0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/916 Thanks! 1 00:00:14,900 --> 00:00:17,329 OK, the next talk is 2 00:00:17,330 --> 00:00:19,159 by Matthias over there, and he'll be 3 00:00:19,160 --> 00:00:20,479 talking about Internet, Internet 4 00:00:20,480 --> 00:00:22,639 censorship, censorship 5 00:00:22,640 --> 00:00:24,499 in the Katrina referendum and what 6 00:00:24,500 --> 00:00:25,670 welcome to what, Matthias? 7 00:00:33,420 --> 00:00:34,999 OK, thank you very much. 8 00:00:35,000 --> 00:00:36,000 Welcome to my talk. 9 00:00:37,020 --> 00:00:39,149 First of all, I want to give a short 10 00:00:39,150 --> 00:00:41,339 disclaimer so I'm not a security 11 00:00:41,340 --> 00:00:42,539 specialist. 12 00:00:42,540 --> 00:00:44,669 And so most of the information you 13 00:00:44,670 --> 00:00:45,989 can find here or nearly all the 14 00:00:45,990 --> 00:00:48,659 information is from 15 00:00:48,660 --> 00:00:50,399 is publicly available. 16 00:00:50,400 --> 00:00:52,289 And I wasn't involved in any illegal 17 00:00:52,290 --> 00:00:54,689 activity. So only secondhand information. 18 00:00:54,690 --> 00:00:55,690 Sorry. 19 00:00:56,190 --> 00:00:58,799 OK, what I will talk about 20 00:00:58,800 --> 00:01:01,109 I will talk about I will give you a short 21 00:01:01,110 --> 00:01:03,659 background of a political background. 22 00:01:03,660 --> 00:01:06,029 Then I will talk a lot about 23 00:01:06,030 --> 00:01:08,249 how the filtering of the ISPs did 24 00:01:08,250 --> 00:01:09,269 work. 25 00:01:09,270 --> 00:01:11,639 Then there was a homepage that's called 26 00:01:11,640 --> 00:01:13,739 Where to Vote homepage, which had a 27 00:01:13,740 --> 00:01:14,740 different 28 00:01:15,860 --> 00:01:18,179 a different way to store data. 29 00:01:18,180 --> 00:01:19,889 And they would talk about the day of the 30 00:01:19,890 --> 00:01:21,689 referendum. And hopefully we will have 31 00:01:21,690 --> 00:01:23,699 some time for Q&A. 32 00:01:23,700 --> 00:01:25,559 OK, so here on the right hand side, you 33 00:01:25,560 --> 00:01:27,959 can see the Spanish state 34 00:01:27,960 --> 00:01:30,479 and the red part is Catalonia, 35 00:01:30,480 --> 00:01:32,939 which is well known 36 00:01:32,940 --> 00:01:34,409 city Barcelona. 37 00:01:34,410 --> 00:01:36,449 So Catalonia has its own language and 38 00:01:36,450 --> 00:01:37,469 culture. 39 00:01:37,470 --> 00:01:39,929 It's one of the richest regions 40 00:01:39,930 --> 00:01:42,059 in the in Spain with 41 00:01:42,060 --> 00:01:44,039 20 percent of the GDP. 42 00:01:44,040 --> 00:01:46,139 And it has a long history of 43 00:01:46,140 --> 00:01:48,149 struggling to get more autonomy. 44 00:01:48,150 --> 00:01:51,449 This is especially in 2010, 45 00:01:51,450 --> 00:01:53,639 the autonomy 46 00:01:53,640 --> 00:01:56,189 got cut down by the Spanish government. 47 00:01:57,310 --> 00:01:59,559 And so the voices 48 00:01:59,560 --> 00:02:02,169 came up that asked for independence, 49 00:02:02,170 --> 00:02:05,019 so the Catalan government 50 00:02:05,020 --> 00:02:07,239 decided to have a referendum and first 51 00:02:07,240 --> 00:02:09,969 asked 16 times the Spanish 52 00:02:09,970 --> 00:02:12,579 government to agree on a referendum 53 00:02:12,580 --> 00:02:14,919 and the Spanish government 54 00:02:14,920 --> 00:02:17,349 did not want to. And so the 55 00:02:17,350 --> 00:02:19,449 Catalan parliament 56 00:02:19,450 --> 00:02:21,579 in June decided in 57 00:02:21,580 --> 00:02:23,769 majority to hold a referendum on 1st 58 00:02:23,770 --> 00:02:26,109 of October, which later was 59 00:02:26,110 --> 00:02:28,329 called unconstitutional by the 60 00:02:28,330 --> 00:02:30,369 Spanish Supreme Court. 61 00:02:30,370 --> 00:02:32,769 OK, so obviously in 62 00:02:32,770 --> 00:02:35,369 this talk, we will talk I will talk 63 00:02:35,370 --> 00:02:37,479 about the Internet censorship and 64 00:02:37,480 --> 00:02:39,099 the focus will be on this. 65 00:02:39,100 --> 00:02:41,439 But there has been also other things 66 00:02:41,440 --> 00:02:43,749 happening the weeks before the referendum 67 00:02:43,750 --> 00:02:45,609 that I want to talk about what the weeks 68 00:02:45,610 --> 00:02:48,009 before and even in the weeks after. 69 00:02:48,010 --> 00:02:50,469 So, for example, there was a referendum, 70 00:02:50,470 --> 00:02:52,719 material was confiscated by the police. 71 00:02:52,720 --> 00:02:54,999 We had over 800 injured 72 00:02:55,000 --> 00:02:56,079 people by the police. 73 00:02:56,080 --> 00:02:57,609 And on the day of the referendum, when 74 00:02:57,610 --> 00:02:59,829 the police tried to shut down 75 00:02:59,830 --> 00:03:01,989 polling stations, one man lost 76 00:03:01,990 --> 00:03:04,749 his eye by a police rubber bullet. 77 00:03:04,750 --> 00:03:07,209 Uh, interesting here is that 78 00:03:07,210 --> 00:03:09,339 Catalan police forces are not allowed 79 00:03:09,340 --> 00:03:11,079 to use rubber bullets against the 80 00:03:11,080 --> 00:03:13,509 protesters, but Spanish police 81 00:03:13,510 --> 00:03:15,009 officers are allowed to do so in 82 00:03:15,010 --> 00:03:16,010 Catalonia. 83 00:03:16,780 --> 00:03:19,299 So right now, they are four persons 84 00:03:19,300 --> 00:03:21,669 imprisoned without bail, including the 85 00:03:21,670 --> 00:03:24,399 the legitimate vice president 86 00:03:24,400 --> 00:03:26,469 and two leaders of 87 00:03:26,470 --> 00:03:28,629 political organizations and 88 00:03:28,630 --> 00:03:30,789 the president or the legitimate president 89 00:03:30,790 --> 00:03:32,589 of Catalonia and four ministers in Brazil 90 00:03:32,590 --> 00:03:33,609 in exile. 91 00:03:33,610 --> 00:03:35,560 So if you want 92 00:03:36,700 --> 00:03:38,169 to see more about the 93 00:03:39,340 --> 00:03:40,839 repressive police repression, you can 94 00:03:40,840 --> 00:03:43,029 have a look on this link, whereas a lot 95 00:03:43,030 --> 00:03:44,289 of videos about the day of the 96 00:03:44,290 --> 00:03:45,290 referendum. 97 00:03:46,060 --> 00:03:48,189 So there's a famous 98 00:03:48,190 --> 00:03:50,049 phrase in Spain that says Spain is 99 00:03:50,050 --> 00:03:51,369 different. And 100 00:03:52,720 --> 00:03:55,089 in Catalonia, 70 percent of the 101 00:03:55,090 --> 00:03:56,090 population 102 00:03:58,270 --> 00:04:00,399 wanted to have a referendum on 1st 103 00:04:00,400 --> 00:04:02,769 of October and the end of the 104 00:04:02,770 --> 00:04:04,149 of the Spanish state Worthy's. 105 00:04:04,150 --> 00:04:06,639 So you can see peacefully 106 00:04:07,800 --> 00:04:09,699 protest sitting on the street trying to 107 00:04:09,700 --> 00:04:11,619 block the police from shutting down a 108 00:04:11,620 --> 00:04:13,269 polling station and police beating them 109 00:04:13,270 --> 00:04:16,299 up. In comparison, for example, 110 00:04:16,300 --> 00:04:18,549 you have the Scottish referendum 111 00:04:18,550 --> 00:04:20,648 in 2014, which 112 00:04:20,649 --> 00:04:23,199 was agreed between the Catalan 113 00:04:23,200 --> 00:04:25,269 sorry, between the UK government and the 114 00:04:25,270 --> 00:04:26,499 Scottish government. 115 00:04:26,500 --> 00:04:28,749 And well, it 116 00:04:28,750 --> 00:04:31,329 seems that in Spain, political problems 117 00:04:31,330 --> 00:04:33,369 are treated differently. 118 00:04:33,370 --> 00:04:35,799 OK, so that's enough about politics. 119 00:04:35,800 --> 00:04:37,599 And let's get more technical. 120 00:04:37,600 --> 00:04:39,669 And I took 121 00:04:39,670 --> 00:04:42,669 this picture from TFF, 122 00:04:42,670 --> 00:04:44,859 so it shows you how 123 00:04:44,860 --> 00:04:45,999 Internet censorship works. 124 00:04:46,000 --> 00:04:48,309 So the idea is that you post 125 00:04:48,310 --> 00:04:50,469 your speech here, which is normally 126 00:04:50,470 --> 00:04:52,959 via the post and your audience 127 00:04:52,960 --> 00:04:55,089 has to pass all these change to 128 00:04:55,090 --> 00:04:57,249 actually see your speech and in 129 00:04:57,250 --> 00:04:59,319 each part, like I the incident 130 00:04:59,320 --> 00:05:01,419 and so on, and it can break the 131 00:05:01,420 --> 00:05:02,409 chain. 132 00:05:02,410 --> 00:05:04,089 On the other hand, we have the platforms 133 00:05:04,090 --> 00:05:06,309 like Twitter, Facebook, you name 134 00:05:06,310 --> 00:05:08,379 it, or payment systems, which can also 135 00:05:08,380 --> 00:05:09,879 be censored. 136 00:05:09,880 --> 00:05:12,399 So small spoiler 137 00:05:12,400 --> 00:05:14,499 and I marked all the places where 138 00:05:14,500 --> 00:05:16,089 censorship did happen in the Catalan 139 00:05:16,090 --> 00:05:18,159 referendums on the Web host 140 00:05:18,160 --> 00:05:20,829 or we start we start down here, ISP, 141 00:05:20,830 --> 00:05:23,229 DNS, upstream, upstream means 142 00:05:23,230 --> 00:05:26,109 in this case that a smaller ISP 143 00:05:26,110 --> 00:05:28,209 providers which use 144 00:05:28,210 --> 00:05:29,829 infrastructure of bigger ones 145 00:05:31,630 --> 00:05:33,849 can also be affected of 146 00:05:33,850 --> 00:05:35,379 censorship if the bigger ones start to 147 00:05:35,380 --> 00:05:37,479 censor on the web 148 00:05:37,480 --> 00:05:38,859 and on the platform. 149 00:05:38,860 --> 00:05:41,109 So we will see now how this 150 00:05:41,110 --> 00:05:43,989 was done. So on the right hand side, 151 00:05:43,990 --> 00:05:46,449 you see the homepage of the 152 00:05:46,450 --> 00:05:48,069 referendum which informed about the 153 00:05:48,070 --> 00:05:50,409 referendum on 1st of October, 154 00:05:50,410 --> 00:05:52,179 and it was hosted in a small post 155 00:05:52,180 --> 00:05:54,279 provider outside Barcelona in 156 00:05:54,280 --> 00:05:56,109 a small town in a small town called 157 00:05:56,110 --> 00:05:58,719 Kliman. And on the 13th of September, 158 00:05:58,720 --> 00:06:00,939 police entered with a court 159 00:06:00,940 --> 00:06:03,159 order, the Web post provider, 160 00:06:03,160 --> 00:06:05,229 and and shut down 161 00:06:05,230 --> 00:06:06,129 the Web page. 162 00:06:06,130 --> 00:06:08,199 Then afterwards, there appeared 163 00:06:08,200 --> 00:06:10,299 to Miro's first one Mirro 164 00:06:10,300 --> 00:06:12,999 one October cut and afterwards 165 00:06:13,000 --> 00:06:15,609 one of the EU dockett 166 00:06:15,610 --> 00:06:17,709 is stands for Catalonia and not for 167 00:06:17,710 --> 00:06:18,710 the right. 