Linus Neumann

from Wikipedia, the free encyclopedia
Linus Neumann at the 30C3 in Hamburg (2013)

Linus Neumann (* 1983 ) is a hacker , network activist and one of the spokesmen for the Chaos Computer Club (CCC). The qualified psychologist lives and works in Berlin as a consultant for IT security. For the CCC, he appeared several times as an expert on IT security in committees of the German Bundestag . He is known for the podcast Logbuch: Netzpolitik , which he publishes weekly with Tim Pritlove , and for his previous authorship on the blog netzpolitik.org .

IT security

Software for recording election results, 2017

In September 2017, a few weeks before the 2017 federal election, the weekly magazine DIE ZEIT published the results of an analysis carried out by Thorsten Schröder, Martin Tschirsich and Linus Neumann on software used to record and evaluate the 2017 federal election. This was preceded by rumors that Russian hackers were planning such an attack. In a report published by the Chaos Computer Club, the hackers attested multiple attack paths for manipulating aggregated and recorded election data.

The manufacturer tried to eliminate the weak points with several updates. In another publication by the Chaos Computer Club, these were criticized as ineffective, "nonsensical and incomprehensible". The Chaos Computer Club therefore offered “digital first aid” with an “open source donation”, thereby reinforcing the requirement that software paid for by the public sector must also be publicly available and verifiable.

The manufacturer then stopped providing updates for the software. The federal election was carried out in several federal states with the aid of the defective software.

In the state elections in Hesse in the following year, 2018, there were large-scale irregularities and failures, for which the ban on the use of the defective software was brought up as a trigger.

IT security law

In May 2014, Linus Neumann commented on IT security issues as an expert in the Digital Agenda committee of the German Bundestag. In a policy paper he recommended quality assurance of open source software through financial support for audits and bug bounties , as well as increased decentralization of security systems for which end-to-end encryption is no longer optional. In conclusion, he advocated an independent and evidence-based security policy in which measures that restrict fundamental rights in particular should be evaluated with regard to their effect.

In April 2015, as an expert in the Interior Committee of the German Bundestag, he criticized the resulting bill for a law to increase the security of information technology systems in detail. In particular, he stressed that no measures would be taken to protect end-users. Instead, their data protection will be further undermined by issuing a license to data storage providers. The law lacks the potential to actively contribute to increasing IT security. Instead, it increases the bureaucracy, but there is no shortage of this in companies. In addition, the operator's right to suggest the desired effect of the planned, legally prescribed “safety standards” ad absurdum. He expressed fundamental criticism at the Federal Office for Information Security (BSI). This was preceded by the revelation that the authority was actively involved in the development of state Trojans - also for use against German citizens.

The IT Security Act was passed unchanged by the German Bundestag in June 2015 and came into force on July 25, 2015.

De-Mail

In 2013, Linus Neumann represented the CCC as an expert for IT security in the Interior Committee and in the Legal Committee of the German Bundestag .

In both hearings, he criticized the lowering of legally required security levels for sensitive data in order to allow the De-Mail procedure. He criticized De-Mail himself as a system whose security does not match its increased attractiveness as a target. His thesis is confirmed by the fact that it did not meet the legal security requirements that had previously been in force. His criticism was met with extensive media coverage and the provider with a PR offensive.

The criticized laws were passed a short time later by the Bundestag with small changes.

Cellular

In the team of security researcher Karsten Nohl , Neumann is the project manager of the GSMmap initiative. The website informs users worldwide about weaknesses in cellular networks. The database for this is generated with the help of open source software using crowdsourcing .

He caused a sensation in autumn 2013 when he demonstrated wiretapping of mobile phones for a TV team in Berlin's government district. This was preceded by the revelation that the US embassy in Berlin served as a base for eavesdropping on Angela Merkel's private phone .

e-mail

In December 2013 he discovered that messages from the E-Mail made in Germany network could continue to be transmitted unencrypted, contrary to what the providers said, and he publicly warned against this. Shortly afterwards, some of the providers announced that they would switch over soon. However, Deutsche Telekom had already announced in a press release from August 2013 that the E-Mail made in Germany network would consistently only send SSL-encrypted mails from the beginning of 2014 for security reasons. This was also pointed out on the initiative's website and in media reports.

