As always Berlin was amazing. Seemed like yesterday. It was my second year attending both the Chaos Communications Congress (28C3) and Berlinsides (0x2) that immediately follows - but it was my first year speaking at either.
Unfortunately John Strauchs and our exploit writer Dora (the other members of the team) were unable to attend with Tiffany Rad and I, but, we were very happy to have John join the presentations via Skype. Our talk on PLC and SCADA Vulnerabilities in Correctional Facilities got off to a bit of a rough start. There was a problem with the power at the beginning of our presentation and consequently our slides were not visible in the room for about 5 minutes. Even though you could not see the slides in the room they were always visible on the live stream. The wonderful audio visual team got the problem fixed within minutes of us starting and they were met with cheers when the slides appeared in the room.
The room for our presentation was completely full and had people standing and sitting around the edges. It was great to see such a large interest. The attendees of the conferences were great. Our presentation was well received and many people came to speak with us about problems with SCADA systems in general. It's always nice to sit down with people after a talk and hear what they have experienced and seen.
The Congress itself is very interesting. There are not quite as many vendors as typically seen at US conferences, and there does appear to be a bit more spaces allocated to projects and services. One of the most interesting services is Eventphone. It is essentially a phone service that is local to the conference. DECT phones as well as GSM phones can be registered so that you may call others within the conference's main geographic location. All who register are given a 5 digit extension. When at the conference all you need to do is pick up one of the conference phones and dial the 5 digit extension of whoever you wish to reach. Another neat feature is that there is an actual phone number associated with the even so that outsiders may dial in and then enter the 5 digit extension so that they may speak to someone at the conference.
A quick preview of some of the notable projects were Hackerfleet, Blinkenlights and also the Hackerspace Global Grid. One of Hackerfleet's project is the autonomous naval robotic vehicle. I have been a fan of Blinkenlights for years and it has always amazed me. Who doesn't want to play Tetris on a building? The Hackerspace Global Grid is quite interesting as well, it is essentially a project that would be an alternative infrastructure to the Internet that uses satellites launched by hackerspaces and Earth based base stations. And, as always, there were the hacker conference staples such as the hardware hacking village, badge hacking area, and the lock picking village.
The space that was used for Berlinsides was quite large and gave plenty of seating room for the single track conference. I believe this was the same location where PH-Neutral has previously been held. Although the crowd at Berlinsides was smaller than the Congress, they were great all the same. We were able to speak with quite a few people after our talk. We chatted about everything from SCADA, to Network Security programs in European universities. Belinsides was a bit far from the Congress this year when compared to last year when it was held at C-Base.
Of course no trip to Berlin is complete without visiting C-Base. C-Base has been called "The mother of all hackerspaces." One of the things that make C-Base unique is the story behind it. There is a legend that many years ago a space station crash landed in Berlin. The TV tower is the an antenna that marks the center of the space station and C-Base is the part of the space station that is still accessible. Forgive me if I have some of the details incorrect.
Anyhow, C-Base is quite clearly space station themed. Almost every inch is decorated and quite amazing. It really adds to the atmosphere. When walking through, sometimes you will see a computer or monitor laying around that looks like it may just be decoration, only to find out the next time you walk by that it is actually functional. This actually happened to me when I realized that a what had appeared to be a dead monitor, actually was running a game of pong.
Anyone who enjoys security conferences should really try and make the trip to Berlin at least once. The Congress is a very unique experience and somehow the atmosphere feels a bit different than what I'm used to in the US. If you do make it out, be sure and go C-Base as well, you will definitely not regret it.
A gentleman I spoke with told me that he had heard Berlin described as somewhere "That is always becoming, but never quite being." It sounds odd, but I find it actually suits it very well.
- Teague Newman, Core Security Training Consultant and Independent Security Researcher