Conference Report #

Basic information #

The 26th Chaos Communication Congress (26C3) is the annual four-day conference organized by the Chaos Computer Club (CCC). It took place from December 27–30, 2009, at the bcc (Berliner Congress Center) at Alexanderplatz in Berlin, Germany. The slogan that year was “Here Be Dragons”, which fit well because many talks were about exploring unclear, risky, or unknown parts of technology and society.

The Congress brings together hackers, computer scientists, artists, activists, and curious people from many countries. It is also strongly community-driven: participants can volunteer, run small events, show their own projects, or lead workshops. A big part of the experience is not only listening to talks, but also doing things and meeting people.

This was my first conference, and it was an intense but motivating introduction to the wider hacker and security community.

First impressions and atmosphere #

What I noticed immediately was the open and friendly attitude. As a CS student, I expected something more formal or academic, but 26C3 felt different: people were approachable, and it was normal to ask questions or start conversations with strangers.

Another important point for me was that the event felt “morally positive”. Many technical topics (security, networks, surveillance, reverse engineering) can be used for good or for harm, but at 26C3 the general tone was about learning, transparency, privacy, and empowering users. It also had very little commercial influence compared to many tech conferences. Instead of being driven by companies and product presentations, it felt driven by curiosity and community.

Program structure: talks, workshops, and recordings #

The Congress offered a large number of lectures and workshops across multiple tracks. Topics ranged from low-level hardware hacking and telecommunications to privacy, politics, art, and society.

One thing I appreciated is that CCC events are known for publishing recordings. After the congress, many talks were released in different formats (video and audio), which makes the content accessible even if you missed a session. A small number of talks were not recorded due to speaker requests, and that wish was respected.

Memorable experiences #

Talk highlight: building custom GSM networks #

The most vivid memory I have is a talk related to creating custom GSM networks (essentially experimenting with the mobile network stack). As a CS student, this stood out because it connected theory with real infrastructure. GSM often feels like “magic in the background,” but this talk showed that with the right tools and knowledge you can actually work with it, test devices, and understand how phones and networks communicate.

For me, it was an important reminder that many “closed” systems are not truly inaccessible—sometimes they are just complex, under-documented, or intentionally hidden. Talks like this made me want to learn more about telecom security and protocol design.

Interactive area: lock picking station #

Another highlight was the hands-on stations, especially the lock picking area. This was my first time seeing physical security presented next to computer security in such a normal way. It helped me understand a common CCC idea: security is a full system problem—software, hardware, people, and physical access all matter.

I also liked how learning was encouraged in a responsible way. The focus was on skill-building and understanding weaknesses, not on breaking rules.

Community and participation culture #

26C3 made it clear that the Congress is not only a place to consume content. It is built around participation: volunteering, running small sessions, and showing projects. Even as a first-time attendee, I felt that it was acceptable to be a beginner—people were patient and willing to explain.

It also helped that the Congress attracted many different backgrounds: not just computer scientists, but also journalists, artists, and activists. That variety made discussions more interesting, because technical questions were often connected to social and political consequences.

Location and historical context #

The venue, the bcc in Berlin, felt iconic and central. It also gave the Congress a special “Berlin between Christmas and New Year” atmosphere, where the city is quiet but the conference is full of energy.

It is also worth noting that the Congress kept growing over time, and this period was close to the end of the era where it could still be held at the famous bcc location. Looking back, it feels like I attended during a transitional time: already very large, but still with a strong feeling of being “close to the community.”

What I learned (as a CS student) #

From a student perspective, 26C3 expanded my understanding in several ways:

Security is everywhere: networks, phones, hardware, laws, and even locks. Real systems are messy: protocols and infrastructures contain historical decisions, trade-offs, and sometimes serious design problems. Ethics matters: the community frequently discussed privacy, censorship, surveillance, and responsible disclosure. Curiosity + community is powerful: learning happens faster when people share knowledge openly.

Conclusion #

26C3 (Here Be Dragons) was a strong first conference experience for me. It combined deep technical content with hands-on learning and a welcoming culture. The talk about custom GSM networks and the lock picking station are the memories that stayed the most, but overall what made the Congress special was the non-commercial, community-driven atmosphere and the feeling that technology should be understood—and improved—by the people who use it.

If I attend again, I would like to participate more actively (for example by volunteering or contributing a small project), because the event clearly values contribution as much as attendance.

