 Goed afternoon everybody. I'm Brenno de Winter en I would like to tell you a random story about technology we use in the Netherlands with these transportation cards. I'm a journalist and I started covering this case actually by accident. I never wanted it to cover in the first place but you know what happened? I was at Giles Computer Club and I'll tell you that in a second. I'm Brenno de Winter from the Netherlands. I started programming it the age of five. I focus go figure on security and privacy. And I write about it, I talk about it and I teach about it. If you want to know more about me, then buy me a beer and that always works, worked yesterday by the way. And I want to say one thing on the record and this is article 10 of the European Constitution of Human Rights. Everybody has the right to freedom of expression. This right should include freedom to hold opinions, to receive and impart information and ideas without interference by public authority regardless of frontiers. And you guys, you know what? You've got one too. So let's get started and I want to make one step back. I came back last year in the Netherlands and one day after DEVCON I found myself arrested for photographing somebody driving on a Segway. Why? Because the Segway is outlawed in the Netherlands or it was outlawed in the Netherlands. En this one was driving, not this one, but this thing that I saw was driving through the train station of Utrecht. And I thought like, oh cool, that's so cool for the block of the magazine I write for. So I took a picture, this guy went berserk, phoned the police, I was detained and they erased my photo. Boy, did they make a mistake. Together with the Federation of Journalists we sued the police and guess what, within two weeks they apologized, they reimbursed me, blah blah blah blah blah. Sorry sorry sorry. Then I came to the station of Amsterdam and I told this guy who I was and he remembered the case and he stood in front of me and he went, go ahead, take a picture. I love this man. But this was a wake up call for me that we have to be vigilant for freedom of speech all the times. This is why I'm here. Okay. Last year at CCC, the conference, the chaos communication camp, always held between Christmas and New Year's. Yeah, I used Twitter. They were short of goons and goons in Germany are called angels. So I volunteered and they said, like, can you do the my fair talk? So I said, no way. I want to go to this other thing. I want to report on that. And they like kept bugging me. Like we're really short of people. Please do this. So I went on stage because they always announced who's talking and I went like these two guys, they correct apparently RFID and it's kind of interesting. So guys take the floor away. I thought fuck you. I went down set in set in the room and was typing with my editor in chief apologizing. And after the second thought slide, I thought over. This is real. They've got a story and this is a story to report. What did these guys do? They took the chips out of these cards. They scratched it off layer by layer. They photographed it and then started analyzing the cryptographic alpha algorithm called crypto one basically showing that security through obscurity does not work. So what do you do because now here's a story and to be honest, that might kill the company that's making the chip. So I phoned them and when I was back, I waited this story. Normally you would report it right away, but I thought let's be careful on this one. So on December 31st, when I was back, I phoned them and I went like, hey, this is going to do in the from the Netherlands. I've got a question for you. And you know, just before New Year's Eve, that's not a nice question. So right after New Year's Eve, January 2nd, I started publicizing it and thought this is the end of it. This is it, done and nice story. And then the second comment by a reader was like, hey, do you know that this card is being used in the Dutch transportation card? The one that we are introducing, the one that we already spent more than a billion euros. That's like 1.6 billion dollars on. So yeah, you go like, you know, that might be a story. And then I started digging a lot more. You know, I started spending a lot of time on it and I found a find out that we are also introducing a way of paying with your cell phone. It's called these things with new field communications. They use my classic, but it turns out they use something else in encryption. So you go out and you ask why, you know, it's crypto one, aren't you happy with that? And they go like, well, you know, we don't trust it. It's kind of old, it's kind of closed, it's kind of unreliable. So they only use the my fair part for the communications and that part is kind of good. And then I found also that we have at Shell, if you're at the Shell station, you drive in, you've got this payment system, you press a button, you give your PIN code. And that was my fair classic using crypto one. Well, then January 17th, Rob Holmgeb restated the obvious that security through obscurity does not work. And we kind of found that out. And then all of a sudden a second case started developing. And this is what we called calling the Netherlands the Goud case because this was a public bid. This story is a total sideline. It is important because I started to work with this other reporter and we started to file a whole bunch of freedom of information act request. I really hadn't done that