At the end of August, hackers and technology enthusiasts from the Chaos Computer Club met at the Mildenberg Brickworks Park for the Chaos Communication Camp, which takes place every four years. Between tent cities and network routers in Dixieklos, the so-called “data clos”, many workshops and lectures took place this time, typical for CCC.
The hacker camp at the Chaos Communication Camp
For 20 years now the Chaos Computer Club has organized a summer camp every four years. This took place for the second time already in the brickworks park Mildenberg in Brandenburg. Besides many projects of the local CCC Hackerspaces like automatic wafer-, donut- and cocktail-machines or an internal CCC-Post there was a lot of discussion and knowledge transfer. This is usually done in lectures which can be streamed live or afterwards.
Privacy Breakdowns at Chaos Communication Camp
The first recommendation on our part is a lecture by Stefan Brink, Data Protection Officer of the State of Baden Würtenberg, and Alvar Freude, Speaker for Technical Data Protection and Freedom of Information of the State of Baden Würtenberg, entitled “Achtung, Datenpannen! – The big data protection and DSGVO show”. This lecture, which is partly very humorous, conveys the basics of data protection in a simple way. Special emphasis is placed on the technical implementation of DSGVO requirements. For example, it is explained how personal data should be stored in encrypted form. In the past, we have also reported on some of the major glitches in the implementation of the basic data protection regulation. Here you will find further information on the topics mentioned:
- The Facebook Privacy Policy: A Horror Fairy Tale?
- GDPiRate: Side channel attack reveals DSGVO vulnerabilities
Rethinking in the critical infrastructure
One topic that has been much discussed in the IT security industry in recent years is the BSI Criticism Ordinance of 2016, which defines which nine infrastructures represent the indispensable foundations of society and how they must handle their IT security.
Exactly with this topic area the second lecture recommendation of us concerns itself. The lecture with the title “#Defensive statt #Offensive am Beispiel von KRITIS” by Manuel Atug the Head of the working group Kritis deals with the current trend to invest more money in offensive IT security than in defensive. The implications for the Kritis sector in Germany and the extent to which this will lead to an arms race among market participants will be highlighted.
Hacking of networked buildings on the Chaos Communication Camp
The third and last lecture recommended by us is the lecture “IT security in networked buildings” by the security researcher Simeon of the University of Rostock. Using the example of the industry standard and field bus protocol KNX, this lecture shows how building automation is conceived and which weaknesses and security gaps are concealed in it. The security researcher will show how personal information can be derived from harmless sensor activity data. Finally, recommendations for action are discussed which can be applied to already installed building automation systems in order to increase safety.
Communication of knowledge at the Chaos Communication Camp
In addition to the three lectures recommended by us, there were over 100 further lectures on various topics at this year’s Chaos Communication Camp. Therefore we can recommend you to have a look at the whole lecture program after reviewing the above mentioned lectures. This can be found at https://media.ccc.de/c/camp2019.