The changeover took place in April 2014.

Algorithms

In an expert report on the draft law for the modernization of the taxation procedure, he warned against the legalized use of risk management systems to identify potential tax evaders according to economic principles. These could lead to unnoticed and gradually increasing structural discrimination or “blind spots” in the inspection process . The framework conditions developed by Neumann for such an operation were incorporated into a motion for a resolution by the opposition, which, however, was rejected.

activism

Net neutrality

Neumann is an advocate of net neutrality . For this he fought several campaigns with the digital society, most recently against the plans of Telekom to throttle the connections of DSL flat rates according to a certain volume (without including Telekom's own services). Among other things, he called on the owners of Telekom shares to transfer their voting rights to the CCC and organized a poster campaign at the general meeting building.

Media guerrilla

Despite a record, Neumann denies having registered the satirical Pro Guttenberg demonstration in Berlin, to which the Hedonist International claimed responsibility. In the same year he reported on the action at the Chaos Communication Congress under a pseudonym.

In an article about the " Gratis-Bild " of the Axel-Springer-Verlag , Neumann described how an objection to delivery could be combined with maximum workload for the publisher. His “instructions” were followed by many thousands of readers, so that the publisher's e-mail system temporarily collapsed. The publisher accused him of setting off a mail bomb . In the course of the investigation, however, it turned out that Springer-Verlag had not only violated data protection law, but had also made allegations about agreements with the state data protection officer that did not correspond to the facts. This in turn brought the publisher into a supervisory procedure.

Publications and lectures

Netzpolitik.org

In August 2010 he started writing for the blog netzpolitik.org and shortly thereafter became the first permanent member of the editorial team.

Logbook: network policy

In October 2011 he started the podcast “Logbuch: Netzpolitik” together with Tim Pritlove . In the usually one to two hour contributions, he discusses topics of network politics with Tim Pritlove, especially in German-speaking countries. The weekly podcast is financed through donations and celebrated the 100th episode in April 2014 with guest Hans-Christian Ströbele .

Chaos Communication Congress

  • Politics hacking at the 28th Chaos Communication Congress
  • Network activists! Is that all we can do? at the 29th Chaos Communication Congress
  • Bullshit made in Germany at the 30th Chaos Communication Congress
  • Annual review of the CCC 2013 at the 30th Chaos Communication Congress
  • Annual review of the CCC 2014 at the 31st Chaos Communication Congress
  • Annual review of the CCC 2015 at the 32nd Chaos Communication Congress
  • Annual review of the CCC 2016 at the 33rd Chaos Communication Congress
  • Annual review of the CCC 2017 at the 34th Chaos Communication Congress
  • The PC election hack at the 34th Chaos Communication Congress
  • You can hack anything - you just can't get caught at the 35th Chaos Communication Congress
  • Annual review of the CCC 2018 at the 35th Chaos Communication Congress
  • Hacking Brains - Human Factors in IT Security at the 36th Chaos Communication Congress

Chaos Communication Camp

  • Political Solutions to Technical Problems? IT security by law at the Chaos Communication Camp 2015

re: publica

  • The troll thrush: Findings from empirical troll research at re: publica 2013
  • On our fear and apathy towards smartphone attacks at re: publica 2014

Other activities

Neumann is the spokesman for the Kulturkosmos Müritzsee cultural association (as of July 2019), which, among other things, organizes the Fusion music festival .

Web links

Commons : Linus Neumann  - Collection of images, videos and audio files

Individual evidence

  1. a b c 30C3: CCC's annual review
  2. https://netzpolitik.org/author/linus/
  3. The federal election can be manipulated . DIE ZEIT article by Kai Biermann and Holger Stark, September 7, 2017
  4. analysis of election software report the Chaos Computer Club
  5. Open source donation: CCC closes biggest vulnerability in PC choice press release of the Chaos Computer Club
  6. CCC | Open source donation: CCC closes biggest weakness in PC choice. Accessed November 26, 2018 .
  7. CCC | Open letter: Public Money? Public Code! Accessed November 26, 2018 .
  8. Frankfurter Rundschau: Hesse election: election chaos in Hesse has consequences . In: Frankfurter Rundschau . ( fr.de [accessed on November 26, 2018]).
  9. Linus Neumann: Promoting effective IT security . Chaos Computer Club
  10. Andre Meister: Geheime Kommunikation: BSI programmed and actively worked on the state trojan, but denies cooperation. In: netzpolitik.org
  11. Bundestag passes the IT Security Act . In: bundestag.de
  12. Stefan Krempl: IT Security Act comes into force . In: heise online
  13. Interior Committee of the German Bundestag, minutes of the 100th meeting ( online )
  14. Legal Committee of the German Bundestag, the 123rd session ( online )
  15. https://netzpolitik.org/2013/innenausschuss-des-bundestages-sachverstandige-zum-entwurf-des-e-government-gesetzes/
  16. https://www.heise.de/newsticker/meldung/Rechenzentrum-fuer-De-Mail-Besuch-im-Kaefig-1845273.html
  17. Mobile Network Attack Evolution (Eng.)
  18. https://gsmmap.org
  19. https://opensource.srlabs.de
  20. stern TV bugging test: bugging in the center of power. stern TV, October 29, 2013, accessed on May 9, 2015 .
  21. Chaos Computer Club warns of sham packaging "E-Mail made in Germany" https://www.ccc.de/de/updates/2013/bullshit-made-in-germany
  22. Deutsche Telekom, WEB.DE and GMX start the "E-Mail made in Germany" initiative . Deutsche Telekom press release of August 9, 2013
  23. ^ Website of the campaign initiative "E-Mail made in Germany" Encryption ( Memento from August 12, 2013 in the Internet Archive )
  24. "E-Mail Made in Germany": SSL encryption for (almost) everyone . In: heise.de , August 9, 2013
  25. T-Online, Freenet, Web.de and GMX.de: German email providers are switching to encryption . In: spiegel.de
  26. Linus Neumann: Use of risk management systems in the implementation of tax law: expert information on the draft of a law to modernize the taxation process. April 16, 2016, accessed February 27, 2018 .
  27. Linus Neumann: Expert information on the draft law to modernize the taxation procedure. Deutscher Bundestag / Chaos Computer Club, April 13, 2016, accessed on September 23, 2016 .
  28. Network activists! Is that all we can do? ; Half a network campaign against Vodafone
  29. Archive link ( Memento from January 7, 2014 in the Internet Archive )
  30. CR189 The end of flat rates https://chaosradio.ccc.de/cr189.html
  31. Demonstrate offline against # Drosselkom plans . In: netzpolitik.org
  32. Pro Guttenberg solidarity rally https://www.youtube.com/watch?v=gD5rBF5HNAw
  33. a b 28C3 lecture "Politics hacking"
  34. Free picture: Effectively roll back Springer-Verlag . In: netzpolitik.org
  35. a b https://www.lawblog.de/index.php/archives/2012/07/12/gratis-bild-springer-wirft-verweigerern-straftaten-vor/
  36. Berlin data protection officer replies to the Axel Springer mail . In: netzpolitik.org
  37. The population has a right to know ... In: netzpolitik.org
  38. LNP212 Everything is full of sex bombs. Retrieved on November 26, 2018 (German).
  39. Logbook: Netzpolitik 001 "State of the Union"
  40. Logbook: Network Policy Background
  41. LNP100 is already part of the establishment
  42. Network activists! Is that all we can do?
  43. Bullshit made in Germany
  44. Annual review of the CCC 2014
  45. Annual review of the CCC 2015
  46. Annual review of the CCC 2016
  47. Annual review of the CCC 2017
  48. The PC election hack
  49. You can hack anything - you just can't get caught
  50. Annual review of the CCC 2018
  51. Hacking Brains - Human Factors in IT Security. Retrieved January 3, 2020 .
  52. Political solutions to technical problems? IT security by law
  53. The Troll Thrush: Findings from empirical troll research
  54. On our fear and apathy towards smartphone attacks . In: re-publica.de