Slashdot Mirror
Hacker Club Publishes German Official's Fingerprint
A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.
I'd like to see this done to officials in all countries.
Reminds me of Gone in 60 seconds (the Jolie version) where one of the car-thieves glues on Elvis' fingerprints.
They should do that to the head of the TSA and put him on the no fly list
So.... let's see.
Oh all the people to humiliate... a senior public official who sets policy for something you directly care about.
This couldn't possibly turn out badly.
"Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously
High officials often seem to think the consequences of privacy-invading legislation will only occur to other (read: little) people. It's good to remind people in those positions that they do not have absolute power, and that they need to think about second order consequences.
Dog is my co-pilot.
I love it!
I salute you, impressed by your action!
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Come on guys, where is the "haha" tag?
At least until extreme body modification is commonplace, biometrics suck for identification. It's the only modern "security" mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one chink is found.
A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a Secure(TM) society) people can be recycled in the soylent green program or something.
Seriously, maybe a protest with loads of people wearing his fingerprint on a T-shirt would get the message across ...
This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.
I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?
Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
This event highlights one of the major flaw of biometrics. This official had his fingerprint copied. There is nothing he can do. He can't change it. He can't prevent people from using it. No fingerprint reader will ever be able to determine with 100% certainty whether a particular fingerprint is real or fake. Bottom line: when one of your biometric traits gets stolen, you get screwed. For life.
I hope this convinces governments that using biometrics for anything is a bad idea (other than perhaps criminal investigations, although what if this german official's fingerprint was found on a murder scene ?).
Were the other 9 digits lost in an accident?
The article says a ministry spokesman alluded to possible legal action against the club.
To what ends? You can't deter it as it's already happened, and you can't suppress it, as even the method for tricking the security system is widely known. If the security system is broken, you can't legalize it into working again. The security system was built in order to keep things safe, and now we have to keep other things safe from the security system itself.
Twinstiq, game news
With the advent of Biometric Embedded Copyright Token (BECT), If this hack had been done in America, wouldn't this fall under the DMCA?
It would by interesting to try to tell the cops that they can not have your finger prints because it violates the DMCA.
Bravo!
You don't have to go to any special measures really to do this. I mean plastic and all those synthetic rubber moulds and stuff that the average person couldn't do is a bit excessive. Remember on mythbusters when they tried to beat that "unbeatable" fingerprint lock on a door and managed to do it by printing off the fingerprint with a laser printer and licking it? Yeah, biometrics is a joke. And really good biometrics like DNA aren't practical or fast and the retina scan, well you do that every day for a year and see if you don't go partically blind. I can't care hoe safe they think it is. Facial recognition is pretty useless and easy to beat too. Until they find something that's 100% unique and fast and accurate, they should forget about biometics.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.
Do you really get a good enough copy? How hard is it? (After all, any security can be broken somehow. So an essential aspect is the "cost" of breaking the security)
This chaos computer club reminds me of another club. Go CCC!
like disneyland paris to test this thumb print out...
;)
I can't recall if disney's biometrics use just the thumb or the whole hand.. but i know people who get the year long pass have to use biometrics to get into disneyland... this is to cut down on fraud of say a person renting or selling the pass to other people, so obviously disneyland was the first place I'd even seen biometrics in public.
very cool, using this technology people can sell their biometric fake palms along with the pass to use the year round pass with other people... (although i think disney has a photo as well as the biometrics) oh well. photos can be faked as well
https://www.gnu.org/philosophy/free-sw.html
Yep. The problem is, what do you do if they compromise multiple sections of your biometric profile?
Bob: DAN! What the fuck happened to you? You have no arms and not legs.
Dan: And no testicles either. They took those too.
Bob: No tes..what happened?
Dan: Somebody got a copy of my biometric profile. So we had to make changes...
Bob: But you have no arms and no legs!
Dan: They even changed my name...
Bob: They did? What's your name now?
Dan: Matt
Chas - The one, the only.
THANK GOD!!!
Everyone knows that biometric data can be stolen, just like every other means of identifying yourself. I thought the point of biometric data was that it added one *more* piece of data that would have to be stolen before someone could successfully impersonate you.