before, but you know, 1.6 billion dollars. That is something you want to spend some time on and at least, you know, file some for us. So I met them through this case, just that's my angle in it. And the story went on. And I hope there are no duchies in the room. And I know there are at least two because they are working with the transportation system that built these cards. And I want to give a big hand to them because they basically said that I should go ahead and do this. And I think that's great. But here we are. We have these broken cards. Something has to be done about this. So what did they do? They started a research, a study. Like, okay, what can we do with this card still? Is it broken? Should we replace it? And you know, this company called TNO, they started to study this and they said, you've got to replace the cards in two years. I always thought broken is broken and then you've got to replace it. But they thought we had still two years of time because you needed to do a brute force attack. And that basically for them would say like, okay, that's so much work. We've got two years of heads up. Kind of a strange thing. And when this was presented, I had something like, you know, this is not right. This is not correct. And then they said something else. There is no criminal business case in cloning these cards. You only can travel for free. So don't worry about it. If there's any damages, it's only damages for the company that runs the card. You know, does all that. I know that, you know, that's not what everybody thinks, but they weren't too worried about it. And together with that, the Secretary of Transportation announced a so-called attack plan. An attack plan, she wanted to attack the negative image of the card. So polish up the, you know, the damage done by all these stupid journalists that basically make up all these stories. At that point, I had a hard time because the company that did this study and the company that ordered the study is not government. And you can't use a freedom of information act request on such a report. So what can you do? And then the secretary announced a contra expertise. So they would re-study the case. And they would hire this London based university, the Royal Holloway University of London. En dat is kind of interesting. Because if the Department of Transportation does it, that's the government and that's something you can do about it. And before that study was published, the German attackers announced that they would publish parts of the algorithm. And on March 10th, they did. And then on March 13th, something very interesting happens. All of a sudden, there's this announcement. We can open doors with my fact classic. We've known that since last Friday. We found the Dutch Secret Service. They verified our attack. And the Dutch Secret Service has warned all the governments of befriended nations. And we label this a matter of national security. En dat is kind of interesting. On one hand, we have caught a card that still can live for another two years. On the other hand, the same technology to open doors is apparently an issue of national security. Well, then right it is because you can walk into any ministry or department. Basically do the Jedi wave and the doorbell open. I have a little movie to show this. And it's really a very, very simple attack. You can see I, you know, I didn't have much time to prepare. So it's kind of chaotic, but there we go. Here you see the guys from Nijmegen explaining that they made this little device. You can hold it in front of a reader. And then it does. I'm not going into the technical part. It does a magic thing. Hold it in front of a door. Corrects the key. Now it's on there. Don't you like these lights? And they do something magical and all of a sudden you can clone cards. And what was once secure is no longer secure. And this is the highly secure data center. I'm not going to start all over again. Don't worry. So now we've got two storylines. We've got the doors and we've got the transportation cards. And slowly it starts to hit the United Kingdom. That there might be an issue here. So MI5 starts to make announcements on the oyster card, which is the same. This is called the overchip card. And the oyster card is basically the same card as they have in the United Kingdom. And basically those two companies are kind of sister companies. You know they work together a lot. And technology is the same. System is the same. So similar. The Dutch is a little bit more advanced because they also use it in buses and stuff. And in trains they want to use it. But MI5 wants to use travel data to spy on their citizens. Oh no sorry to find terrorists. That raised for me the question. Gee, would we do the same in the Netherlands? Meanwhile there was this debate in parliament on the door issue. And nearly unanimous, I think it was unanimous though. Everybody agreed that the next system should be at least an open source security system. Because then you can repair it and then you can have a look at it. You know why? Because part of the TNO report that said that we still had two years of heads up was secret. And we still don't know what's in there. The company that's behind it wouldn't release it. En in a second statement, and that is very interesting. Our minister of the Interior said in response to a question of somebody of one of the Christian parties. You cannot silence researchers. They have a right to problems, they have a