The Info List - Chaos Computer Club

--- Advertisement ---

The Chaos Computer Club
Chaos Computer Club
(CCC) is Europe's largest association of hackers[1] with 5,500 registered members.[2] It is incorporated as an eingetragener Verein in Germany, with local chapters (called Erfa-Kreise) in various cities in Germany
and other German-speaking countries. Some chapters in Switzerland are organized in the independent sister association Chaos Computer Club
Chaos Computer Club
Schweiz instead. The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information...." In general, the CCC advocates more transparency in government, freedom of information, and the human right to communication. Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure as well as the use of Open-source software.[3] The CCC spreads an entrepreneurial vision refusing capitalist control.[4] It has been characterized as "...one of the most influential digital organisations anywhere, the centre of German digital culture, hacker culture, hacktivism, and the intersection of any discussion of democratic and digital rights."[5] Members of the CCC have demonstrated and publicized a number of important information security problems.[6] The CCC frequently criticizes new legislation and products with weak information security which endanger citizen rights or the privacy of users. Notable members of the CCC regularly function as expert witnesses for the German constitutional court, organize lawsuits and campaigns, or otherwise influence the political process.


1 Activities

1.1 Regular Events 1.2 Publications, Outreach 1.3 Cryptoparty

2 History

2.1 Founding 2.2 BTX-Hack 2.3 Karl Koch 2.4 GSM-Hack 2.5 Project Blinkenlights 2.6 Schäuble fingerprints 2.7 Staatstrojaner affair 2.8 Domscheit-Berg affair 2.9 Phone authentification systems

2.9.1 Apple TouchID 2.9.2 Samsung S8 iris recognition

3 Chaos Computer Club
Chaos Computer Club
France 4 See also 5 References 6 External links

Activities[edit] Regular Events[edit]

Chaos Communication Camp
Chaos Communication Camp
2003 near Berlin, featuring the Pesthörnchen, a malapropism to the logo of the former Federal Post of Germany

The CCC hosts the annual Chaos Communication Congress, Europe's biggest hacker gathering. When the event was held in the Hamburg congress center in 2013, it drew 9,000 guests.[7] For the 2016 installment, 11,000 guests were expected.,[8] with additional viewers following the event via live streaming. Every four years, the Chaos Communication Camp
Chaos Communication Camp
is the outdoor alternative for hackers worldwide. The CCC also held, from 2009 to 2013, a yearly conference called SIGINT in Cologne[9] which focused on the impact of digitalization on society. The SIGINT conference has been discontinued in 2014.[10] Another yearly CCC event taking place on the Easter weekend is the Easterhegg, which is more workshop oriented than the other events. The CCC often uses the c-base station located in Berlin
as an event location or as function rooms. Publications, Outreach[edit] The CCC publishes the irregular magazine Datenschleuder (data slingshot) since 1984. The Berlin
chapter produces a monthly radio show called Chaosradio (de) which picks up various technical and political topics in a two-hour talk radio show. The program is aired on a local radio station called Fritz (de) and on the internet. Other programs have emerged in the context of Chaosradio, including radio programs offered by some regional Chaos Groups and the podcast spin-off CRE by Tim Pritlove. Many of the chapters of CCC participate in the volunteer project Chaos macht Schule which supports teaching in local schools. Its aims are to improve technology and media literacy of pupils, parents, and teachers.[11][12][13] CCC members are present in big tech companies and in administrative instances. One of the spokespersons of the CCC,as of 1986, Andy Müller-Maguhn, was a member of the executive committee of the ICANN (Internet Corporation for Assigned Names and Numbers) between 2000 and 2002 [14]. Cryptoparty[edit] The CCC sensitizes and introduces people to the questions of data privacy. They regularly host so-called cryptoparties in bars in Berlin to which anyone is invited to better understand how to protect their personal data and their computer from hacking. The CCC encourages some basic behaviors[15] :

Install Tor to ensure anonymity Using CloudFare to protect websites and OpenPGP to encrypt e-mails Using DuckDuckGo
or any related web browser that does not trace user data Putting tape on computer webcams


This article may be expanded with text translated from the corresponding article in German. (January 2017) Click [show] for important translation instructions.

