hH? - hip '97

Hacking in Progress '97 - 2600 Report

Last week I spent a few hot days at the Hacking in Progress '97 festival near Amsterdam. The previous event Hacking at the End of the Universe in 1993 directly inspired smaller scale conferences such as Access All Areas in the UK.

  • A large campsite, not far from Amsterdam in the Flevoland polder (reclaimed from the sea only this century).
  • A 1000 seater circus tent.
  • 24 hour bar and main computer network pavilion.
  • 6Mbs Internet access via a Microwave link.
  • 100Mbs fibre optic backbone to the campsite fields, UTP and BNC to the tents & caravans.
  • 2 x 440kW modern diesel electric generators provided the power.
  • Clean showers and toilets that worked most of the time.
  • 1,800 plus registered visitors, from Netherlands, Germany, USA, UK, Sweden, France, Belgium, Poland, Hungary, Portugal, Slovenia, Korea, Singapore, Japan etc.
  • Over 1,200 separate MAC addresses i.e. ethernet cards were detected on the LAN.
  • There were large army tents and various caravans with more computers than a cybercafe or many companies. Some people were determined not to rough it too much, and brought their espresso machines and satellite tv dishes with them.

    HiP'97 Website Hack (Sort Of)
    The opening video conference with Beyond Hope in New York had problems with the audio (perhaps they should have used CU-SeeMe instead of Intel Proshare?).

    However, after the customary exchange of greetings, the Beyond Hope crew showd off a HiP'97 web-page now "owned" by Beyond Hope. The credit for this was pointed to someone who looked not entirely unlike Cyberjunkie - beard, dark glasses, tattoos, could have been anyone really. This set people from the UK speculating as to bail conditions and USA visa requirements. This was, of course, legal hacking, the more so since the actual server amended was not the main HiP'97 one, but one of the 600 or so machines already set up by then in a tent.

    Packet sniffing - many people were trying out the new version of Snifitt for Linux etc. or their own favourite packet analysers and password sniffers - hundreds of POP3 email accounts etc. were vulnerable some of these were anonymous/throwaway accounts, but there will be a sizeable minority who should probably change their passwords.

    One fool telneted in to his system en clair, and then ran secure shell to another system. Another changed his password online, whilst a sniffer was being filmed by a German TV crew (I wonder if they will edit this out on transmission?).

    There were rumours of policemen from as far afield as Slovenia, and from the UK, there could have been a representative from the dark mysterious realm of the West Midlands Computer Crime Unit, but they were not having as much obvious phun as their Dutch collegues.

    The Dutch Computer Crime Unit (12 strong) wore distinctive orange badges (which eventually got cloned) and had a large RAID disk array in their tent. What could they have been monitoring? They also had top of the range radio scanners, but seemed human enough, playing Quake till the wee hours and consuming vast quantities of beer. Perhaps they were working, judging from exclamations such as "XXXX has just logged into hotmail and we have his user ID and password!"

    On Sunday, the Dutch PTT payphones onsite somehow developed a programming error: emergency calls gave you a dialtone and phree phonez to anywhere in the world - was this another demonstration of traffic analysis/intelligence gathering in action?

    Several well-known Cypherpunks from the USA came to HiP'97 and gave interesting talks on encryption, spamming, free speech (including those of neo-nazis etc. whose views one does not necessarily share)

    One of their main reasons for being there was also to compile PGP verion 5, entirely in Holland. The source code was proof read by non-USA nationals, and so this version should be freely exportable around the world.

    van Eck monitoring
    It was nice to see a real demonstration of analogue van Eck monitoring of a standard PC, which meets all the normal shielding and emmission control standards, via an aerial, via the power suppy and via the surface waves induced in earthing cables, water pipes etc. Even this simple equipment can distinguish individual machines of the same make and model in a typical office building, from 50 to 150 metres, or more with extra signal amplification.

    The US Cypherpunks and German Chaos Computer Club extended the discussion afterwards with details of more modern Digital Signal Processor approaches and experience of Tempest shielding.

    Smart Cards
    The Dutch demonstrated some glaring weaknesses in the security and confidentiality of one of their smart chip bank payment cards and the many possible attacks on Satellite TV cards were discussed.

    The heavy handed arrest/legal harrassment of one of the Dutch people who produced the first POCSAG pager decoder was highlighted. This seems to be yet another case of empire building/budget battles for those in authority whose job it is to combat so called high-tech criminals. The implications of innocent phunsters being targeted alongside drug smugglers etc. is a trend that needs to be resisted.

    A web-page and radio controlled wheelchair with a vision system went trundling about. The sundrenched vistas and strange lifeforms visible drew comparison with NASA's Mars probe.

    Bill Gate's Tombstone
    There was a photo opportunity for all at the Bill Gate's tombstone (real polished granite), which got adorned with various, sometimes, funny tributes. The overall effect was akin to some Voodoo shrine.

    After the power failures (caused by people inevitably tripping over power cables, not due to the generators), the merry sound of Windows and NT machines re-starting could be heard over the curses of the Linux fans hoping that their file systems had not been corrupted, so perhaps not everyone considers Bill Gates to be dead just yet. Some people hold to the theory that he may be one of the Undead...

    Riskiest Seminar Follow-up
    The establishment of an encrypted "Don't try this at home" discussion list on the topic of Electro Magnetic Pulse weaponry - can a compressed flux or magento hydrodynamics based pulse generator really be so simple to design?

    Overall Behaviour
    Lost wallets were handed in intact, millions of pounds worth of computer equipment was not damaged or stolen. This could not happen at say DefCon in Las Vegas, where this year two hotels had Satellite dishes removed from their roofs (one apparently did credit card authorisation for the casino) and where people with more money than sense drove out to Area 51 and succeeded, with the help of bin liners filled with helium and flashing lights to get F16 jets scrambled, black helicopters launched, etc.

    The weather was very hot, but the various nationalities dealt with it in their customary fashion, some of the Germans taking to naturism, the Dutch to jumping in the local canal, and the Brits trying to avoid sunburn.

    There were certainly a good proportion of women present, and even a few children too.

    Never having been considered to be at the bleeding edge of fashion, it came a a pleasant suprise to many participants that the obscure T-shirt designs that they were sporting should be of such interest. At least two sets of people were keeping a photographic or video record of unusual T-shirt designs. Were these "street fashion" scouts or just anthropological specimen collectors? The Tamagotcha design depicting a slain digital pet was quite amusing.

    HiP'97 must have had some impact on the Dutch population, since during the obligatory trip to Amsterdam's red light district (where every other voice seemed to be from the UK), my old 2600@ph.uk T-shirt elicited an offer of a "Discount for hackers! Come inside away from your computer screens!"

    Not HiP
    Topics which were not covered at HiP included:
  • Viruses - they have exactly not gone away since HEU in 1993
  • Public CCTV monitoring (not quite as bad in Holland as in the UK, although they did manage to get a Webcam in one of the toilets!)
  • In one sense HiP'97 showed that those interested in computer security, phones, smartcards and other high-tech tools/threats are not alone in Europe. To put it into perspective, however, on the Saturday, on the other side of Amsterdam, over 15,000 people attended a rock against racism type music concert, so HiP is still an elite sport.

    There is due to be another such event in 4 years time in the the year 2001 - time to start saving up for an air conditioned mobile home.

    2600 London

    Disclaimer: All the info given here is incomplete, there's always something missing. This is basically to cover our own backs, but for someone with a bit of sense it shouldn't be too hard to fill in the blanks. The authors of this page and the carriers do not take any responsibility whatsoever for any action you may carry out as a result of you reading or using this information. Any documentation provided is given for research purposes only.