Background information
Small smartphones: will this endangered species get its David and Goliath moment?
by Dominik Bärlocher
Among hackers: Behind the scenes at the Area41 Security Conference
18.6.2018
Translation: machine translated
Video: Stephanie Tresch
Zurich's X-Tra is not only a party destination, but also the place where hackers meet. Several hundred hackers gathered at the Area41 Security Conference, exchanging knowledge and drinking club mate. A report from a scene that is generally media-shy.
"We're not that good with technology," says Candid Wüest, security researcher and co-organiser, at the start of the Swiss hacker conference Area41 in Zurich's X-Tra. The 500 or so hackers from all over the world in the audience laugh. It's the start of Switzerland's largest information security convention. Over two days at Area41, hackers from all over the world report on exploits, share stories and take part in workshops. Among them: Video producer Stephanie Tresch and myself. We are the only journalists present when the entire supply of Club Mate between Winterthur and Bern is destroyed in two days. We are there as helpers and as media people, reporting exclusively on an event that doesn't really seek out the media. And about a culture that is generally media-shy.
We were given rules in advance:
- Do not film faces that are not on stage
- Do not connect to wireless networks
- Wear your badge
"Treat the Wi-Fi at the con as a hostile network," says Candid. Because even the network provided by the convention can harbour dangers. A quiet, sly laugh goes through the audience. What could possibly go wrong?
A glimpse into the culture of hackers
The work at the convention shows how hackers in Switzerland think. They are an intimate group, more friends than allies or even competitors. Conversations centre not only on projects - always without company names, but with abstract descriptors such as "a medium-sized financial institution" - but also on curiosity and families.
The hacker scene in Switzerland is growing up. A CEO of a company brings his two children with him on Saturday, his employee straps on a baby carrier after his talk and proudly carries his son for a walk. Opposite the old hands is a young generation of hackers. They are fresh out of university, career changers and rarely women. There are about ten women at the convention. More than at the last two conventions, which flew under the Area41 banner.
The talks are the main part of the conference. A talk is a type of presentation on a topic related to IT security. Be it a vulnerability in a currently widespread software solution or the culture of the scene.
In the first talk, the keynote of the event, Costin Raiu reported on the problem of attribution. Ever since an improvised talk a few years ago, he has been taking a Byte and exploring the question: "Who is behind which hack and how are all the hacks connected?" In the talk, he plays with the idea of a database that compares snippets of code from hacks and finds out which malware is based where and who is behind it. The problem: "Having 10,000 machines working in parallel is very expensive."
Costin does not provide an answer as to how the problem with the many machines can be solved. Probably deliberately, as there is still no clever solution for the economical and efficient parallel operation of 10,000 machines. But the audience applauds. After all, the exchange of ideas is almost more important than the mutual belly brushing and bragging. Perhaps one of the listeners is inspired and takes on the problem. Perhaps he or she will manage to find a solution that doesn't require 10,000 computers to calculate in parallel, but only 5,000 or even 1,000. Even if that's not really practical, it's more practical than Costin's current proposed solution.
This idea runs through all the talks. Ideas fly through the air, often jokes, rarely solutions and a bit of showing off.
Workshops
If you're not in the mood for a talk or you're not interested in either of the topics from the two parallel talks, workshops are offered in the adjoining rooms and above the stage on the balcony. Two workshops in particular are making a name for themselves at this Area41: The lockpicking workshop from Swiss lock openers Spass and the hacking workshop from Zurich-based IT security company Scip.
Scip's workshop is aimed at newcomers. The old hands around researcher Stefan Friedli and Michael Schneider show curious and inexperienced people how they can gain control over a domain. Participants bring their own laptops and hack away while the experts look over the shoulders of Scips. However, these experts are not just veterans of the scene, i.e. between 30 and 35 years old. Because sitting opposite a hard-thinking man is Andrea Hauser. After completing a banking apprenticeship, she studied IT specialising in security and turned out to be a talent. Now she is completing her studies in the summer, alongside her work at Scip. The petite woman shows the hackers how things work, takes Amazon's Alexa apart with them and goes through configurations and tools with them.
Stefan and Michael then also give a talk in which they impart wisdom from a decade of professional penetration testing to the newcomers in the field.
"In a penetration test, it's not a question of whether a company will be hacked, but when it will be hacked," says Stefan.
Then he goes on to explain the importance of penetration testing.
He then declares the traditional penetration test dead. He advocates a specialised approach: 'Set yourself up like an employee who wants to do your company harm. Anyone can run automated scans, but the "rogue employee" and other attacks that combine social engineering and technological attacks are dead.
