Hackers And Heroes: Rise Of The CCC And Hackerspaces

From its roots in phone phreaking to the crackdowns and legal precedents that drove hacking mostly underground (or into business), hacker culture in the United States has seen a lot over the last three decades. Perhaps the biggest standout is the L0pht, a visible 1990s US hackerspace that engaged in open disclosure and was, arguably, the last of the publicly influential US hacker groups.

The details of the American hacker scene were well covered in my article yesterday. It ended on a bit of a down note. The L0pht is long gone, and no other groups that I know of have matched their mix of social responsibility and public visibility. This is a shame because a lot of hacker-relevant issues are getting decided in the USA right now, and largely without our input.

Chaos Computer Club

But let’s turn away from the USA and catch up with Germany. In the early 1980s, in Germany as in America, there were many local computer clubs that were not much more than a monthly evening in a cafeteria or a science museum or (as was the case with the CCC) a newspaper office. Early computer enthusiasts traded know-how, and software, for free. At least in America, nothing was more formally arranged than was necessary to secure a meeting space: we all knew when to show up, so what more needed to be done?

Things are a little different in the German soul. Peer inside and you’ll find the “Vereinsmentalität” — a “club-mentality”. Most any hobby or sport that you can do in Germany has an associated club that you can join. Winter biathlon, bee-keeping, watercolor painting, or hacking: when Germans do fun stuff, they like to get organized and do fun stuff together.

Kabelsalat ist gesund! This CCC logo reminds you that it’s healthy to have a tangle of cables under your desk.

So the CCC began as an informal local hacker meetup in 1981, and then went on to having regular meetings in Hamburg. In 1984, they held the first Chaos Communication Congress, an annual meeting held just after Christmas that’s now in its 32nd year. A few years later, the CCC formally incorporated as a registered association, but there was a little more at work than simply “Vereinsmentalität”.

Translated from the CCC’s website: “In order to rule out legal misunderstandings, the CCC was registered as an e.V. to further information freedom, and the human right of at least worldwide unhindered communication.” I want to draw your attention to the cute phrase: “to rule out legal misunderstandings.” You see, even though the CCC had only been in informal existence for about five years, they’d already pulled off some stellar hacks that could potentially land people in difficult legal situations — and would have without question just a few years later in America. Ironically, by publicly incorporating and becoming pre-emptively open, rather than trying to hide, the CCC was buying itself some cover.

If you notice the parallel between the reason that the CCC became a registered association and the reasons that Mudge brought the L0pht into the government’s eye, you’ve got this article’s thesis in a nutshell. Publicly-visible and responsible hacking groups take an end-run around the potential charge that they’re a “gang” or that they’re doing something shady. How many gangs have 501c3 status? At the same time, they make it easy for newspapers and congressmen alike to find them if they have questions. The hackers become members of society.

The CCC has done the par-excellence, to the point that occasionally the club’s publications have had to remind folks to remember the actual binding force that holds geeks together: “Spaß am Gerät”, fun with the machines, or happy hacking.

The BTX Hack

While the CCC may have started out like other clubs, a few early high-profile hacks helped set the direction of the club, as well as contribute to their public image as being on the side of the common man. Which is not to say that everyone’s motivations are pure, or that everything was above-board. But, like L0pht would later become in the USA, the CCC became a source of public information about the security failures in the new online world. The CCC was committed to disclosing these failures regardless of the possible damage to reputation that doing so might cause. And it didn’t hurt if the reputation damaged was that of the hackers’ arch-enemy, the Bundespost.

Left: German Post logo. Right: CCC pirate flag. Get it?

The “Bundespest” was a favorite target of German hackers. The government telecom and post monopoly was, like AT&T in the USA, very probably overcharging for services because it could. As mentioned last time the Post forbade the import of foreign modems, requiring Germans to purchase the more expensive “official” models. Phone calls, which also meant data at the time, were expensive, and even normal people wanted alternatives to the Post. Idealist hackers like CCC founder Wau Holland wanted free alternatives.

btx1The target in 1984 was Bildschirmtext. Bildshirmtext, or BTX, was an advanced-for-its-time dial-up service that was most similar to Compuserve‘s early service in the USA. Only BTX was run by the government phone monopoly, and relatively costly.