168 00:06:19,570 --> 00:06:20,570 So 169 00:06:21,670 --> 00:06:23,859 well, the next day, tomorrow official 170 00:06:23,860 --> 00:06:25,719 home page got SIST and on 16 16th in 171 00:06:25,720 --> 00:06:27,459 September and a judge ordered the ISP 172 00:06:27,460 --> 00:06:29,799 start to click to block home pictures. 173 00:06:29,800 --> 00:06:30,849 Right. 174 00:06:30,850 --> 00:06:33,009 And the next big event 175 00:06:33,010 --> 00:06:35,109 was the 20th of September, which 176 00:06:35,110 --> 00:06:37,179 was like the big attack from the Spanish 177 00:06:37,180 --> 00:06:38,919 state against the referendum. 178 00:06:38,920 --> 00:06:41,049 So they took over the control 179 00:06:41,050 --> 00:06:42,969 of the Catalan territories of the 180 00:06:42,970 --> 00:06:44,769 autonomous region of Catalonia, was not 181 00:06:44,770 --> 00:06:46,689 able to spend any money. 182 00:06:46,690 --> 00:06:47,690 They 183 00:06:49,000 --> 00:06:50,709 announced that they will bring 10000 184 00:06:50,710 --> 00:06:52,809 police officers to Catalonia to 185 00:06:52,810 --> 00:06:54,909 stop the referendum and that if they 186 00:06:54,910 --> 00:06:56,499 don't have facilities for all of. 187 00:06:56,500 --> 00:06:58,629 Some will sleep in in 188 00:06:58,630 --> 00:07:00,010 ships, in Catalan ports. 189 00:07:01,480 --> 00:07:03,549 And there were a total of 190 00:07:03,550 --> 00:07:06,879 14 people arrested by federal police 191 00:07:06,880 --> 00:07:09,159 and several high ranking officials 192 00:07:09,160 --> 00:07:10,659 of the Catalan government and civil 193 00:07:10,660 --> 00:07:13,239 servants, and especially 194 00:07:13,240 --> 00:07:15,309 some members of the center of 195 00:07:15,310 --> 00:07:17,379 telecommunication, telecommunication and 196 00:07:17,380 --> 00:07:20,289 technology, which is the 197 00:07:20,290 --> 00:07:22,029 technology center of the Catalan 198 00:07:22,030 --> 00:07:23,030 government. 199 00:07:23,680 --> 00:07:26,109 So with this, it seems that 200 00:07:26,110 --> 00:07:28,449 most of the technology infrastructure 201 00:07:28,450 --> 00:07:31,299 for the referendum got dismantled. 202 00:07:31,300 --> 00:07:33,519 And if you read this 203 00:07:33,520 --> 00:07:35,379 weblink down here, which is unfortunately 204 00:07:35,380 --> 00:07:37,569 only in Catalan, you can see 205 00:07:37,570 --> 00:07:39,999 that hacktivist group took over 206 00:07:40,000 --> 00:07:42,279 the task of 207 00:07:42,280 --> 00:07:44,619 setting up the infrastructure and 208 00:07:44,620 --> 00:07:46,359 they did it directly from the 209 00:07:46,360 --> 00:07:48,639 underground. So they used Tor Signal 210 00:07:48,640 --> 00:07:51,039 Anonymise, SIM cards, Bitcoins 211 00:07:51,040 --> 00:07:52,599 and Becher. 212 00:07:52,600 --> 00:07:55,209 And later on it was it got clear 213 00:07:55,210 --> 00:07:57,519 that actually the police was 214 00:07:57,520 --> 00:07:58,929 intervening the telephones of the 215 00:07:58,930 --> 00:08:00,969 politicians, of the Catalan politicians 216 00:08:00,970 --> 00:08:03,159 to find out where which 217 00:08:03,160 --> 00:08:05,439 people to arrest and which facilities 218 00:08:05,440 --> 00:08:08,709 to to search on the 20th of September. 219 00:08:08,710 --> 00:08:10,839 OK, apart from that, there was also the 220 00:08:10,840 --> 00:08:13,479 technical director of Fundación that cut 221 00:08:13,480 --> 00:08:14,739 arrested. 222 00:08:14,740 --> 00:08:15,639 So what is Fundus? 223 00:08:15,640 --> 00:08:17,949 You got cut from that cut as a private 224 00:08:17,950 --> 00:08:20,169 foundation and is the top level 225 00:08:20,170 --> 00:08:23,049 domain operator of the dot com domain. 226 00:08:23,050 --> 00:08:25,179 So they got a court 227 00:08:25,180 --> 00:08:27,339 order on the 15th of September to shut 228 00:08:27,340 --> 00:08:29,829 down one October cut. 229 00:08:29,830 --> 00:08:31,989 And in total they got and they 230 00:08:31,990 --> 00:08:34,119 got three court orders, which every 231 00:08:34,120 --> 00:08:35,559 time a larger list of domains. 232 00:08:36,640 --> 00:08:38,499 And the court order also included that 233 00:08:38,500 --> 00:08:40,899 they should resolve the 234 00:08:40,900 --> 00:08:43,058 mentioned dot com domains to a police 235 00:08:43,059 --> 00:08:43,479 server. 236 00:08:43,480 --> 00:08:45,969 And if you know how DNS works 237 00:08:45,970 --> 00:08:48,189 and you know that the top 238 00:08:48,190 --> 00:08:51,129 level domain name server only 239 00:08:51,130 --> 00:08:53,739 only pinpoints you to an authoritative 240 00:08:53,740 --> 00:08:54,819 domain server. 241 00:08:54,820 --> 00:08:56,709 So it seems like the police didn't really 242 00:08:56,710 --> 00:08:59,109 understand how the universe works. 243 00:08:59,110 --> 00:09:01,419 And but what is a more 244 00:09:01,420 --> 00:09:03,459 severe part on this? 245 00:09:03,460 --> 00:09:05,679 On on this is the fact 246 00:09:05,680 --> 00:09:07,899 that the court order also included that 247 00:09:07,900 --> 00:09:10,389 top level domain operator and 248 00:09:10,390 --> 00:09:12,489 has to block all domains that may contain 249 00:09:12,490 --> 00:09:13,929 any kind of information about the 250 00:09:13,930 --> 00:09:16,329 referendum and that they should actually 251 00:09:16,330 --> 00:09:18,969 actively monitor 252 00:09:18,970 --> 00:09:21,429 all the domains so that places 253 00:09:21,430 --> 00:09:22,929 the burden of blocking the means to the 254 00:09:22,930 --> 00:09:23,979 registry operator. 255 00:09:23,980 --> 00:09:26,049 And the question is if this 256 00:09:26,050 --> 00:09:28,219 is legal at all because there's no 257 00:09:28,220 --> 00:09:30,369 court order, it's just blocking 258 00:09:30,370 --> 00:09:31,370 them all. 259 00:09:32,560 --> 00:09:34,959 OK, so on the 17th 260 00:09:34,960 --> 00:09:37,269 of September, they inform 261 00:09:37,270 --> 00:09:38,949 you that cutting from I can about the 262 00:09:38,950 --> 00:09:41,079 Berendt and under the 20s, the technical 263 00:09:41,080 --> 00:09:42,459 director get arrested. 264 00:09:42,460 --> 00:09:44,559 So he was retained under custody for two 265 00:09:44,560 --> 00:09:47,019 and a half days with the accusation 266 00:09:47,020 --> 00:09:48,999 right now, up and up to date is 267 00:09:49,000 --> 00:09:51,519 misappropriation of public funds, 268 00:09:51,520 --> 00:09:54,549 perversion of justice and disobedience, 269 00:09:54,550 --> 00:09:57,159 which is a bit strange because 270 00:09:57,160 --> 00:09:58,689 it's a private foundation. 271 00:09:58,690 --> 00:10:00,039 So I don't know how to apply 272 00:10:00,040 --> 00:10:01,839 misappropriation of public funds or 273 00:10:01,840 --> 00:10:03,879 public funds, but I'm not a lawyer 274 00:10:03,880 --> 00:10:04,839 neither. 275 00:10:04,840 --> 00:10:07,329 So they said 276 00:10:07,330 --> 00:10:08,709 the reasons are. 277 00:10:08,710 --> 00:10:10,299 That's the interesting part is one of the 278 00:10:10,300 --> 00:10:11,469 reasons are quite unclear. 279 00:10:11,470 --> 00:10:13,779 So there is no no proof that proves 280 00:10:13,780 --> 00:10:15,939 proofs or evidences were provided 281 00:10:15,940 --> 00:10:16,899 up to now. 282 00:10:16,900 --> 00:10:19,059 And the director actually is awaiting the 283 00:10:19,060 --> 00:10:21,699 trial to see what the 284 00:10:21,700 --> 00:10:23,320 prosecutor actually 285 00:10:25,330 --> 00:10:27,459 puts on the table, to see what they 286 00:10:27,460 --> 00:10:29,739 actually were on, what these 287 00:10:29,740 --> 00:10:30,879 accusations are based. 288 00:10:35,830 --> 00:10:36,830 OK, 289 00:10:38,440 --> 00:10:40,899 as an answer to this 290 00:10:40,900 --> 00:10:42,879 massive amount of Miro's appear in the 291 00:10:42,880 --> 00:10:44,949 next days, the exact number 292 00:10:44,950 --> 00:10:47,829 is difficult to say, but 293 00:10:47,830 --> 00:10:49,689 it's over 100 for sure. 294 00:10:49,690 --> 00:10:51,789 So some one mirro was also done in the 295 00:10:51,790 --> 00:10:52,899 Tor network. 296 00:10:52,900 --> 00:10:55,179 And you had some funny names like, see, 297 00:10:55,180 --> 00:10:57,309 not sexy worker. Yes, he will is one 298 00:10:57,310 --> 00:10:59,229 of the it's a civil guard, which is a 299 00:10:59,230 --> 00:11:01,629 federal police corpse that was and 300 00:11:01,630 --> 00:11:03,909 intervening in the in 301 00:11:03,910 --> 00:11:05,769 the Catalan referendum and purely 302 00:11:05,770 --> 00:11:07,840 undercut people in this 303 00:11:08,860 --> 00:11:10,749 Catalan instance for Tweetie, you know, 304 00:11:10,750 --> 00:11:13,539 these small chicken cartoon 305 00:11:13,540 --> 00:11:16,029 and the yellow one. 306 00:11:16,030 --> 00:11:18,189 So why is this why would you name 307 00:11:18,190 --> 00:11:20,139 a domain name like this? 308 00:11:20,140 --> 00:11:21,939 Well, because one of the boats was a 309 00:11:21,940 --> 00:11:24,269 police officer slept with this one. 310 00:11:26,650 --> 00:11:29,109 So it was really a token in social media. 311 00:11:30,250 --> 00:11:32,469 And 22nd of September, the police 312 00:11:32,470 --> 00:11:35,349 raided a house near Valencia, accuse 313 00:11:35,350 --> 00:11:38,079 this man, Daniel Maurella Morales, 314 00:11:38,080 --> 00:11:40,359 and that he is head of a group 315 00:11:40,360 --> 00:11:42,339 that organizes murals of the referendum 316 00:11:42,340 --> 00:11:44,439 websites and just mentioned 317 00:11:44,440 --> 00:11:46,779 that Valencia is outside of Catalonia 318 00:11:46,780 --> 00:11:49,599 and that he did this with his GitHub 319 00:11:49,600 --> 00:11:51,009 repository. 320 00:11:51,010 --> 00:11:53,079 And the very same thing here is that the 321 00:11:53,080 --> 00:11:56,049 search warrant included literately 322 00:11:56,050 --> 00:11:58,119 to change password and security 323 00:11:58,120 --> 00:12:00,069 questions for GitHub, Facebook, Twitter, 324 00:12:00,070 --> 00:12:02,329 mail, etc., and of him. 325 00:12:02,330 --> 00:12:04,629 So when the police actually entered 326 00:12:04,630 --> 00:12:06,729 his house into the computer, 327 00:12:06,730 --> 00:12:09,039 turned on so they were able to 328 00:12:09,040 --> 00:12:10,839 take over sessions in the browser, in 329 00:12:10,840 --> 00:12:13,029 concreter Google 330 00:12:13,030 --> 00:12:15,039 account, and they could account. 331 00:12:15,040 --> 00:12:16,059 And 332 00:12:17,230 --> 00:12:19,579 happily, he later asked 333 00:12:19,580 --> 00:12:22,419 was talking to lawyers and say they 334 00:12:22,420 --> 00:12:24,279 said that it was totally illegal. 