"The reason we test entire organisations and not just individual objects in an organisation is because we are looking for the negative space," he says. "Isolated tests are of little use. The real dirt is where all the objects meet."
His colleague Michael Schneider then talks about his practical experience: how he hid listening devices in a meeting room, how he spent months talking and listening in on coffee breaks in some break rooms.
How you are monitored in everyday life and how Area41 plays with it
There are three rules at the beginning of this article. The first is aimed at protecting the privacy of those present. The other two seem a bit strange for outsiders. Why shouldn't you connect to an open WLAN that is free and fast? It's totally okay, right?
The badge on the Area41 has built-in components that allow the pendant, which is modelled on a Cylon from Battlestar Galactica, to connect to a WLAN. In turn, this means that the badge identifies itself to the network. This in turn means that the position of a badge can be determined to within a few centimetres. Even more precisely than with GPS.
This also works without a permanent connection to a Wi-Fi network, i.e. without data exchange. This is because WiFi ping works as long as you have activated the WiFi antenna on your device.
- Router asks: Are there any devices?
- Your device answers: Yes, I am a mobile with this identifier!
- Router asks: Do you want to connect?
- Your device replies: No, not really.
But the identifier of your device, the MAC address, is transmitted and can be logged accordingly, along with a whole bunch of metadata. A case from the city of Zurich proves that this is not completely unrealistic: the kiosk and café operator Valora used this very system to spy on customers at Zurich's main railway station. To do this, they used hardware and software from the manufacturer Minodes.
At Area41, this is fun and monitoring is handled by the IT security company Fortinet. They only log badge ID and position. No names or other data are stored in the badges. But in real life, outside the X-Tra, this is serious. To prevent Minodes systems and others from simply tapping into your data unsolicited for advertising purposes and profit maximisation, the hacker Antoine Neuenschwander invented the Valora WiFi Tracker Confuser.
Source: Defcon4131
Are Valora and Minodes the only ones using such methods? Probably not. Because it is probably too tempting for companies and advertisers to use the information of gullible, careless and actually quite nice people in order to maximise their profits. However, Swiss legislation does not yet require operators of such infrastructure to explicitly disclose this information.
"I'm Miklagard, by the way"
While Stefan, Michael, Antoine and others hold their talks, Stephanie and I sit at the entrance. Our job is to check badges and hand out badges when a newcomer reports in.
"Hi Dominik," a young man greets me.
Does he know me? Could well be. I pop up in videos from time to time and have been involved in the IT security scene for a while. I give him his badge, explain what's where - workshops on the second floor, talks on the ground floor and first floor, free drinks, plenty of Club Mate - and think nothing more of it.
"By the way, I'm Miklagard," he says.
We get talking, laugh and talk shop, think out loud about things and discard ideas as quickly as they come. We only know each other from screens, he knows me from articles, I know him from commentaries on the topic of small smartphones. We talk to each other like old friends, laughing and chatting. This is an effect that Candid Wüest and his team are specifically promoting.
"That's how the best ideas come about. And above all: we have fun doing it."
Behind the scenes
Not only Candid Wüest is behind the talks, workshops and drinks, but also the entire board of the Swiss hacker association Defcon4131, part of the global Defcon network. Adrian Wiesmann programmed and flashed the badges. On Friday, he lives on three hours of sleep, a nap in the afternoon and caffeine. Désirée Sacher coordinates talks and the runners, so she and a team of helpers do everything that needs to be done.
Over the course of the two days, Stephanie and I are busy checking people in, selling T-shirts and answering all kinds of questions. Sometimes we even know the answers, Stephanie remarks at one point.
We help Fortinet set up the location routers, carry ladders around.
In previous years it was a bit chaotic, but this year Candid has only allocated us to one block. There's a radio in front of us at the entrance. Whereas in previous years it was more or less a constant chatter of "We need $ding in $place and we need it now", followed by a helper dropping everything and rushing to the emergency, this year it's mostly quiet. Area41 has grown up. As a helper who is taking part in the third Area41 for the third time, I'm delighted. Because if a few hackers can have a good weekend, then I'm happy to be there behind the scenes. I'll definitely be there again next time, in 2020.
Area41 out.
Journalist. Author. Hacker. A storyteller searching for boundaries, secrets and taboos – putting the world to paper. Not because I can but because I can’t not.
Computing
Follow topics and stay updated on your areas of interest
10 comments
later