The story goes that a buffer overflow was discovered by CCC founders Wau Holland and Steffen Wernéry that would spit out unencoded data, among them passwords in cleartext. After going to the Bundespost, and being ignored, they cooked up a spectacular hack and went to ZDF — the second national television network — and got on the nightly news. Holland and Wernéry managed to get the password from a Hamburg bank and opened up a paid BTX site that the CCC owned, repeatedly, from the bank’s account. After racking up 136,000 Deutschmarks overnight, they went to the press. (They gave the money back, naturally.)

Wernéry and Holland and a whole bunch of monitors, prime-time on Channel One.

But having a high-profile hack (Google translate link) of an important system shown on the national nightly news is a game-changer. The Hamburg bank thanked them for making them aware of the potential problem. The Bundespost had to respond a few days later, saying that they’d fixed the flaw. But the cat was out of the bag, and more to the point the public was giving their data security a second thought. And the CCC came off as dial-up Robin Hoods.

By going straight to the press, the CCC managed to stay on the right side of the law and public opinion, most of the time. When asked if the police knew what they were up to, for instance, Holland responded in an interview that he personally sent a copy of the CCC’s newsletter, die datenschleuder: the “data-flinger”, to the head of the Bavarian police computer crime unit. The media presented the CCC, and hackers in general, as the necessary civil-society counterpoint to the assertions of big business that their data would be kept secure.

Through high-profile hacks that had public impact, as well furthering happy hacking, the CCC grew its membership and spun off satellite clubs outside of Hamburg. Today there are 25 local CCC branches in Germany, and with over 5,500 members, the CCC is certainly the largest computer club in Germany and probably the world. And because they’ve publicly probed into technology that affects everyone, from BTX to computer voting systems, the press and society, and even sometimes the government, listens.

Hackerspaces, Bringing a Slice of Germany to the USA (and the World)

All this talk about the CCC brings us, oddly enough, back to the USA. Whether you realize it or not, the CCC’s 25 locals (and the independent but friendly c-base in Berlin and Metalab in Vienna) were the prototype for what I’d call new-wave hackerspaces in the USA.

hackersonaplane2A group of American hackers, among them Bre Pettis, Nick Farr, and Mitch Altman, went on a European vacation to the Chaos Communications Camp in the summer of 2007, and then on to a tour of German and Austrian hackerspaces to see what made them tick, with the thought of bringing the idea back home to the US. At the 24th Chaos Communications Congress in December 2007, Jens Ohlig and Lars Weiler, founders of the CCC branches in Cologne and Dusseldorf gave a talk about everything they new about running a hackerspace to help out their American friends: Building a Hackerspace.

The slides from this talk, the Hackerspace Design Patterns would become the jumping-off point for founding three of the first new-wave American hackerspaces. In February 2008, the for-profit NYC Resistor opened its doors. By March, HacDC was incorporated as a non-profit and was open for non-business. And although they’d been meeting here and there for a while, Noisebridge rented its first space in October of 2008, and incorporated as a non-profit six months thereafter.

Within a couple years, there were a hundred hackerspaces in the USA. Today, there are 406 registered active hackerspaces on hackerspaces.org in the US, and 1,200+ worldwide. Not bad for eight years’ work! If you haven’t been to your local hackerspace yet, you owe it to yourself.

800px-HackerspacesTeeDesignDue to the tastes of individual members, every hackerspace is slightly different. I don’t know how exactly to draw the distinction between a hackerspace and a “makerspace” but it seems that there are groups that focus more on hardware projects, and those that focus more on computers and information freedom. But my own experience is that there are no hard boundaries, either, and the strong-suits of a space tend to shift over time.