View a machine-translated version of the German article. Google's machine translation is a useful starting point for translations, but translators must revise errors as necessary and confirm that the translation is accurate, rather than simply copy-pasting machine-translated text into the English. Do not translate text that appears unreliable or low-quality. If possible, verify the text with references provided in the foreign-language article. You must provide copyright attribution in the edit summary by providing an interlanguage link to the source of your translation. A model attribution edit summary (using German): Content in this edit is translated from the existing German article at [[:de:Exact name of German article]]; see its history for attribution. You should also add the template Translatedde Chaos Computer Club
Chaos Computer Club
to the talk page. For more guidance, see:Translation.


Wau Holland

The CCC was founded in Berlin
on 12 September 1981 at a table which had previously belonged to the Kommune 1 in the rooms of the newspaper Die Tageszeitung
Die Tageszeitung
by Wau Holland and others in anticipation of the prominent role that information technology would play in the way people live and communicate. BTX-Hack[edit] The CCC became world-famous when they drew public attention to the security flaws of the German Bildschirmtext
computer network by causing it to debit DM 134,000 in a Hamburg bank in favor of the club. The money was returned the next day in front of the press. Prior to the incident, the system provider had failed to react to proof of the security flaw provided by the CCC, claiming to the public that their system was safe. Bildschirmtext
was the biggest commercially available online system targeted at the general public in its region at that time, run and heavily advertised by the German telecommunications agency Deutsche Bundespost
Deutsche Bundespost
which also strove to keep up-to-date alternatives out of the market.[citation needed] Karl Koch[edit] Main article: Karl Koch (hacker) In 1987, the CCC was peripherally involved in the first cyberespionage case to make international headlines. A group of German hackers led by Karl Koch, who was loosely affiliated with the CCC, was arrested for breaking into US government and corporate computers, and then selling operating-system source code to the Soviet KGB. This incident was portrayed in the movie 23. GSM-Hack[edit] In April 1998, the CCC successfully demonstrated the cloning of a GSM customer card, breaking the COMP128 encryption algorithm used at that time by many GSM
SIMs.[16] Project Blinkenlights[edit]

Blinkenlights at the 22nd Chaos Communication Congress

Main article: Project Blinkenlights In 2001, the CCC celebrated its twentieth birthday with an interactive light installation dubbed Project Blinkenlights
Project Blinkenlights
that turned the building Haus des Lehrers
Haus des Lehrers
in Berlin
into a giant computer screen. A follow up installation, Arcade, at the Bibliothèque nationale de France was the world's biggest light installation.[citation needed] Later in October 2008, CCC's Project Blinkenlights
Project Blinkenlights
went to Toronto, Ontario, Canada with project Stereoscope.[17] Schäuble fingerprints[edit] In March 2008, the CCC acquired and published the fingerprints of German Minister of the Interior Wolfgang Schäuble. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.[18] This was done to protest the use of biometric data in German identity devices such as e-passports.[19] Staatstrojaner affair[edit]

