The evocative video made by conference organizer
tried to convince the audience that the hacker campgrounds are a
Dutch tradition - as well as tulips, windmills, Gouda cheese and
wooden shoes. Since 1989, every four years hackers gather in a
traditional Dutch style campsite. Imagine a large music festival,
substitute concerts with tech lectures and replace a variety of
food stalls with tents of various hackerspaces, makerspaces and
projects. At night, the camp turns into a twinkling city in which
hackers want to prove that the image of the hacker as an intellectual
loner is pure cliché.

Our group starts arriving to Amsterdam a few days early group by
group. We all want to see the other Dutch traditions - Red Light
District, have a beer at the windmill and go cycling. Many of us
opt for a bicycle trip from the nearest station to the campground.
We were welcomed by a typical Dutch weather and arrive completely
wet, but happy. Trying to dry at the Progressbar, Laila, the chief
decorator of our camp tent is already sticking posters to the wall.
Others build up tents - inside the main tent which is the headquarters
of Czech-Slovak village. Geography is maintained at least relatively
because a short walk from our village is HQ and campsite of Metalab,
Vienna. Their typical telephone booth is connected to the OHM2013
phone network. Brmlab from Prague is a bit further but still close.

Unofficial, but apparently the main theme of OHM2013 is the apparent
asymmetry between the human desire for privacy and large organizations
– headed by the NSA and the largest social networks and portals,
who have other plans with the “private” data. Proclaimed objective
of NSA is to protect the public against terrorist attacks, although
the facts show a significantly different story. According to the
latest information, NSA-caught personal communication is distributed
to DEA for minor drug investigations as well. The aim of “technology”
giants like Google, Facebook and Yahoo is to serve their customers
- the advertisers. In this way, they can raise prices and allow
better ad targeting. People are starting to realize that for these
companies, we are not the customers, but the product. Julian Assange
spoke about this from his “asylum” in the Ecuadorian Embassy in
London via Skype. Jérémie Zimmermann, founder of La Quadrature du
Net, a European organization that is fighting for the right to
privacy of users said, “Julian, I really wish that you could be
here with us. It’s beautiful here, there are lots of blinking lights
at night. We miss you.” The atmosphere was nostalgic, just four
years ago he gave one of the major speeches on his project Wikileaks
at this same event. Julian Assange did not say much, but one new
thing we did learn - according to him, the states are not forcing
companies to send data to their secret organizations and companies
are fighting, but ultimately giving up. Technology giants and NSA
are in the same bed. As an example, he mentioned a visit from Eric
Schmidt of Google, who came up with several representatives of state
power.

The so-called “Spook Panel”, which consisted of former agents and
contractors of NSA, CIA, MI5 and American Department of Justice,
explained to us how the surveillance system works. There is a great
deal of exchange of information between the agencies. Since the NSA
cannot eavesdrop on Americans officially, they simply outsource
this part of activities to their partners, who in exchange receive
information that are captured by the U.S. probes. Analyst at the
agency sees target’s e-mails, conversations on social networks,
browsing history, metadata about phone calls (date, time of call
and dialed number), or SWIFT transfers and card transactions.
Whenever the analyst tries to get the information, they must provide
written justification, however, although it is archived, nobody
reads it.

In addition to political issues, there were also purely technical
issues. Philippe Langlois started a popular topic of hackers -
hacking telecommunications infrastructure. Telecommunications market
is known for its closeness and overcomplicated solutions and
protocols. It is a popular target for hackers because closed complex
systems usually involve a lot of vulnerabilities. Phillipe’s lecture
was about Home Location Registry of cellphone operators. HLR is a
central database of users and information about them. Each access
to the network by the user, whether at home or from a roaming network
is verified by this system. It contains most sensitive data operator
knows about its users. And it’s almost always a huge, complex system
covered with the various old components. It is no wonder that finding
security holes is not that difficult. But no one would forget to
protect such systems with firewall and certainly no one would ever
put them out on the Internet, to be reachable by anyone, right? Not
really - several mobile operators with millions of active users
have put the most important system they own out on the Internet.

Karsten Nohl continued his series of mobile technology hacks and
this time he focused on the SIM card. He found a vulnerability in
firmware signing of several SIM cards, which allows complete remote
cloning, locating the user or calling the attacker-chosen phone
number at any time. Effectively this way an attacker can transform
a phone with a SIM card to a surveillance bug, which intercepts not
only what you say, but also where you are. Some mobile operators
stated that their SIM cards are not vulnerable - at least our SIM
cards were OK. But you should be aware that mobile phone operators
change their SIM card technology, and while the newest cards may
not be vulnerable, when was the last time you actually changed the
SIM card?

Like at other hacker camps, what is happening outside of the official
program is usually much more fun and interesting. Workshops,
technology demonstrations and dance floors gave us perhaps more
than mere lectures. Opportunity to meet interesting people from
different fields of science, technology and art is almost priceless.
And the biggest surprise? Flying ostrich. Do you say that ostriches
do not fly? That is true, but not at hacker camps, where they replace
their inside with an engine and add few rotors on top. And voilà,
the ostrich can fly. I saw it with my own eyes.

(original post)