And that’s a good thing, because when people are having fun hacking they produce their best work, and providing constant opportunities for cross-pollination helps keep things fresh. In the early years of HacDC, we had a great time with high-altitude ballooning, for instance, because it got to connect up our hardware folks with the ham radio people and even the web-development types who cobbled together a nice real-time mapping solution. But at the same time, HacDC also put out Project Byzantium, an easy-to-configure ad-hoc wireless mesh networking solution.

So as much as I love the way that the US hackerspaces have sprouted up out of over the last decade, and as much as each individual space that I’ve visited has been neat and interesting in its own right, I have to say that there’s something missing in the USA, and that’s a larger organization and purpose. It’s hard to overestimate how much cool stuff could get done if some of the ambition of the USA’s 400+ hackerspaces were pooled together.


So what’s the next step, Team USA? It’s going to be incredibly hard to get any consensus across 400+ hackerspaces, but imagine the amount of good it would do if you could all occasionally speak with one voice? But where to start? How would one even try to organize this chaos?

You want to know how I think the Germans would do it? An annual conference first, and then incorporate an organization to handle the coordination: you’ll be surprised how much focus and teamwork pulling off a large annual conference will build. An annual event gives groups a deadline to work toward, and I don’t need to tell you how important that is. And an annual conference gets people physically together and having fun, and that absolutely shouldn’t be underrated.

Don’t know what common ground you all have? You could do worse than start with the the Hacker ethic, which non-coincidentally came up out of the early days of MIT’s shared computer resources, but is the unifying basis in the German CCC:

  • Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!
  • All information should be free
  • Mistrust authority—promote decentralization
  • Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex, or position
  • You can create art and beauty on a computer
  • Computers can change your life for the better

And at least consider the CCC’s two additions:

  • Don’t meddle in the data of others
  • Use open data, protect private data

(Elliot was a founding member of HacDC and is at least paying dues at the Munich CCC, though he hasn’t been over in a shamefully long time.)

27 thoughts on “Hackers And Heroes: Rise Of The CCC And Hackerspaces

  1. Devils advocate here…
    All information should be free
    Don’t meddle in the data of others

    Do these two points slightly contradict each other? Say in regards to data the government claims to be theirs.

    My personal views are irrelevant really, I’m just curious how others translate things in this regard.

    1. Like any Ethics this rules are not without conflict and it’s common to discuss this rules (e.g. at CCC related congresses over the year).

      All information should be free -> knowledge should be free (freedom and free beer) | information in general should be free as long “protect private data” is not in conflict.

      Don’t meddle in the data of others -> If possible / intended by the “owner” of the data, copy the data and play with it like you want. But please don’t mess around with the structure/content of the collected data of the “owner”.

      Use puplic data, protect private data -> Governments are not considered “private”, they are the elected adminstration of the society. It’s not intended in a democrazy, that this adminstration can hide information from society!

        1. But the people and politicians are members of the same society One where both stick their dicks in each other’s business. However it’s the politicians who pass discriminatory legislation Often the politicians bring it upon themselves. Politicians are the very definition of “the elite”, so I’m unsure why their personal lives should be free of examination, when it’s thy who should run society.

    2. At one point our county commission was all for making the data collected by the GIS department available to the public free of charge. Last month when I was at the court hows paying my property taxes and vehicle registration I went to find the Emergency Management coordinator to speak with him when I walk past the GIS office I seen the head of the department was there, as she id hard to catch I detoured into that office, I learned the commission had had a change of attitude and the plan to charge fees for the data. So I need to see what they have in mind and try to state my case why the raw data they generate should be free.

