Chaos Communication Camp 2015 - a great training experience and heaps of fun

Andreas Dannert

President of ISACA Melbourne Chapter

Before I share some of the greatness of attending the Chaos Communication Camp 2015 in northern Germany, I would like to lay out some of my thoughts on the role of general and corporate training in building your career.

When I started my career in technology consulting, I didn’t have a plan when it came to training. Having finished my Masters degree in Computer Science and worked in research, I had an idea of what it took to identify, evaluate and develop information. I had used these skills to pass my exams.

Corporate training seemed to work differently. It was typically defined by the organisation I was working for and mandatory, potentially boring and uninformative. I and others typically walked away without being satisfied. While some corporate training may have been driven by compliance, other training was not very effective for the organisation or myself.

Soon I started developing my own, more concrete ideas on what defines ‘great training’. I started getting deeper into the field of information security and changed my training preferences accordingly. Over the years I realised that the best training was training you choose yourself, enjoy taking, and enables you to walk away with information that helps you at work and furthers your knowledge in your chosen field.

Given that more information is now easily available online, obtaining this training is not too hard to achieve. It can easily be done through self-study and highly specialised courses that target an area one wants to improve in. The downside of specialised courses is usually their cost and, as a result, getting them approved by the organisation you may be working for if they do not share your views on training. I strongly believe there is a third option after training courses and self study.

My personal view is that social networking around training topics is important in retaining information. Discussing new topics while learning about them certainly helps me retain more information. While I don’t have any scientific references to verify whether this is common or true for only a few, I believe the learning environment and the opportunity to reflect on a learned topic plays a major role in retaining information. I can see that social networking is not only an opportunity to exchange ideas, but creates an environment in that one can relax and have some fun, which should support people in retaining information. Considering all the above, I would argue that certain security conferences are a great way of building your skills in information security while having fun and not having to spend a fortune. Naturally I am not referring to vendor-driven conferences, but rather community courses. Both have a place in regards to training, networking and, of course, business, but for self-training I prefer the later.

I am grateful that you have read this far, because by now you might be asking ‘what has all has to do with the Chaos Communication Camp?’ Let me explain. If you have never attended one I will explain what it is before providing you with some of my training highlights. It really is a training opportunity that ticks the boxes of learning, social networking and having fun.

The Chaos Communication Camp is organised every four years by the Chaos Communication Club in Germany. With over 30 years the club is one of the oldest and largest hacker associations in Europe.

The organisation provides information on technical, social and security issues, such as surveillance, privacy, freedom of information, data security and more. The camp is an international gathering of ‘hackers’ of all ages and backgrounds and this year it was held at an old brick factory, now a museum, an hour north of Berlin, Germany. To give you an idea how big this camp is, this year an estimated 4.500 participants attended from 20 different countries, linking about 18.000 devices through a custom installed network and power infrastructure, providing 1GB of fixed line bandwidth through a 10GB uplink. In addition there were 1.8MW power generators installed to provide all attendees with sufficient power for their equipment. The custom network infrastructure also included a local, independent GSM, DECT network and of cause a local radio station as well as real time streaming of all the major presentations held on-site. To get all this and a free campsite to pitch your tent or set up your caravan you had to pay around 210 Euro, currently AUD$331, for five days. Kids attended for free. Kids you might ask? Yes, and to me that is the beauty of this and similar events. Training, work and life become one and make for an amazing experience that puts you in the right state of mind to learn. Never did I feel unsafe or have an issue with my young kids roaming the grounds and making friends with other kids from all kinds of countries and backgrounds. The common denominator that brought everyone together was to learn, be excellent to each other and have fun. Admittedly the hot temperatures in

Germany didn’t help, but the lakes around the camp provided for a nice opportunity to cool down. And, in true ‘hacker’ style, some of the lectures were delivered on the lakes in some blow up boats.

For at least one user that created a problem when he dropped his iPhone into the lake, but the local CERT team was well equipped to deal with the issue. They sent in their professional diving team to recover the phone, disassemble it, dry it and put it back together. Apparently it was back in working condition. Food and drinks were also available on-site so no one had to go hungry and the bars allowed for some very social exchanges all night long as a disco ball spun in one of the forests. One of the iconic installations on the grounds was the ‘data dunny’. As you can see in the picture it looks like a portaloo, which it is, but instead of being a toilet, the ‘data dunny’ was a cheap way of providing a weather proof cabinet to install a wireless access point and a 1GB switch providing cabled and wireless network connectivity to all camp participants. To get connected all you needed to do is to loop your network cable through a hook outside the portaloo and wait for someone from operations to plug you into the installed switch.

You may ask ‘how can you reasonably learn in this environment and how much can you learn? I would argue that you could learn a lot. While the material is available for free online (please see links below) it is a completely different experience to be on-site. Not only do you have access to like-minded people trying to learn and have fun, you can one or more of hundreds of workshops. These workshops cover everything from GSM protocols to software defined radios to the impact of new technologies, and legislation on society. My greatest learning experiences were attending a workshop on setting up your own GSM network and some of the implied security issues, as well as presentations on Windows 10 security, Mexican botnets, Carhacking, detecting IMSI catchers, TLS interception and Iridium hacking.

To summarise the key lessons I have learned, I would have to say that the Internet of Things is becoming reality, but security is still not a given and that is worrying. In addition the social impact of secure use and preventing abuse of IT is becoming more and more important. The presentation on Mexican botnets made this quite obvious. It comes at no surprise that Wired just ran an article on the same topic.

To recap, I would recommend that individuals who love working in the security industry and do not see their work as just another job consider attending this or a similar security conference. I certainly have to be grateful to my employer for giving me time off to attend this camp. I did learn quite a bit and what I have learned will encourage me to learn even more on some of the topics I discovered. I believe these and similar events represent a good business investment when it comes to great training. While travel is certainly a factor there are other events that you can attend around the globe, like Ruxcon, Kiwicon, DefCon, OHM, Hack in the box and the Chaos Communication Congress, not to confuse with the camp. These are just some of the events I can think of.

It would be great if I could meet some of you at my next training experiences at Ruxcon, Melbourne or the Chaos Communication Congress, right after Xmas in Hamburg, Germany.

This article was brought to you by Enex TestLab, content directors for CSO Australia.

Tags: research, germany, computer science, corporate training, Communication Camp 2015

Show Comments