Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Club Publishes German Official's Fingerprint

Posted by kdawson on from the sauce-for-the-goose dept.

A number of readers let us know about the Chaos Computer Club's latest caper: they published the fingerprint of German Secretary of the Interior Wolfgang Schäuble (link is to a Google translation of the German original). The club has been active in opposition to Germany's increasing push to use biometrics in, for example, e-passports. Someone friendly to the club's aims captured Schäuble's fingerprint from a glass he drank from at a panel discussion. The club published 4,000 copies of their magazine Die Datenschleuder including a plastic foil reproducing the minister's fingerprint — ready to glue to someone else's finger to provide a false biometric reading. The CCC has a page on their site detailing how to make such a fake fingerprint. The article says a ministry spokesman alluded to possible legal action against the club.

40 of 253 comments (clear)

  1. Respect, respect maan! by Anonymous Coward · · Score: 4, Insightful

    I'd like to see this done to officials in all countries.

    Reminds me of Gone in 60 seconds (the Jolie version) where one of the car-thieves glues on Elvis' fingerprints.

    1. Re:Respect, respect maan! by dpx420 · · Score: 4, Insightful

      Yeah if someone tried this with a high ranking government official in China or somewhere, they would indeed mysteriously 'disappear' in 60 seconds.

    2. Re:Respect, respect maan! by Foobar+of+Borg · · Score: 5, Funny

      Yeah if someone tried this with a high ranking government official in America, China or somewhere, they would indeed mysteriously 'disappear' in 60 seconds.
      There, fixed that for you. I guess now it's Germany, Land of the Free, Home of the Brave (WTF?)
      --
      Similar to the upcoming US election results
    3. Re:Respect, respect maan! by Idiomatick · · Score: 4, Insightful

      WTF does china have to do with this?

    4. Re:Respect, respect maan! by garglblaster · · Score: 4, Insightful

      Well, you summarized it up very well: Germany, Land of the Free, Home aof the Brave. Times are a-changing aren't they? Hint: No, Bush's country isn't any longer considered 'Home of the Free' in any part of the world any longer.. - Sad to say this but true.. my 2 cts

      --

      perl -e 'printf("%x!\n",49153)'

  2. couldn't possibly have negative consequences by Shadowruni · · Score: 4, Interesting

    So.... let's see.
    Oh all the people to humiliate... a senior public official who sets policy for something you directly care about.
    This couldn't possibly turn out badly.

    --
    "Chinese Amazons, power armor, laser swords.... things just meant to be." - Shampoo, A Very Scary Bet
    1. Re:couldn't possibly have negative consequences by Yokaze · · Score: 5, Informative

      Hardly. The CCC is a highly prolific club and is very likely keen on some legal "retaliation", as it would generate even more public attention on that matter.
      Since the Home Secretary stated, that storing fingerprints is no privacy concern, he would be hard pressed to explain his stance.

      --
      "Between strong and weak, between rich and poor [...], it is freedom which oppresses and the law which sets free"
    2. Re:couldn't possibly have negative consequences by Anonymous Coward · · Score: 4, Insightful

      Since a senior public official still remains a public official, it could probably be defended on the same grounds that allow for political satire. It is expressly allowed in most countries to make fun of political figures, especially if you're doing it from a political standpoint yourself.

      Then again, we also have a new buzzword for crime with ideological motives. It's called terrorism...

    3. Re:couldn't possibly have negative consequences by Belial6 · · Score: 5, Insightful

      It likely is. In just the same way that sinking the Titanic before any passengers boarded would have been grounds for criminal action.

    4. Re:couldn't possibly have negative consequences by dirtsurfer · · Score: 5, Funny

      >> Oh all the people to humiliate... a senior public official who sets policy for something you directly care about. This couldn't possibly turn out badly.

      I love the idea that the way to make politicians do what you want is to be nice to them.

      so apparently Monica Lewinsky was probably about a week away from getting us all free national healthcare, too. Curse you, mainstream media!

  3. In future news... by Spartan+Niner · · Score: 5, Funny

    We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously

    1. Re:In future news... by metlin · · Score: 5, Insightful

      One can only hope.