      In rgards to “All information should be free”; IMO the vast majority of date created a using taxe dollars should be open. Those who creatye data at their own expence realistaly should be able not to share if they choose to do so. The only exception I can see to that is when corporations use the data they collect to pass or oppose legislation they should be required to make that data public, so a wide range of interests can examin it to insure the data is applicable. The insurance industry has a wide range of data. Data they use to influence legislation that can save lives and protect property The companies are doing that not because they are generous, but because it aids their profits However they will try to use the data to increase their profits because association, not scientific derived results. Meddling in the data collected by any government because you as an individual or some group interprets that it should be available, quite possibly something I couldn’t agree with. Because that would be an attitude very similar the the self describe “militias and “oath keepers”, one I can’t agree with.

      1. Yes, respect my pay-wall for data collected with you and your peers money, you should pay for it twice! We need a return off our investment for bonuses! For if you say or do anything against us you will be labeled as any number of negative factions depending on your skin color. *over shoulder* “The propagandist worked, slush him Kroker!”

    3. Here there’s also the saying “Offene Daten nützen, private Daten schützen” which means: Use public data but protect private data.

      That’s how the statutes should be interpreted.

      Besides: It’s talking about information and data. Those are two different things. Information should be free (Think Wikipedia), but data is either public or private.

  2. Classic old-school hacking (like phone phreaking) was never able to reconcile exploring with exploiting, or civil disobedience with criminal intent and that ambivalence will always haunt it codes of conduct notwithstanding.

  3. For the record there are other hackerspaces in the US that were happening around the same time as NYC Resistor, HacDC, and Noisebridge for different reasons. Makers Local 256 in Huntsville, AL drew their inspiration from the first Tech Shop opening in 2006 but didn’t get their first space until April 2008. Here’s their history from their wiki. https://256.makerslocal.org/wiki/Make_Shop#History

    Full disclosure, I am one of their founding members and proud of it.

    1. That’s right! I think we van-pooled up to HOPE with some of your guys waaaay back when. (Which must have been summer 2008.)

      That was a very interesting time. I wonder what other OG-new-wave hackerspaces will come out of the woodwork?

      In retrospect, someone should have been filming a documentary.

  4. A lot of things work in Europe and get ‘lost in translation’ coming Stateside just because of the sheer difference in size (and locations of population densities) between EU countries and the US. If you were to, say, organize a carbon copy of the CCC organization strategy solely in New York State, you might become successful, but have there been many similar arrangements made all across the US?

    Perhaps a looser ‘board’ could guide geographical regions in setting up and nurturing new hackerspaces while administering more cross-space decisions across geographical guidelines, while allowing regions to maintain smaller decision-making committees that oversee the day-to-day of the spaces.

    You know… like the US govt :P

    1. One thing that won’t work, and doesn’t really in the CCC either, is any model that proposes some kind of top-down control. The US hackerspaces are already completely autonomous, and wouldn’t want to be otherwise, IMO.

      What a hackerspace association (or whatever) would bring to the table is _new_ functionality. Maybe a press dept and of course all of the organizational mess that goes into putting on conferences and etc. These sorts of functions only really work well when there’s one group/assoc/whatever that speaks for all, but it would only work if the hackerspaces controlled (democratically? do-ocratically?) the central org.

      You absolutely don’t want to try to “rule” the hackerspaces, but rather give them new outlets for doing what they already do best.

      1. Maybe something that would assist the hackerspaces in doing what they do best, like a github for spaces so members can exchange information, share what they’re working on and bring in feedback, have video link calls, etc? Having a centralized repository leads into things like press depts, financial management, logistics…

  5. I don’t want to sound like a bitter old prick here but…

    Can we keep hackaday on point? about hacks? Make a new subsite or something about modern events, opinion pieces etc. Its not uncommon for a popular site to lose its way and die in a sea of pointless piffy garbage in an attempt to get more readers.

    I don’t want another “clock boy” spamfest. Jesus christ that was awful.

    1. Seriously, this has been argued to death for years now. Either drop it or leave.

      This is what Hackaday is now, there is *zero* chance it will magically change to what you want it to be (and just like everything, “the good old days” weren’t what you remember, either.)

