1 00:00:00,000 --> 00:00:18,940 *36C3 preroll music* 2 00:00:18,940 --> 00:00:23,630 Herald Angel: Good evening, everyone. Our next speaker is a historian and she is 3 00:00:23,630 --> 00:00:29,360 rolling back time for us, 30 years to the very beginnings of the Chaos Computer Club 4 00:00:29,360 --> 00:00:36,820 and taking a closer look at the KGB hack, the infamous KGB hack and what Karl Koch 5 00:00:36,820 --> 00:00:43,180 did back them. So let's journey back to the 80s with Anja Drephal. 6 00:00:43,180 --> 00:00:54,210 *Applause* 7 00:00:54,210 --> 00:01:02,640 Anja Drephal: Thank you. I was hoping to see my presentation. 8 00:01:02,640 --> 00:01:04,391 *laughter* Drephal: Why am I not seeing my 9 00:01:04,391 --> 00:01:08,490 presentation, my slides? 10 00:01:18,350 --> 00:01:20,860 Yes. Thank you. 11 00:01:36,820 --> 00:02:00,632 *Dial-up noises* 12 00:02:13,900 --> 00:02:24,100 Drephal: Thank you. *Applause.* 13 00:02:24,940 --> 00:02:31,030 Drephal: That applause, guys, goes to my amazing hacker who did this little video 14 00:02:31,030 --> 00:02:32,880 as a start to my presentation. Thank you. 15 00:02:38,770 --> 00:02:43,824 Why? No ... *Laughter* 16 00:02:43,824 --> 00:02:45,415 Drephal: I guess we'll have to do it again. 17 00:02:45,415 --> 00:02:48,001 No, no. What is happening? 18 00:02:53,437 --> 00:02:55,363 No, no, no, no, no. 19 00:02:55,667 --> 00:02:59,050 Okay, okay. Welcome to 1989. 20 00:02:59,326 --> 00:03:05,950 Before I start, I have to say, when you start researching a topic like the KGB hack, 21 00:03:05,950 --> 00:03:11,859 you suddenly find out there are so many sources, not just books that have been 22 00:03:11,859 --> 00:03:17,409 written, movies that have been made, documentaries. There's articles in 23 00:03:17,409 --> 00:03:22,549 newspapers, on the internet. There's podcasts you can listen to that go into 24 00:03:22,549 --> 00:03:28,620 every little detail of this case, every little detail of the early history of the 25 00:03:28,620 --> 00:03:35,549 CCC, the early history of the Internet as it is, and due to time constraints that we 26 00:03:35,549 --> 00:03:43,139 have, I'm going to have to simplify quite a few things to just, you know, give you 27 00:03:43,139 --> 00:03:49,239 an overview and tell you a story about this topic. And I'm counting on you to 28 00:03:49,239 --> 00:03:56,209 raise questions, in the end, at our Q&A, to maybe go into more detail if you find 29 00:03:56,209 --> 00:04:00,310 out, OK, there is something that should have been a little more detailed is 30 00:04:00,310 --> 00:04:04,819 something that, hey, I know about - something about this because I'm sure a 31 00:04:04,819 --> 00:04:12,360 lot of you know maybe more than me about this story. So that's something that I'm 32 00:04:12,360 --> 00:04:19,400 hoping we can do in 45 minutes, 40 minutes. First of all, I'd like to ask a 33 00:04:19,400 --> 00:04:28,660 question - two questions to the audience. Does anyone here think that this talk 34 00:04:28,660 --> 00:04:31,744 might mention their name? 35 00:04:35,624 --> 00:04:38,510 Yes. Who are you? 36 00:04:38,510 --> 00:04:43,290 *Laughter* Drephal: Well, I'm not going to mention 37 00:04:43,290 --> 00:04:49,620 any real names except for one. So maybe you would like to join us in the end. Or 38 00:04:49,620 --> 00:04:55,190 you know, if not, then not. Second question, is anyone here who attended 39 00:04:55,190 --> 00:05:04,850 Congress in the 1980s? Excellent. Well, personally, I did not because I was busy 40 00:05:04,850 --> 00:05:12,060 with kindergarten and elementary school and stuff. My first Congress was in 2012 41 00:05:12,060 --> 00:05:19,400 when a friend of mine introduced me to the Chaos Computer Club. I went to Hamburg. 42 00:05:19,400 --> 00:05:24,820 I spent four amazing days at Congress, and in the end I thought, oh my God, this is 43 00:05:24,820 --> 00:05:30,870 so great. And I thought, OK, what could I give back to this amazing community? What 44 00:05:30,870 --> 00:05:39,370 could I add to this experience? And I'm not a hacker or very much into tech, but 45 00:05:39,370 --> 00:05:44,450 I'm a historian. I can tell you history, and I'm very thankful that the content 46 00:05:44,450 --> 00:05:50,710 team has now invited me for the fourth time to tell you about history. I'm very 47 00:05:50,710 --> 00:05:56,430 thankful that this talk has gotten a slot on day one, because I think it's the 48 00:05:56,430 --> 00:06:04,330 perfect time to take a look back at what was, to take a look at what has changed, 49 00:06:04,330 --> 00:06:11,640 to remember those who unfortunately cannot be here today and then spend three more 50 00:06:11,640 --> 00:06:22,040 days in the present, at this Congress. So let me set the scene for you. It's 1989, 51 00:06:22,040 --> 00:06:29,520 especially it's March 1989. In March, 1989, the world was still very much 52 00:06:29,520 --> 00:06:35,080 divided. Germany was still divided into West Germany and the German Democratic 53 00:06:35,080 --> 00:06:47,083 Republic. And looking at Leipzig in March 1989, we had the spring fair. Not here, 54 00:06:47,083 --> 00:06:53,720 but in the old fairgrounds. And the German Democratic Republic proudly presented 55 00:06:53,720 --> 00:07:00,340 their latest and greatest in technology. They had just developed a four megabit 56 00:07:00,340 --> 00:07:07,390 hybrid memory - four megabits. Unfortunately, it was way too expensive to 57 00:07:07,390 --> 00:07:16,800 make it on the world market. But they were proud. West Germany had its own issues. 