Chaos at the crossroads
From Netly News Writer David Hudson
As Chaos Computer Club spokesperson Andy
Müller-Maguhn wrapped up his year-end review at the 14th annual Chaos Communication Congress in
Hamburg, he highlighted the gaping security holes found
in Microsoft's ActiveX controls and the more recent extraction of
personal identification numbers from Eurocheque ATM cards. All the while, Wau
Holland, who founded the CCC way back in 1981, sat cross-legged on the floor in
a far corner of the stage. He'd been listening patiently as Müller-Maguhn
ticked off all the conferences he'd attended, the trials and hearings he'd been
an adviser for, and when the 25-year-old spokesperson called for questions,
Holland, 45, was the first to rise.
Balding, yet decked out with a bushy beard and bulky
overalls crammed with electronic gadgets, Holland dropped his usual garden-gnome
grin: "We have to be careful not to become 'die Trüffelschweine der
Trüffelschweine are those pigs that
rustle through the morass of undergrowth on the forest floor, snuffle up
precious truffles and trot the plunder back to their owners. Holland is
concerned that all the attention -- and worse, respect -- paid to the CCC over
the past few years has the current leadership trading its hacker soul for the
media spotlight. Just a week before, however, Müller-Maguhn was fretting
that the early founders with their "'68 generation" ideals have lost touch with
the realities of a massively expanded new media landscape. It's a classic clash
of founding father idealism versus young Turk realism.
Not that the club was ever renegade, mind you, but
things were different 10 years ago. In 1987, a small group of Chaos hackers
wrote a little Trojan horse program called the Loginout patch and used it to
collect passwords throughout NASA's network. Instead of wreaking havoc, Holland
and fellow founder Steffan Wernery's first impulse was to say, Houston, you have
a problem. Neither NASA nor Digital Equipment Corporation would admit to being
hacked until German television broke the news. Had DEC faced facts they might
have avoided Kevin Mitnick's reverse engineering of the Loginout patch, which he
used a year later to steal some of the company's precious source code.
These days, people take heed when Chaos hackers
uncover security flaws. In fact, nary a Net-related headline slips through the
German mainstream media without a quote from a CCC representative. The German
parliament regularly calls on the CCC for advice in shaping official new media
policy and club members are called to court to testify in high-profile cases
such as the Angela Marquardt trial. They were even the subject of fashion spread for the premier issue of
big budget German cyberculture magazine Konr@d. In short, the CCC is a club of hackers that has become part of the
But how closely can they cooperate with the
authorities before slipping into bed with them? Consider the layout of the Chaos
Communication Congress in Hamburg. In three smoke-choked rooms lined with every
variety of computer, hackers fueled with Coke, chips and cookies exchanged
everything from simple passwords to smart cards for decoding satellite signals.
The IP address of the sole NT server was chalked up on the board with the
message, "Viel Spass!" (Have fun!).
Meanwhile, in the main auditorium, presentations,
videos, films and overhead projections documented the sure march of the CCC
toward the mainstream. A few years ago, the appearance of a representative from
Deutsche Telekom, the very beast itself, would have been a genuine jaw-dropper.
But there he was, 60-ish, suit and tie and nervous as hell, explaining what the
fifth largest telecommunications company in the world was doing to guard itself
against the sort of "social engineering" hackers have perfected over the years
-- for example, a hacker, pretending to be a phone company grunt, might call a
secretary to get him to pass on his boss's user ID.
This was the hacker's dilemma writ large: Deutsche
Telekom stumping in the auditorium while hackers in the next room are probably
trying to break into Deutsche Telekom. Ostensibly, all parties concerned share
the same goal: safe networks, secure software, technology people can use with
confidence. But the ideal of free access to all information, the very foundation
of the CCC as stated in the preamble to its charter, runs counter to the aims of an
industry seeking to cash in on the telecommunications boom.
Whether the CCC confronts or conforms to this
paradox will most likely be determined by whoever emerges as the real face of
the club once it overcomes its current identity crisis.