right to research and the government is not there to stop them. This socialist woman is kind of cool even though she's a socialist. I raised questions and I was telling you about the Dutch Secret Service. I found that already we've got two chambers, second chamber, first chamber. That already the second chamber passed the law that the secret service could gather intelligence on telephone data and on travel data. So my question was like, hey, this Dutch transportation card is coming up. They're storing the data for seven years. Are you interested in that? No. They're not yet. Then on April 12th came a big breakthrough. On April 12th, the researchers of the Nijmegen University announced that they found a new way to attack the Maifa Classic in such a way that they can crack a key in seconds. And they think below ten seconds. Or as this researcher has numerous times explained to me, your iPhone will be your RFID device in the future. Don't worry about it. So you can crack a card in seconds now and now the whole ballgame changes. Now I can stand in the bus, walk through the bus and everybody that has a Maifa Classic card, I can clone it by having an iPhone in my pocket. I'm so sure that nobody here has an iPhone in their pocket. So this is of course purely theoretical. Sounds travel slow that way. Together with the new attack scenario, the same day the report was released. This was kind of interesting. The Department of Transportation must have had the report at least for a couple of days. And they were supposed to release it around noon. Noon became one o'clock, two o'clock, three o'clock, four o'clock, five o'clock, six o'clock. Six thirty, I got a short message on my cell phone. Can you come to The Hague because in thirty minutes there's a press conference. The Hague is over eighty miles away from me. I haven't developed that Jedi skill yet. So I was walking the dog, I was running home because I was watching the press conference on the internet. And as soon as they published the report, I filed together with the other journalists my freedom of information act request. Could you please give me all the information related to the Contra expertise. Because if I do it like that, I automatically ask all the information on the first report. Because the second report was studying the first report. So this basically gives you all the information and I can tell you later on we got it and it was a pile like this. But we'll get to that in a second. All the time so far the Secretary of Transportation has said TransLink, the company behind the card, is responsible for everything. I cannot change that. I cannot do anything. And all of a sudden it was like I believe one a.m. in the morning somebody rang me out of bed and it went like hi, I'm an anonymous source and I got to tell you something. I sent you a link and you probably want to open it right now. So I went down, opened the link and there was this report that stated that the Secretary of Transportation can, if she wants to influence the Dutch railways, close all funding. Like you have had an issue on the highways in the U.S. She can do that on the Dutch transportation system and then only on the Dutch railways. But the Dutch railways have been funding for, I guess I'm not sure, but I guess for about 50% of TransLink. They are like a 50% shareholder. I don't know this exactly because they won't tell me because they say it's none of my people business. They've been funded by the way by public money, but that's a different story. So if you close down the money towards the Dutch railways, then basically you're influencing policies. So I wrote this up and then something very interesting happened, emergency debate in parliament and they said we'd want to do a vote of no confidence. That vote was really determined by the opposition versus the reigning parties. But one of the reigning parties said we fully support the Secretary of State, but as of now, every step you take, you've got to report to us. How much trust is that? So we call her now a lame duck among journalists because everybody knows she will step down and we don't know over what. It would have been cool though because that would have been the first time that somebody loses their job over a field IT project and field security. That would have been cool. April 22nd, MiFA Plus is announced by NXP. NXP, the company behind it used to be Philips and they say now, okay, we have the basic infrastructure, we have what we have. That's broken, we know that, but we add AES encryption to it. So you have a smooth migration path. En now very interesting during one of the talks with NXP, they said like, you know, if we would like to deliver this to the Netherlands, it would last probably about two years before we can deliver this. I heard that before. I'm not saying that it is because I'm just purely speculating, but it might be. On April 29th, totally as a surprise to me, I didn't know this was coming. This new report came out and apparently we have somebody who is the public transportation ambassador. And this political woman, she made the report and she basically said that if you want to save the cards, I would say, you know, fix the security. But basically she said like we have to be customer friendly. So we're solving security with customer friendlies now. I'm so sorry you lost your money on your card. And the second thing, and that was kind of issue, that was kind of interesting. She also wrote privacy is