Broadcast Engineer at BellMedia, Computer history buff, compulsive deprecated, disparate hardware hoarder, R/C, robots, arduino, RF, and everything in between.
3119 stories
·
3 followers

Hackers and Heroes: Rise of the CCC and Hackerspaces

1 Share

From its roots in phone phreaking to the crackdowns and legal precedents that drove hacking mostly underground (or into business), hacker culture in the United States has seen a lot over the last three decades. Perhaps the biggest standout is the L0pht, a visible 1990s US hackerspace that engaged in open disclosure and was, arguably, the last of the publicly influential US hacker groups.

The details of the American hacker scene were well covered in my article yesterday. It ended on a bit of a down note. The L0pht is long gone, and no other groups that I know of have matched their mix of social responsibility and public visibility. This is a shame because a lot of hacker-relevant issues are getting decided in the USA right now, and largely without our input.

Chaos Computer Club

But let’s turn away from the USA and catch up with Germany. In the early 1980s, in Germany as in America, there were many local computer clubs that were not much more than a monthly evening in a cafeteria or a science museum or (as was the case with the CCC) a newspaper office. Early computer enthusiasts traded know-how, and software, for free. At least in America, nothing was more formally arranged than was necessary to secure a meeting space: we all knew when to show up, so what more needed to be done?

Things are a little different in the German soul. Peer inside and you’ll find the “Vereinsmentalität” — a “club-mentality”. Most any hobby or sport that you can do in Germany has an associated club that you can join. Winter biathlon, bee-keeping, watercolor painting, or hacking: when Germans do fun stuff, they like to get organized and do fun stuff together.

Logo_CCC
Kabelsalat ist gesund! This CCC logo reminds you that it’s healthy to have a tangle of cables under your desk.

So the CCC began as an informal local hacker meetup in 1981, and then went on to having regular meetings in Hamburg. In 1984, they held the first Chaos Communication Congress, an annual meeting held just after Christmas that’s now in its 32nd year. A few years later, the CCC formally incorporated as a registered association, but there was a little more at work than simply “Vereinsmentalität”.

Translated from the CCC’s website: “In order to rule out legal misunderstandings, the CCC was registered as an e.V. to further information freedom, and the human right of at least worldwide unhindered communication.” I want to draw your attention to the cute phrase: “to rule out legal misunderstandings.” You see, even though the CCC had only been in informal existence for about five years, they’d already pulled off some stellar hacks that could potentially land people in difficult legal situations — and would have without question just a few years later in America. Ironically, by publicly incorporating and becoming pre-emptively open, rather than trying to hide, the CCC was buying itself some cover.

If you notice the parallel between the reason that the CCC became a registered association and the reasons that Mudge brought the L0pht into the government’s eye, you’ve got this article’s thesis in a nutshell. Publicly-visible and responsible hacking groups take an end-run around the potential charge that they’re a “gang” or that they’re doing something shady. How many gangs have 501c3 status? At the same time, they make it easy for newspapers and congressmen alike to find them if they have questions. The hackers become members of society.

The CCC has done the par-excellence, to the point that occasionally the club’s publications have had to remind folks to remember the actual binding force that holds geeks together: “Spaß am Gerät”, fun with the machines, or happy hacking.

The BTX Hack

While the CCC may have started out like other clubs, a few early high-profile hacks helped set the direction of the club, as well as contribute to their public image as being on the side of the common man. Which is not to say that everyone’s motivations are pure, or that everything was above-board. But, like L0pht would later become in the USA, the CCC became a source of public information about the security failures in the new online world. The CCC was committed to disclosing these failures regardless of the possible damage to reputation that doing so might cause. And it didn’t hurt if the reputation damaged was that of the hackers’ arch-enemy, the Bundespost.

posthorn_montage
Left: German Post logo. Right: CCC pirate flag. Get it?