335 00:12:24,280 --> 00:12:26,499 So he was able to recover them 336 00:12:26,500 --> 00:12:28,809 after a few days by notifying Google 337 00:12:28,810 --> 00:12:31,209 and GetUp that his identity 338 00:12:31,210 --> 00:12:32,589 got dropped. 339 00:12:32,590 --> 00:12:34,479 He's accused of disobedience, which is 340 00:12:34,480 --> 00:12:37,209 six months to four years of prison 341 00:12:37,210 --> 00:12:39,339 and is awaiting trial as well. 342 00:12:39,340 --> 00:12:42,339 And there are more than 15 people 343 00:12:42,340 --> 00:12:44,559 and there are more than 15 people were 344 00:12:44,560 --> 00:12:45,879 cited to declare. But I have no 345 00:12:45,880 --> 00:12:48,069 information about 346 00:12:48,070 --> 00:12:50,229 how this if they are what 347 00:12:50,230 --> 00:12:51,850 they are accused of, etc.. 348 00:12:53,390 --> 00:12:55,729 OK, let's have a look on the sensor 349 00:12:55,730 --> 00:12:56,730 methods. 350 00:12:57,290 --> 00:12:59,959 So overall, the number is circulating 351 00:12:59,960 --> 00:13:02,509 between 25 websites, which says the open 352 00:13:02,510 --> 00:13:04,729 observatory network of interference, 353 00:13:04,730 --> 00:13:06,829 interference from 354 00:13:06,830 --> 00:13:09,229 the Torah and project 355 00:13:09,230 --> 00:13:11,589 to up to 140 blocked websites, 356 00:13:11,590 --> 00:13:12,739 most of the sites. 357 00:13:13,860 --> 00:13:15,989 Blocked or censors were mirrors of 358 00:13:15,990 --> 00:13:18,239 the official website, but also 359 00:13:18,240 --> 00:13:21,049 political organizations which are 360 00:13:21,050 --> 00:13:23,699 appropriate for pro independence 361 00:13:23,700 --> 00:13:25,529 or the yes campaign websites from the 362 00:13:25,530 --> 00:13:27,869 political parties that run a campaign 363 00:13:27,870 --> 00:13:30,269 for the referendum to vote yes and 364 00:13:30,270 --> 00:13:31,319 some other. 365 00:13:31,320 --> 00:13:33,479 And like 366 00:13:33,480 --> 00:13:35,549 in paper, I want to explain, but there 367 00:13:35,550 --> 00:13:37,839 were some smaller websites which 368 00:13:37,840 --> 00:13:39,989 are which was created 369 00:13:39,990 --> 00:13:42,569 from the social movement of Catalonia 370 00:13:42,570 --> 00:13:43,830 to support the referendum. 371 00:13:44,880 --> 00:13:47,399 So what we've seen up to now from the 372 00:13:47,400 --> 00:13:49,349 since the methods we've seen postcard 373 00:13:49,350 --> 00:13:51,629 sized, we have seen the redirection 374 00:13:51,630 --> 00:13:53,759 of the documents to a police 375 00:13:53,760 --> 00:13:55,949 landing page by the 376 00:13:55,950 --> 00:13:59,009 name server APOSTILLE, the registrar 377 00:13:59,010 --> 00:14:01,929 registry operator, and 378 00:14:01,930 --> 00:14:04,289 apart from the ISPs as well, 379 00:14:04,290 --> 00:14:07,439 and did censor. 380 00:14:07,440 --> 00:14:10,019 So they used DNS tampering and HTP 381 00:14:10,020 --> 00:14:11,999 blocking. And the interesting thing is 382 00:14:12,000 --> 00:14:14,129 that different ISPs use different 383 00:14:14,130 --> 00:14:15,569 methods. 384 00:14:15,570 --> 00:14:17,759 So in in concrete DNS 385 00:14:17,760 --> 00:14:19,619 tampering was used by France, Telecom, 386 00:14:19,620 --> 00:14:21,659 Spain, Vodafone and Scotland. 387 00:14:21,660 --> 00:14:23,879 And the more sophisticated the package 388 00:14:23,880 --> 00:14:25,979 inspection was used by Telefonica. 389 00:14:25,980 --> 00:14:28,229 Telefonica is one of the biggest 390 00:14:28,230 --> 00:14:30,699 ISPs in Spain, all the biggest. 391 00:14:30,700 --> 00:14:32,849 And as I already said, smaller 392 00:14:32,850 --> 00:14:34,859 ISPs which connected and which were 393 00:14:34,860 --> 00:14:36,299 connected or which are connected to the 394 00:14:36,300 --> 00:14:39,119 larger were also affected. 395 00:14:39,120 --> 00:14:41,249 And they are the interesting part here is 396 00:14:41,250 --> 00:14:43,379 that some small independent ISPs were 397 00:14:43,380 --> 00:14:44,549 not affected. 398 00:14:44,550 --> 00:14:47,309 So it's not clear if 399 00:14:47,310 --> 00:14:49,589 the police forget to 400 00:14:49,590 --> 00:14:51,719 send them a court warrant or 401 00:14:51,720 --> 00:14:53,759 the police said with 90 percent of the 402 00:14:53,760 --> 00:14:56,009 Internet users not being able 403 00:14:56,010 --> 00:14:57,659 to see all these Miro's, we are fine. 404 00:14:59,880 --> 00:15:02,219 This is the home page, the police 405 00:15:02,220 --> 00:15:02,909 landing page. 406 00:15:02,910 --> 00:15:04,979 I already talked about when 407 00:15:04,980 --> 00:15:07,019 you when you enter your world of a 408 00:15:07,020 --> 00:15:09,449 censored website, it shows a 409 00:15:09,450 --> 00:15:11,249 symbol of the civil guard. 410 00:15:11,250 --> 00:15:12,610 And while some information. 411 00:15:13,770 --> 00:15:16,499 OK, let's talk about the tampering 412 00:15:16,500 --> 00:15:18,569 in the case of DNS tampering, what 413 00:15:18,570 --> 00:15:20,100 the ISPs did, they just 414 00:15:21,420 --> 00:15:23,920 resolved the them 415 00:15:24,930 --> 00:15:27,209 and they resolved the hostname in 416 00:15:27,210 --> 00:15:28,949 their in their dinner service to the 417 00:15:28,950 --> 00:15:30,389 police landing page. 418 00:15:30,390 --> 00:15:32,639 So it was really easy or quite easy 419 00:15:32,640 --> 00:15:33,569 to circumvent this. 420 00:15:33,570 --> 00:15:35,429 You just change the DNS resolve address 421 00:15:35,430 --> 00:15:37,139 in your local machine. 422 00:15:37,140 --> 00:15:39,299 And this works in case of 423 00:15:39,300 --> 00:15:41,429 Vodafone. If you had original Vodafone 424 00:15:41,430 --> 00:15:43,649 router, you also had to call them 425 00:15:43,650 --> 00:15:45,909 on their helpdesk and ask 426 00:15:45,910 --> 00:15:48,119 them to disable the DNS proxy, 427 00:15:48,120 --> 00:15:49,559 which actually they did. 428 00:15:49,560 --> 00:15:51,660 Or alternatively, you use VPN. 429 00:15:53,370 --> 00:15:56,429 And the typical inspection 430 00:15:56,430 --> 00:15:58,379 was done on the HTP layer. 431 00:15:58,380 --> 00:16:01,409 So what they did say and 432 00:16:01,410 --> 00:16:03,809 matched the hostname 433 00:16:03,810 --> 00:16:06,069 of HTP get a request 434 00:16:06,070 --> 00:16:09,029 on on some specific IP addresses. 435 00:16:09,030 --> 00:16:10,769 And there was a regular expression used 436 00:16:10,770 --> 00:16:11,789 to do this. 437 00:16:11,790 --> 00:16:13,559 I'm really bad in regular expressions. 438 00:16:13,560 --> 00:16:16,079 Used the example for everyone of you. 439 00:16:16,080 --> 00:16:18,209 So if you put anything in front 440 00:16:18,210 --> 00:16:20,639 of W-W, if one of you 441 00:16:20,640 --> 00:16:22,769 when you do get request, 442 00:16:22,770 --> 00:16:25,209 then then the filter hit. 443 00:16:25,210 --> 00:16:27,269 But if you put like in photograph 444 00:16:27,270 --> 00:16:29,799 one of you, then you actually 445 00:16:29,800 --> 00:16:32,189 have the filter, didn't it. 446 00:16:32,190 --> 00:16:34,419 And this website used 447 00:16:34,420 --> 00:16:36,629 to for CloudFlare 448 00:16:36,630 --> 00:16:38,819 see the end. And there were two, two 449 00:16:38,820 --> 00:16:41,069 IP addresses which 450 00:16:41,070 --> 00:16:43,349 were resolved by seediness system. 451 00:16:43,350 --> 00:16:45,509 And so the 452 00:16:45,510 --> 00:16:48,179 IP is used 453 00:16:48,180 --> 00:16:50,159 for this blocking where these two CEP's 454 00:16:50,160 --> 00:16:52,349 and if you use the different IP from 455 00:16:52,350 --> 00:16:54,269 Clouthier, then you could actually see 456 00:16:54,270 --> 00:16:55,270 the on page. 457 00:16:56,300 --> 00:16:59,149 In the case of https, 458 00:16:59,150 --> 00:17:01,489 the HTP traffic is encrypted, 459 00:17:01,490 --> 00:17:04,309 so you can't use it to duplicate 460 00:17:04,310 --> 00:17:06,588 and hostname 461 00:17:06,589 --> 00:17:07,848 to filter. 462 00:17:07,849 --> 00:17:08,849 So what you do, 463 00:17:09,960 --> 00:17:13,219 what they did here is and the tearless 464 00:17:13,220 --> 00:17:15,588 and protocol 465 00:17:15,589 --> 00:17:17,689 and the host in the tail protocol 466 00:17:17,690 --> 00:17:20,209 has to know which 467 00:17:20,210 --> 00:17:22,699 which domain you actually want to 468 00:17:22,700 --> 00:17:25,159 start the encryption 469 00:17:25,160 --> 00:17:27,679 to provide user specific. 470 00:17:27,680 --> 00:17:30,079 So the correct certificate. 471 00:17:30,080 --> 00:17:32,209 So therefore the 472 00:17:32,210 --> 00:17:33,799 a hello message. 473 00:17:33,800 --> 00:17:35,869 And there's a feel that the server 474 00:17:35,870 --> 00:17:38,059 name indication, which is transmitted 475 00:17:38,060 --> 00:17:40,159 in clear text which 476 00:17:40,160 --> 00:17:42,439 passes through this, which gives a hint 477 00:17:42,440 --> 00:17:44,839 on the host you want 478 00:17:44,840 --> 00:17:46,939 the third certificate for, and 479 00:17:46,940 --> 00:17:48,289 that is used by all state of the art 480 00:17:48,290 --> 00:17:49,429 browsers. 481 00:17:49,430 --> 00:17:51,139 So you can see this year when the client 482 00:17:51,140 --> 00:17:53,599 sent a fearless Hillo message, 483 00:17:53,600 --> 00:17:55,729 you have the 484 00:17:55,730 --> 00:17:56,929 entire domain name here. 485 00:17:56,930 --> 00:17:58,729 And then there is the package inspection 486 00:17:58,730 --> 00:17:59,659 here with checks. 487 00:17:59,660 --> 00:18:01,459 And if it's allowed, then it will forward 488 00:18:01,460 --> 00:18:03,709 and you have the connection and if not, 489 00:18:03,710 --> 00:18:06,379 it will reset the connection. 490 00:18:06,380 --> 00:18:08,989 And when the connection gets reset 491 00:18:08,990 --> 00:18:11,599 in which to https 492 00:18:11,600 --> 00:18:13,819 TTP, you got the 493 00:18:13,820 --> 00:18:15,529 SIS homepage, 494 00:18:16,730 --> 00:18:18,859 so you can see here the female body. 495 00:18:18,860 --> 00:18:21,079 There are some JavaScript 496 00:18:21,080 --> 00:18:23,359 snippet and you can see here 497 00:18:23,360 --> 00:18:25,789 a switch. And and 498 00:18:25,790 --> 00:18:28,129 here the homepage will actually 499 00:18:28,130 --> 00:18:30,229 be replaced by the police landing 500 00:18:30,230 --> 00:18:33,399 page, the one we saw beforehand. 501 00:18:33,400 --> 00:18:35,239 And you can also see that there are also 502 00:18:35,240 --> 00:18:36,289 cases in the switch. 