58 00:07:16,800 --> 00:07:23,610 *Laughter* Drephal: Difficult times. People had to 59 00:07:23,610 --> 00:07:29,370 wear stone washed jeans and pastel colored sweaters. Number one hit in the West 60 00:07:29,370 --> 00:07:35,090 German charts in March was David Hasselhoff, Looking for Freedom. And Bill 61 00:07:35,090 --> 00:07:39,500 and Ted were going on an excellent adventure. Sequel is coming out next year, 62 00:07:39,500 --> 00:07:43,210 don't miss it. *Laughter* 63 00:07:43,210 --> 00:07:47,250 Drephal: Speaking about television, private television in West Germany was 64 00:07:47,250 --> 00:07:52,430 still very much in its infancy. Most people still had three television channels 65 00:07:52,430 --> 00:07:58,170 first, second, third and they got their information from the television. The first 66 00:07:58,170 --> 00:08:05,110 program showed the news every night at 8:00. People watched it, much more than 67 00:08:05,110 --> 00:08:11,130 today. And sometimes the first German television had a special program called Im 68 00:08:11,130 --> 00:08:18,061 Brennpunkt, In Focus. That always came out when something was so exciting, so 69 00:08:18,061 --> 00:08:22,100 newsworthy that it couldn't be sufficiently dealt with in the normal 70 00:08:22,100 --> 00:08:29,940 news. So on March 2nd, 1989, the first German television showed this. 71 00:08:29,940 --> 00:08:35,135 *Music* 72 00:08:35,135 --> 00:08:40,330 Drephal: Why isn't it moving? Oh, come on, 73 00:08:40,330 --> 00:08:46,461 please. It's moving on my screen. *TV moderator speaking in German* 74 00:08:54,531 --> 00:08:57,530 Drephal: Would have been nice, if... *TV moderator speaking in German* 75 00:09:07,350 --> 00:09:10,070 Drephal: Well, okay, if it had been moving, you would have seen a dude in a 76 00:09:10,070 --> 00:09:16,620 suit telling you that the biggest spy case since Günter Guillaume has just been 77 00:09:16,620 --> 00:09:22,310 uncovered. Günter Guillaume was an East German spy who worked closely in the 78 00:09:22,310 --> 00:09:28,800 offices of German Chancellor Willy Brandt in the 1970s. He worked for the East 79 00:09:28,800 --> 00:09:33,180 German Secret Service, and when he was uncovered, the Chancellor had to step 80 00:09:33,180 --> 00:09:42,050 down. So apparently in March 1989, we have a spy case of German hackers working for 81 00:09:42,050 --> 00:09:50,550 the KGB that is as big as Günter Guillaume. Spoiler: It was not. But 82 00:09:50,550 --> 00:09:55,040 anyway. How is that even possible? How can you, how can German hackers work for the 83 00:09:55,040 --> 00:10:01,740 KGB in 1989? How can they hack anything over the Internet? Well, there is no 84 00:10:01,740 --> 00:10:13,970 Internet. What there is, is basically this. Let's say, in the mid 1980s, you're 85 00:10:13,970 --> 00:10:21,130 a teenager and you've got a computer for Christmas. Lucky you. So what can you do 86 00:10:21,130 --> 00:10:28,700 with it? There's no Internet. There are computers that are connected. Big 87 00:10:28,700 --> 00:10:33,820 computers made by IBM and by VAX that are standing in universities, research 88 00:10:33,820 --> 00:10:43,260 institutions, military institutions, big companies. And you have, in the 1980s, a 89 00:10:43,260 --> 00:10:49,070 network that you can actually dial in to from your home. So you have a phone that's 90 00:10:49,070 --> 00:10:54,260 connected to a wall, usually, if it's not cut off, and you have a computer and if 91 00:10:54,260 --> 00:11:01,250 you're lucky, you have a sort of modem. It's called an acoustic coupler. We have 92 00:11:01,250 --> 00:11:09,170 one here for the C64. The most famous one was the data phone, it's bigger, but this 93 00:11:09,170 --> 00:11:15,450 one basically works the same. You strap your phone to it and you call your local 94 00:11:15,450 --> 00:11:25,140 post office. And your local post office in the 1980s has a network called Data XP, 95 00:11:25,140 --> 00:11:33,420 which stands for data exchange packet based. It's based on the X.25 protocol and 96 00:11:33,420 --> 00:11:41,500 it gives you the opportunity to connect to computers all over Germany and all over 97 00:11:41,500 --> 00:11:46,480 Europe and actually all over the world. What you need is a network user 98 00:11:46,480 --> 00:11:53,170 identification, a so-called new NUI, which is expensive. The call to your local post 99 00:11:53,170 --> 00:11:57,480 office, not so much, especially in West Berlin, which was known as sort of a 100 00:11:57,480 --> 00:12:03,000 hacker's paradise because local calls cost only twenty three Pfennig, twenty three 101 00:12:03,000 --> 00:12:09,940 cents, not per minute, but per call. So if you had a network user identification from 102 00:12:09,940 --> 00:12:18,140 somewhere, you could just call your local data XP office and connect. These NUIs 103 00:12:18,140 --> 00:12:25,240 were expensive, but you could find them, for example, at the computer fair in 104 00:12:25,240 --> 00:12:30,460 Hanover because people weren't watching their screens, their terminals, and maybe 105 00:12:30,460 --> 00:12:35,230 you could look over somebody's shoulder and see their log in and use it and run up 106 00:12:35,230 --> 00:12:40,880 charges of thousands of marks and then you can connect to message boards, which is a 107 00:12:40,880 --> 00:12:48,100 bit, well, not so exciting. Much more exciting is the big computers standing at 108 00:12:48,100 --> 00:12:58,839 institutions and companies. And so, through this, possibility, these 109 00:12:58,839 --> 00:13:08,600 possibilities, this network comes a hacker scene in the 1980s of mostly young people, 110 00:13:08,600 --> 00:13:16,300 teenagers, young guys, not so many girls, who connect to these big computers because 111 00:13:16,300 --> 00:13:21,420 they can, because they're there and they're interesting. And you just want to 112 00:13:21,420 --> 00:13:33,600 see what's on them. Especially infamous was CERN, the nuclear research 113 00:13:33,600 --> 00:13:39,980 organization in Switzerland, where at some point hackers were actually 114 00:13:39,980 --> 