Mascot used to protest against the Staatstrojaner, a trojan horse

See also: FOXACID, MiniPanzer and MegaPanzer, Magic Lantern (software), and Heiko Maas § State trojans The Staatstrojaner (Federal Trojan horse) is a computer surveillance program installed secretly on a suspect's computer, which the German police uses to wiretap Internet telephony. This "source wiretapping" is the only feasible way to wiretap in this case, since Internet telephony programs will usually encrypt the data when it leaves the computer. The Federal Constitutional Court
Federal Constitutional Court
of Germany
has ruled that the police may only use such programs for telephony wiretapping, and for no other purpose, and that this restriction should be enforced through technical and legal means. On October 8, 2011, the CCC published an analysis of the Staatstrojaner software. The software was found to have the ability to remote control the target computer, to capture screenshots, and to fetch and run arbitrary extra code. The CCC says that having this functionality built in is in direct contradiction to the ruling of the constitutional court. In addition, there were a number of security problems with the implementation. The software was controllable over the Internet, but the commands were sent completely unencrypted, with no checks for authentication or integrity. This leaves any computer under surveillance using this software vulnerable to attack. The captured screenshots and audio files were encrypted, but so incompetently that the encryption was ineffective. All captured data was sent over a proxy server in the United States, which is problematic since the data is then temporarily outside the German jurisdiction. The CCC's findings were widely reported in the German press.[20][21][22] This trojan has also been nicknamed R2-D2[23][24] because the string "C3PO-r2d2-POE" was found in its code;[25] another alias for it is 0zapftis.[25] According to a Sophos
analysis, the trojan's behavior matches that described in a confidential memo between the German Landeskriminalamt
and a software firm called DigiTask (de); the memo was leaked on WikiLeaks
in 2008.[25] Among other correlations is the dropper's file name scuinst.exe, short for Skype Capture Unit Installer.[26] The 64-bit Windows version installs a digitally signed driver, but signed by the non-existing certificate authority "Goose Cert".[27][28] DigiTask later admitted selling spy software to governments.[29] The Federal Ministry of the Interior released a statement in which they denied that R2-D2
has been used by the Federal Criminal Police Office (BKA); this statement however does not eliminate the possibility that it has been used by state-level German police forces. The BKA had previously announced however (in 2007) that they had somewhat similar trojan software that can inspect a computer's hard drive.[22] Domscheit-Berg affair[edit] Former WikiLeaks
spokesman Daniel Domscheit-Berg
Daniel Domscheit-Berg
was expelled from the national CCC (but not the Berlin
chapter) in August 2011.[30][31] This decision was revoked on February 2012.[32] As a result of his role in the expulsion, board member Andy Müller-Maguhn
Andy Müller-Maguhn
was not reelected for another term. Phone authentification systems[edit] The CCC has repeatedly warned phone users of the weakness of biometric identification means, in the continuation of the 2008 Schäuble fingerprints affair. In their "hacker ethics" the CCC includes "protect people data", but also "Computers can change your life for the better" [33]. The club considers privacy as an individual right: the CCC does not discourage people from sharing or storing personal information on their phones, but militates for better privacy protection, and the use of specific browsing and sharing means by the users. Apple TouchID[edit] From a photography of the user's fingerprint on a glass surface, using "easy everyday means"[34], the biometrics hacking team of the CCC, was able to unlock IPhone 5Ss. Samsung S8 iris recognition[edit] The Samsung Galaxy S8's iris recognition system claims to be"one of the safest ways to keep your phone locked and the contents private" as "patterns in your irises are unique to you and are virtually impossible to replicate", as quoted in official Samsung content.[35] However, in some cases, using a high resolution iris photography of the phone owner and a lense, the CCC claimed to be able to trick the authentification system. Chaos Computer Club
Chaos Computer Club
France[edit] The Chaos Computer Club
Chaos Computer Club
France (CCCF) was a fake hacker organization created in 1989 in Lyon
(France) by Jean-Bernard Condat, under the command of Jean-Luc Delacour, an agent of the Direction de la surveillance du territoire governmental agency. The primary goal of the CCCF was to watch and to gather information about the French hacker community, identifying the hackers who could harm the country[36] [37]. Journalist Jean Guisnel said that this organization also worked with the French National Gendarmerie. The name of the organization is directly inspired by the name of the German Chaos Computer Club
Chaos Computer Club
organization, which in contrast is a real hacker organization. The CCCF had an electronic magazine called Chaos Digest (ChaosD). Between January 4, 1993 and August 5, 1993, seventy-three issues were published (ISSN 1244-4901). See also[edit]