503 00:18:36,290 --> 00:18:37,759 And this, for example, is for illegal 504 00:18:37,760 --> 00:18:39,230 gambling, which is 505 00:18:40,310 --> 00:18:42,439 which below the different, 506 00:18:42,440 --> 00:18:44,299 a page from a different IP. 507 00:18:44,300 --> 00:18:46,159 And it looked like that this 508 00:18:46,160 --> 00:18:48,289 infrastructure was not built up for 509 00:18:48,290 --> 00:18:50,689 the referendum, but it was already there, 510 00:18:50,690 --> 00:18:53,089 used by Telefonica for illegal gambling 511 00:18:53,090 --> 00:18:54,019 homepages. 512 00:18:54,020 --> 00:18:56,449 And if you look on so 513 00:18:56,450 --> 00:18:58,849 if you look on this, which is actually 514 00:18:58,850 --> 00:19:01,459 the case that hit on the referendum 515 00:19:01,460 --> 00:19:03,679 on and you can see 516 00:19:03,680 --> 00:19:05,779 that it's most probably they did 517 00:19:05,780 --> 00:19:07,999 see domains and 518 00:19:08,000 --> 00:19:10,039 domain names to the fishing, to the list 519 00:19:10,040 --> 00:19:12,529 of fishing pages and 520 00:19:12,530 --> 00:19:14,199 blocked in this way. 521 00:19:15,710 --> 00:19:17,809 OK, and with some 522 00:19:17,810 --> 00:19:20,119 tests, you could see that the 523 00:19:20,120 --> 00:19:22,009 typical inspection holds the states for 524 00:19:22,010 --> 00:19:23,599 10 seconds because it can't hold the 525 00:19:23,600 --> 00:19:25,739 state forever and 526 00:19:25,740 --> 00:19:27,229 and because it has only 527 00:19:28,350 --> 00:19:30,459 a, uh, 528 00:19:30,460 --> 00:19:32,299 infinite amount of memory. 529 00:19:32,300 --> 00:19:33,649 So what you could do, you could, for 530 00:19:33,650 --> 00:19:35,999 example, here was not could you connect 531 00:19:36,000 --> 00:19:38,119 the two and HTP connection to four 532 00:19:38,120 --> 00:19:40,399 eighty. So your friend HTP connection 533 00:19:40,400 --> 00:19:42,649 built up and then you wait 11 534 00:19:42,650 --> 00:19:44,789 seconds before you sensi 535 00:19:44,790 --> 00:19:46,999 htp get 536 00:19:47,000 --> 00:19:49,159 request with a hostname and 537 00:19:49,160 --> 00:19:51,050 then the filter does not apply. 538 00:19:53,580 --> 00:19:54,869 So. 539 00:20:02,820 --> 00:20:04,949 So conclusion's if the 540 00:20:04,950 --> 00:20:07,079 homepage uses Klopfer, you can just use 541 00:20:07,080 --> 00:20:09,629 a different for to resolve the domain 542 00:20:09,630 --> 00:20:11,639 and then you should be fine, or you could 543 00:20:11,640 --> 00:20:13,709 delay the HTP get for 11 seconds 544 00:20:13,710 --> 00:20:14,710 or use a. 545 00:20:15,990 --> 00:20:18,209 So the conclusions are all 546 00:20:18,210 --> 00:20:20,399 about censorship in this case, 547 00:20:20,400 --> 00:20:23,729 technically, it was easy to circumvent. 548 00:20:23,730 --> 00:20:25,829 And as long as you don't have 549 00:20:25,830 --> 00:20:27,269 to educate five point three million 550 00:20:27,270 --> 00:20:29,609 voters. Right. I mean, if you're 551 00:20:29,610 --> 00:20:32,069 if you want to take, you maybe can change 552 00:20:32,070 --> 00:20:34,769 your your your denisova. 553 00:20:34,770 --> 00:20:36,419 If you ask maybe your parents, maybe 554 00:20:36,420 --> 00:20:38,219 they're not they don't know how to do 555 00:20:38,220 --> 00:20:40,379 this. And here you can see on the right 556 00:20:40,380 --> 00:20:42,599 hand side a Twitter from the 557 00:20:42,600 --> 00:20:44,849 president of Catalonia, which 558 00:20:46,050 --> 00:20:48,449 explains how to use online 559 00:20:48,450 --> 00:20:50,699 proxies to actually 560 00:20:50,700 --> 00:20:53,099 circumvent and 561 00:20:53,100 --> 00:20:55,139 circumvent censorship. 562 00:20:55,140 --> 00:20:57,450 And as far as I know, 563 00:20:59,370 --> 00:21:01,469 and no ISP communicated to 564 00:21:01,470 --> 00:21:02,969 the users that they will start to block 565 00:21:02,970 --> 00:21:04,079 content. 566 00:21:04,080 --> 00:21:06,389 And I think the most 567 00:21:06,390 --> 00:21:08,519 interesting conclusion is choose your 568 00:21:08,520 --> 00:21:09,449 ISP wisely. 569 00:21:09,450 --> 00:21:11,689 You might get around censorship 570 00:21:11,690 --> 00:21:13,769 that you see some are more motivated 571 00:21:13,770 --> 00:21:14,839 to censor than others. 572 00:21:16,250 --> 00:21:18,799 OK, now we will talk about 573 00:21:18,800 --> 00:21:20,269 the way to vote website. 574 00:21:21,910 --> 00:21:23,200 So normally, if you go 575 00:21:24,580 --> 00:21:26,229 if you are called to an election, you get 576 00:21:26,230 --> 00:21:28,209 a letter which tells you which polling 577 00:21:28,210 --> 00:21:30,249 station and polling place you have to go 578 00:21:30,250 --> 00:21:31,929 on the day of the election. 579 00:21:31,930 --> 00:21:34,059 This was not possible because Spanish 580 00:21:34,060 --> 00:21:35,619 Postal Service denied using this 581 00:21:35,620 --> 00:21:36,999 information. 582 00:21:37,000 --> 00:21:39,699 So the Catalan 583 00:21:39,700 --> 00:21:42,759 government decided to build a homepage 584 00:21:42,760 --> 00:21:44,919 and where where you 585 00:21:44,920 --> 00:21:46,839 could query this information. 586 00:21:46,840 --> 00:21:49,029 So it has already said census of five 587 00:21:49,030 --> 00:21:51,399 point three million voters and 588 00:21:51,400 --> 00:21:53,229 over 1000 polling stations, which you can 589 00:21:53,230 --> 00:21:54,230 see here on this map. 590 00:21:55,420 --> 00:21:57,099 And it was foreseen that the official 591 00:21:57,100 --> 00:21:58,809 homepage will be blocked. 592 00:21:58,810 --> 00:22:01,059 And so 593 00:22:01,060 --> 00:22:03,069 the website must be easily Klown able. 594 00:22:03,070 --> 00:22:05,139 And normally you build a 595 00:22:05,140 --> 00:22:07,629 website like this with a 596 00:22:07,630 --> 00:22:10,809 database and where you query, 597 00:22:10,810 --> 00:22:13,059 query and then send information 598 00:22:13,060 --> 00:22:15,190 to the client. So this was not possible. 599 00:22:16,670 --> 00:22:19,069 Here and I will explain in a minute 600 00:22:19,070 --> 00:22:20,070 how they did it, 601 00:22:21,200 --> 00:22:23,299 so this homepage was published 602 00:22:23,300 --> 00:22:25,279 on the 21st of September and got blocked 603 00:22:25,280 --> 00:22:27,079 the next day. So the assumption was 604 00:22:27,080 --> 00:22:29,399 correct and until 605 00:22:29,400 --> 00:22:31,459 agreement with the Twitter 606 00:22:31,460 --> 00:22:32,869 boards were also published. 607 00:22:32,870 --> 00:22:34,909 But you could just send your info, send 608 00:22:34,910 --> 00:22:36,889 your information. And then they told you 609 00:22:36,890 --> 00:22:38,389 which polling station you had to go and 610 00:22:38,390 --> 00:22:40,549 also on and read up in the Google Play 611 00:22:40,550 --> 00:22:42,919 store. And this app 612 00:22:42,920 --> 00:22:45,199 was pulled out on the 29th of September. 613 00:22:45,200 --> 00:22:47,419 So it at least was up for 614 00:22:47,420 --> 00:22:48,420 some Mortez. 615 00:22:50,130 --> 00:22:52,139 OK, many clones of this home page 616 00:22:52,140 --> 00:22:54,369 appeared and the Web 617 00:22:54,370 --> 00:22:56,279 also published in the interplanetary file 618 00:22:56,280 --> 00:22:58,559 system for everybody who does not 619 00:22:58,560 --> 00:23:01,109 know what's in the planetary system is 620 00:23:01,110 --> 00:23:03,569 it is a really cool project, 621 00:23:03,570 --> 00:23:05,699 a project. I think it's a 622 00:23:05,700 --> 00:23:07,499 peer to peer network. 623 00:23:07,500 --> 00:23:09,599 And you can imagine 624 00:23:09,600 --> 00:23:12,149 that this is like 625 00:23:12,150 --> 00:23:14,249 BitTorrent magonet link 626 00:23:14,250 --> 00:23:16,409 where you can find the home page and 627 00:23:16,410 --> 00:23:18,539 any client in the network 628 00:23:18,540 --> 00:23:20,669 who has a home page and you can 629 00:23:20,670 --> 00:23:22,949 access it and you have your gateway, 630 00:23:22,950 --> 00:23:25,409 which actually allows you to see the data 631 00:23:25,410 --> 00:23:27,059 in your browser. 632 00:23:27,060 --> 00:23:28,439 So what did Telefonica? 633 00:23:28,440 --> 00:23:30,269 They wanted to block this home page, so 634 00:23:30,270 --> 00:23:32,249 they just blocked the whole gateway. 635 00:23:32,250 --> 00:23:34,469 That means it does not 636 00:23:34,470 --> 00:23:36,749 only block the home page 637 00:23:36,750 --> 00:23:38,639 of the referendum, but any other data 638 00:23:38,640 --> 00:23:41,039 that anybody wanted to see 639 00:23:41,040 --> 00:23:44,129 through this gateway, unfortunately. 640 00:23:44,130 --> 00:23:46,709 And there were different 641 00:23:46,710 --> 00:23:48,929 gateways and there access 642 00:23:48,930 --> 00:23:50,549 different gateways for IP IPv6. 643 00:23:50,550 --> 00:23:52,889 And it was so it was still possible 644 00:23:52,890 --> 00:23:53,909 to see the content. 645 00:23:53,910 --> 00:23:55,979 And if you use the command line 646 00:23:55,980 --> 00:23:58,199 tool, you could easily copy 647 00:23:58,200 --> 00:24:00,439 the content to your go to your computer. 648 00:24:01,720 --> 00:24:03,909 OK, so 649 00:24:03,910 --> 00:24:04,910 they were picked 650 00:24:06,430 --> 00:24:08,589 up about where to vote, looked like 651 00:24:08,590 --> 00:24:10,240 this, saw you had to put in some 652 00:24:11,260 --> 00:24:13,899 personal I.D., which is called DNA, 653 00:24:13,900 --> 00:24:15,999 then the date of birth and your postcode, 654 00:24:16,000 --> 00:24:17,699 and then you send the information in 655 00:24:17,700 --> 00:24:20,019 there, as I already said there. 656 00:24:20,020 --> 00:24:22,519 It's not possible to have 657 00:24:22,520 --> 00:24:24,579 as an as a 658 00:24:24,580 --> 00:24:27,309 database because 659 00:24:27,310 --> 00:24:29,439 and because if you clone 660 00:24:29,440 --> 00:24:31,719 it, this is confidential 661 00:24:31,720 --> 00:24:33,459 information. You would have to dump the 662 00:24:33,460 --> 00:24:35,679 database and you would have to provide an 663 00:24:35,680 --> 00:24:37,449 IP address, for example, the database to 664 00:24:37,450 --> 00:24:38,979 everybody. And you don't want that 665 00:24:38,980 --> 00:24:41,139 because you don't want everybody to know 666 00:24:41,140 --> 00:24:42,639 and the I.D. 667 00:24:42,640 --> 00:24:44,559 and whether people have to go to vote. 668 00:24:44,560 --> 00:24:46,809 So what they did, what did they do? 669 00:24:48,490 --> 00:24:50,889 They took this is the 670 00:24:50,890 --> 00:24:53,139 idea of the 671 00:24:53,140 --> 00:24:55,449 idea of the person, which is eight 672 00:24:55,450 --> 00:24:56,589 numbers and a character. 