00:13:45,980 having kind of parties in the system connecting to the computers and chatting 115 00:13:45,980 --> 00:13:55,120 with the systems managers who were a bit annoyed because they had work to do, but 116 00:13:55,120 --> 00:14:00,996 not that bothered because it wasn't really seen as anything that could harm them. And 117 00:14:00,996 --> 00:14:07,190 the point was to go into these computers because you can to show that you can and 118 00:14:07,190 --> 00:14:12,550 to have some fun and not because you're a criminal or you want to take some data or 119 00:14:12,550 --> 00:14:27,570 make money off it, but just as a sport. And now... and in this scene, the Chaos 120 00:14:27,570 --> 00:14:37,640 Computer Club also established itself as sort of a mediator between these hackers 121 00:14:37,640 --> 00:14:46,390 and the institutions and companies that were being broken into. Always stressing 122 00:14:46,390 --> 00:14:52,930 that when you're hacking, you should do it with an ethical approach. Never, you know, 123 00:14:52,930 --> 00:14:58,140 doing any harm. Being excellent. Not making any money. And for God's sake, 124 00:14:58,140 --> 00:15:03,029 staying away from military or Secret Service computers, don't touch those. 125 00:15:03,029 --> 00:15:10,370 Here's a quote on one of the first Congresses, which I think sounds pretty 126 00:15:10,370 --> 00:15:18,279 much like today. This amazing experience and the news crews interested and 127 00:15:18,279 --> 00:15:28,060 reporting on what's happening with these sort of harmless tech freaks and hackers 128 00:15:28,060 --> 00:15:37,029 that were just having fun. And this is the scene where a group of young men met in 129 00:15:37,029 --> 00:15:43,540 the mid 1980's and started hanging out, started sitting in front of computers, 130 00:15:43,540 --> 00:15:49,190 hacking together, talking, consuming drugs, also, and just, you know, having 131 00:15:49,190 --> 00:15:59,370 fun. And these are their nicknames. They were all, sort of, some were programmers, 132 00:15:59,370 --> 00:16:06,170 some were teenagers who were into hacking. One of them, the last one here, wasn't 133 00:16:06,170 --> 00:16:11,680 really a hacker. He worked at a casino and he made some money on his side selling 134 00:16:11,680 --> 00:16:16,649 drugs. And they were just hanging out and and just feeling like they were the 135 00:16:16,649 --> 00:16:24,690 greatest. They were... Someone has compared them to sort of graffiti kids. 136 00:16:24,690 --> 00:16:28,890 They did it because they could, just leaving their mark everywhere in the 137 00:16:28,890 --> 00:16:38,430 computers. And... Well, they were just, you know, talking and somebody had the idea, 138 00:16:38,430 --> 00:16:43,430 OK, what can we do to get recognized as the greatest hackers or how can we make 139 00:16:43,430 --> 00:16:50,480 something off it? There's always the issue of money problems that you might have, 140 00:16:50,480 --> 00:16:57,610 stupid ideas that you have when you're a teenager or a young kid. And one of them 141 00:16:57,610 --> 00:17:01,005 came up with the idea, Hey, I know somebody in East Berlin who might be 142 00:17:01,005 --> 00:17:06,959 interested in what we're doing and maybe we could sell that. I know someone, a 143 00:17:06,959 --> 00:17:11,980 Russian, and it might be, you know, it might actually be a contribution to world 144 00:17:11,980 --> 00:17:16,359 peace because the Russians need technology that they don't have and we have it. We 145 00:17:16,359 --> 00:17:24,449 could kind of equalize the scales a bit. It's a stupid idea, of course. But this 146 00:17:24,449 --> 00:17:31,760 guy, Pedro, his name was Peter, he actually went to East Berlin, walked into 147 00:17:31,760 --> 00:17:37,049 the Soviet trade mission and said he wanted to talk someone about a deal, super 148 00:17:37,049 --> 00:17:47,200 stupid, walking in the front door and someone actually listened to him. A guy 149 00:17:47,200 --> 00:17:52,310 who introduced himself as Sergei, who officially worked at the trade mission, 150 00:17:52,310 --> 00:18:02,810 which in my opinion means KGB, was willing to listen and our hackers offered, OK, we 151 00:18:02,810 --> 00:18:08,500 can get you like log-ins to computers in West Germany and even America. We can even 152 00:18:08,500 --> 00:18:14,170 teach you how to hack, you know, for like a million marks. How about that? And 153 00:18:14,170 --> 00:18:20,490 Sergei was like, Okay, that's nice, but I need something else. Because he had a 154 00:18:20,490 --> 00:18:31,559 shopping list which came pretty much directly from the embargo list made by the 155 00:18:31,559 --> 00:18:38,600 Coordinating Committee on Multilateral Export Controls. There was an embargo, 156 00:18:38,600 --> 00:18:47,210 technology and, yeah, electronic parts. Computers weren't allowed to be sold into 157 00:18:47,210 --> 00:18:52,700 the Soviet Union or the Eastern Bloc in general. And that was basically his 158 00:18:52,700 --> 00:18:58,200 shopping list. What the Soviets wanted was not so much, you know, log-ins to military 159 00:18:58,200 --> 00:19:04,431 computers. They wanted source code, for example... According to the sources, he 160 00:19:04,431 --> 00:19:09,090 actually had a list that said, OK, UNIX source code, twenty five thousand marks, 161 00:19:09,090 --> 00:19:14,290 maybe a compiler for this and that, five thousand marks. And our hackers were able 162 00:19:14,290 --> 00:19:20,080 to provide. They didn't exactly make a million, but about ninety thousand marks 163 00:19:20,080 --> 00:19:23,899 exchanged hands in the following months. 