So in addition to needing to know a pin or password, someone also needs to have stolen my fingerprint in order to take money out of my bank account. Isn't this what is called two factor authentication? Isn't that a good thing that makes it that much more difficult to steal an identity?
According to this article Germany's new passports:
http://www.itsmig.de/best_practices/ePass_en.php
they contain both fingerprint data, and a picture of the person. Thus, to steal your identity, a person would have to steal your passport, look like you, and also steal your fingerprint. This actually seems like a pretty good system that would prevent someone from using a stolen passport to steal the rightful owners identity. Without the fingerprint data, an identity theft doesn't need to do as much work.
That said, I'm not from germany, so maybe there additional nuances about this thing that I'm missing.
Yes, this was done a couple of years ago in Sweden as a Master Thesis, which was described in Swedish Engineering paper Ny Teknik http://www.nyteknik.se/efter_jobbet/kaianders/article32986.ece (sorry, swedish only). The student Marie Sandström tested a simple yello, which was created using the same method as mentioned in the article above, on three commercial fingerprint-readers on the CeBit fair in 2004.
What if this german official's fingerprint was found on a murder scene ?
Well, duh! The police and judicial system would treat him exactly the same as someone without any political clout or friends in high places, because there is no corruption in the ruling class.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
thats why its so cool living in iraq, where my turban government is so clueless when it comes to technology, they probably believe Biometrics are the work of the devil, and the americans use a non-centralized database biometrics based authentication process, in other words, they both can't work em right.
I've always thought that the only viable answer to the increasing privacy invasion we face by both government and business is to turn the camera around and look back at the innards of the one that's doing the looking. What this German hacker club has accomplished is to say, "If you're gonna look here [our fingerprints], we can look back. Any hey, people are much more interested in *your* fingerprints, than some joe shmo wanna be."
That there will be more and more eyes in the future is inescapable. If we developed technology that allowed us to see who's doing the looking, I believe, then a protocol would develop. It would be roughly like the protocol people observe in a park when eye meets eye. If you catch a stranger looking too much, or without apparent reason, then you stare them down.
Quick everyone, copyright your fingerprints and retina images. Then when the government tries to get a copy of it, they have to either pay royalties, or they would be violating copyright. >=) muwhahaha
Trying to install linux on my microwave, but keep getting a kernel panic...
Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.
The only thing dumb thing he could get caught with is when he leaves wheelchair tracks at the scene of the crime.
DNA is the ultimate spaghetti code.
People have strong opinions about technology without bothering to understand it.
It's the same in politics. People call the U.S. government's action in Iraq a war, but killing Iraqis is only a distraction from the real purpose. The real purpose is stealing money from the U.S. taxpayer.
Obviously, at more than $1,000,000 per Iraqi killed, most of them very poor, the "war" is mostly about money, and the killing is only required to draw attention away from the real purpose.
How will the astounding ignorance of technology get resolved? Maybe we will have to wait until all the old dinosaurs retire. When I say "old dinosaurs", I am not talking about chronological age, I am talking about mental age. Some 24-year-olds are old dinosaurs mentally.
They managed to fool 2 different readers easily.
The Net...
Minority Report...
Demolition Man...
Judge Dread...
What makes this clownshoe Wolfgang Schäuble think it'll work any better in real life than it always has in the movies?
Move all sig!
Hats off to the CCC, this is brilliant! How satisfying it must be to rub the government's nose in their own mess.
True hacktivism at its finest!
-Billco, Fnarg.com
The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state. It has a taste of anarchy to it and on its fringes it has inofficial members with ties to the black-hat community. Yet it is a well organised official registered German association that speaks up on behalf of the people and democracy. With a 27-year tradition of keeping the public political debate alive on IT related rights-issues by perpetually coming up with creative ways of gaining attention. This recent 'Schäuble-Fingerprint' stunt being one of them. I don't know if they've exposed their selves with legal liability by doing this (after all it was officially published in their magazine 'Datenschleuder') but it sure is as funny, hilarious and exposing as ever. Creative non-sense at its best. Go, CCC!
We suffer more in our imagination than in reality. - Seneca
This particular public official is a paranoid asshole anyway. Antagonizing him won't make any difference, but publicly embarrassing him will make him less effective.
I think people would do well to post images of the fingerprint to Flickr, Picasa, etc. so that it is widely archived as well.