673 00:24:56,590 --> 00:24:59,349 The character is a checksum, 674 00:24:59,350 --> 00:25:01,719 the date of birth and the postcode. 675 00:25:01,720 --> 00:25:03,939 And you can concatenate 676 00:25:03,940 --> 00:25:05,680 the living alone, 677 00:25:07,150 --> 00:25:08,589 the first three numbers. 678 00:25:08,590 --> 00:25:10,539 So you take all these what is underlined 679 00:25:12,070 --> 00:25:14,289 this as a string and then you hash 680 00:25:14,290 --> 00:25:16,509 it 1714 681 00:25:16,510 --> 00:25:18,639 times and you put it in a 682 00:25:18,640 --> 00:25:21,309 variable, let's call it key here. 683 00:25:21,310 --> 00:25:22,929 And then you should once more and you put 684 00:25:22,930 --> 00:25:25,269 it in search and then 685 00:25:25,270 --> 00:25:27,669 the hash from search you take the first 686 00:25:27,670 --> 00:25:29,489 four will use. 687 00:25:29,490 --> 00:25:31,649 And this will give you the 688 00:25:31,650 --> 00:25:34,319 file of the database, which is encrypted 689 00:25:34,320 --> 00:25:36,569 on the Web server itself, which you 690 00:25:36,570 --> 00:25:37,979 download. This is all done. 691 00:25:37,980 --> 00:25:40,279 This all this procedure is done in 692 00:25:40,280 --> 00:25:42,119 Java script, in your client, in your 693 00:25:42,120 --> 00:25:42,839 browser. 694 00:25:42,840 --> 00:25:43,829 Right. 695 00:25:43,830 --> 00:25:45,569 So you download this file. 696 00:25:45,570 --> 00:25:48,299 The file is a 697 00:25:48,300 --> 00:25:50,549 key. Well, you store it has around 70 698 00:25:50,550 --> 00:25:52,739 lines and then you take the 699 00:25:52,740 --> 00:25:54,809 remaining 60 will 700 00:25:54,810 --> 00:25:57,029 use of the hash and 701 00:25:57,030 --> 00:25:59,039 go line by line to find, to find, 702 00:26:00,200 --> 00:26:02,429 to find the values of the key value 703 00:26:02,430 --> 00:26:04,529 store. And this is actually 704 00:26:04,530 --> 00:26:07,229 not random data, but encrypted data. 705 00:26:07,230 --> 00:26:09,539 And this data you can encrypt with 706 00:26:09,540 --> 00:26:12,149 the key here 707 00:26:12,150 --> 00:26:14,369 using a yes, 256 708 00:26:14,370 --> 00:26:16,709 CBC and then you get a polling 709 00:26:16,710 --> 00:26:18,899 station. This is more or less clear how 710 00:26:18,900 --> 00:26:19,900 this works. 711 00:26:23,270 --> 00:26:25,489 So the question is here, OK, you have all 712 00:26:25,490 --> 00:26:28,249 these all these data 713 00:26:28,250 --> 00:26:30,739 encrypted on the Web server, 714 00:26:30,740 --> 00:26:32,479 it's a secure. 715 00:26:32,480 --> 00:26:34,429 Well, first of all, you can do brute 716 00:26:34,430 --> 00:26:35,869 force because it's just the hash. 717 00:26:35,870 --> 00:26:38,299 Yeah. You can just start trying 718 00:26:39,470 --> 00:26:41,599 to find it out and you 719 00:26:41,600 --> 00:26:44,089 have postcodes and the birth date. 720 00:26:44,090 --> 00:26:46,429 You can group this in divide 721 00:26:46,430 --> 00:26:47,599 and conquer. 722 00:26:47,600 --> 00:26:49,909 And the SC letter here is 723 00:26:49,910 --> 00:26:51,169 a checksum. 724 00:26:51,170 --> 00:26:53,779 You can you can't recalculate 725 00:26:53,780 --> 00:26:56,389 the correct I.D., but you can recalculate 726 00:26:56,390 --> 00:26:58,219 45 ities. 727 00:26:58,220 --> 00:27:00,559 So maybe you can then say some 728 00:27:00,560 --> 00:27:01,629 these look really strange. 729 00:27:01,630 --> 00:27:03,949 I've never seen anything like this. 730 00:27:03,950 --> 00:27:04,939 I can ignore them. 731 00:27:04,940 --> 00:27:07,099 And then you have a reduced 732 00:27:07,100 --> 00:27:09,169 number of ideas that you can, by brute 733 00:27:09,170 --> 00:27:11,359 force, get for one postcode 734 00:27:11,360 --> 00:27:13,429 and one state said, 735 00:27:13,430 --> 00:27:14,899 you know, one of these I don't know, 736 00:27:14,900 --> 00:27:16,510 maybe 15 is correct. 737 00:27:17,790 --> 00:27:20,009 So the question is, how will it is this 738 00:27:20,010 --> 00:27:22,259 data? There was a big discussion 739 00:27:22,260 --> 00:27:24,659 in the media about this and especially 740 00:27:24,660 --> 00:27:26,249 the media against the referendum said 741 00:27:26,250 --> 00:27:28,329 that all the all 742 00:27:28,330 --> 00:27:30,119 of the census of five point three million 743 00:27:30,120 --> 00:27:31,799 people were leaked. 744 00:27:31,800 --> 00:27:33,869 So, first of all, you don't get 745 00:27:33,870 --> 00:27:34,829 the correct idea. 746 00:27:34,830 --> 00:27:37,259 You just get a 747 00:27:37,260 --> 00:27:38,429 reduced number of I.D. 748 00:27:38,430 --> 00:27:41,099 and the NCAA, this public data 749 00:27:41,100 --> 00:27:43,199 in this in the sense that if you 750 00:27:43,200 --> 00:27:45,329 want to open a bank account, you have to 751 00:27:45,330 --> 00:27:46,799 tell your idea. 752 00:27:46,800 --> 00:27:48,989 If you want to get a library card, you 753 00:27:48,990 --> 00:27:51,269 will have to tell 754 00:27:51,270 --> 00:27:54,119 your I.D. or if you, uh, 755 00:27:54,120 --> 00:27:56,189 I don't know if you want to 756 00:27:56,190 --> 00:27:58,109 sign up in not because you think you are 757 00:27:58,110 --> 00:28:00,509 not fit enough, then you have also to 758 00:28:00,510 --> 00:28:02,609 tell your I.D. So say the 759 00:28:02,610 --> 00:28:03,839 person through a lot of friends. 760 00:28:03,840 --> 00:28:06,119 And it's not a top secret data 761 00:28:06,120 --> 00:28:08,519 like for for example, to secure a Social 762 00:28:08,520 --> 00:28:09,520 Security number. 763 00:28:11,300 --> 00:28:13,489 So I think this is an interesting 764 00:28:13,490 --> 00:28:16,279 way of storing data 765 00:28:16,280 --> 00:28:18,319 and massive data in an easy to clone able 766 00:28:18,320 --> 00:28:20,509 website in, I'm not 767 00:28:20,510 --> 00:28:22,699 sure about if it's not, if 768 00:28:22,700 --> 00:28:24,859 it could have been done better. 769 00:28:24,860 --> 00:28:26,959 So if you have any ideas about 770 00:28:26,960 --> 00:28:29,089 this, then just write a blog 771 00:28:29,090 --> 00:28:31,489 post or Twitter about it or whatever 772 00:28:31,490 --> 00:28:32,490 and spread the word. 773 00:28:33,750 --> 00:28:35,819 OK, so 30th of 774 00:28:35,820 --> 00:28:37,739 September, one day before the referendum 775 00:28:37,740 --> 00:28:40,349 actually happened, the federal 776 00:28:40,350 --> 00:28:42,519 police took over the city to a 777 00:28:42,520 --> 00:28:43,949 center of telecommunications and 778 00:28:43,950 --> 00:28:45,239 technology. 779 00:28:45,240 --> 00:28:47,669 And this was because 780 00:28:47,670 --> 00:28:49,799 nearly all the polling stations of 781 00:28:49,800 --> 00:28:51,929 these offices, they 782 00:28:51,930 --> 00:28:55,079 were were 783 00:28:55,080 --> 00:28:57,419 entities of the Catalan government, 784 00:28:57,420 --> 00:28:59,999 especially schools and medical stations. 785 00:29:00,000 --> 00:29:02,789 And the Internet Internet 786 00:29:02,790 --> 00:29:05,189 connection is all through CTT 787 00:29:05,190 --> 00:29:06,869 so they all have a connection to the 788 00:29:06,870 --> 00:29:08,549 city. And from there they go to the 789 00:29:08,550 --> 00:29:10,859 Internet. And so probably they 790 00:29:10,860 --> 00:29:13,409 did this to start to monitor the IPS 791 00:29:13,410 --> 00:29:16,209 to see what traffic actually will be 792 00:29:16,210 --> 00:29:18,389 and will happen on this 793 00:29:18,390 --> 00:29:19,469 on the polling stations. 794 00:29:20,880 --> 00:29:23,189 OK, the 795 00:29:23,190 --> 00:29:24,329 day of the referendum. 796 00:29:27,630 --> 00:29:29,609 I just want to give you a small 797 00:29:29,610 --> 00:29:31,799 impression about how the 798 00:29:31,800 --> 00:29:32,849 how the 799 00:29:34,110 --> 00:29:35,549 situation was on the day of the 800 00:29:35,550 --> 00:29:37,709 referendum, so it was clear 801 00:29:37,710 --> 00:29:39,419 that the federal police will come and 802 00:29:39,420 --> 00:29:41,729 will close down and will try to close 803 00:29:41,730 --> 00:29:43,229 down polling stations by force. 804 00:29:43,230 --> 00:29:44,909 So there were people that were already 805 00:29:44,910 --> 00:29:47,429 sleeping from the day before occupying 806 00:29:47,430 --> 00:29:49,649 the polling stations to hinder 807 00:29:49,650 --> 00:29:51,869 the police to to stop 808 00:29:51,870 --> 00:29:53,559 the police from closing them down. 809 00:29:54,660 --> 00:29:56,579 And in the early in the morning, around 810 00:29:56,580 --> 00:29:58,229 five o'clock, hundreds and thousands of 811 00:29:58,230 --> 00:29:59,729 people gathered in front of polling 812 00:29:59,730 --> 00:30:01,919 stations and stayed there the whole day 813 00:30:01,920 --> 00:30:04,169 trying to block, like 814 00:30:04,170 --> 00:30:05,579 with their bodies, the police from 815 00:30:05,580 --> 00:30:07,679 entering and, for example, 816 00:30:07,680 --> 00:30:09,899 the ballots and the ballot boxes in which 817 00:30:09,900 --> 00:30:11,729 the police, which was searching for 818 00:30:11,730 --> 00:30:14,009 months and metrically, 819 00:30:14,010 --> 00:30:16,469 arrived in the earlier in the early hours 820 00:30:16,470 --> 00:30:18,809 of this day on the polling stations. 821 00:30:21,720 --> 00:30:23,969 So at eight o'clock this morning, there 822 00:30:23,970 --> 00:30:26,099 was a global census 823 00:30:26,100 --> 00:30:28,379 announced by the Catalan government, that 824 00:30:28,380 --> 00:30:30,449 means that you don't need 825 00:30:30,450 --> 00:30:32,279 to go to a specific polling station to 826 00:30:32,280 --> 00:30:33,989 vote, but you could go to any polling 827 00:30:33,990 --> 00:30:36,029 station. And this was done because it was 828 00:30:36,030 --> 00:30:38,489 foreseen that the police will close down 829 00:30:38,490 --> 00:30:40,019 polling stations by force. 830 00:30:40,020 --> 00:30:42,329 And actually, for example, in Barcelona, 831 00:30:42,330 --> 00:30:43,919 one of the first polling stations they 832 00:30:43,920 --> 00:30:45,809 closed down by force was the biggest one 833 00:30:45,810 --> 00:30:46,889 of Barcelona. 834 00:30:46,890 --> 00:30:49,229 So if you want if 835 00:30:49,230 --> 00:30:50,909 you don't have a global census, then 836 00:30:50,910 --> 00:30:51,990 everybody that had 837 00:30:53,070 --> 00:30:55,319 that need to go to this polling station 838 00:30:55,320 --> 00:30:57,479 won't be able to vote in this way. 839 00:30:57,480 --> 00:30:58,480 It was possible. 