  6. This article seems a bit like preaching to the choir and the references to the past do not reflect the changes in laws and society where just about anything can be spun as a “hack”.

    Really it reads a lot more like a fanboy article rather than a objective history of CCC, Hackerspaces and L0pht while totally disregarding the thousands of speakers and groups that presented at DEFCON, HOPE, ShmooCon, DerbyCon, t00rcon and the like. Many of those speakers aren’t islands but small teams of individuals who present this material for you to disseminate and inspire. Calling for a national version of said conference totally discounts all these conferences, the speakers and the people who put them together. Keep in mind that you can drive across western europe in about 1 day. You can’t do that in the US. The scale doesn’t work. Also look at DEFCON with attendance over 20k vs ##c3 which averages only a few thousand.

    The mainstream press being “the press” don’t send their most intelligent to hacker conventions – as evidenced when they chased out NBC’s Dateline reporter at DC15 – because it doesn’t make for scandalous copy. I think there’s enough evidence that if written well and backed by good video/photography that it would get picked up by other blogs and eventually end up trending enough for “mainstream press” to consider running it in their news programs/websites.

    CCC has always been fringe in German culture having to change themselves to react to changes in German Law. Not to mention that it attracts a certain “anarchist” following. CCC’s roots go back to software pirate parties where people brought their floppies out and copied media. As the tech progressed, so did the club. L0pht was a place where MIT geeks could hang out in a storage locker full of applicable gear. As for HOAP, that was just a way to keep the feeling conference feeling alive and being convenient to attend both conferences much like DEFCON parties.

    1. I absolutely don’t mean to minimize the US cons. They just didn’t fit in with the article’s thesis which is that US hackerspaces need to get organized if they want to have a political / socially-relevant voice or increased public respect.

      The con idea here is really a trojan horse to fool the US’s many splintered hackerspaces into working and thinking together. Presenting at someone else’s con is awesome, but it does not have the same effect. Maybe I missed the mark? It was intended to be “preaching to the choir” because the choir isn’t singing together.

      As for HOAP: I dunno. I know Jens, Nick, and Mitch personally and talked with Bre back in 2008 (at HOPE — see I don’t hate US cons) as Resistor and HacDC were both just getting off the ground. The Americans wanted to do a hackerspace tour because they wanted to start hackerspaces, and the “design patterns” document and idea definitely launched a thousand ships. I don’t understand why you’re minimizing that.

      CCC _is_ fringe, but they’re a fringe that’s listened to (and grudgingly respected) by parliament and the courts. What is the equivalent US hacker organization that has any clout?

      32C3 attendance was 12k – 14k this year, filling one of the largest conference venues in Germany. DEFCON is bigger, but it’s not orders of magnitude. You can’t say “the scale doesn’t work” for a hacker con and then bring up DEFCON. Everyone flies to DEFCON, except LA and San Diego.

      1. As you pointed out in the previous article, there are reasons why the US went down a different road when it comes to “hacker” culture. Having experienced that witchhunt first hand and seeing where our current political/social landscape has the Feds both persecuting AND begging for help (only if you do it their way), I am of the opinion that there is no way that we could reproduce CCC’s relationship with our US Congress.

        Personally, I am just as happy that many cities/counties are interested in hackerspaces being part of community development in terms of attracting makers and inventors into spaces where people can create and inspire. To me, that can make a much more profound change to society than trying to create a “lobby” for hackerspaces within the DC beltway – which is essentially what you would have to do to get an interface with Congress.

        I’ve been to CCCongress when they were still in Berlin. I’ve spoken at HOPE and DEFCON. I also know Nick. I don’t minimize HOAP but I think we are looking at it from separate angles. I get it, your focus is on hackerspaces. Being a founder of HacDC, you know what it takes to attract makers and hackers. I disagree that “everyone flies to DEFCON, except LA and San Diego” because that’s purely because you’re looking at it from an East Coast perspective. West Coast people yes do fly there… or they caravan or road trip it as it’s only an 18 hour drive.

        Then there is what others have mention – geography. In Europe, it’s much more common to cluster around, drink coffee and socialize. It’s a different pace and attitude there. Their transportation system is suited for it as well. This all reflects in their lawmaking as well where it’s much more common sense than here in the US – ie: France outlawing grocers from throwing away edible food and instead donating it to the poor, law making regarding setting one standard for phone chargers, etc…

        In the use where you might have cities like NYC, that mimic a typical European city to some extent. It all begins to fall apart the further you drive away from the Holland Tunnel. The distances are farther. the transportation system is looser, the attitudes are more independent instead of interdependent as people simply have more space to travel or ignore their neighbor. In contrast, I remember flying into GVA one time and you would see nothing but fields of green whatever then as soon as you cross a road (not a highway or major throughfare – just a simple road) you have dense cities blocks. In the US, it’s much more patchwork and gradual.

        If you want to help reverse the damage of the last 25 years of bad US policies against hacker and makers – lobby to dismantle the DMCA.

        1. Thanks jfalcon for your great response. I see where you’re coming from for sure — and totally agree that the geography _is_ a problem in that the US’s big cities (with attendant hackerspace density) are just farther apart. It’s just not one that I think is insurmountable.

          Maybe an east-coast and a west-coast con? (Without the shooting.) Or heck, maybe start less ambitiously by beefing “hackerspace village” type areas at pre-existing cons. For which HOPE is an obvious good fit, b/c of 2600 connections and general community-orientation. I don’t know about the west coast — they all seem more professional in both a good and bad way.

          I know we tried and failed a number of times to get closer with other hackerspaces when I was at HacDC. We tried things like ustream between spaces. We did a weekly internet radio / call thing for a while. But these were frequent burdens with little payoff, and they just kinda fizzled out.

          We never made trips up beyond Baltimore as a group, really. We had single people visit, and some of us visited other spaces, but as individuals. DC-Philly or NYC is no further than Berlin to Hamburg. Why didn’t we do it as a group? Why didn’t other groups come to visit? Time? Cost/benefit ratio?

          The joy of something like CCCongress, where you get together with folks you only get to see once per year or so, is pretty motivating, and I think it pulls the scene here together, and even reaches beyond the CCC. Non-affiliated spaces show up en masse for the CCCamp — some even from across the English channel.

          You could try “Americans are just less social.” But I think that’s a cop-out, and it’s obviously not true when you attend the smaller, fringier cons. Or if you look back at the past of hacking. But it’s definitely true that our hackers aren’t social _in groups_ in the same way, and I wonder if it’s just lack of a model.

    2. The attendance of 32C3 topped out at over 13k people, actually. It would’ve been more if the venue hadn’t reached capacity, and there are issues finding a venue that is big enough to accommodate the growth.

      So no, it doesn’t “average only a few thousand”.

  7. Geography again. What helped the CCC was that anyone interested could probably get in their car and drive to one of the monthly meetings when it was just a single hackerspace. No car? I’ve been told the public transport is pretty good too.

    Pick any spot in the USA and put a hackerspace there. Distribute interested parties by population of the rest of the country. See how few of those people could drive to the hackerspace in less than 10 hours, much less drive to a meetup and make it just a weekend event? And those without a car are left either flying or taking non-existant busses or trains.

    To make this work in the USA, you’ve got to have ways for people to meet up and see faces; and it has to be accessible to both the big port cities and the middle-of-nowhere hackers with no vehicles. Whether that means monthly goggle hangouts with face to face chats, traveling pop-up events, and better announcements for hackaday conventions, or something else entirely; it seems to me that the best way to get people to sit and talk like people (and not forum trolls) is to make it face to face.

  8. ‘rise of the CCC’ lol
    helloooooo america, waking up to reality again? is this a yearly thing or just incidental
    CCC has been -super- active since its founding and shows no signs of stopping

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.