Schedule #

Day 1: 27.12.2009 #

• Why Net Neutrality Matters? — Status update on current legislation, campaigns and actions — Jérémie Zimmermann
• Lightning Talks - Day 1 — 4 minutes of fame — Oliver Pritzkow & Sven Guckes
• Exposing Crypto Bugs through reverse engineering — Philippe Oechslin
• Tor and censorship: lessons learned — Roger Dingledine
• WikiLeaks Release 1.0 — Insight into vision, motivation and innovation — wikileaks
• coreboot: Adding support for a system near you — Working with the open source BIOS replacement and getting a… — Peter Stuge
• How you can build an eavesdropper for a quantum cryptosystem — hardware demo during the lecture — Qin Liu & Sebastien Sauge
• GSM: SRSLY? — Chris Paget & Karsten Nohl
• Here be dragons — Keynote — Frank Rieger
• Computer.Spiele.Politik. — Die Computerspieldebatte und wie man darin überlebt — Bastian Dietz
• Eine Zensur findet statt — Eine Rundreise durch die Welt der Zensur – Wo, Was und Wie? — Jens Kubieziel
• Der Hackerparagraph beim Bundesverfassungsgericht — Dominik Boecker
• Internetsperren — #zensursula and beyond — MOGiS
• Das Zugangserschwerungsgesetz — Matthias Bäcker
• A Hacker’s Utopia — What’s There and What’s Missing — Sandro Gaycken
• Leyen-Rhetorik — maha/Martin Haase
• UNBILD – Pictures and Non-Pictures — Reterritorialisierung und Globalisierung — Christoph Faulhaber
• Das Recht am eigenen Bild und das Ende der “Street Photography” — Axel Schmidt
• Chaos-Familien-Duell — Alexander Brock & Marcel Ackermann
• cat /proc/sys/net/ipv4/fuckups — Fabian Yamaguchi
• our darknet and its bright spots — building connections for spaces and people — aestetix, equinox, Eric Michaud & mc.fly
• Here Be Electric Dragons — Preparing for the Emancipation of Machines — Lorenz
• Wireless power transfer — Forgotten knowledge: Tesla invented wireless power — Davor Emard

Day 2: 28.12.2009 #

• SCCP hacking, attacking the SS7 & SIGTRAN applications one step further and mapping the phone system — Back to the good old Blue Box? — Philippe Langlois & Vanessa Brunet
• Hacker Jeopardy — Number guessing for geeks — Ray & Stefan “Sec” Zehl
• Cybernetic Cannibalism — Why is Brazil the country of the future? — Cristiano Marinho & Helena Klang
• Reverse-Engineering DisplayLink devices — USB to DVI for Hackers — Florian Echtler
• Fuzzing the Phone in your Phone — Collin Mulliner
• Exciting Tales of Journalists Getting Spied on, Arrested and Deported — How their own data was taken and used against them — Bicyclemark
• Why Germany Succeeded Where America Has Failed in Achieving Meaningful Voting Computer Changes — And Why All Democracies Should Follow — Kathleen Wynn
• CKAN: apt-get for the Debian of Data — Daniel Dietrich & Rufus Pollock
• “Haste ma’n netblock?” — Layer 8 based IP Address hijacking in the end of the days… — nibbler
• Defending the Poor — Preventing Flash Exploits — FX of Phenoelit
• After the Hype — The current state of One Laptop per Child and Sugar Labs — ChristophD
• ETSI-Vorratsdatenspeicherung 2009 — und andere Sockenpuppen der GCHQ — Erich Möchel
• Die Verwaltung rüstet auf - der digitale Steuerbürger — Gefahren, Nutzen, Risiken für Jedermann — Kai Kobschätzki (/bengoshi) & Keune
• Die neokonservativen Thinktanks in der BRD — Wie SPD und CDU die gelenkte Demokratie einführen wollen — Volker Birk
• Privacy & Stylometry — Practical Attacks Against Authorship Recognition Techniques — Mike Brennan
• A part time scientists’ perspective of getting to the moon — presenting the first German Team participating in the… — Arne Reiners, Juergen Brandner, Michael Mussler & Robert Boehme
• Vier Fäuste für ein Halleluja — Geschichten aus dem API-und Protokollkrieg von zwei… — Erdgeist & Felix von Leitner
• Advanced microcontroller programming — Getting deeper into AVR programming — wesen
• Building a Debugger — Open JTAG with Voltage Glitching — Travis Goodspeed
• Lightning Talks - Day 2 — 4 minutes of fame — Oliver Pritzkow & Sven Guckes
• Conlanging 101 — I make languages (and you can too) — Sai
• Liquid Democracy — Direkter Parlamentarismus – gemeinsam verbindlich… — Daniel Reichert & dwt
• Legic Prime: Obscurity in Depth — Henryk Plötz & Karsten Nohl
• Die Schlacht um die Vorratsdatenspeicherung — Der Stand der Debatte nach der Anhörung beim… — Constanze Kurz & Frank Rieger
• Milkymist — An open hardware video synthesis platform — Sébastien Bourdeauducq
• Homewreckery — Electrifying the Thread out of Clothing — eli skipp