The “Bundespest” was a favorite target of German hackers. The government telecom and post monopoly was, like AT&T in the USA, very probably overcharging for services because it could. As mentioned last time the Post forbade the import of foreign modems, requiring Germans to purchase the more expensive “official” models. Phone calls, which also meant data at the time, were expensive, and even normal people wanted alternatives to the Post. Idealist hackers like CCC founder Wau Holland wanted free alternatives.

btx1The target in 1984 was Bildschirmtext. Bildshirmtext, or BTX, was an advanced-for-its-time dial-up service that was most similar to Compuserve‘s early service in the USA. Only BTX was run by the government phone monopoly, and relatively costly.

The story goes that a buffer overflow was discovered by CCC founders Wau Holland and Steffen Wernéry that would spit out unencoded data, among them passwords in cleartext. After going to the Bundespost, and being ignored, they cooked up a spectacular hack and went to ZDF — the second national television network — and got on the nightly news. Holland and Wernéry managed to get the password from a Hamburg bank and opened up a paid BTX site that the CCC owned, repeatedly, from the bank’s account. After racking up 136,000 Deutschmarks overnight, they went to the press. (They gave the money back, naturally.)

ccc_holland-shot0002
Wernéry and Holland and a whole bunch of monitors, prime-time on Channel One.

But having a high-profile hack(Google translate link) of an important system shown on the national nightly news is a game-changer. The Hamburg bank thanked them for making them aware of the potential problem. The Bundespost had to respond a few days later, saying that they’d fixed the flaw. But the cat was out of the bag, and more to the point the public was giving their data security a second thought. And the CCC came off as dial-up Robin Hoods.

By going straight to the press, the CCC managed to stay on the right side of the law and public opinion, most of the time. When asked if the police knew what they were up to, for instance, Holland responded in an interview that he personally sent a copy of the CCC’s newsletter, die datenschleuder: the “data-flinger”, to the head of the Bavarian police computer crime unit. The media presented the CCC, and hackers in general, as the necessary civil-society counterpoint to the assertions of big business that their data would be kept secure.

Through high-profile hacks that had public impact, as well furthering happy hacking, the CCC grew its membership and spun off satellite clubs outside of Hamburg. Today there are 25 local CCC branches in Germany, and with over 5,500 members, the CCC is certainly the largest computer club in Germany and probably the world. And because they’ve publicly probed into technology that affects everyone, from BTX to computer voting systems, the press and society, and even sometimes the government, listens.

Hackerspaces, Bringing a Slice of Germany to the USA (and the World)

All this talk about the CCC brings us, oddly enough, back to the USA. Whether you realize it or not, the CCC’s 25 locals (and the independent but friendly c-base in Berlin and Metalab in Vienna) were the prototype for what I’d call new-wave hackerspaces in the USA.

hackersonaplane2A group of American hackers, among them Bre Pettis, Nick Farr, and Mitch Altman, went on a European vacation to the Chaos Communications Camp in the summer of 2007, and then on to a tour of German and Austrian hackerspaces to see what made them tick, with the thought of bringing the idea back home to the US. At the 24th Chaos Communications Congress in December 2007, Jens Ohlig and Lars Weiler, founders of the CCC branches in Cologne and Dusseldorf gave a talk about everything they new about running a hackerspace to help out their American friends: Building a Hackerspace.

The slides from this talk, the Hackerspace Design Patterns would become the jumping-off point for founding three of the first new-wave American hackerspaces. In February 2008, the for-profit NYC Resistor opened its doors. By March, HacDC was incorporated as a non-profit and was open for non-business. And although they’d been meeting here and there for a while, Noisebridge rented its first space in October of 2008, and incorporated as a non-profit six months thereafter.

Within a couple years, there were a hundred hackerspaces in the USA. Today, there are 406 registered active hackerspaces on hackerspaces.org in the US, and 1,200+ worldwide. Not bad for eight years’ work! If you haven’t been to your local hackerspace yet, you owe it to yourself.

800px-HackerspacesTeeDesignDue to the tastes of individual members, every hackerspace is slightly different. I don’t know how exactly to draw the distinction between a hackerspace and a “makerspace” but it seems that there are groups that focus more on hardware projects, and those that focus more on computers and information freedom. But my own experience is that there are no hard boundaries, either, and the strong-suits of a space tend to shift over time.

