For the 35th time, the Chaos Computer Club hosted the biggest hacker meeting in Europe - the Chaos Communication Congress, abbreviated to 35C3. This year, the slogan was "Refreshing Memories", to recall the previous annual meetings. The number of visitors is growing year on year, with around 17,000 guests attending this year's congress in Leipzig. Of course, those of us in the InfoGuard Red Team were there day and night. In this article, I will be giving you an insight into the fascinating world of the 35C3 and introducing you to our Top 9 Talks.
Of course, the Congress's own "meme" had to be included. In the course of the first day, more and more notes appeared with the words: “Birds aren’t real – Wake up 35C3”, wake up people, they are the surveillance drones of the state”. This reference to conspiracy theories about government surveillance drones escalated over the four days, taking every possible guise.
This year, the congress covered a very broad spectrum with over 160 lectures, ranging from highly technical talks like iOS Jailbreaking to discussions on ethical and moral topics around hacking, to cyber Slam poetry. Many of the lectures were specifically aimed at beginners in order to give future Infosec experts an intelligible insight into the world of hacking. Of course, we could not attend all the talks.
There was a crash course in Operations Security (OpSec) and how as a hacker to avoid going to prison. The lecture focused on the risks of "hacker sports" and how young hackers can benefit from the mistakes of others. The bottom line is - stay away from cyber crime. In any case, Bitcoin is currently in the doldrums.
This talk was supplementary to the OpSec talk, which made it all even more exciting. Frank Rieger talked about vital questions that hackers should be asking themselves when they are doing “what they love best". A talk that definitely made you think!
IoT (Internet of Things) remains a thorn in the side of security experts - and rightly so, as this talk showed. If you think a "smart" light bulb is harmless, you should definitely watch this talk.
Martin Vigo showed that voicemail is still a relevant attack vector, even after 30 years. Among other things, he demonstrated how a WhatsApp account can be transferred via voicemail.
A review of the 2018 network policy year in Switzerland. Topics such as mass monitoring, network blocking and, of course, e-voting were covered. The following topics were also discussed: Which issues will be of interest to Switzerland in 2019?
"As secure as online banking": The electronic patient file is coming - for everyone. Using five concrete examples, it was demonstrated how hugely thoughtless decisions were being made by online platforms and apps in the health records sector and how easy it is to gain mass access to confidential health data.
What's so good about mistakes? You learn from them. A very entertaining lecture about the (wrong) developments and news of last year.
Over and over again you hear about mysterious "Zero-Days", although very few people can imagine what the process behind it is. In this talk, Ret2 Systems explained their process of zero-day-engineering on the basis of a case study.
The gaming concept of the traditional terrain game "Capture the Flag" (CTF) is widely used in computer games - and obviously also in the hacker scene. Usually, several teams compete against each other and try to defend their own network within a given period of time. Points are awarded for successful defence as well as for successful attacks. A more detailed explanation of Capture the Flag was given in this talk, as well as why you should take a look at it in your spare time.
For me as a Pentest newcomer, it was extremely impressive to see how huge the Infosec area is and what exciting subjects there are all around it. It was also very nice to see the respectful way people worked together. For example, I was given a "consolation crane" (an origami bird) because unfortunately, I couldn't find a seat in a full hall.
Will we be attending the Chaos Communication Congress again next year? Absolutely! But I will definitely take a laptop with me to take part in the internal CTF and conquer flags - my fingers are already getting itchy.
You don't want to miss another post? Then subscribe to our blog updates! Receive the latest blog posts weekly from our Cyber Security experts conveniently in your inbox. Subscribe now!
Image source:
Cover image: Florian Kleiner, Flickr (http://bit.ly/2C8YrZB)
Image 1: Yves Sorge, Flickr (http://bit.ly/2C8mh7W)
Image 2: Waithamai, Flickr (http://bit.ly/2CenaM3)
Image 3: Leah Oswald, Flickr (http://bit.ly/2Ca7dqh)