I can't find it anymore, but I read a study on fingerprints that essentially said that they are not viable evidence at all, because even though the fingerprints themselves might differ, the way of describing them was deficient so that lots of people end up with "identical" fingerprints. I don't remember the exact numbers, but I remember calculating that in my 650,000 people home town there were a three-digit number of people with fingerprints "identical" to mine.
Dammit, I really can't remember even the title. If someone has a link, please post it. If I *ever* get into a trial where fingerprints are used as evidence, I'd like to have a copy of that document for my lawyer.
Who is General Failure and why is he reading my hard disk?
news at 9:
A teletubbie with the head of britney spears was caught on video killing former president GW bush.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
and they did such a good job with the EUCD didn't they .
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Damn, now he will have to change his fingerprint. Again.
I mean, seriously. The USA is doing the wrong thing with Gitmo (it ought to be closed), and wiretaps without warrants are b.s. I would have, given Europe's left leaning bent, expected Europeans to go the opposite route and promote civil liberties, but it seems that in country after country Europeans going the opposite route. The British are putting cameras in everywhere, the Germans are going crazy with biometric identification, while meanwhile, in the USA, we are working on putting torpedoes into Real ID (with a weird alliance of ultra left ACLU types and ultra right NRA types). I know a lot of Europeans post on slashdot, so, I can only ask, what the heck are Europeans thinking? What's the threat that's driving all of this? Is is it the massive and un-assimilated Islamic population? Is it the threat of crime from the former Soviet bloc states? Is it a fear of the KGB? I just don't understand what Europe would see the threat as that motivates all of this security.
This is my sig.
The answer why I am posting as an AC is left as an exercise to the reader.
Excellent! A quick precis on why it is so bad (it's because it's the solution to the wrong problem).
No mod points today though, so I can't mod you up.
"She's furniture with a pulse"
But you say: how could that incriminate someone to link someone to random crime, surely alibis would get him off ? True, but targetted, specific crimes - a but of DNA attached to a hair (or something) would indicate that someone was there.
Maybe that is the solution: have copies of lots of people's DNA scattered in all sorts of incriminating places - make it useless as a ''he was there'' indicator.
9.11.
All ministers of interior seem to be prime examples of the old "power corrupts" thing. They just sit there, and suddenly get the nice idea "if i could just track and observe _everybody_, _I_ would be a hero who stops all crime".
And because they are all idiots, they really believe it.
So they jump to the slightest chance of doing so, getting a real hard on with every now terrorist rumor that enables them to pass more bills.
Secondly, a lot of the biometrics was also forced onto the european nations by the US.
Want to the USA? Fingerprinting. That alone destroyed much of the taboo that fingerprinting had in europe forever. Many of us just dont have a choice. I am not staying home because i dont like my buissness trip destination.
Also, "no biometric passport" == "we kick you out of the visa waiver program", which is something they cannot allow, also.
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
This is the moment we've been waiting for.
All we need now is a stool sample and we close step number 3 and move to step 4.
4) Profit!!
I love these people. Chaos taking over....
Fingerprints as biometric are almost useless. The only way to make sure they work is to have a trained finger inspector look at every finger before it's used.
No sig today...
You leave your DNA everywhere you go and there's machines which can duplicate it and produce big samples - big enough to create fake DNA mouthwashes or whatever is needed to fool the scanner.
...and that's not going to be very popular.
The only way to be sure you're looking at the right DNA is to stick a needle into a person and take a sample from deep inside them...
Most biometric systems are junkware being pushed by people who are after the lucrative government contracts. The bottom line is they don't really work too well.
The only one which might work is retinal scanning but for whatever reason I don't see that on anybody's ID card agenda. Why not? I don't know...
No sig today...
Duress codes were widely implemented by the British Special Operations Executive in the Second World War.
Agents dropped behind Axis lines were taught how to use 'security codes' if they were compromised (i.e. captured by the Nazis).
The imbeciles in London who received their messages, especially from the totally infiltrated Dutch circuits, were so stupid as to message them back saying 'why are you omitting your security codes?'
It got so bad that on April 1st 1944 the London operators received a plaintext message from the head of the Nazi operation thanking them for their cooperation (I think his name was Geiske).
Hundreds died. It soured British/Dutch relations for a generation. It was monstrous, inexcusable loss of life.