      What better way than a senior official to be convicted of crimes as a result of identity theft because officials such as him decided that privacy didn't really matter anymore?

      Personally, I sincerely wish that this happens in all the countries which have fingerprinting in place. Enough already.

    2. Re:In future news... by Naughty+Bob · · Score: 4, Insightful

      We hear that Wolfgang Schäuble is convicted of committing 17 crimes. Simultaneously
      17 One-fingered crimes at that...
      --
      "Be light, stinging, insolent and melancholy"
    3. Re:In future news... by evil_aar0n · · Score: 5, Funny

      On the other hand - no pun intended - this might actually work out in his favor, since he _could_ go out and commit a crime, and they'd have to wonder whether the fingerprint evidence was valid or not.

      --
      Truth, Justice. Or the American Way.
    4. Re:In future news... by Znork · · Score: 4, Insightful

      DNA now that is good, and it is something difficult to duplicate.

      No need to duplicate it, free samples are falling off you everywhere you go. So no, DNA isn't very good either.

      There is however a very good biometric one can use. A neural imprint of a specific token; it currently can't be read without the cooperation of the person, it leaves no imprint around except as the owner desires and controls.

      It's known as a 'password'. A technology that is, perhaps, new and radical, but far more secure than other biometrics. Which, unfortunately, isn't particularly secure, just less insecure than the crap the scam artists of the biometrics industry are trying to push on the gullible.

  4. Good for them by Scareduck · · Score: 5, Insightful

    High officials often seem to think the consequences of privacy-invading legislation will only occur to other (read: little) people. It's good to remind people in those positions that they do not have absolute power, and that they need to think about second order consequences.

    --

    Dog is my co-pilot.

    1. Re:Good for them by swright · · Score: 5, Interesting

      Maybe this is what you meant, but I just think this is the perfect example to illustrate to all how biometrics are just NOT the be-all and end-all. If only for the one simple fact that he cannot change his fingerprint like he could a password that got compromised!

    2. Re:Good for them by IgnoramusMaximus · · Score: 4, Insightful

      All three easily solved via a security by-pass incentive in a form of a pistol to the head or a kidnapped lover/child/dog etc which will "get it" if you do not cooperate or some poison with time release and the antidote delivered upon your succesful authentication, etc and so on and on and on and on.

      "Ironclad security" does not exist.

    3. Re:Good for them by Morten+Hustveit · · Score: 4, Funny

      "Ironclad security" does not exist.

      Not even when you completely cover something with iron?

    4. Re:Good for them by aproposofwhat · · Score: 5, Interesting
      Two words.

      Duress codes.

      Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.

      Not quite ironclad, but an extra level of safety.

      --
      One swallow does not a fellatrix make
    5. Re:Good for them by Matt+Perry · · Score: 5, Funny

      Enter one code to authenticate normally, another to flag up that you are being forced to authenticate.
      Then they'd have to keep TWO post-it notes under their keyboard.
      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    6. Re:Good for them by Plutonite · · Score: 4, Funny

      Ironclad Security only exists when you have Chuck Norris on the shift. Do we really have to discuss this?

    7. Re:Good for them by v1 · · Score: 4, Interesting

      Those can work against you too. My mom's got a security system in her apartment building, which is also secured. She was in a hurry one day and entered the wrong code to the alarm when she opened her apartment door, and re-entered it and it silenced as it should. 30 minutes later (!!) there's a knock on the door and looking out thru the hole she sees a row of cops lining the hallway all the way to the end, and a guy dressed in a white coat at the door "wanting to talk". She insisted it must be a mistake since the alarm company always calls before sending the cops. not when you enter the hostage code. oops! So they insisted on coming in for a bit and while they chatted with the white-coat, several of the officers methodically swept their place making sure there wasn't a guy with a weapon holding one of the family members hostage in a closet or something. It had taken them over 20 minutes to get someone else to buzz them into the building or they'd have been there a lot sooner.

      --
      I work for the Department of Redundancy Department.
  5. Biometrics: lamest of all security protocols by DamnStupidElf · · Score: 4, Insightful

    At least until extreme body modification is commonplace, biometrics suck for identification. It's the only modern "security" mechanism that lacks revocation. Without revocation, a security model is eternally broken as soon as one chink is found.