23 (film) c-base Chaos Communication Congress Chaosdorf, the local chapter of the Chaos Computer Club
Chaos Computer Club
at Düsseldorf Datenschleuder Digitalcourage Digital identity Hacker
culture Information privacy Netzpolitik.org Project Blinkenlights Security hacker Tron (hacker) Wau Holland Foundation

See also: Category:Members of Chaos Computer Club. References[edit]

^ "Chaos Computer Club". Chaos Computer Club. Retrieved August 23, 2016.  ^ "Chaos Computer Club". Chaos Computer Club. Retrieved 2017-01-08.  ^ Satzung des CCC e.V. (German). Accessed September 23, 2013. ^ Boullier, Dominique (2016-04-27). Sociologie du numérique (in French). Armand Colin. ISBN 9782200612078.  ^ /berlins-digital-exiles-tech-activists-escape-nsa ^ Anderson, Kent (2006), Hacktivism and Politically Motivated Computer Crime (PDF), retrieved 2008-05-14  ^ "Hacks and Highlights of the Chaos Communication Congress". Tech the Future. Retrieved 20 August 2014.  ^ "33C3 Call For Papers".  ^ https://events.ccc.de/sigint/2009/wiki/Hauptseite SIGINT Willkommen 2009 ^ "SIGINT". Archived from the original on 2015-04-19.  ^ CCC. "Chaos macht Schule" (in German). Retrieved 2016-01-11.  ^ Anna Biselli. "Medienkompetenz, quo vadis? Teil III: Interview zum Projekt "Chaos macht Schule"" (in German). Retrieved 2016-01-11.  ^ Tim Pritlove, Florian Grunow, Peter Hecko. "CRE189 Chaos macht Schule" (in German). Retrieved 2016-01-11. CS1 maint: Multiple names: authors list (link) ^ "Les « bidouilleurs » de la société de l'information". Le Monde diplomatique (in French). 2008-09-01. Retrieved 2018-03-12.  ^ KOENIG, Gaspard (2016-11-17). Les aventuriers de la liberté (in French). edi8. ISBN 9782259252607.  ^ CCC CCC klont D2 Kundenkarte Archived May 30, 2008, at the Wayback Machine. ^ http://blinkenlights.net/stereoscope ^ CCC publishes fingerprints of Wolfgang Schäuble, the German Home Secretary, Heise Online, 2008-03-31, archived from the original on 2013-10-08, retrieved 2008-04-17  ^ CCC publiziert die Fingerabdrücke von Wolfgang Schäuble
Wolfgang Schäuble
[Update] – heise Security ^ " Chaos Computer Club
Chaos Computer Club
analyzes government malware". Chaos Computer Club. 2011-10-08. Retrieved 2011-10-10.  ^ "CCC findet Sicherheitslücken in Bundestrojaner". Der Spiegel. 2011-10-09. Retrieved 2011-10-10.  ^ a b "Electronic Surveillance Scandal Hits Germany". Der Spiegel. 2011-10-10. Retrieved 2011-10-31.  ^ Basil Cupa, Trojan Horse Resurrected: On the Legality of the Use of Government Spyware (Govware), LISS 2013, pp. 419-428 ^ German federal Trojan eavesdrops on 15 applications, experts find. The R2-D2
surveillance Trojan also has support for 64-bit Windows systems Archived February 1, 2014, at the Wayback Machine. ^ a b c http://nakedsecurity.sophos.com/2011/10/10/german-government-r2d2-trojan-faq/ ^ Leyden, John. "German states defend use of 'Federal Trojan'". The Register.  ^ http://www.net-security.org/malware_news.php?id=1882 ^ http://kasperskycontenthub.com/securelist/2011/10/18/federal-trojans-got-a-big-brother-17/ ^ http://www.dw.com/en/german-company-behind-government-spyware-admits-sale-to-bavaria/a-15453150 ^ Top German Hacker
Slams OpenLeaks Founder, Der Spiegel, August 15, 2011 ^ Heather Brooke, Inside the secret world of hackers, The Guardian, August 25, 2011 ^ CCC revokes decision to expel Domscheit-Berg ^ "CCC Hackerethik". www.ccc.de. Retrieved 2018-03-13.  ^ "CCC Chaos Computer Club
Chaos Computer Club
breaks Apple TouchID". www.ccc.de. Retrieved 2018-03-12.  ^ "Security - Iris Scanner Samsung Galaxy S8 and S8+". The Official Samsung Galaxy Site. Retrieved 2018-03-12.  ^ Phrack
No. 64, "A personal view of the french underground (1992–2007)", 2007: "A good example of this was the fake hacking meeting created in the middle 1990' so called the CCCF (Chaos Computer Club France) where a lot of hackers got busted under the active participation of a renegade hacker so called Jean-Bernard Condat." ^ "Les « bidouilleurs » de la société de l'information". Le Monde diplomatique (in French). 2008-09-01. Retrieved 2018-03-12. 