And that’s a good thing, because when people are having fun hacking they produce their best work, and providing constant opportunities for cross-pollination helps keep things fresh. In the early years of HacDC, we had a great time with high-altitude ballooning, for instance, because it got to connect up our hardware folks with the ham radio people and even the web-development types who cobbled together a nice real-time mapping solution. But at the same time, HacDC also put out Project Byzantium, an easy-to-configure ad-hoc wireless mesh networking solution.

So as much as I love the way that the US hackerspaces have sprouted up out of over the last decade, and as much as each individual space that I’ve visited has been neat and interesting in its own right, I have to say that there’s something missing in the USA, and that’s a larger organization and purpose. It’s hard to overestimate how much cool stuff could get done if some of the ambition of the USA’s 400+ hackerspaces were pooled together.

USA-CON!

So what’s the next step, Team USA? It’s going to be incredibly hard to get any consensus across 400+ hackerspaces, but imagine the amount of good it would do if you could all occasionally speak with one voice? But where to start? How would one even try to organize this chaos?

You want to know how I think the Germans would do it? An annual conference first, and then incorporate an organization to handle the coordination: you’ll be surprised how much focus and teamwork pulling off a large annual conference will build. An annual event gives groups a deadline to work toward, and I don’t need to tell you how important that is. And an annual conference gets people physically together and having fun, and that absolutely shouldn’t be underrated.

Don’t know what common ground you all have? You could do worse than start with the the Hacker ethic, which non-coincidentally came up out of the early days of MIT’s shared computer resources, but is the unifying basis in the German CCC:

  • Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!
  • All information should be free
  • Mistrust authority—promote decentralization
  • Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex, or position
  • You can create art and beauty on a computer
  • Computers can change your life for the better

And at least consider the CCC’s two additions:

  • Don’t meddle in the data of others
  • Use open data, protect private data

(Elliot was a founding member of HacDC and is at least paying dues at the Munich CCC, though he hasn’t been over in a shamefully long time.)


Filed under: Featured, Hackerspaces , slider
Read the whole story
tekvax
1 day ago
reply
Burlington, Ontario
Share this story
Delete

My Payphone Runs Linux

1 Share

For the 20th anniversary of the Movie “Hackers” [Jamie Zawinski], owner of DNA Lounge in San Francisco, threw an epic party – screening the movie, setting up skating ramps and all that jazz. One of the props he put up was an old payphone, but he didn’t have time to bring it alive. The one thing he didn’t want this phone to do was to be able to make calls. A couple of weeks later, he threw another party, this time screening “Tank Girl” instead. For this gathering he had enough time to put a Linux computer inside the old payphone. When the handset is picked up, it “dials” a number which brings up a voice mail system that announces the schedule of events and other interactive stuff. As usual, this project looked simple enough to start with, but turned out way more complicated than he anticipated. Thankfully for us, he broke down his build in to bite sized chunks to make it easy for us to follow what he did.

This build is a thing of beauty, so let’s drill down into what the project involved:

sewing-needles-making-connectionsKeypad

His plan was to connect wires from the payphone keypad to a USB numeric keyboard. These wires were soldered to the through hole via’s on the old payphone keypad PCB. Hooking up these wires to the USB keypad required drilling 0.5mm holes spaced 1mm apart using his Dremel on a piece of acrylic, lots of sewing needles, super glue, Sugru and a couple of days to track down dodgy connections.

Handset

Working late at night, and without a TRRS jack handy, he chopped off an old cable and somehow managed to solder its ultra-thin wires to a pin header. A corresponding socket was soldered to the four wires from the headset for the speaker and the microphone. And lots of epoxy goop to hold it all together.

Computer

The Raspberry Pi 2 B doesn’t have an audio input, so he needed a Cirrus Logic audio hat for the Pi. He had trouble getting ALSA to tango with the Audio hat, so he eventually wrote some of his own code to detect keyboard buttons and play or record messages.