    A person only has 20 digits, 2 palms, 2 soles, 2 retinas, and one genome. All of the biometric properties of those can easily be duplicated with noninvasive methods (simply enrolling in a biometric system requires the same access as duplication would). When one of those 27 properties is compromised, how do you revoke its use? I guess start with the fingers and palms and as people get older they have to start using their feet for identification, and at the very last make them get pricked for each identification. When all the biometric identifiers are used up, the now useless (at least in a Secure(TM) society) people can be recycled in the soylent green program or something.

    1. Re:Biometrics: lamest of all security protocols by Fission86 · · Score: 5, Funny

      When one of those 27 properties is compromised, how do you revoke its use? Cut it off?
      --
      Coming to you live from another dimension.
  6. No better thant he status quo? by EaglemanBSA · · Score: 4, Interesting

    This seems a bit over the top if you ask me, but hopefully it will expose biometrics for what it is: an unchangeable, and in many cases public, password. It's not very easy to hide your fingerprints (or even your DNA, for that matter) from people who really want to find them, and to rely on them for definite identification has the same problems as a social security number. Plus, anyone with a police record would be somewhat compromised from the get go here in the U.S.

    I'd hate to see people get proficient at faking fingerprints, because that leads to all sorts of interesting results in the realm of law. If fingerprint fraud becomes widespread, for example, will fingerprints at a crime scene still be valid evidence in court?

    --
    Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
    1. Re:No better thant he status quo? by rnt · · Score: 4, Funny

      I mean, since fingerprints cannot be conclusive anymore, I foresee our politicians with moral fibers of steel pushing for more surveillance. They will also be pushing for a whole new set of copyright laws, giving governments exclusive copyrights on their citizens' fingerprints. Unauthorized copying or publishing of your own fingerprints will be severely punishable!
  7. Major flaw of biometrics by this+great+guy · · Score: 5, Insightful

    This event highlights one of the major flaw of biometrics. This official had his fingerprint copied. There is nothing he can do. He can't change it. He can't prevent people from using it. No fingerprint reader will ever be able to determine with 100% certainty whether a particular fingerprint is real or fake. Bottom line: when one of your biometric traits gets stolen, you get screwed. For life.

    I hope this convinces governments that using biometrics for anything is a bad idea (other than perhaps criminal investigations, although what if this german official's fingerprint was found on a murder scene ?).

    1. Re:Major flaw of biometrics by BlackCreek · · Score: 4, Insightful
      AFAICT the point that the parent poster was making is that unlike other security measures (say ID card, social security number etc) you just can't get a new biometric reading for your fingers (without at least some serious medical intervention), you can't get a new iris scan for your eyes, you can't get a new DNA code etc.

      Biometric data may put some entry barriers higher, so what? The problem is that you just can't get a new iris scan, like you get a new passport once your gets stolen.

      The worst of the situation is that we have all these politicians deciding --without the least form public debate about the real privacy implications-- that biometric data is now to be collected, and used, and kept by the government.

    2. Re:Major flaw of biometrics by BlackCreek · · Score: 5, Insightful
      The whole point of the parent poster is apparently lost to you.

      The point being that my biometric data is mine. It is private. It is not the government's business to have my blood samples, or DNA, or finger print. I am not a criminal, and therefore I expect to be entitled to some privacy from the BigBrother.

      Once some retarded government bureaucrat decides to leave a laptop inside a taxi or something, my private data is lost, and I can never get a new fingerprint, or iris scan. I can get a new social security number, I can get a new passport, a new bank account number, but I **cannot** get a new DNA.

  8. Legal action? by HalAtWork · · Score: 4, Insightful

    The article says a ministry spokesman alluded to possible legal action against the club.
     
    To what ends? You can't deter it as it's already happened, and you can't suppress it, as even the method for tricking the security system is widely known. If the security system is broken, you can't legalize it into working again. The security system was built in order to keep things safe, and now we have to keep other things safe from the security system itself.

    --
    Twinstiq, game news
  9. A perfect demonstration to the perfect person by smolloy · · Score: 4, Insightful
    This is a perfect way to demonstrate to the perfect person why such invasions of privacy are bad, and of the unintended negative consequences of their plans. Sometimes people in power forget that the "solutions" they develop to certain problems may be worse than the problems themselves. All they see is that a certain issue will be fixed -- not that the fix raises even worse issues.

