 21:42 - 21:46
  • 21:46 - 21:50
  • 21:50 - 21:52
  • 21:52 - 21:54
  • 21:54 - 22:03
  • 22:03 - 22:08
  • 22:08 - 22:13
  • 22:13 - 22:14
  • 22:14 - 22:19
  • 22:19 - 22:23
  • 22:23 - 22:26
  • 22:26 - 22:31
  • 22:31 - 22:36
  • 22:36 - 22:41
  • 22:41 - 22:47
  • 22:47 - 22:51
  • 22:51 - 22:56
  • 22:56 - 22:59
  • 22:59 - 23:02
  • 23:02 - 23:08
  • 23:08 - 23:12
  • 23:12 - 23:16
  • 23:16 - 23:19
  • 23:19 - 23:31
  • 23:31 - 23:35
  • 23:35 - 23:41
  • 23:41 - 23:46
  • 23:46 - 23:51
  • 23:51 - 23:57
  • 23:57 - 24:03
  • 24:03 - 24:08
  • 24:08 - 24:11
  • 24:11 - 24:19
  • 24:19 - 24:24
  • 24:24 - 24:27
  • 24:27 - 24:32
  • 24:32 - 24:35
  • 24:35 - 24:40
  • 24:40 - 24:45
  • 24:45 - 24:51
  • 24:51 - 24:55
  • 24:55 - 25:00
  • 25:00 - 25:03
  • 25:03 - 25:08
  • 25:08 - 25:12
  • 25:12 - 25:16
  • 25:16 - 25:22
  • 25:22 - 25:28
  • 25:28 - 25:33
  • 25:33 - 25:38
  • 25:38 - 25:42
  • 25:42 - 25:50
  • 25:50 - 25:55
  • 25:55 - 26:00
  • 26:00 - 26:04
  • 26:04 - 26:07
  • 26:07 - 26:10
  • 26:10 - 26:13
  • 26:13 - 26:16
  • 26:16 - 26:22
  • 26:22 - 26:27
  • 26:27 - 26:32
  • 26:32 - 26:37
  • 26:37 - 26:43
  • 26:43 - 26:49
  • 26:49 - 26:55
  • 26:55 - 27:02
  • 27:02 - 27:07
  • 27:07 - 27:11
  • 27:11 - 27:16
  • 27:16 - 27:19
  • 27:19 - 27:23
  • 27:23 - 27:28
  • 27:28 - 27:31
  • 27:31 - 27:37
  • 27:37 - 27:42
  • 27:42 - 27:45
  • 27:45 - 27:49
  • 27:49 - 27:55
  • 27:55 - 27:58
  • 27:58 - 28:01
  • 28:01 - 28:06
  • 28:06 - 28:09
  • 28:09 - 28:13
  • 28:13 - 28:19
  • 28:19 - 28:24
  • 28:24 - 28:30
  • 28:30 - 28:34
  • 28:34 - 28:40
  • 28:40 - 28:42
  • 28:42 - 28:46
  • 28:46 - 28:52
  • 28:52 - 28:55
  • 28:55 - 28:59
  • 28:59 - 29:07
  • 29:07 - 29:10
  • 29:10 - 29:14
  • 29:14 - 29:18
  • 29:18 - 29:23
  • 29:23 - 29:28
  • 29:28 - 29:33
  • 29:33 - 29:37
  • 29:37 - 29:43
  • 29:43 - 29:48
  • 29:48 - 29:51
  • 29:51 - 29:56
  • 29:56 - 30:03
  • 30:03 - 30:08
  • 30:08 - 30:14
  • 30:14 - 30:19
  • 30:19 - 30:23
  • 30:23 - 30:26
  • 30:26 - 30:30
  • 30:30 - 30:36
  • 30:36 - 30:39
  • 30:39 - 30:42
  • 30:42 - 30:45
  • 30:45 - 30:49
  • 30:49 - 30:53
  • 30:53 - 30:58
  • 30:58 - 31:02
  • 31:02 - 31:06
  • 31:06 - 31:10
  • 31:10 - 31:14
  • 31:14 - 31:17
  • 31:17 - 31:20
  • 31:20 - 31:24
  • 31:24 - 31:29
  • 31:29 - 31:32
  • 31:32 - 31:37
  • 31:37 - 31:42
  • 31:42 - 31:46
  • 31:46 - 31:49
  • 31:49 - 31:53
  • 31:53 - 31:58
  • 31:58 - 32:03
  • 32:03 - 32:08
  • 32:08 - 32:13
  • 32:13 - 32:17
  • 32:17 - 32:22
  • 32:22 - 32:30
  • 32:30 - 32:34
  • 32:34 - 32:39
  • 32:39 - 32:43
  • 32:43 - 32:48
  • 32:48 - 32:51
  • 32:51 - 32:55
  • 32:55 - 32:58
  • 32:58 - 33:02
  • 33:02 - 33:05
  • 33:05 - 33:11
  • 33:11 - 33:14