Don't EVER underestimate the power of stupidity.
They have only fear on their side.
The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state.
That's nice, but it's a tiny minority. The average German has much more blind trust in his government than the average American.
Germany had a lively political scene in the 1920's and 1930's as well, but that didn't matter when the voters put Hitler in power.
I would have, given Europe's left leaning bent, expected Europeans to go the opposite route and promote civil liberties, but it seems that in country after country Europeans going the opposite route.
Tracking people has a long tradition in Europe. In countries like France and Germany, the government knows where every citizen lives. In Germany, the government even knows each person's religion (this is a country that slaughtered millions because they had the wrong religion!). Warrantless wiretapping connections to the Eastern Bloc used to be commonplace.
Europe has never been libertarian, it's always been about big government. Left vs. right has only been about which kind of big government Europeans wanted, not about wanting less of it.
retinal scanners. Yes, I know there are ways to do this with images. . . but a criminal or terrorist outfit is much more likely to use direct means to get a retinal pattern. Most people would miss an eye more than one of their fingers.
Tech Public Policy stuff
Don't believe that bullshit! The average German assumes he knows best about every political topic and can explain you why the politicians make laws just because they are evil.
Nice one, guys.
"The article says a ministry spokesman alluded to possible legal action against the club."
I'm sure that will go a long way to stopping criminals from doing EXACTLY the same thing to some poor, innocent citizen who leaves behind a fingerprint somewhere. Not.
Look, the problem with fingerprints is the fact they are left all over the place, it's easy to duplicate them, and the readers are easily spoofed. At least a retinal scan (for example) is harder to spoof and you aren't leaving an imprint of it everywhere you go.
Reminds me of the episode on Mythbusters... it was comically simple to get through the systems. Granted, they weren't multi-million dollar ones, but one even read a fingerprint printed on a piece of paper.
Need an automatic screenshot taker? Try here.
parts alive.
Me I want the wetware hackers to gouge out one of polyticks eyes and keep it alive, cut off a hand and keep that alive and to take a DNA sample. Leave the polytick alive as an example to others.
Yup, fingerprints are extremely weak security checks since a normal person leaves hundreds of prints behind them every day.
There is some of that, but there is also the fact that professional politicians pay close attention to polls, and polls consistently show that actual voters -- especially people who are indecisive about voting for or against the current interior minster's political party -- are afraid of violent crime out of all proportion to their risk of being a victim of such crime.
If you were a professional politician keen on staying in power, would you be more likely to try to point out the low risk to the electorate, or would you be inclined to explore ways where you do not significantly alter the risk at all, but do influence the weighting of that risk in the minds of the uncommitted voters? That is, if you do something very visible and seemingly "secure" and as a result stop some worried voters from voting for someone else (or not showing up to vote for you, when you need them), does that accomplish your goal?
So you are right in that there are politicians who wish to be perceived as the "hero who stops all crime", yet rather than believing this, I think that they are really just politicians who are good at experimenting with the manipulation of risk perception in key segments of the electorate.
Segment A worries about violent crime and is therefore thinking of not supporting me? Do some authoritarian rule-making that will be visible day-to-day by voters in that segment. Segment B worries about the erosion of civil liberties and the emergence of a police state? Set up a watchdog which talk daily about monitoring the excesses of the policing arms of the state.
This is what electorates seem to want: politicians who react quickly to their moment-to-moment anxieties, even if the reaction is ultimately ineffective. Not politicians who say "woah, maybe you're worrying too much, let's take our time and think this through realistically..."
Well, laugh all you want, I actually spent many years in Germany. Believe me, the Germans trust and obey their government way too much, all the while they fancy themselves liberal and independent thinkers.
Don't get me wrong: Germany is not a bad country. But if you're looking for smart, independent, insightful political thought and public debate, you need to look elsewhere.
All 19 hijackers were known terrorists 09-10-2001. Lack of FBI intelligence does not justify warrantless wiretaps..
I was told to set up a finger print scanner on our parts room. Figure printers plus grease (industrial setting) = no access.
I imagined the concept of clean rag should still exist even in industrial settings. Simply clean the sensor a little before applying the printed fingerprint - the fake fingerprint does not need to be manufactured/printed on-site.