840 00:31:00,060 --> 00:31:02,189 So the homepage of the 841 00:31:02,190 --> 00:31:04,649 global census, which was a centralized 842 00:31:04,650 --> 00:31:07,199 database where you and 843 00:31:07,200 --> 00:31:08,759 where you registered the I.D. 844 00:31:08,760 --> 00:31:10,379 of the person that had already voted. 845 00:31:10,380 --> 00:31:12,479 So to assure that nobody votes 846 00:31:12,480 --> 00:31:14,579 twice or more than once, 847 00:31:15,630 --> 00:31:17,189 it was really simple. 848 00:31:17,190 --> 00:31:19,409 So this is I have not found a better 849 00:31:19,410 --> 00:31:21,509 picture because it's not online anymore, 850 00:31:21,510 --> 00:31:22,499 obviously. 851 00:31:22,500 --> 00:31:24,149 And it looked like this. 852 00:31:24,150 --> 00:31:26,579 So you had a polling 853 00:31:26,580 --> 00:31:28,709 station and a polling station 854 00:31:28,710 --> 00:31:30,509 idea, which is this one, and then you had 855 00:31:30,510 --> 00:31:32,879 a polling station 856 00:31:32,880 --> 00:31:35,399 password and 857 00:31:35,400 --> 00:31:37,829 those responsible of the polling station 858 00:31:37,830 --> 00:31:40,109 had to enter these to actually register 859 00:31:40,110 --> 00:31:42,269 on the central system, the polling 860 00:31:42,270 --> 00:31:44,909 station, and then you could enter it 861 00:31:44,910 --> 00:31:46,859 here to 862 00:31:47,940 --> 00:31:50,099 and to to 863 00:31:50,100 --> 00:31:52,499 mark people that they have voted. 864 00:31:52,500 --> 00:31:54,899 And then if you if you put the button, 865 00:31:54,900 --> 00:31:56,729 then when they were screened and the 866 00:31:56,730 --> 00:31:58,889 people the person was allowed to put 867 00:31:58,890 --> 00:32:00,089 the ballot in the ballot box. 868 00:32:00,090 --> 00:32:01,769 And if it was red, then you said you 869 00:32:01,770 --> 00:32:02,999 already voted. You are not allowed to 870 00:32:03,000 --> 00:32:04,000 vote again. 871 00:32:05,680 --> 00:32:06,789 And 872 00:32:07,810 --> 00:32:10,149 so it's it seems that 873 00:32:10,150 --> 00:32:12,489 this passport here was 874 00:32:12,490 --> 00:32:14,679 also used for authentication 875 00:32:14,680 --> 00:32:17,439 and encryption of the data because 876 00:32:17,440 --> 00:32:19,509 the whole system had no 877 00:32:19,510 --> 00:32:21,009 tearless certificate. 878 00:32:21,010 --> 00:32:22,539 We will see why. 879 00:32:22,540 --> 00:32:24,669 And and there was, of course, 880 00:32:24,670 --> 00:32:26,949 a timeframe of up time for this 881 00:32:26,950 --> 00:32:29,439 solution, because the 882 00:32:29,440 --> 00:32:31,779 referendum was from 9:00 to 8:00 p.m. 883 00:32:31,780 --> 00:32:33,339 and you can just say, well, we need four 884 00:32:33,340 --> 00:32:35,019 hours to fix this and then we are up 885 00:32:35,020 --> 00:32:36,020 again. 886 00:32:38,130 --> 00:32:40,619 So an Internet connection 887 00:32:40,620 --> 00:32:42,539 in the polling stations, which runs 888 00:32:42,540 --> 00:32:45,089 through CTT, I what I said before, and 889 00:32:45,090 --> 00:32:47,399 it's not totally clear what happened 890 00:32:47,400 --> 00:32:49,499 because there are so many 891 00:32:49,500 --> 00:32:51,239 different information from different 892 00:32:51,240 --> 00:32:52,979 people in different polling stations. 893 00:32:52,980 --> 00:32:55,049 So some got cut off from the net 894 00:32:55,050 --> 00:32:55,949 totally. 895 00:32:55,950 --> 00:32:57,159 Some got cut off. 896 00:32:57,160 --> 00:32:59,169 Only part of the net, for example, either 897 00:32:59,170 --> 00:33:01,769 from Wi-Fi didn't work, but 898 00:33:01,770 --> 00:33:03,899 cable network did work in 899 00:33:03,900 --> 00:33:06,359 some you weren't you could not access 900 00:33:06,360 --> 00:33:09,359 and using the Tor client 901 00:33:09,360 --> 00:33:11,619 and some reporter that also 902 00:33:11,620 --> 00:33:13,889 a block IP addresses got directly 903 00:33:13,890 --> 00:33:16,739 blocked and 904 00:33:16,740 --> 00:33:18,389 some people at some polling station had 905 00:33:18,390 --> 00:33:20,159 alternative access to the net, but that 906 00:33:20,160 --> 00:33:23,189 was a minority. 907 00:33:23,190 --> 00:33:24,429 And so what? 908 00:33:24,430 --> 00:33:26,369 In many polling stations, people did use 909 00:33:26,370 --> 00:33:28,529 their cell phones or they'd 910 00:33:28,530 --> 00:33:30,809 and used 4G access 911 00:33:30,810 --> 00:33:32,939 points or the neighbors opened the 912 00:33:32,940 --> 00:33:35,159 Wi-Fi so that people could access and 913 00:33:35,160 --> 00:33:36,510 so registered voters. 914 00:33:38,010 --> 00:33:40,589 And it was seen that 915 00:33:40,590 --> 00:33:42,959 different apps were blocked by different 916 00:33:42,960 --> 00:33:43,960 ISPs. 917 00:33:46,500 --> 00:33:48,869 And OK, so 918 00:33:50,430 --> 00:33:53,099 the page that was announced by 919 00:33:53,100 --> 00:33:55,379 in the morning was the Domain 920 00:33:55,380 --> 00:33:57,749 Registered Nurses, which used 921 00:33:57,750 --> 00:33:59,759 CloudFlare, they like the other pages 922 00:34:01,200 --> 00:34:03,839 and it was blocked within minutes. 923 00:34:03,840 --> 00:34:05,909 And so so 924 00:34:05,910 --> 00:34:07,979 it wasn't even possible to open the 925 00:34:07,980 --> 00:34:10,229 polling stations in time at nine o'clock, 926 00:34:10,230 --> 00:34:12,599 because when they wanted to 927 00:34:12,600 --> 00:34:14,819 add to connect the two, 928 00:34:14,820 --> 00:34:16,979 register all the polling places, 929 00:34:16,980 --> 00:34:18,569 it didn't work. 930 00:34:18,570 --> 00:34:20,729 So and from this point on and 931 00:34:20,730 --> 00:34:23,158 there were only only IP 932 00:34:23,159 --> 00:34:24,899 addresses were used directly, which were 933 00:34:24,900 --> 00:34:25,900 reverse proxies 934 00:34:27,000 --> 00:34:29,369 for a central server that were somewhere 935 00:34:29,370 --> 00:34:31,029 on the Internet. 936 00:34:31,030 --> 00:34:33,549 And in the in the first hours, 937 00:34:33,550 --> 00:34:36,039 these proxies were attacked through 938 00:34:36,040 --> 00:34:37,988 those attacks all the time and there were 939 00:34:37,989 --> 00:34:40,629 severe connection problems because 940 00:34:40,630 --> 00:34:42,879 they got down quickly. 941 00:34:42,880 --> 00:34:45,158 And so if you 942 00:34:45,159 --> 00:34:47,509 if you're a reverse proxy 943 00:34:47,510 --> 00:34:50,109 didn't work and you had to call a hotline 944 00:34:50,110 --> 00:34:52,329 and say, hey, I'm using this IP address 945 00:34:52,330 --> 00:34:54,459 and it doesn't work, and then it says, 946 00:34:54,460 --> 00:34:56,619 OK, you have to use another one, 947 00:34:56,620 --> 00:34:57,759 you one. 948 00:34:57,760 --> 00:34:59,979 And you can imagine that this is a total 949 00:34:59,980 --> 00:35:01,689 chaos because the responsible of the 950 00:35:01,690 --> 00:35:03,939 polling station can be an 951 00:35:03,940 --> 00:35:06,189 old man which has never used a computer. 952 00:35:06,190 --> 00:35:08,319 And you have to tell him what 953 00:35:08,320 --> 00:35:10,029 is an IP address and where to put this. 954 00:35:10,030 --> 00:35:12,189 So there was a 955 00:35:12,190 --> 00:35:14,679 total chaos and 956 00:35:14,680 --> 00:35:16,659 well, not not chaos, but it was 957 00:35:16,660 --> 00:35:18,039 complicated. Right. 958 00:35:18,040 --> 00:35:20,019 And there was also instant messaging 959 00:35:20,020 --> 00:35:21,909 between people in different polling 960 00:35:21,910 --> 00:35:23,949 stations, which in that changed 961 00:35:23,950 --> 00:35:26,139 information like I'm using this IP or 962 00:35:26,140 --> 00:35:28,329 I tried this when I changed it 963 00:35:28,330 --> 00:35:31,099 in a server, then I could get access. 964 00:35:31,100 --> 00:35:33,219 So there was a lot of communication. 965 00:35:34,690 --> 00:35:35,889 And it was seen that 966 00:35:36,970 --> 00:35:39,789 every time a new IP address 967 00:35:39,790 --> 00:35:41,499 was announced through the hotline and the 968 00:35:41,500 --> 00:35:43,569 polling stations started to use them, 969 00:35:43,570 --> 00:35:45,699 dittos attack was in place right 970 00:35:45,700 --> 00:35:48,249 away. So this is why this 971 00:35:48,250 --> 00:35:50,469 is possible that 972 00:35:50,470 --> 00:35:53,259 the police and 973 00:35:53,260 --> 00:35:56,079 check the content checked the 974 00:35:56,080 --> 00:35:57,759 network connection of the polling 975 00:35:57,760 --> 00:35:59,949 stations or the network of the polling 976 00:35:59,950 --> 00:36:01,989 stations to find out which piece to 977 00:36:01,990 --> 00:36:02,990 block. 978 00:36:04,610 --> 00:36:06,949 OK, so whenever you needed 979 00:36:06,950 --> 00:36:09,919 a new a new reverse proxy 980 00:36:09,920 --> 00:36:11,989 and you needed to reregister 981 00:36:11,990 --> 00:36:14,239 the and your 982 00:36:14,240 --> 00:36:15,979 polling place, so you had to call the 983 00:36:15,980 --> 00:36:18,529 hotline and say, hey, I'm I'm 984 00:36:18,530 --> 00:36:20,989 I'm polling place with Lady 985 00:36:20,990 --> 00:36:23,269 X X, I 986 00:36:23,270 --> 00:36:25,459 want to I need a new I need 987 00:36:25,460 --> 00:36:26,419 I need a new passport. 988 00:36:26,420 --> 00:36:28,429 And they provided you a new passport and 989 00:36:28,430 --> 00:36:30,229 then you could reregister. 990 00:36:30,230 --> 00:36:31,429 So what happened? 991 00:36:31,430 --> 00:36:33,319 Someone was really emotional about the 992 00:36:33,320 --> 00:36:35,779 referendum and historical day 993 00:36:35,780 --> 00:36:38,419 and posted a photo of the 994 00:36:38,420 --> 00:36:39,469 letter there. 995 00:36:39,470 --> 00:36:42,109 The responsible, a responsible 996 00:36:42,110 --> 00:36:44,299 of the polling place got 997 00:36:44,300 --> 00:36:47,629 on Twitter where there was the 998 00:36:47,630 --> 00:36:49,489 the idea of his polling place and the 999 00:36:49,490 --> 00:36:51,289 number of the hotline. 