164 00:19:23,899 --> 00:19:30,480 Until a systems administrator in 165 00:19:30,480 --> 00:19:35,920 California noticed something. And now I have to tell you, the legend of Clifford 166 00:19:35,920 --> 00:19:45,170 Stoll. Clifford Stoll has become famous for uncovering the KGB hackers, and a sort 167 00:19:45,170 --> 00:19:51,410 of legend has been built around him, telling his story again and again. He, 168 00:19:51,410 --> 00:19:56,960 there was a funny documentary made. He had a book coming out. And there are some 169 00:19:56,960 --> 00:20:03,670 weird aspects in this story, but maybe we can talk about them later. So, first of 170 00:20:03,670 --> 00:20:10,300 all, I'm just going to give you the story as he tells it. And I would like to show 171 00:20:10,300 --> 00:20:18,080 you, because you can describe this man, but you just have to see him. And if this 172 00:20:18,080 --> 00:20:23,040 video isn't working again, then I'm gonna be a really, really sad. Please. 173 00:20:23,040 --> 00:20:26,691 TV announcer: Tonight, on Nova... Drephal: Are you fucking kidding me? 174 00:20:26,691 --> 00:20:30,590 TV character 1: Where's Decker again? TV character 2: He's in an Army Base. 175 00:20:30,590 --> 00:20:35,620 *Gibberish* TV announcer: A lone scientist is on the 176 00:20:35,620 --> 00:20:38,820 trail of a computer spy... Drephal: Yeah, because that would be 177 00:20:38,820 --> 00:20:43,910 really awesome if we could actually watch it. 178 00:20:43,910 --> 00:21:02,799 *Shouting* Drephal: Huh? Oh, man. Um, can we just go 179 00:21:02,799 --> 00:21:14,229 to the slide that we need, maybe? This is... okay. Should we try it? Well, it 180 00:21:14,229 --> 00:21:23,783 shows a picture at least. That's good. Yeah. Let's just try this. Do some-thing. 181 00:21:23,783 --> 00:21:26,340 Technical Angel: You have to start the presentation. 182 00:21:26,340 --> 00:21:39,271 Drephal: Yeah, I'm trying. Here, right? Oh, no. Come on, come on. Well, we're 183 00:21:39,271 --> 00:21:43,230 going to get there. 184 00:21:43,230 --> 00:21:45,610 TV announcer: Tonight, on Nova... 185 00:21:45,610 --> 00:21:48,530 Drephal: Yes! *Applause* 186 00:21:48,530 --> 00:21:55,540 TV announcer: A lone scientist on the trail of a computer spy. The hacker is out 187 00:21:55,540 --> 00:21:59,120 there somewhere, raiding computers, stealing government files. 188 00:21:59,120 --> 00:22:02,440 Clifford Stoll: Hi, Manny. Some computer hacker's looking for him. 189 00:22:02,440 --> 00:22:06,299 TV announcer: The true story of Cliff Stoll's real life adventure, featuring the 190 00:22:06,299 --> 00:22:12,070 actual participants recreating the events is The KGB, The Computer and Me. 191 00:22:12,070 --> 00:22:14,365 *Laughter* 192 00:22:14,365 --> 00:22:19,280 Drephal: I like his hair. Okay, so, 193 00:22:19,280 --> 00:22:25,740 Clifford Stoll's story is that he was a systems administrator at Lawrence Berkeley 194 00:22:25,740 --> 00:22:32,480 Laboratory and he noticed in his accounting system 75 cents missing because 195 00:22:32,480 --> 00:22:39,460 some user had accrued 75 cents of computer time and not paid for it. And he found out 196 00:22:39,460 --> 00:22:44,770 that there was a weird user he didn't know. And he just deleted him. A couple of 197 00:22:44,770 --> 00:22:49,400 days later, somebody else was on his computer and had system privileges. And he 198 00:22:49,400 --> 00:22:54,240 says, he just got interested. He didn't want to shut this person out, he wanted to 199 00:22:54,240 --> 00:23:01,000 know who it was and what they were doing. So he started tracking whoever was coming 200 00:23:01,000 --> 00:23:07,350 into his computers for months, actually a whole year in the end, that he was 201 00:23:07,350 --> 00:23:16,690 tracking this person. He got help from a friendly district attorney who got him a 202 00:23:16,690 --> 00:23:25,910 warrant to trace the phone lines. And, long story short... Can you actually see 203 00:23:25,910 --> 00:23:33,880 something? That's nice. He found out that his intruder came in through TimeNet, the 204 00:23:33,880 --> 00:23:39,660 equivalent, the American equivalent of Data XP. And he wasn't even in the US. He 205 00:23:39,660 --> 00:23:46,560 was in Germany. He came in through Data XP at the University of Bremen. And the trace 206 00:23:46,560 --> 00:23:51,250 ended in Hanover. And in Hanover, the problem was that they had really old 207 00:23:51,250 --> 00:23:58,679 switches from the 1950s, and it would have taken about an hour to track the hacker 208 00:23:58,679 --> 00:24:07,730 back to his own phone at home. And the problem was the hacker never stayed long 209 00:24:07,730 --> 00:24:13,190 enough on Stoll's computers. He used them as a gateway to get into much more 210 00:24:13,190 --> 00:24:21,990 interesting computers. For example, the Pentagon database at the Pentagon, the Air 211 00:24:21,990 --> 00:24:30,930 Force, the Navy, the Army, even Army computers in Japan. Computers in the 212 00:24:30,930 --> 00:24:38,690 Ramstein, Germany. So Stoll was at a loss: How to keep him in a system long enough so 213 00:24:38,690 --> 00:24:45,070 he could actually, or the German post could actually track this person back to 214 00:24:45,070 --> 00:24:52,460 his own phone line. So he says that his girlfriend came up with the idea: If 215 00:24:52,460 --> 00:24:56,330 there's nothing on your computer that interests him, then then put something 216 00:24:56,330 --> 00:25:01,280 there. Put some files there that look super secret and are super big so that he 217 00:25:01,280 --> 00:25:09,740 needs time to look at them. And that actually worked. They made up a bunch of 218 00:25:09,740 --> 00:25:14,370 Big Data and they even put in a mailing list that said, OK, if you want more 219 00:25:14,370 --> 00:25:19,980 information about Strategic Defense Initiative, also known as Star Wars, send 220 00:25:19,980 --> 00:25:25,660 us a letter because it's so much data, we have to send it through the post. And 221 00:25:25,660 --> 00:25:32,370 surprisingly enough, that worked. First of all, The German post was able to track 222 00:25:32,370 --> 00:25:39,802 Clifford Stoll's hacker back to the house of one of our KGB hackers, Urmel. 223 00:25:39,802 --> 00:25:44,049 His apartment was searched, his office was searched, but the police didn't really 224 00:25:44,049 --> 00:25:47,970 know what they were looking for because they didn't find any disk that said Super 225 00:25:47,970 --> 00:25:54,750 Secret SDInet Files or something and nothing much came of it. And the second 226 00:25:54,750 --> 00:25:58,651 thing that happened was that somebody actually answered this mailing list. 227 00:25:58,651 --> 00:26:04,440 A Hungarian immigrant in Pittsburgh sent a letter to Clifford Stoll asking for 228 00:26:04,440 --> 00:26:10,600 information on SDInet files. Was he working for the KGB or was he working for 229 00:26:10,600 --> 00:26:14,145 somebody else? It's a weird story. 230 00:26:14,145 --> 00:26:20,566 In any case, so, in the summer of 1987, Clifford 231 00:26:20,566 --> 00:26:25,559 Stoll finally knew, OK, there's some dude in Germany who's been hacking my computer, 232 00:26:25,559 --> 00:26:31,410 but nothing much happened of it. And it kind of calmed down a bit until the media 233 00:26:31,410 --> 00:26:37,559 got interested. Who got the media interested is another interesting 234 00:26:37,559 --> 00:26:45,310 question. But in any case, in April of 1988, German magazine Quick reported on 235 00:26:45,310 --> 00:26:52,850 the case using Clifford Stoll's notes. In May 1988, he published a paper suggesting 236 00:26:52,850 --> 00:26:57,660 that this hacker in his system had something to do with the KGB and our 237 00:26:57,660 --> 00:27:07,419 hackers got a bit nervous. At this point, we have to talk about about Hagbard. His 238 00:27:07,419 --> 00:27:14,500 name, his real name was Karl Koch. And in 1988, he was in a difficult place. He had 239 00:27:14,500 --> 00:27:20,520 psychological issues, he had drug issues, he had money problems. And he started 240 00:27:20,520 --> 00:27:25,710 talking to journalists, offering to tell wild stories about the KGB and what he 241 00:27:25,710 --> 00:27:32,400 could do, offering to hack into nuclear reactors, which obviously was not 242 00:27:32,400 --> 00:27:39,910 possible. But he just wanted to get a lot of money for it. And the others got a bit 243 00:27:39,910 --> 00:27:48,520 nervous. And in July, the youngest in the group went to the authorities and offered 244 00:27:48,520 --> 00:27:55,389 to be a witness if he got immunity for anything that he might have done. And this 245 00:27:55,389 --> 00:28:02,210 led to the video I wanted to show you in the beginning when in March 1989, arrests 246 00:28:02,210 --> 00:28:06,370 were made, all five of them were arrested. Two had to stay in jail because they had 247 00:28:06,370 --> 00:28:12,340 prior convictions. Houses were searched and the media descended on the Chaos 248 00:28:12,340 --> 00:28:19,000 Computer Club because these five guys were somehow related. And suddenly, the Chaos 249 00:28:19,000 --> 00:28:25,309 Computer Club was not this harmless group anymore. But the media portrayed them as, 250 00:28:25,309 --> 00:28:34,030 you know, working for the KGB, hacking basically everything. And dramatizing the 251 00:28:34,030 --> 00:28:36,985 whole situation. 252 00:28:36,985 --> 00:28:43,860 What actually came out of it was not so much. The process, in early 253 00:28:43,860 --> 00:28:50,840 1990, focused on questions like if any classified information was actually 254 00:28:50,840 --> 00:28:57,399 transferred or stored anywhere, downloaded. Nobody could prove that. 255 00:28:57,399 --> 00:29:03,149 If the USA or Germany were actually compromised in any way. Not really. And 256 00:29:03,149 --> 00:29:09,809 how... The main question was how did this Hungarian immigrant get this mailing list? 257 00:29:09,809 --> 00:29:15,540 Because only Clifford Stoll and the hacker could have had access to it. And the 258 00:29:15,540 --> 00:29:23,280 question is, did he actually get it from the KGB or was it, as one of, one of our 259 00:29:23,280 --> 00:29:29,500 hackers suggested a couple of years ago in a podcast, maybe it might have been, he 260 00:29:29,500 --> 00:29:35,140 might have been an agent provocateur, he might have been set up by somebody to push 261 00:29:35,140 --> 00:29:40,860 these investigations after the German authorities didn't really do much with it. 262 00:29:40,860 --> 00:29:43,808 That's the question. 263 00:29:44,490 --> 00:29:53,030 So this biggest spy case since Guillaume ended with probation 264 00:29:53,030 --> 00:30:00,280 sentences and some fines because there was no proof that any real harm had been done. 265 00:30:00,280 --> 00:30:10,360 The most tragic outcome maybe was the death of Karl Koch, who was our hacker 266 00:30:10,360 --> 00:30:18,700 Hagbard. He was a very troubled young man. He was orphaned early. He inherited a lot 267 00:30:18,700 --> 00:30:24,310 of money when he was young, which is always difficult. He bought a computer. He 268 00:30:24,310 --> 00:30:30,410 had a nice apartment. He had parties with his friends. He consumed drugs. And he was 269 00:30:30,410 --> 00:30:36,930 from a young age obsessed with the novel Illuminatus!, and the number 23. A movie 270 00:30:36,930 --> 00:30:43,620 was made about him in 1998, it's nice, you can find it on YouTube. I didn't include 271 00:30:43,620 --> 00:30:49,390 it in my links because I'm not sure about the copyright situation. But it's 272 00:30:49,390 --> 00:30:58,770 interesting, nice soundtrack. And this whole situation in 1989, the media 273 00:30:58,770 --> 00:31:05,789 pressing down on him and him having these illusions... He thought the Illuminati 274 00:31:05,789 --> 00:31:10,220 were in his head controlling his thoughts. He thought they were controlling the 275 00:31:10,220 --> 00:31:17,250 international networks and he had to do something about it. Ended on May 23rd, 276 00:31:17,250 --> 00:31:22,145 1989, when he was 23 years old. 277 00:31:22,145 --> 00:31:25,840 He officially committed suicide by burning 278 00:31:25,840 --> 00:31:32,679 himself. And that is such a gruesome way to die that immediately there were 279 00:31:32,679 --> 00:31:38,600 conspiracy theories that maybe he didn't commit suicide, maybe he had help doing 280 00:31:38,600 --> 00:31:42,100 it. And that's something I cannot answer, obviously. 281 00:31:42,100 --> 00:31:49,670 The much more lasting result of 282 00:31:49,670 --> 00:31:56,210 this whole case was the image loss that the Chaos Computer Club suffered. Because 283 00:31:56,210 --> 00:32:04,460 suddenly they weren't harmless pranksters joyriding through computers and, you know, 284 00:32:04,460 --> 00:32:12,520 showing companies flaws in their systems, showing the post flaws in their BTX 285 00:32:12,520 --> 00:32:20,770 system, for example. Suddenly they were portrayed as dangerous hackers, selling 286 00:32:20,770 --> 00:32:29,550 secrets, being spies, and, you know, they can't be trusted. And as far as I read, 287 00:32:29,550 --> 00:32:39,970 the club almost dissolved about this issue in 1990, but luckily survived. But this is 288 00:32:39,970 --> 00:32:44,780 an image that is still lingering today. And I think this image of hackers being 289 00:32:44,780 --> 00:32:49,990 somehow untrustworthy and being somehow dangerous, you don't know really what they 290 00:32:49,990 --> 00:32:55,910 do and why they do it, but they're dangerous, that is still lingering today. 291 00:32:58,670 --> 00:33:03,700 Whenever the media tells you something about hackers, they always show you 292 00:33:03,700 --> 00:33:10,710 something like, hi. Something like this. An anonymous, Anonymous dude with a hoodie 293 00:33:10,710 --> 00:33:15,520 sitting in front of a computer. Some random numbers flashing. They don't make 294 00:33:15,520 --> 00:33:22,340 any sense, but it looks dangerous. And, oh, yeah. And these hackers, they're 295 00:33:22,340 --> 00:33:25,570 everywhere. They won't stop at anything. 296 00:33:25,570 --> 00:33:28,340 *Laughter* 297 00:33:28,340 --> 00:33:31,417 Drephal: Just two days ago on Christmas. 298 00:33:31,417 --> 00:33:39,851 *Laughter and applause* 299 00:33:39,851 --> 00:33:42,490 German supermarket chain REWE had to call 300 00:33:42,490 --> 00:33:50,349 back their chopped almonds because they've been hacked. Beware. And so I was 301 00:33:50,349 --> 00:33:56,840 interested in taking a look at how the media portrays hackers these days. 302 00:33:56,840 --> 00:34:02,460 So I did some Google searches. I thought, okay, what are famous hacking groups 303 00:34:02,460 --> 00:34:06,850 that you read about a lot? And for example, you know, we were talking about 304 00:34:06,850 --> 00:34:14,779 the KGB. So what about Russian hackers? So the first results I saw was Russian 305 00:34:14,779 --> 00:34:20,460 hacking: How did it affect the 2016 elections? So apparently Russian hackers 306 00:34:20,460 --> 00:34:25,679 are still very much busy with the United States and the elections leaking 307 00:34:25,679 --> 00:34:31,240 documents, supporting Trump for some reason. That's what you find on the media 308 00:34:31,240 --> 00:34:36,780 about Russian hackers. And then I thought, OK, what else is there today? What about 309 00:34:36,780 --> 00:34:41,560 China? Chinese hackers sounds dangerous. What are they doing? So Chinese hackers 310 00:34:41,560 --> 00:34:49,429 apparently are busy hacking two factor authentication these days. They're in your 311 00:34:49,429 --> 00:34:56,770 phone, beware. Hacking you, right now, as I speak. But what about German hackers? 312 00:34:56,770 --> 00:35:01,359 We've been talking about these German hackers who basically crashed the image of 313 00:35:01,359 --> 00:35:07,609 hacking forever. So what are they up to today? When you google German hackers, the 314 00:35:07,609 --> 00:35:12,310 first result is Clifford Stoll. *Laughing* 315 00:35:12,310 --> 00:35:19,520 Drephal: After 30 years, really, still? That's the news? I don't know, maybe it's 316 00:35:19,520 --> 00:35:21,814 time to make German Hacking Great Again. 317 00:35:21,904 --> 00:35:29,039 *Laughter and applause* 318 00:35:31,258 --> 00:35:39,500 Drephal: Very good. So. And finally, what about the Chaos Computer Club? What has 319 00:35:39,500 --> 00:35:47,160 changed in the past 30 years? Here's another quote that I've found of a 320 00:35:47,160 --> 00:35:53,910 Congress and the issues that were discussed at Congress. Someone standing up 321 00:35:53,910 --> 00:36:02,480 and telling the audience that he was unhappy with where he saw Chaos going. The 322 00:36:02,480 --> 00:36:06,460 political direction is unacceptable. Concentrating on things like environmental 323 00:36:06,460 --> 00:36:11,580 protection, climate change or something, is diverting the group from its technical 324 00:36:11,580 --> 00:36:17,320 origins. And it's little wonder that truly talented hackers are beginning to abandon 325 00:36:17,320 --> 00:36:21,305 the club. This is from 1988. 326 00:36:23,385 --> 00:36:28,250 So are we still having the same issues today? Are we 327 00:36:28,250 --> 00:36:33,708 still discussing the same thing? Where is the CCC going? Is it too political? Should 328 00:36:33,708 --> 00:36:42,580 it focus more on real hacking, on the technology or what? But fortunately, a lot 329 00:36:42,580 --> 00:36:48,070 has changed. For example, when you think about those guys who were at the Congress 330 00:36:48,070 --> 00:36:55,850 in the 1980s, how many people were there, like 400? At a Congress in 85? How many 331 00:36:55,850 --> 00:37:01,210 people are here today? 16.000? I mean, not in this room, but I think last year was 332 00:37:01,210 --> 00:37:08,360 16.000. That's amazing. And something else I mentioned, when I was this big, I didn't 333 00:37:08,360 --> 00:37:12,849 attend Congress. But today you walk around and there's tiny hackers whizzing on 334 00:37:12,849 --> 00:37:20,170 scooters everywhere, which is awesome. People are bringing their kids and you 335 00:37:20,170 --> 00:37:27,170 have a much wider cross section of society today. And something else... I don't know 336 00:37:27,170 --> 00:37:31,109 if you noticed, but when I told you the story about the KGB hack, what was 337 00:37:31,109 --> 00:37:35,729 missing? There was something that did not show up. 338 00:37:35,729 --> 00:37:38,330 Women. The only women, the only 339 00:37:38,330 --> 00:37:42,691 woman in this story is Clifford Stoll's girlfriend, who allegedly came up with the 340 00:37:42,691 --> 00:37:47,280 idea of planting a honey pot in his system. There is no other woman in this 341 00:37:47,280 --> 00:37:53,860 story. It's all young dudes hacking away. And that certainly has changed. There 342 00:37:53,860 --> 00:38:00,480 are... I don't know the percentage. I can't tell. But there's so many women and 343 00:38:00,480 --> 00:38:07,200 other non male participants that, like I said, it's a much wider cross-section of 344 00:38:07,200 --> 00:38:14,230 society today. But apart from these issues, what else what do you think are 345 00:38:14,230 --> 00:38:19,850 the issues we have today and we're going to have in the future? That's my question 346 00:38:19,850 --> 00:38:26,320 to you. And I would like some answers. And if you want to confess about hacking 347 00:38:26,320 --> 00:38:35,030 something, my DECT is 6623. You can telegram me or tell us now. 348 00:38:35,030 --> 00:38:44,254 *Applause* 349 00:38:46,790 --> 00:38:51,380 Herald: Thank you very much for this excellent talk. We do have six microphones 350 00:38:51,380 --> 00:38:55,950 here in the hall. Please line up there. Are there questions from the Internet via 351 00:38:55,950 --> 00:38:58,420 our Signal Angel? Signal Angel: No, there are none. 352 00:38:58,420 --> 00:39:03,630 Herald: There are no questions from the Internets. Do we have questions here? 353 00:39:03,630 --> 00:39:09,349 We have question at microphone three. Question: Yes. Oh, my goodness. Thanks a 354 00:39:09,349 --> 00:39:15,450 lot for a talk. It was amazing. Can you please just show us the first video? 355 00:39:15,450 --> 00:39:20,620 *Laughter* Drephal: Oh, yeah. I hope so. 356 00:39:20,620 --> 00:39:24,390 Herald: Yes, we have plenty of time. Drephal: Yeah. Let's just try to... 357 00:39:24,390 --> 00:39:27,680 Herald: In the meantime, if you have questions, please line up at the 358 00:39:27,680 --> 00:39:32,800 microphones. Drephal: I don't want to... Okay, getting 359 00:39:32,800 --> 00:39:39,760 close. Getting close. Getting close. Okay. You mean this one? 360 00:39:39,760 --> 00:39:47,080 Audience: No! Drephal: Yeah, that one doesn't work. Oh, 361 00:39:47,080 --> 00:39:53,693 not this one? Oh, yeah. The next one. Let's try. 362 00:39:54,885 --> 00:39:56,760 *Intro music* 363 00:39:56,760 --> 00:40:00,010 Ah! *Applause* 364 00:40:07,450 --> 00:40:08,580 *Laughter* 365 00:40:08,590 --> 00:40:12,600 TV announcer: Guten Abend, meine Damen und Herren, zu so später Stunde. Sie haben es 366 00:40:12,600 --> 00:40:16,640 ja gerade eben schon gehört. Laut Programm sollten sie jetzt einen Wirtschaftskrimi 367 00:40:16,640 --> 00:40:21,139 mit dem Titel Tanker sehen, den bringen wir heute abend nicht. Dafür aber einen 368 00:40:21,139 --> 00:40:25,590 Spionagekrimi, und zwar einen echten. Einen authentischen Report über den 369 00:40:25,590 --> 00:40:30,295 schwersten Spionagefall seit der Enttarnung des Kanzleramtsagenten Günter 370 00:40:30,295 --> 00:40:33,920 Guillaume. Drephal: You can find the whole Brennpunkt 371 00:40:33,920 --> 00:40:41,710 on YouTube. It's very interesting. It's like 30 minutes. There's a lot of the same 372 00:40:41,710 --> 00:40:50,599 images as in the other documentation I showed. Dudes in black sunglasses, the CIA 373 00:40:50,599 --> 00:40:56,280 and stuff. Also, this documentation about Clifford Stoll is hilarious. Not just the 374 00:40:56,280 --> 00:41:00,627 scene where where he runs out the shower in his towel to his computer because the 375 00:41:00,627 --> 00:41:05,090 hacker is on. It's hilarious. Herald: So do we have any more questions 376 00:41:05,090 --> 00:41:08,280 from the Internet, from the hall. Drephal: No? 377 00:41:08,280 --> 00:41:14,010 Herald: No, it does not... Well, then there is something up at microphone 5. 378 00:41:14,010 --> 00:41:17,520 Question: Can you hear me? Yeah. Drephal: Where? Ah, there! 379 00:41:17,520 --> 00:41:20,450 Q: Do we know anything about the rest of the group? 380 00:41:20,450 --> 00:41:24,080 Drephal: Yes. Q: Working today, for example? 381 00:41:24,080 --> 00:41:33,560 Drephal: Yes. Well, about... let me, go back or go front. Well, I did... I looked 382 00:41:33,560 --> 00:41:40,570 into them. DOB, I could not find anything about him. He was actually one of the two 383 00:41:40,570 --> 00:41:44,520 who had to stay in prison for almost a year because he was fleeing the army 384 00:41:44,520 --> 00:41:49,930 service and they were looking for him. I couldn't find anything about what he's 385 00:41:49,930 --> 00:41:55,710 doing today. Pengo is very active. He has a Twitter. He's into vintage computing. 