not a cause of concern until the media starts writing about it. At first, that was my response. And I actually, you know, basically she was saying that Brenno and the other guy Vincent were the cause of it. So I was pretty offended, you know, secret report all of a sudden it's there. And you know, it's an indirect personal attack. Then, you know, you drink a couple of beers and you think about it and go like, no, she's right. People in the street do not need to know if they have a payment system. They do not have to think about all the consequences. If you get on a bus, you should be thinking, gee, that might end up in a database for the next seven years. Have you been counting cameras when you went to the toilet here? No, you don't. I mean, you don't want to worry about it. It's the role of the media indeed to put this on the agenda, to discover this and to write about it. So I didn't report about it, but I wrote a column about it and I told basically that she was so right. And then she was offended. And maybe you remember April 29th because that was the day that the hand riser was found guilty. On June 5th, we had all the information of the Freedom of Information Act request. And the report, the Contra expertise was labeled 1.00. Now I was reading that and I thought like, okay, I know this document. I turned it around and there was document 1.0. Now I went back and I looked at Microsoft. You know whenever it's about security, I always look at Microsoft. I saw Windows 3.0, Windows 3.1, Windows 3.11. And here I've got the report and it's labeled 1.0 and 1.00. That's strange. That would nearly raise the suspicion that there's something to hide. En de funny thing is, both reports were the very same. There were only three differences. Two sentences and the final conclusion. The first one is that the Royal Holloway University feared a denial of service attack on the transportation system. And this was for me, this was the most important sentence that disappeared. Why? Because that gives me the opportunity to make a criminal business case. If you give me 100.000 euros, I will not disrupt the morning rush in Amsterdam. That is a criminal business case. This changes the entire report that there was before. All of a sudden I can do something that makes it very interesting to abuse the card. Now the ballgame has changed. The second thing was that the printer to make these cards, because you know you can clone the chip, but then you would still have a white card. But to copy this could be very cheap. Today I checked on eBay and it's less than 100 dollars if you're looking good. And that means that it would be interesting for a family of four. You know? A criminal business case doesn't have to be like massive no more. You can do it like out of the comfort or the leisure of your own home. Both statements basically boiled down to a change conclusion. The first conclusion was if we were you, I would basically seize the current project, get a new card and then start over and go, you know, move on. Which from a security perspective to me makes sense. The new conclusion was, you know what? Carry on what you're doing, but do start. And I must say to be honest to them, I must say they did state do start to change to new cards as soon as possible. But the difference is fundamental. Seize and then continue or continue and then replace. You know, that's a big difference. And if you have a secretary of transportation that nearly lost her head politically, that's a very big difference. So I was writing this up and then I got a very negative response by the department of transportation. And of course you can expect negative response, but also very emotional. Like we did not alter this. We didn't do this and they showed me extra documents. That basically indicated that they started a very thorough procedure to select the university that was doing the contract expertise. They hired even this company for it. That's kind of strange. And then what I found out is that the Royal Holloway University is advising to Transport for London. And Transport for London is the company behind the oyster card. The oyster card is the sister card of the Dutch over chip card. But you know, that's not a smoking gun. Neither is it a smoking gun that the guy who wrote the report used the word for Philips, the division that's now NXP because he wasn't involved in smart cards back then. Neither in itself is it a smoking gun when your company receives or your university receives money from Transport for London to do extra research for them. But you know, it starts to get itchy at the moment that somebody is part of the Board of Transport for London. You know that with journalists that raises questions. So I'm not saying that they did force the conclusions. Maybe something else happened. Maybe they did get scared about the denial of service attack and I'll say it in a second why they should be afraid for that. But it does raise questions and at least it might have happened you know by being over enthusiastic. On June 18th, there was this session in Parliament and two things were discussed there. One of that, this was the Nijmegen researchers. They were like hurt and they had to make a formal statement on what they did, how they did it, blah, blah, blah, blah. And then all of a sudden they asked like, did you apply your research in any other city anywhere in the world? Kind of strange question all of a sudden. But their answer was like, oh