Hook switch

Finally, he needed to detect the hook switch status. Sounds simple, but it took him a few more days to get it to work. Turns out the audio hat was causing all unused GPIO pins to act “floating” no matter which way he tried. Finally, after trial and error, he bent one pin on the Pi so it wouldn’t connect to the audio hat, and wired the hook switch to it directly.

Software

His main code was in Perl. In the version of Raspbian he was using, reading pin states worked in Python, but not in Perl – they would always appear floating. Since the underlying BCM2835 library is written in C, he tried writing his code in C, and that didn’t work either. As usual, python was doing its magic under the hood. So he called the Python script from his Perl code to do that, but not before running everything under “root” since that was the only way he could read the status of the pins. Take a closer look by reading section 3 of his blog post, which includes a link to the code.

He had thoughts on adding more features, but having got this much working, he decided to wrap it all up before things headed south. We think there’s more than enough accomplished here for him to be proud of. If you need some introduction to [jwz] as he is known, he’s the guy who worked on emacs, Netscape and Mozilla and has been hacking away since 1985.

Thanks [dr Memals] for sending in this tip.


Filed under: phone hacks, Raspberry Pi , slider
Read the whole story
tekvax
1 day ago
reply
Burlington, Ontario
Share this story
Delete

FTDI Drivers Break Fake Chips, Again

1 Share

Just over a year ago, FTDI, manufacturers of the most popular USB to serial conversion chip on the market, released an update to their drivers that bricked FTDI clones. Copies of FTDI chips abound in the world of cheap consumer electronics, and if you’ve bought an Arduino for $3 from a random online seller from China, you probably have one of these fake chips somewhere in your personal stash of electronics.

After a year, we have the latest update to FTDI gate. Instead of bricking fake chips, the latest FTDI drivers will inject garbage data into a circuit. Connecting a fake FTDI serial chip to a computer running the latest Windows driver will output “NON GENUINE DEVICE FOUND!”, an undocumented functionality that may break some products.

FTDI gate mk. 1 merely bricked fake and clone chips, rendering them inoperable. Because fakes and clones of these chips are extremely common in the supply chain, and because it’s very difficult to both tell them apart and ensure you’re getting genuine chips, this driver update had the possibility to break any device using one of these chips. Cooler heads eventually prevailed, FTDI backed down from their ‘intentional bricking’ stance, and Microsoft removed the driver responsible with a Windows update. Still, the potential for medical and industrial devices to fail because of a random driver update was very real.

The newest functionality to the FTDI driver released through a Windows update merely injects unwanted but predictable data into the serial stream. Having a device spit out “NON GENUINE DEVICE FOUND!” won’t necessarily break a device, but it is an undocumented feature that could cause some devices to behave oddly. Because no one really knows if they have genuine FTDI chips or not – this undocumented feature could cause problems in everything from industrial equipment to medical devices, and of course in Arduinos whose only purpose is to blink a LED.

Right now, the only option to avoid this undocumented feature is to either use Linux or turn off Windows Update. Since the latter isn’t really a great idea, be prepared constantly roll back the FTDI driver to a known good version.


Filed under: news , slider
Read the whole story
tekvax
1 day ago
reply
Burlington, Ontario
Share this story
Delete

Shmoocon 2016: GPUs and FPGAs to Better Detect Malware

1 Share

One of the big problems in detecting malware is that there are so many different forms of the same malicious code. This problem of polymorphism is what led Rick Wesson to develop icewater, a clustering technique that identifies malware.

Presented at Shmoocon 2016, the icewater project is a new way to process and filter the vast number of samples one finds on the Internet. Processing 300,000 new samples a day to determine if they have polymorphic malware in them is a daunting task. The approach used here is to create a fingerprint from each binary sample by using a space-filling curve. Polymorphism will change a lot of the bits in each sample, but as with human fingerprints, patterns are still present in this binary fingerprints that indicate the sample is a variation on a previously known object.