  • 33:14 - 33:20
  • 33:20 - 33:23
  • 33:23 - 33:26
  • 33:26 - 33:35
  • 33:35 - 33:41
  • 33:41 - 33:45
  • 33:45 - 33:48
  • 33:48 - 33:51
  • 33:51 - 33:55
  • 33:55 - 34:00
  • 34:00 - 34:05
  • 34:05 - 34:09
  • 34:09 - 34:15
  • 34:15 - 34:19
  • 34:19 - 34:22
  • 34:22 - 34:26
  • 34:26 - 34:30
  • 34:30 - 34:34
  • 34:34 - 34:39
  • 34:39 - 34:45
  • 34:45 - 34:48
  • 34:48 - 34:54
  • 34:54 - 34:58
  • 34:58 - 35:02
  • 35:02 - 35:10
  • 35:10 - 35:14
  • 35:14 - 35:19
  • 35:19 - 35:24
  • 35:24 - 35:30
  • 35:30 - 35:35
  • 35:35 - 35:40
  • 35:40 - 35:44
  • 35:44 - 35:48
  • 35:48 - 35:53
  • 35:53 - 36:00
  • 36:00 - 36:06
  • 36:06 - 36:10
  • 36:10 - 36:15
  • 36:15 - 36:20
  • 36:20 - 36:25
  • 36:25 - 36:30
  • 36:30 - 36:35
  • 36:35 - 36:41
  • 36:41 - 36:46
  • 36:46 - 36:49
  • 36:49 - 36:53
  • 36:53 - 36:57
  • 36:57 - 37:02
  • 37:02 - 37:07
  • 37:07 - 37:11
  • 37:11 - 37:16
  • 37:16 - 37:20
  • 37:20 - 37:28
  • 37:28 - 37:32
  • 37:32 - 37:37
  • 37:37 - 37:42
  • 37:42 - 37:46
  • 37:46 - 37:52
  • 37:52 - 37:59
  • 37:59 - 38:05
  • 38:05 - 38:08
  • 38:08 - 38:14
  • 38:14 - 38:17
  • 38:17 - 38:22
  • 38:22 - 38:25
  • 38:25 - 38:29
  • 38:29 - 38:34
  • 38:34 - 38:41
  • 38:41 - 38:45
  • 38:45 - 38:48
  • 38:48 - 38:52
  • 38:52 - 38:54
  • 38:54 - 38:57
  • 38:57 - 39:03
  • 39:03 - 39:06
  • 39:06 - 39:11
  • 39:11 - 39:14
  • 39:14 - 39:19
  • 39:19 - 39:22
  • 39:22 - 39:26
  • 39:26 - 39:30
  • 39:30 - 39:35
  • 39:35 - 39:45
  • 39:45 - 39:49
  • 39:49 - 39:52
  • 39:52 - 39:54
  • 39:54 - 39:57
  • 39:57 - 40:00
  • 40:00 - 40:03
  • 40:03 - 40:07
  • 40:07 - 40:11
  • 40:11 - 40:17
  • 40:17 - 40:22
  • 40:22 - 40:27
  • 40:27 - 40:30
  • 40:30 - 40:34
  • 40:34 - 40:37
  • 40:37 - 40:42
  • 40:42 - 40:47
  • 40:47 - 40:57
  • 40:57 - 41:00
  • 41:00 - 41:05
  • 41:05 - 41:07
  • 41:07 - 41:11
  • 41:11 - 41:15
  • 41:15 - 41:18
  • 41:18 - 41:25
  • 41:25 - 41:30
  • 41:30 - 41:33
  • 41:33 - 41:38
  • 41:38 - 41:43
  • 41:43 - 41:48
  • 41:48 - 41:53
  • 41:53 - 41:58
  • 41:58 - 42:02
  • 42:02 - 42:10
  • 42:10 - 42:13
  • 42:13 - 42:17
  • 42:17 - 42:20
  • 42:20 - 42:24
  • 42:24 - 42:29
  • 42:29 - 42:32
  • 42:32 - 42:38
  • 42:38 - 42:43
  • 42:43 - 42:47
  • 42:47 - 42:49
  • 42:49 - 43:01
  • 43:01 - 43:07
  • 43:07 - 43:12
  • 43:12 - 43:15
  • 43:15 - 43:19
  • 43:19 - 43:22
  • 43:22 - 43:26
  • 43:26 - 43:48
Title:
36C3 - Hirne Hacken
Description:
more » « less
Video Language:
German
Duration:
43:48
Jerry Huteka edited English subtitles for 36C3 - Hirne Hacken
Jerry Huteka edited English subtitles for 36C3 - Hirne Hacken

English subtitles

Incomplete

Revisions

Our website uses cookies for analysis purposes.