Day 3: 29.12.2009 #

• Wofür offenes Internet? — Warum wir klare Regeln für Netzneutralität brauchen — Falk Lueke & Markus Beckedahl
• Playing with the GSM RF Interface — Doing tricks with a mobile phone — Dieter Spaar
• Vom Kreationismus zum Kollektivismus — Fehlende Einsicht in die Leistung komplexer Systeme — Kay Hamacher
• Location tracking does scale up — How skyhook wireless tracks you continously — L. Aaron Kaplan
• Privacy-Enhanced Event Scheduling — Benjamin Kellermann
• Lightning Talks - Day 3 — 4 minutes of fame — Oliver Pritzkow & Sven Guckes
• Black Ops Of PKI — Dan Kaminsky
• Weaponizing Cultural Viruses — A Manual For Engaged Memetic Resistance on The Front Lines… — Aaron Muszalski
• Using OpenBSC for fuzzing of GSM handsets — Harald Welte
• Europäische Biometriestrategien — Die Automatisierung von Personenidentifizierung an der… — kosmo_k
• Peanut Butter and Plastic: Industrial Revolution — Decentralized Manufacturing and Desktop Fabrication — Bre
• “Yes We Can’t!” - on kleptography and cryptovirology — Moti Yung
• CCC-Jahresrückblick — Andy Müller-Maguhn, Constanze Kurz, Frank Rieger & maha/Martin Haase
• The Lost Cosmonauts — Critical Thinking — Brian Dunning
• DDoS/botnet mitigation & hosting online communities — rodent
• Stream: Fnord-Jahresrückblick 2009 — German / English version of the Fnord-Jahresrückblick 2009. — guide
• Nougatbytes - Ein Wortspiel, bunt und in stereo — Die geekige Bilderrätselspielschau — Ben & Rainer Rehak
• Fnord-Jahresrückblick 2009 — Von Abwrackprämie bis Zensursula — Felix von Leitner & Frank Rieger
• DECT (part II) — What has changed in DECT security after one year — Erik Tews
• Fußgängernavigation mit Augmented Reality — Navit - Navigationssystem — Martin Schallaer
• Technik des neuen ePA — Henryk Plötz
• Die Ereignisse des 12.9. und ihre Folgen — Watching them watching us: Videoüberwachung staatlichen… — Andy Müller-Maguhn
• I, Internet — We are more Borg than we thought — Christiane Ruetten
• Playing with the Built City — Eleanor Saitta

Day 4: 30.12.2009 #

• Wolpertinger. Ein verteilter Portscanner. — Schneller scannen! — AltesWecken
• Lightning Talks - Day 4 — 4 minutes of fame — Oliver Pritzkow & Sven Guckes
• Security Nightmares — Frank Rieger & Ron
• Stream: Security Nightmares — in english!!11oneeleven (translated on the fly) — Public Viewing
• Hacking the universe — When strings are super and not made of characters — Robert Helling
• Im Herz der Bestie — Medien hacken — Monty Cantsin & victor dornberger
• Wikipedia - Wegen Irrelevanz gelöscht — Andreas Bogk, Kurt Jansson, maha/Martin Haase, Mathias Schindler & Tim Weber
• Understanding Telecommunication Interception: Intelligence Support Systems — The Big Brother Services Industry and their tools — Andy Müller-Maguhn
• Blackbox JTAG Reverse Engineering — Discovering what the hardware architects try to hide from… — Felix Domke
• Photography and the Art of Doing it Wrong — Audrey
• Finding the key in the haystack — A practical guide to Differential Power Analysis — hunz
• secuBT — Hacking the Hackers with User-Space Virtualization — Mathias Payer
• Closing Event — Frank Rieger & Ron