yes, we were on holiday in London. And we travelled the tube for free for a day. But we had to figure out which card to use because the first card kind of ruined the first gate. And later on, you know, when you start to hear the stories and you start like digging into this, they explained that the first gate went down and they didn't think much of it. The second gate went down and at the third gate they were like, no, no, no, no, no, no, don't do that, don't do that. And they realized they basically had a denial of service. I'll make a jump in the time because within a month the Transport for London decided to service a new patch. That was on July 15th. And this patch basically was meant to resolve the issue although all the gates went down. En the people that were using the gates anyhow, holding the cards in front of it, their cards were damaged. They had to replace on the Saturday morning, or at least on the Saturday morning, over 40,000 cards were ruined. This is your denial of service attack. I'm not emotional by the way, I'm just trying to shout. Probably the beer that I had yesterday. All of a sudden, there is this situation now. We have this real life scenario. It's happening for real in London. And it didn't happen in the Netherlands because we're not using this officially yet. The system is only in use in Rotterdam and in Amsterdam it's being tested on the subway and the Dutch railways haven't got jumped on the bandwagon really. It's kind of remarkable if you're the number one sponsor. I think they're really afraid to do so. At this point, there is no emergency plan. So if you were to roll it out fully, what is still the ambition, then if it were really broken, if there would service attack or open source tools would service or anything of that were to happen, then we wouldn't have a plan contingency plan. So what are you supposed to do then? What the Secretary of Transportation now demanded that there is a contingency plan. And as far as I'm aware, just before I left, I verified, they don't have one yet. But they are supposed, they are due to deliver that next week or the next week thereafter. So they should think of something. I, by the way, gave the department free advice. I would say like, in case of emergency, go for paper. On June 20th, the University of Nijmegen announced that they are starting an open source project to make a secure smart card. And that has been funded by NLNet to do it in a secure and privacy friendly way. At this point, if you want to have a discount in the Netherlands, this is my discount card, it gives you a rebate of 40%. So kind of interesting. You cannot have it anonymous. Even though you can think of systems that you could do it anonymous, I mean, you could have two cards and you know, put your tick on this one and then when the train conductor comes by, you show this as proof. And then basically that would work. But the Dutch railways don't want to go that route yet. I know of somebody who is planning to sue. So I think that's giving European regulations that they might have to adjust that part of the system. On July 10th, I did a lot of research. Oh, no, sorry, minor detail. On July 8th, NXP started a lawsuit against the Nijmegen researchers. They were suing the university. And they were suing the professor that is doing the research. Basically what they were trying to get is a temporary restraining order. That means that you are not allowed to do something. And they were not allowed to publish their results in October. Because this would like to be a real nightmare for national security. And it would be a real nightmare for all the companies that use my classic. Of course, I would have loved to have gone to that lawsuit, to the trial. But by really big exception, given the national security interest, it was all behind closed doors. Because it's all about the closed protocol. And if that leaks out, then basically the security is gone. Basically this is why security through obscurity doesn't work. We all know that. So I started digging in another way. Because if you can't come to a party, you have to create a party yourself. And I started doing a lot of research and found that since 2004, Chinese vendors have been selling clones of the smart cards. En the readers. So all this time, Chinese people have been able to clone tickets, access to the department, like the department of the interior. And military installations and you name it. That's kind of scary. I found the Dutch Secret Service and I asked them, have you known this? And how long have you known this? And they went like, you know what? We'll get back to you. And they phoned me back and they were like, why do you want to do it? And I always try to be as fair as possible. So I said, well, if you've known it for years, you've ignored a very big security risk. And if you haven't known it, why didn't you know? That's why your Secret Service. En they took another four days or three days, I'm not sure. And they came back like after the Nijmegen demonstration was given, NXP basically gave us this information. This part of their statement, I know for a fact, is not true. And if there's anybody of the Dutch Secret Service, don't be offended because I fully understand why you didn't tell me. But I've heard from multiple sources that after the Nijmegen University researchers showed their demonstration, like one or two weeks later, basically the Dutch Secret Service went to NXP and they went like, you