External links[edit]

Wikimedia Commons has media related to Chaos Computer Club.

Official website (in English) (in German) CCC Events Blog Chaosradio Podcast Network Chaos Computer Club
Chaos Computer Club
hackers 'have a conscience', BBC News, February 11, 2011

v t e

Hacking in the 2010s

← 2000s Timeline 2020s →

Major incidents


Australian cyberattacks Operation Aurora Operation Payback


DigiNotar HBGary Federal Operation AntiSec Operation Tunisia PlayStation RSA SecurID compromise


LinkedIn hack Stratfor email leak


South Korea cyberattack Snapchat hack 2013 Yahoo! data breach


Anthem medical data breach Operation Tovar iCloud leaks of celebrity photos Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach


Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach SWIFT banking hack


Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks DCCC cyber attacks Dyn cyberattack Russian interference in U.S. election


WannaCry ransomware attack Westminster cyberattack Petya cyberattack

2017 cyberattacks on Ukraine

Equifax data breach Deloitte breach Disqus breach





associated events

Bureau 121 Cozy Bear CyberBerkut Derp Equation Group Fancy Bear GNAA Goatse Security Guccifer 2.0 Hacking Team Iranian Cyber Army Lizard Squad LulzRaft LulzSec New World Hackers NullCrew NSO Group PayPal 14 PLA Unit 61398 PLATINUM Pranknet RedHack Rocket Kitten The Shadow Brokers Syrian Electronic Army TeaMp0isoN Tailored Access Operations UGNazi Yemen Cyber Army


George Hotz Guccifer Hector Monsegur Jeremy Hammond Junaid Hussain Kristoffer von Hassel Mustafa Al-Bassam MLT Ryan Ackroyd Topiary The Jester weev

Major vulnerabilities publicly disclosed

(2010) iSeeYou (2013) Heartbleed
(2014) Shellshock (2014) POODLE
(2014) Rootpipe (2014) Row hammer
Row hammer
(2014) JASBUG (2015) Stagefright (2015) DROWN (2016) Badlock
(2016) Dirty COW
Dirty COW
(2016) Cloudbleed
(2017) Broadcom Wi-Fi (2017) EternalBlue
(2017) DoublePulsar (2017) Silent Bob is Silent (2017) KRACK
(2017) ROCA vulnerability (2017) BlueBorne (2017) Meltdown (2018) Spectre (2018)


Bad Rabbit Careto / The Mask CryptoLocker Dexter Duqu Duqu 2.0 FinFisher Flame Gameover ZeuS Mahdi Metulji botnet Mirai NSA ANT catalog Pegasus Petya R2D2 Shamoon Stars virus Stuxnet Vault 7 WannaCry X-Agent

Authority control

WorldCat Identities VIAF: 133383819 ISNI: 0000 0001 1956 201X GND: 2085624-6 SUDOC: 029477115 BNF: