For the 35th time, the Chaos Computer Club hosted the biggest hacker meeting in Europe - the Chaos Communication Congress, abbreviated to 35C3. This year, the slogan was "Refreshing Memories", to recall the previous annual meetings. The number of visitors is growing year on year, with around 17,000 guests attending this year's congress in Leipzig. Of course, those of us in the InfoGuard Red Team were there day and night. In this article, I will be giving you an insight into the fascinating world of the 35C3 and introducing you to our Top 9 Talks.
The 35th Chaos Communication Congress - far more than "just" lectures
As well as lectures, at 35C3 this year there was again a huge hall filled with what are known as assemblies. These are booths where you can discover, learn and experiment. For example, you could try your hand at cracking a lock, brewing your own beer or just doing some soldering on a whim. The hacking atmosphere was complemented by impressive light installations, projectors and evocative 8-bit music. Of course, the large congress halls provide a lot of space, which is why there were so many different forms of art to be admired, with a robotic beetle that trudged along a chain in a circle and could be reprogrammed by visitors, a neural network that reacted to sound and pulsated brightly, or even tents where you could rest and recharge your batteries.
Some visitors had even brought their own electric vehicles with them for getting them from A to B as quickly as possible (or to save their own internal batteries!). Among these, there were hoverboards, scooters decorated with LEDs and even totally homemade vehicles, like driveable sofas. Vehicles were parked all over the place and they were not locked - that was just unnecessary. At 35C3, friendly, respectful cooperation is a given.
Of course, the Congress's own "meme" had to be included. In the course of the first day, more and more notes appeared with the words: “Birds aren’t real – Wake up 35C3”, wake up people, they are the surveillance drones of the state”. This reference to conspiracy theories about government surveillance drones escalated over the four days, taking every possible guise.
The Top 9 Talks at 35C3
This year, the congress covered a very broad spectrum with over 160 lectures, ranging from highly technical talks like iOS Jailbreaking to discussions on ethical and moral topics around hacking, to cyber Slam poetry. Many of the lectures were specifically aimed at beginners in order to give future Infosec experts an intelligible insight into the world of hacking. Of course, we could not attend all the talks.
Everything can be hacked - just don't get caught
There was a crash course in Operations Security (OpSec) and how as a hacker to avoid going to prison. The lecture focused on the risks of "hacker sports" and how young hackers can benefit from the mistakes of others. The bottom line is - stay away from cyber crime. In any case, Bitcoin is currently in the doldrums.
Hacker ethics – an introduction
This talk was supplementary to the OpSec talk, which made it all even more exciting. Frank Rieger talked about vital questions that hackers should be asking themselves when they are doing “what they love best". A talk that definitely made you think!
Smart Home – Smart Hack
IoT (Internet of Things) remains a thorn in the side of security experts - and rightly so, as this talk showed. If you think a "smart" light bulb is harmless, you should definitely watch this talk.
Compromising online accounts by cracking voicemail systems
Martin Vigo showed that voicemail is still a relevant attack vector, even after 30 years. Among other things, he demonstrated how a WhatsApp account can be transferred via voicemail.
Switzerland: Network policy between Lake Constance and the Matterhorn
A review of the 2018 network policy year in Switzerland. Topics such as mass monitoring, network blocking and, of course, e-voting were covered. The following topics were also discussed: Which issues will be of interest to Switzerland in 2019?
All Your Health Records Belong To Us
"As secure as online banking": The electronic patient file is coming - for everyone. Using five concrete examples, it was demonstrated how hugely thoughtless decisions were being made by online platforms and apps in the health records sector and how easy it is to gain mass access to confidential health data.
Security Nightmares 0×13
What's so good about mistakes? You learn from them. A very entertaining lecture about the (wrong) developments and news of last year.
The Layman’s Guide to Zero-Day Engineering
Over and over again you hear about mysterious "Zero-Days", although very few people can imagine what the process behind it is. In this talk, Ret2 Systems explained their process of zero-day-engineering on the basis of a case study.
What the flag is CTF?
The gaming concept of the traditional terrain game "Capture the Flag" (CTF) is widely used in computer games - and obviously also in the hacker scene. Usually, several teams compete against each other and try to defend their own network within a given period of time. Points are awarded for successful defence as well as for successful attacks. A more detailed explanation of Capture the Flag was given in this talk, as well as why you should take a look at it in your spare time.
35C3 – a review of the four best hacker days
For me as a Pentest newcomer, it was extremely impressive to see how huge the Infosec area is and what exciting subjects there are all around it. It was also very nice to see the respectful way people worked together. For example, I was given a "consolation crane" (an origami bird) because unfortunately, I couldn't find a seat in a full hall.
Will we be attending the Chaos Communication Congress again next year? Absolutely! But I will definitely take a laptop with me to take part in the internal CTF and conquer flags - my fingers are already getting itchy.
Always stay up-to-date!
You don't want to miss another post? Then subscribe to our blog updates! Receive the latest blog posts weekly from our Cyber Security experts conveniently in your inbox. Subscribe now!
Cover image: Florian Kleiner, Flickr (http://bit.ly/2C8YrZB)
Image 1: Yves Sorge, Flickr (http://bit.ly/2C8mh7W)
Image 2: Waithamai, Flickr (http://bit.ly/2CenaM3)
Image 3: Leah Oswald, Flickr (http://bit.ly/2Ca7dqh)