are going to give us crypto one. No, we're not. It's like corporate secret. We're telling you, national security interest, you're going to give it to us. And apparently, you know, without too much lawyer work, they were so bullied that they gave it all. So I have to hand it to the Dutch Secret Service. I think that is awesome. Well, I told you about the oyster crash. And then on July 18th, something important happened, the verdict came in. I have to remind you because I told you about the minister of the interior telling me that she was standing behind the researchers. Pure coincidence on July 7th, I asked the department of the interior if they still were standing by the statement and they said yes. One day later the lawsuit came and it was kind of handy to use it in the article like the minister of the interior. I've got to tell one thing. When this thing in parliament was going down and the debate was finished, I was asking the, I was walking towards the minister of the interior and she walked towards me and she went like, are you that little troublemaker? So I'm like, yeah, good going boy. That was kind of cool. So they were like totally cool about it, especially the department of the interior was and they were very, very proactive in solving it. But now the verdict came in. What do you think the judge said? We give the Nijmegen researchers a temporary training order? Of course not. Remember the first slide in the Netherlands, we've got freedom of speech and that's what the judge said. You know, NXP, you've got freedom of speech in this country. You cannot silence researchers. The judge said no. You know what else the judge said? NXP, if you're making a faulty product and it doesn't work, that's your problem and it's not the messenger's problem. I could understand that. And the last thing the judge did was, he wrote down, they wrote down everything that happened like on a high line in the courtroom. So everything was behind closed doors, but every journalist had access to it all of a sudden. So what they tried to keep away from us and they wouldn't respond to us about it, blah, blah, blah. All of a sudden was out there in the open. So I asked NXP, are you going to appeal this verdict? And they went like, not really. So this is what we've been up to in the Netherlands. Currently we are rolling out a system that we know it's kind of flawed. I know that they are looking at different cards, but of course it's such a fundamental part of the system that is kind of hard to do. I must also state that the company TransLink has never, ever, ever bullied me. They've never, ever, ever stood in my way in any way, shape or form. Of course they did sometimes say that we are not going to answer questions. That is their given right of course. But they never, ever stood in my way. I know that in some countries, you know, that is different. And I know that in some countries, like the United Kingdom, it is very hard to get a response at all. I've had that TransLink was actively sometimes pointing me like, hey, did you see this? So on one hand, you know, you're the difficult reporter that is following them. On the other hand, you know, they're the grown up people that deal with it in a grown up way. And I think that's cool. And then what will happen in the future? Well, I know two things. In oktober, de study will be published by the Nijmegen University researchers. Ten minutes, okay. I was nearly done, so that's kind of cool. The Nijmegen researchers will publish their findings and then we can crack my classic cards all over the world in a matter of seconds. I guess that will be perfect over time. I cannot imagine that it would take longer than three or four weeks to have open source tools on the market. And I wouldn't be surprised if they would service before that. If anybody in the room is using my classic at this moment, this is your final wake up call. This is your final heads up. You've got two months left and if you haven't done anything, you're screwed. The second thing that I know is that we won't get this transportation card ultimately and will go for a different system. I've talked quite long, so I think I have only a few minutes left for questions. After that we can go in the Q&A room. Again, I'm pretty technical, but I've been advised by several lawyers not to go into technical details of the my fair classic. But anybody who has access to Google, any questions? Sorry, I couldn't hear that. The tools you need is that expensive? No. The cards. Oh no, no, that's like one or two euros. Because there's a unique identifier there and they would register the unique identifier that is registered to a name. They did make some privacy safeguards, but you know for like law enforcement, that would be kind of interesting. Think about what the issue is with that. If I can clone your card, you know, I can make you look suspicious. And that kind of ruins your day. Oh, how much does the equipment in China cost? I don't know exactly. I sent them a couple of emails. What I found was that they wouldn't, they will only discuss larger numbers. I also asked them, is it possible to buy totally blank cards without any factory identifier? And they only would talk about that in person. I would like to ask, at one thing I forgot to tell and all of a sudden I remember, in Canada, there is a report available that you can buy with all the information. It's about $60,000. Anybody else? Well, that kind of sums it up. Thank you.