IPv4 addresses shown in a space-filling curve by xkcd CC-BY-NC
IPv4 addresses shown in a space-filling curve by xkcd CC-BY-NC

The images you’re seeing above are graphic representations of these fingerprints. Images aren’t actually part of the technique, but by converting each byte value to greyscale it is a good way for humans to understand what the computer is using in its analysis.

Once the fingerprint is made, it’s simple to compare and cluster together samples that are likely the same. The expensive part of this method is running the space-filling curve. It take a lot of time to run this using a CPU. FPGAs are idea, but the hardware is comparatively costly. In its current implementation, GPUs are the best balance of time and expense.

This expense measurement gets really interesting when you start talking Internet-scale problems; needing to constantly processing huge amounts of data. The current GPU method can calculate an object in about 33ms, allowing for a couple hundred thousand samples per day. This is about four orders of magnitude better than CPU methods. But the goal is to transition away form GPUs to leverage the parallel processing found in FPGAs.

Rick’s early testing with Xenon Phi/Altera FPGAs can calculate space-filling curves at a rate of one object every 586µs. This represents a gain of nine orders of magnitude over CPUs but he’s still not satisfied. His goal is to get icewater down to 150µs per object which would allow 10 million samples to be processed in four hours with a power cost of 4000 Watts.

How to do you compare computations on hardware the has a different cost to manufacture and different power budgets? Rick plans to reduce the problem with a measurement he calls InfoJoules. This is an expression of computational decisions versus Watt seconds. 1000 new pieces of information calculated in 1 second on a machine consuming 1000 Watts is 1 InfoJoule. This will make the choice of hardware a bit easier as you can weigh both the cost of acquiring the hardware with the operational cost per new piece of information.


Filed under: cons, FPGA, security hacks
Read the whole story
tekvax
4 days ago
reply
Burlington, Ontario
Share this story
Delete

Ford Explorer Lives again as a Jurassic Truck

1 Share

After Jurassic World came out and interest in Jurassic Park took off, [Voicey] decided he just had to make his very own Jurassic Park tour vehicle. Only problem? He lives in the UK and Ford Explorers aren’t exactly common there.

Wanting to keep it as movie-accurate as possible, he knew he had to get a first generation Explorer, and luckily, he managed to find one on an American car Facebook page. He bought it and got to work.

The first step was building custom bumper and brush guards, which he re-purposed from a Land Rover. Then he had a lot of painting to do. A lot.

Once everything was all painted, he got to work on the dashboard, integrating some ancient CRT monitors to play the tour program!

vaXa6NJ

All in all, the vehicle looks fantastic — he even threw together some props to go in the trunk, including a home-made Maxabeam flashlight, and of course, some night vision goggles.

Jurassic Park night vision

You might be wondering why they used Ford Explorers in the Jurassic Park movie anyway? In the book, they were Toyota Land Cruisers (the FJ62 to be precise). According to [Spielberg], he owned an Explorer at the time and thought it was a good truck — but it certainly doesn’t hurt that when they ordered three from Ford, they got seven.

[via r/DIY]


Filed under: transportation hacks
Read the whole story
tekvax
4 days ago
reply
Burlington, Ontario
Share this story
Delete

Open Furby Opens The Furby

1 Share

Remember Furby? The cute reactive robot was all the rage a few years ago, when the strange chattering creature was found under many a Christmas tree. Most Furbys have been sadly neglected since then, but the Open Furby projectaims to give the toy a new lease of life, transforming it into an open source social robot platform.

We’ve featured a few Furby hacks before, such as the wonderful Furby Gurdy and the Internet connected Furby but the Open Furby project aims to create an open platform, rather than creating a specific hack. It works by replacing the brains of the Furby with a FLASH controller that runs the Robot Operating System (ROS), making the Furby much easier to program and control. They have also replaced the eyes with small OLED screens, which means it can do things like show a weather forecast, facebook notification, etc.

It is still in the early stages, but it looks like an interesting project. Personally, I am waiting for the evil Furby that wants to kill you and eat your flesh with that nasty beak…


Filed under: robots hacks
Read the whole story
tekvax
4 days ago
reply
Burlington, Ontario
Share this story
Delete
Next Page of Stories