    Bravo!

  10. Re:Brave defenders of freedom by Anonymous Coward · · Score: 5, Insightful

    At least they get off their asses unlike American's who cry about the Constitution but do fuck all about it.

    Bush was right, it is JUST a piece of PAPER. Why? Because American's do NOTHING about it and do not believe in it.

    This is plain to see by their inactions.

  11. even worse by ILuvRamen · · Score: 4, Informative

    You don't have to go to any special measures really to do this. I mean plastic and all those synthetic rubber moulds and stuff that the average person couldn't do is a bit excessive. Remember on mythbusters when they tried to beat that "unbeatable" fingerprint lock on a door and managed to do it by printing off the fingerprint with a laser printer and licking it? Yeah, biometrics is a joke. And really good biometrics like DNA aren't practical or fast and the retina scan, well you do that every day for a year and see if you don't go partically blind. I can't care hoe safe they think it is. Facial recognition is pretty useless and easy to beat too. Until they find something that's 100% unique and fast and accurate, they should forget about biometics.

    --
    Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
  12. Re:Has anyone tried this on a fingerprint reader? by rah1420 · · Score: 4, Informative

    I wonder if anyone has actually tried making such a fingerprint copy, and then using it on a fingerprint reader like the ones on laptops etc.

    As a matter of fact, Yes.

    --
    Mit der Dummheit kämpfen Götter selbst vergebens.
  13. Yes, fingerprint readers are easily screwed. by Flu · · Score: 4, Informative

    Yes, this was done a couple of years ago in Sweden as a Master Thesis, which was described in Swedish Engineering paper Ny Teknik http://www.nyteknik.se/efter_jobbet/kaianders/article32986.ece (sorry, swedish only). The student Marie Sandström tested a simple yello, which was created using the same method as mentioned in the article above, on three commercial fingerprint-readers on the CeBit fair in 2004.

  14. Re:Has anyone tried this on a fingerprint reader? by 88NoSoup4U88 · · Score: 4, Informative

    It doesn't seem hard at all at a 'normal' reader (see Mythbusters episode.

    The high-end, ridicilously expensive fingerprint readers are a lot harder to crack though; But I wouldn't say uncrackable.

  15. Perfect alibi by oever · · Score: 4, Interesting

    Mister Schauble can enjoy an easy career as burglar when he's out of office. With 4000 copies of your fingerprint circulating, it cannot be used as evidence any more.

    The only thing dumb thing he could get caught with is when he leaves wheelchair tracks at the scene of the crime.

    --
    DNA is the ultimate spaghetti code.
  16. There actually *are* things to like about Germany by Qbertino · · Score: 5, Interesting

    The CCC is one of the things I like about Germany. It highlights a major element of german-style citizen-culture. It's clearly opposed to uncontrolled gouverment and any notion of a police-state. It has a taste of anarchy to it and on its fringes it has inofficial members with ties to the black-hat community. Yet it is a well organised official registered German association that speaks up on behalf of the people and democracy. With a 27-year tradition of keeping the public political debate alive on IT related rights-issues by perpetually coming up with creative ways of gaining attention. This recent 'Schäuble-Fingerprint' stunt being one of them. I don't know if they've exposed their selves with legal liability by doing this (after all it was officially published in their magazine 'Datenschleuder') but it sure is as funny, hilarious and exposing as ever. Creative non-sense at its best. Go, CCC!

    --
    We suffer more in our imagination than in reality. - Seneca
  17. Re:T-shirt by AJWM · · Score: 4, Interesting

    My kids were watching the Scooby-Doo 2 movie the other day. There's a scene where Daphne activates a fingerprint activated lock by dusting the scanner with blush powder (highlighting the latent fingerprint from its last use) then using a pore-strip over her own finger to provide the right body temperature/capacitance/whatever without her fingerprint confusing the sensor.

    I was amused to see that the technology's weaknesses had made it to the Scooby-Doo level already. I don't know if that exact combination would work, but I've heard of similar successful attacks.

    --
    -- Alastair