1000 00:36:51,290 --> 00:36:52,610 So someone 1001 00:36:54,500 --> 00:36:56,659 someone took the hotline 1002 00:36:56,660 --> 00:36:57,709 called said he 1003 00:36:58,730 --> 00:37:00,409 said that he is responsible of this 1004 00:37:00,410 --> 00:37:02,689 polling place code and you got 1005 00:37:02,690 --> 00:37:05,389 a new passport and was able to introduce 1006 00:37:05,390 --> 00:37:07,519 some some ideas from 1007 00:37:07,520 --> 00:37:09,649 people he found on the Internet, which 1008 00:37:09,650 --> 00:37:11,449 doesn't mean that he was able to actually 1009 00:37:11,450 --> 00:37:13,699 vote. He was just able to 1010 00:37:13,700 --> 00:37:15,769 and mark 1011 00:37:15,770 --> 00:37:17,839 people has voted that they have 1012 00:37:17,840 --> 00:37:19,129 voted even they haven't. 1013 00:37:19,130 --> 00:37:21,349 So if they would have come later to vote, 1014 00:37:22,610 --> 00:37:24,019 that wouldn't be possible for them. 1015 00:37:25,310 --> 00:37:27,469 And so the problem here was, 1016 00:37:27,470 --> 00:37:28,969 of course, that there was no secure 1017 00:37:28,970 --> 00:37:30,999 communication channel between the police, 1018 00:37:31,000 --> 00:37:32,869 the polling place responsible and the 1019 00:37:32,870 --> 00:37:35,059 hotline, so there was no way for the 1020 00:37:35,060 --> 00:37:37,399 hotline to actually knew if the person 1021 00:37:37,400 --> 00:37:39,259 that called was the responsible of a 1022 00:37:39,260 --> 00:37:41,209 polling place or if it was someone 1023 00:37:42,230 --> 00:37:43,230 who wrote the number. 1024 00:37:44,910 --> 00:37:46,979 OK, so as I said, 1025 00:37:46,980 --> 00:37:49,409 there was a distributed in 1026 00:37:49,410 --> 00:37:51,749 denial of service attack against 1027 00:37:51,750 --> 00:37:53,729 the whole system, and that was organized 1028 00:37:53,730 --> 00:37:55,469 through a forum that's called for 1029 00:37:55,470 --> 00:37:57,599 Cochise's, which is a 1030 00:37:57,600 --> 00:37:59,659 forum about cars where 1031 00:37:59,660 --> 00:38:00,660 car lovers 1032 00:38:01,860 --> 00:38:04,289 talk about a lot of things, and that's 1033 00:38:04,290 --> 00:38:05,729 not only about cars, but about 1034 00:38:05,730 --> 00:38:06,719 everything. 1035 00:38:06,720 --> 00:38:08,429 And there was one user. 1036 00:38:08,430 --> 00:38:10,989 You can find the info 1037 00:38:10,990 --> 00:38:12,749 down here, which is really interesting. 1038 00:38:12,750 --> 00:38:15,989 It's in English and there's one user 1039 00:38:15,990 --> 00:38:17,309 and he's called Alex Thiong'o. 1040 00:38:17,310 --> 00:38:19,139 And it seems that he's from Madrid. 1041 00:38:19,140 --> 00:38:21,029 And he opened the thread in this forum 1042 00:38:21,030 --> 00:38:23,759 and said and ask 1043 00:38:23,760 --> 00:38:26,699 people to help to shut down the system. 1044 00:38:26,700 --> 00:38:28,679 And he wrote in the thread, I want to 1045 00:38:28,680 --> 00:38:30,779 remind you is that it's something that is 1046 00:38:30,780 --> 00:38:32,609 illegal, is not illegal. 1047 00:38:32,610 --> 00:38:35,009 So, yeah, that's an opinion. 1048 00:38:35,010 --> 00:38:35,969 Right. 1049 00:38:35,970 --> 00:38:38,459 And in this thread, 1050 00:38:38,460 --> 00:38:40,619 IP addresses from the 1051 00:38:40,620 --> 00:38:42,959 reverse proxies got published and 1052 00:38:42,960 --> 00:38:45,389 also they updated IP addresses 1053 00:38:45,390 --> 00:38:48,149 that went down because of those attacks. 1054 00:38:48,150 --> 00:38:50,399 So they 1055 00:38:50,400 --> 00:38:51,869 were really working on this. 1056 00:38:51,870 --> 00:38:54,029 And there was a there's 1057 00:38:54,030 --> 00:38:56,549 evidence that the attacks 1058 00:38:56,550 --> 00:38:58,229 actually did happen. 1059 00:38:58,230 --> 00:39:00,419 So it was not just some 1060 00:39:00,420 --> 00:39:02,579 computer, a computer, some 1061 00:39:02,580 --> 00:39:04,649 car lovers sitting in front of 1062 00:39:04,650 --> 00:39:06,809 their computers, pressing F5 1063 00:39:06,810 --> 00:39:09,089 and to see if they can 1064 00:39:09,090 --> 00:39:11,429 if they can deduce the system. 1065 00:39:11,430 --> 00:39:14,009 But there were actually professional 1066 00:39:14,010 --> 00:39:16,109 techniques used and 1067 00:39:16,110 --> 00:39:18,869 it was seen flooding with IP spoofing. 1068 00:39:18,870 --> 00:39:20,819 So the question is, if this were only 1069 00:39:20,820 --> 00:39:24,059 users from the Rakoczy or if they were 1070 00:39:24,060 --> 00:39:26,279 law enforcement agencies involved, 1071 00:39:26,280 --> 00:39:27,719 it is, of course, unknown. 1072 00:39:29,560 --> 00:39:31,509 So on their reserve proxies, they 1073 00:39:31,510 --> 00:39:33,909 introduced Fort Knox to try to mitigate 1074 00:39:33,910 --> 00:39:35,229 the attack and 1075 00:39:36,250 --> 00:39:38,559 after some hours anonymise Barcelona, 1076 00:39:38,560 --> 00:39:40,989 I think it was attacked 1077 00:39:40,990 --> 00:39:42,039 for coaches. 1078 00:39:42,040 --> 00:39:43,569 It serves a forum. 1079 00:39:43,570 --> 00:39:45,669 And so the forum, the website had 1080 00:39:45,670 --> 00:39:47,799 to go it had to go down to 1081 00:39:47,800 --> 00:39:48,800 maintenance 1082 00:39:49,870 --> 00:39:52,029 for maintenance so it wasn't accessible 1083 00:39:52,030 --> 00:39:54,519 anymore. And some other hacker groups 1084 00:39:54,520 --> 00:39:55,810 attacked, attacked 1085 00:39:57,670 --> 00:39:59,739 and did some other attacks. 1086 00:39:59,740 --> 00:40:01,869 These are all described in these 1087 00:40:01,870 --> 00:40:02,829 really good article. 1088 00:40:02,830 --> 00:40:05,019 Unfortunately, it's only in Catalan, 1089 00:40:05,020 --> 00:40:06,249 so. 1090 00:40:06,250 --> 00:40:07,250 Sorry for that. 1091 00:40:09,260 --> 00:40:11,389 OK, so on the day of 1092 00:40:11,390 --> 00:40:13,639 the referendum, we had a we had a whole 1093 00:40:13,640 --> 00:40:15,689 bunch of attacks, so we had the attack 1094 00:40:15,690 --> 00:40:17,749 Internet infrastructure, obviously 1095 00:40:17,750 --> 00:40:19,819 we had filtering techniques used 1096 00:40:19,820 --> 00:40:21,289 and we had a distributed denial of 1097 00:40:21,290 --> 00:40:23,419 service attack and 1098 00:40:23,420 --> 00:40:24,420 an. 1099 00:40:25,410 --> 00:40:28,439 Also this all these attacks 1100 00:40:28,440 --> 00:40:30,779 voting was the 1101 00:40:30,780 --> 00:40:32,879 rotation was able to take place, 1102 00:40:32,880 --> 00:40:35,399 and while the central service 1103 00:40:35,400 --> 00:40:37,709 was the weakest point of the system, so 1104 00:40:37,710 --> 00:40:39,839 I was wondering if it would be 1105 00:40:39,840 --> 00:40:42,029 possible to put this 1106 00:40:42,030 --> 00:40:43,529 in a decentralized manner. 1107 00:40:43,530 --> 00:40:45,659 Right now, the DEA, everybody is 1108 00:40:45,660 --> 00:40:47,129 talking about block chain. 1109 00:40:47,130 --> 00:40:49,109 Maybe there's any possibility to build 1110 00:40:49,110 --> 00:40:50,339 this with a block chain. 1111 00:40:50,340 --> 00:40:51,449 I'm not an expert. 1112 00:40:54,250 --> 00:40:57,279 So the participation 1113 00:40:57,280 --> 00:40:59,559 of the referendum was 43 1114 00:40:59,560 --> 00:41:01,659 percent, which is extremely high, 1115 00:41:01,660 --> 00:41:03,939 I think, because you have to think that 1116 00:41:03,940 --> 00:41:06,339 you could see from the early hours 1117 00:41:06,340 --> 00:41:09,189 in the morning and police officers 1118 00:41:09,190 --> 00:41:10,279 beating up people. 1119 00:41:11,350 --> 00:41:13,329 So it was a real risk to go there and 1120 00:41:13,330 --> 00:41:16,119 vote because they could just come by 1121 00:41:16,120 --> 00:41:18,819 and well, the yes vote won by 1122 00:41:18,820 --> 00:41:20,889 90 percent or something like this. 1123 00:41:20,890 --> 00:41:22,599 And there was like one hundred seventy 1124 00:41:22,600 --> 00:41:25,059 seven thousand people that voted no 1125 00:41:25,060 --> 00:41:27,099 and forty five thousand nine hundred 1126 00:41:27,100 --> 00:41:29,709 thirteen that voted in blanko 1127 00:41:29,710 --> 00:41:31,869 is like 1128 00:41:31,870 --> 00:41:34,419 this a vote like I don't care which 1129 00:41:34,420 --> 00:41:37,089 and which gets actually 1130 00:41:37,090 --> 00:41:39,279 added to the votes of the most voted 1131 00:41:39,280 --> 00:41:41,709 party on this case, on the gets 1132 00:41:41,710 --> 00:41:43,629 added to the votes of the yes to 1133 00:41:43,630 --> 00:41:44,630 independence. 1134 00:41:45,380 --> 00:41:46,380 And 1135 00:41:47,780 --> 00:41:49,369 in the aftermath, it's on the 10th of 1136 00:41:49,370 --> 00:41:51,499 October, the website of 1137 00:41:51,500 --> 00:41:53,299 assembly and in North Catalana got shut 1138 00:41:53,300 --> 00:41:54,289 down again. 1139 00:41:54,290 --> 00:41:56,569 And I say again because the website 1140 00:41:56,570 --> 00:41:58,699 got shut down three times as 1141 00:41:58,700 --> 00:41:59,989 National Catalana is 1142 00:42:01,790 --> 00:42:03,469 is a political organization which 1143 00:42:03,470 --> 00:42:04,730 promotes independence. 1144 00:42:06,190 --> 00:42:08,919 And on the 30th 1145 00:42:08,920 --> 00:42:10,989 of October, several websites from the 1146 00:42:10,990 --> 00:42:12,609 Catalan government got shut down 1147 00:42:14,020 --> 00:42:16,299 and assembling a national 1148 00:42:16,300 --> 00:42:18,459 catalana just a few days 1149 00:42:18,460 --> 00:42:20,739 ago, 19th of December, they took 1150 00:42:20,740 --> 00:42:22,629 legal action against the blockage of 1151 00:42:22,630 --> 00:42:24,879 their website because they 1152 00:42:24,880 --> 00:42:28,359 claim that they never got any information 1153 00:42:28,360 --> 00:42:30,639 that the websites could get shut down 1154 00:42:30,640 --> 00:42:32,169 or blocked and why. 1155 00:42:32,170 --> 00:42:33,760 So they don't even know why. 1156 00:42:36,300 --> 00:42:37,980 So I come to the conclusion 1157 00:42:39,660 --> 00:42:41,339 I think this could be the biggest 1158 00:42:41,340 --> 00:42:43,439 Internet censorship in the European 1159 00:42:43,440 --> 00:42:45,539 Union so far, and I 1160 00:42:45,540 --> 00:42:47,969 think the European Union 1161 00:42:49,500 --> 00:42:51,779 did not condemn sufficiently 1162 00:42:51,780 --> 00:42:53,859 what happened these days. 1163 00:42:53,860 --> 00:42:56,489 And it's really it's 1164 00:42:56,490 --> 00:42:58,379 concerning that the government tried to 1165 00:42:58,380 --> 00:43:01,169 load the censorship responsibility 1166 00:43:01,170 --> 00:43:04,319 to the top top level domain registrar. 1167 00:43:04,320 --> 00:43:06,389 And there was a huge repression against 1168 00:43:06,390 --> 00:43:08,399 the creator of Miro's. 1169 00:43:08,400 --> 00:43:10,679 And these unconventional datastore 1170 00:43:10,680 --> 00:43:13,009 from the home page, 1171 00:43:13,010 --> 00:43:14,339 I think is really interesting. 