State of the Hack
From What The Wiki?!
State of the Hack
I’m pleased to report that the European hacker community is both alive and flourishing. I’ve just returned from the What The Hack conference that was held on a large estate in Southeast rural Holland. What the Hack is the latest incarnation of a quadrennial hacking conference engineered by Dutch hackers with the assistance of a few corporate sponsors and hundreds of volunteers. The first conference occurred in 1993, and the tradition has continued every four years since. Attendance at this year’s conference was about three thousand people.
The quality of the presentations and conversations clearly signifies that the free exchange of knowledge among the ever-so-subversive hacker community continues to thrive, albeit underground in some cases. The list of scheduled talks reads like an encyclopedia of technology and geopolitical studies: Smart Card Attacks; US Copyright Law and DRM; Exploiting Satellites, Exploiting PocketPC; Patents and Intellectual Property; Passive Radar Reception, Attacks on Digital Passports; the topics range from the pedestrian to the brilliant. Some of the more advanced talks such as “Collisions in Real World Hash Functions� and “Location of Mobile IP Nodes� required audience members to be familiar with post graduate level mathematics in order to follow along with the speaker.
Surprisingly, two topics that I had expected to monopolize the schedule, GSM and BlueTooth, were significantly under represented. There was only one talk on Bluetooth, during which the presenter handily demonstrated that predictable sequence numbers are a bad idea for a technology if one wants to prevent others from injecting traffic into one’s Bluetooth headset. Just the technology I need for all those drivers rattling away on their phones during the rush hour commute. Just say “Hey! Hang up and watch the &#%$ road!� Surprisingly there were no talks on GSM, CDMA, or TDMA. Apparently these technologies remain resistant to hacker attacks. Instead the hackers have targeted the handsets rather than the networks. A talk on how to exploit the various new PocketPC telephones is an example of the trend. Imagine activating the TAPI interface on someone’s PocketPC phone without their knowledge, and then using the phone as a diverter for international calls. The result - free international calling. Of course, that’s for people who don’t have access to VOIP phones, which we did in some of the tents during the event.
Encryption technology also was well represented throughout the presentations. There were numerous talks on RFID, smart cards, encryption algorithms, and data compression. The politics of privacy and anonymity also were hot topics. Most attendees seemed to share the belief that protecting Internet users’ privacy and avoiding the ongoing monitoring of Internet usage are issues worthy of their attention. Technologies to circumvent monitoring were a popular topic, and an online campaign to stop data retention by the European Union started at the conference and has accumulated over 20,000 signatures.
The entire conference proceeded without a single incident of law breaking. The Dutch police, both outside the event and circulating among the attendees (wearing notorious pink wristbands), were notably bored. One of the conference’s more notable accomplishments was a practical joke played on the police. Someone circulated a rumor that the Dutch police were presenting workshops to educate the public about their methods for securing large events like WTH. The joke was carried as fact on international news wires, and also resulted in several potential attendees knocking upon the trailer doors of the police.
Earlier this year, the Mayor of Boxtel had threatened not to issue the necessary permits for the conference because he feared that the event “[would] endanger law and order as well as public safety�. His actions were generously applauded at the end of the four day event, not for his short sightedness but for the excellent public relations boost that his intervention provided for the conference. Now that the conference is over, the public soon will see whether or not his fears were proven to be valid or not.