386 00:41:55,710 --> 00:42:01,450 And he's, he's the one who's always been interviewed. You know, every 10 years, 10 387 00:42:01,450 --> 00:42:06,750 years after the KGB hack, 20 years after the KGB hack, he's been on TV, he's been 388 00:42:06,750 --> 00:42:11,314 on podcasts. You can find a lot about him. 389 00:42:11,314 --> 00:42:16,440 But, about 10 years ago, he was on Tim 390 00:42:16,440 --> 00:42:23,040 Pritlove's podcast. Very interesting. It's two hours long, but it's super 391 00:42:23,040 --> 00:42:29,490 interesting, very detailed in, into the beginnings of the Internet. And there he 392 00:42:29,490 --> 00:42:33,920 said, OK. He's being asked about this again and again. And sometimes you just 393 00:42:33,920 --> 00:42:39,010 don't want to talk about it anymore. I can totally understand that. Well, you know 394 00:42:39,010 --> 00:42:43,400 what happened about, what happened with Hagbard. Urmel, I couldn't find out 395 00:42:43,400 --> 00:42:46,120 anything either. 396 00:42:47,080 --> 00:42:53,280 Also, Pedro, no. Not so much. 397 00:42:53,280 --> 00:42:56,030 Herald: So we have another question on microphone three. 398 00:42:56,030 --> 00:43:01,770 Question: Hi. Well, first of all, thank you very much. I did read The Kuckuck's 399 00:43:01,770 --> 00:43:03,770 Egg. Drephal: Excellent! 400 00:43:03,770 --> 00:43:08,740 Q: And thank you for posing the German perspective towards it. It really 401 00:43:08,740 --> 00:43:13,710 elaborates the story quite a lot. You finished your presentation with the 402 00:43:13,710 --> 00:43:19,109 question, what is missing, currently, at the Chaos Computer Club. I love it 403 00:43:19,109 --> 00:43:21,884 probably as much as you do. 404 00:43:21,884 --> 00:43:25,710 I come from the Netherlands and I have the feeling that in 405 00:43:25,710 --> 00:43:29,010 Holland, hackers collaborate much more with governments and companies. 406 00:43:29,010 --> 00:43:31,970 Drephal: Okay. Q: It's good to be critical against 407 00:43:31,970 --> 00:43:37,040 government, but to criticize everything and to shut out government for everything 408 00:43:37,040 --> 00:43:41,609 doesn't solve the problem. So what I'm hoping for is a more constructive 409 00:43:41,609 --> 00:43:46,010 collaboration with the German government and I hope I'm not making myself very 410 00:43:46,010 --> 00:43:50,310 impopular here. I perhaps do, but I'm Dutch. 411 00:43:50,760 --> 00:43:52,980 *Laughter* Drephal: Thank you. 412 00:43:52,990 --> 00:43:57,840 *Applause* 413 00:43:57,840 --> 00:44:03,790 Herald: Another question, microphone one. Question: Hi. Just to get the facts 414 00:44:03,790 --> 00:44:10,220 straight. So, I mean, I guess we all know here the story, the development of the 415 00:44:10,220 --> 00:44:16,770 term hacking since the IT hacks, et cetera. Would you say that explicitly, the 416 00:44:16,770 --> 00:44:23,079 story with the German hacking is the thing that stained the name of hacking in our 417 00:44:23,079 --> 00:44:28,380 mainstream consciousness? Drephal: Not, not alone. I mean, there's 418 00:44:28,380 --> 00:44:33,810 obviously when you look at the US, there's cases of hacking. I mean, talking about 419 00:44:33,810 --> 00:44:39,960 Kevin Mitnick, for example, Robert Tappan Morris, who shut down all the computers in 420 00:44:39,960 --> 00:44:47,730 the US for days. That's something that, obviously, formed the image of hacking in 421 00:44:47,730 --> 00:44:53,430 the US and I, I'm not sure about other countries to be, to be honest. But I'm 422 00:44:53,430 --> 00:44:59,609 thinking that it was around the same time, so end of the 80s, hacking kind of lost 423 00:44:59,609 --> 00:45:05,754 its innocence through various infamous hacks like the KGB hack. 424 00:45:05,754 --> 00:45:07,846 Q: Thank you very much. Drephal: Thank you. 425 00:45:07,846 --> 00:45:12,140 Herald: Next question, microphone three. Question: Yes. Thank you, interesting 426 00:45:12,140 --> 00:45:17,410 talk. And is there a list or has... Herald: Please talk a bit closer to the 427 00:45:17,410 --> 00:45:20,470 microphone. Thank you. Q: Has anyone a list of which kind of 428 00:45:20,470 --> 00:45:26,280 information has been leaked or which kind of facilities have been compromised? And 429 00:45:26,280 --> 00:45:31,440 second questions, have the Russians ever confirmed this hack? 430 00:45:31,440 --> 00:45:39,160 Drephal: First question. Yes. Well, there's the official documents that came 431 00:45:39,160 --> 00:45:47,050 out in, in the process. There's actually, if you, if you read German, there is an 432 00:45:47,050 --> 00:45:53,200 interesting book that came out in 1990 about this case. And it has very detailed 433 00:45:53,200 --> 00:45:58,770 information about what kind of institutions have been hacked and what 434 00:45:58,770 --> 00:46:08,070 kind of information has been given to the Soviets. But most of it, I guess, is, is, 435 00:46:08,070 --> 00:46:14,170 comes from confessions, because there was no proof. The Russians did never confirm 436 00:46:14,170 --> 00:46:20,300 that, yeah, OK, We got this and we got that. No, of course not. And so most of it 437 00:46:20,300 --> 00:46:30,470 is what the hackers actually confessed. Herald: Do we have any more questions? It 438 00:46:30,470 --> 00:46:35,350 does not look like that. So for anyone who left already. You're going to miss out on 439 00:46:35,350 --> 00:46:37,350 the outro video. Drephal: Yeah. 440 00:46:37,350 --> 00:46:44,050 Herald: Take it away. Drephal: If I can actually do that because 441 00:46:44,050 --> 00:46:50,672 there's no more questions. Are we seeing this? Excellent. It's just one thing, for 442 00:46:50,672 --> 00:46:54,413 me, left to do. 443 00:46:57,793 --> 00:46:59,656 Why am I... 444 00:47:10,450 --> 00:47:11,820 Drephal: Thank you! 445 00:47:11,820 --> 00:47:15,360 *Applause* Herald: Thank you. Big one, round of 446 00:47:15,360 --> 00:47:20,271 applause. *Applause* 447 00:47:20,271 --> 00:47:24,466 *postroll music* 448 00:47:24,466 --> 00:47:47,000 subtitles created by c3subtitles.de in the year 2019. Join, and help us!