1172 00:43:14,340 --> 00:43:16,739 And it might need a deeper look to 1173 00:43:16,740 --> 00:43:18,599 understand if this is really secure or 1174 00:43:18,600 --> 00:43:19,600 not. 1175 00:43:19,980 --> 00:43:22,259 And I think the most 1176 00:43:22,260 --> 00:43:24,209 important conclusion of all this is all 1177 00:43:24,210 --> 00:43:26,279 the repression on the street and 1178 00:43:26,280 --> 00:43:27,539 the censorship in Internet. 1179 00:43:27,540 --> 00:43:29,579 The Spanish state was not able to stop 1180 00:43:29,580 --> 00:43:30,580 the referendum. 1181 00:43:31,870 --> 00:43:32,870 And. 1182 00:43:43,360 --> 00:43:44,979 So here are some links about the 1183 00:43:44,980 --> 00:43:46,839 international reaction. 1184 00:43:46,840 --> 00:43:48,639 There are more, but I just put in these 1185 00:43:48,640 --> 00:43:49,719 four links. 1186 00:43:49,720 --> 00:43:51,729 I will upload the slides afterwards so 1187 00:43:51,730 --> 00:43:53,109 you can check them out. 1188 00:43:54,810 --> 00:43:56,999 And yes, thank you a lot and thank you to 1189 00:43:57,000 --> 00:43:58,829 all the people that helped me some my 1190 00:43:58,830 --> 00:44:01,079 name here and there are many 1191 00:44:01,080 --> 00:44:03,089 more that gave me. 1192 00:44:03,090 --> 00:44:05,339 They put me in contact with people that 1193 00:44:05,340 --> 00:44:07,409 gave me explain me there 1194 00:44:07,410 --> 00:44:09,569 and what they experienced on the day. 1195 00:44:09,570 --> 00:44:10,570 Thank you. 1196 00:44:22,860 --> 00:44:25,109 Thank you for going to the 1197 00:44:25,110 --> 00:44:27,359 and a brief announcement 1198 00:44:27,360 --> 00:44:28,769 if you leave through the door. 1199 00:44:28,770 --> 00:44:30,989 Mark B.W., there's a TV crew 1200 00:44:30,990 --> 00:44:33,359 behind that making a recording. 1201 00:44:33,360 --> 00:44:35,549 So if you don't want to be filmed, please 1202 00:44:35,550 --> 00:44:37,439 exit through the door. Might be. 1203 00:44:37,440 --> 00:44:39,059 And we have about 10 minutes left for 1204 00:44:39,060 --> 00:44:41,399 Q&A. And the first question 1205 00:44:41,400 --> 00:44:42,710 shall come from the Internet. 1206 00:44:55,590 --> 00:44:57,159 You don't have any sound. 1207 00:44:57,160 --> 00:44:59,309 OK, then, microphone one, 1208 00:44:59,310 --> 00:45:00,689 please. 1209 00:45:00,690 --> 00:45:03,329 I think that was very, very interesting. 1210 00:45:03,330 --> 00:45:04,859 It seemed like you needed a lot of 1211 00:45:04,860 --> 00:45:07,079 computer expertize to help run 1212 00:45:07,080 --> 00:45:08,999 all of the polling stations on the day 1213 00:45:09,000 --> 00:45:11,219 where those people, volunteers 1214 00:45:11,220 --> 00:45:13,349 are part of the government. 1215 00:45:13,350 --> 00:45:15,389 Is it normal that the government is so 1216 00:45:15,390 --> 00:45:18,279 technically the Catalan government 1217 00:45:18,280 --> 00:45:19,619 as well? 1218 00:45:19,620 --> 00:45:20,620 On the day of 1219 00:45:22,100 --> 00:45:24,179 I think what happened in the 1220 00:45:24,180 --> 00:45:25,739 days before the referendum, there was 1221 00:45:25,740 --> 00:45:28,169 like most 1222 00:45:28,170 --> 00:45:29,849 of the people in Catalonia were really 1223 00:45:29,850 --> 00:45:32,639 upset with the Spanish state and 1224 00:45:32,640 --> 00:45:34,259 were like, this is illegal. 1225 00:45:34,260 --> 00:45:35,999 I don't care. That was like what 1226 00:45:36,000 --> 00:45:38,129 everybody felt like about I don't care 1227 00:45:38,130 --> 00:45:39,329 if it's illegal or not. 1228 00:45:39,330 --> 00:45:41,699 So on the day of the referendum, 1229 00:45:41,700 --> 00:45:43,649 they were like people that 1230 00:45:44,700 --> 00:45:46,289 normally would have go to this polling 1231 00:45:46,290 --> 00:45:48,659 station or they were called because. 1232 00:45:48,660 --> 00:45:50,669 So someone you are you have you have some 1233 00:45:50,670 --> 00:45:51,869 computer expertize. 1234 00:45:51,870 --> 00:45:53,159 Come by, help us. 1235 00:45:53,160 --> 00:45:54,509 The network is not working. 1236 00:45:54,510 --> 00:45:56,429 So there was no official 1237 00:45:57,510 --> 00:45:59,699 organization of this but the Catalan 1238 00:45:59,700 --> 00:46:01,649 government as far as as far as I know. 1239 00:46:01,650 --> 00:46:03,869 But it was just the 1240 00:46:03,870 --> 00:46:06,029 people spontaneously helped 1241 00:46:06,030 --> 00:46:07,030 each other. 1242 00:46:11,120 --> 00:46:13,699 Hello, and I have a question, 1243 00:46:13,700 --> 00:46:16,039 a question about that, the 1244 00:46:16,040 --> 00:46:18,649 censorship was quite brutal. 1245 00:46:18,650 --> 00:46:20,719 So are there any legal 1246 00:46:20,720 --> 00:46:22,819 actions that are going on against 1247 00:46:22,820 --> 00:46:24,949 Spain? Because if there is 1248 00:46:24,950 --> 00:46:27,859 nothing going on against this country, 1249 00:46:27,860 --> 00:46:29,809 the next time another country will do the 1250 00:46:29,810 --> 00:46:32,239 same because they have nothing to lose. 1251 00:46:38,990 --> 00:46:41,089 Well, I don't know of any 1252 00:46:41,090 --> 00:46:43,669 apart from what I explained 1253 00:46:43,670 --> 00:46:45,889 from the ANC, from the assembly 1254 00:46:45,890 --> 00:46:47,959 on National Catalana, which did some 1255 00:46:47,960 --> 00:46:50,449 legal action, I think 1256 00:46:50,450 --> 00:46:52,819 I mean, for example, European Union hides 1257 00:46:52,820 --> 00:46:54,949 behind the fact that the 1258 00:46:54,950 --> 00:46:57,589 Supreme Court of Spain declared the 1259 00:46:57,590 --> 00:46:59,899 referendum unconstitutional 1260 00:46:59,900 --> 00:47:01,669 and therefore all the censorship was 1261 00:47:01,670 --> 00:47:02,719 legal in some way. 1262 00:47:05,580 --> 00:47:08,159 OK, next question goes to the Internet. 1263 00:47:08,160 --> 00:47:10,229 So, uh, why 1264 00:47:10,230 --> 00:47:13,079 did you use, uh, password 1265 00:47:13,080 --> 00:47:15,449 notification instead of, uh, 1266 00:47:15,450 --> 00:47:17,999 I keep hearing on 1267 00:47:18,000 --> 00:47:19,000 cert? 1268 00:47:20,680 --> 00:47:22,049 You mean on the day of the referendum, 1269 00:47:22,050 --> 00:47:24,389 right? Yeah, uh, well, 1270 00:47:24,390 --> 00:47:25,919 I don't know, because I didn't build the 1271 00:47:25,920 --> 00:47:27,989 system, so I don't know why 1272 00:47:27,990 --> 00:47:30,449 not, but I think it wasn't used because 1273 00:47:30,450 --> 00:47:32,639 it was foreseen that the rebels 1274 00:47:32,640 --> 00:47:34,589 proxies will be attacked. 1275 00:47:34,590 --> 00:47:37,439 And from what I know, you have to 1276 00:47:37,440 --> 00:47:39,749 you would need a certificate for each IP 1277 00:47:39,750 --> 00:47:41,309 address, for each domain. 1278 00:47:41,310 --> 00:47:43,379 And that was not possible because it 1279 00:47:43,380 --> 00:47:45,929 was like and we had 1280 00:47:45,930 --> 00:47:48,209 someone put up a new universal proxy, 1281 00:47:48,210 --> 00:47:49,859 it get attacked. You have to get a new 1282 00:47:49,860 --> 00:47:51,959 one. And it was like it was like 1283 00:47:51,960 --> 00:47:53,759 a cat and mouse all the day long. 1284 00:47:53,760 --> 00:47:55,039 So that wouldn't be feasible. 1285 00:47:57,250 --> 00:47:58,269 OK, microphone to 1286 00:47:59,650 --> 00:48:00,959 thanks for the talk. 1287 00:48:00,960 --> 00:48:04,089 My question is regarding Telefónica, 1288 00:48:04,090 --> 00:48:06,429 did they block, based on government 1289 00:48:06,430 --> 00:48:08,499 requests, one website at a 1290 00:48:08,500 --> 00:48:10,659 time or did they block based 1291 00:48:10,660 --> 00:48:13,209 on the whole referendum was illegal? 1292 00:48:13,210 --> 00:48:15,339 I see a website based for a 1293 00:48:15,340 --> 00:48:17,289 referendum. I block it now. 1294 00:48:17,290 --> 00:48:19,689 So who blocked or what 1295 00:48:19,690 --> 00:48:20,709 decision? 1296 00:48:20,710 --> 00:48:22,779 I don't know, to be honest, I don't know. 1297 00:48:22,780 --> 00:48:24,819 But I suppose that they blocked on this 1298 00:48:24,820 --> 00:48:26,799 on the warrants. On the court orders they 1299 00:48:26,800 --> 00:48:29,169 got. But I can't tell you for sure. 1300 00:48:29,170 --> 00:48:30,170 Thanks. 1301 00:48:32,000 --> 00:48:34,669 OK, any last question from the Internet? 1302 00:48:34,670 --> 00:48:36,769 Yep, um, 1303 00:48:38,180 --> 00:48:40,579 how many people were involved 1304 00:48:40,580 --> 00:48:42,979 in the war undertaking, 1305 00:48:42,980 --> 00:48:44,689 if you have any idea? 1306 00:48:44,690 --> 00:48:45,649 I have no idea. 1307 00:48:45,650 --> 00:48:47,899 It's totally unclear 1308 00:48:47,900 --> 00:48:49,729 who this was or how many people these 1309 00:48:49,730 --> 00:48:51,469 were, these activists. 1310 00:48:54,660 --> 00:48:56,519 OK, any other questions? 1311 00:48:56,520 --> 00:48:58,619 Oh, you know, 1312 00:48:58,620 --> 00:49:00,839 it's OK. It was just a precedent 1313 00:49:00,840 --> 00:49:03,209 to say it wasn't a technical 1314 00:49:03,210 --> 00:49:05,459 part and not every 1315 00:49:05,460 --> 00:49:08,369 management of people who you 1316 00:49:08,370 --> 00:49:11,039 add for the undertaking. 1317 00:49:11,040 --> 00:49:13,319 But I think you will say 1318 00:49:13,320 --> 00:49:14,320 the same answer. 1319 00:49:15,400 --> 00:49:17,879 I didn't understand your question. 1320 00:49:17,880 --> 00:49:20,039 No, the people in Internet just 1321 00:49:20,040 --> 00:49:22,529 wanted to precise their question 1322 00:49:22,530 --> 00:49:24,899 and say the number 1323 00:49:24,900 --> 00:49:27,569 of people they want to know is about 1324 00:49:27,570 --> 00:49:29,339 technical people. 1325 00:49:29,340 --> 00:49:31,499 But it's I think it's the same 1326 00:49:31,500 --> 00:49:33,269 answer. Not from you. Yeah, well, that 1327 00:49:33,270 --> 00:49:35,189 you mean like the people and the people 1328 00:49:35,190 --> 00:49:37,079 on the polling stations that help each 1329 00:49:37,080 --> 00:49:38,069 other? I don't know. 1330 00:49:38,070 --> 00:49:40,319 But I suppose thousands or 1331 00:49:40,320 --> 00:49:41,609 thousands at least. 1332 00:49:41,610 --> 00:49:43,650 But I can tell you, I have no idea. 1333 00:49:46,930 --> 00:49:49,059 OK, since it seems there are no further 1334 00:49:49,060 --> 00:49:51,189 questions, I thank you all for keeping 1335 00:49:51,190 --> 00:49:53,439 your questions brief and to the point 1336 00:49:53,440 --> 00:49:55,449 when you leave, please take your trash 1337 00:49:55,450 --> 00:49:57,639 with you and 1338 00:49:57,640 --> 00:49:58,640 wash your hands.