Wednesday, February 17, 2010

The Cuckoo's Egg - Book Review

The Cuckoo's Nest
by Clifford Stoll
Pocket Books 1989 & 1990

This is one of the earliest and documented stories of cyber espionage. I have had a copy of this book since the early to mid 1990s and every now and then I get it out and read it again. Since I haven't blogged about it, I must not have read it since I started this blog, so it must be time to read it again. Which I did...in just one day.


The entire text of this book (including both prologue/acknowledgements and epilogue/bibliography) has been uploaded to the internet. Its not a long book - my hard copy is just 350 pages.

But this story involves a world that I was never privy to. While I did have access to a computer during the 1980s and 1990s, I was never online during this time. I played my games in isolation.

I did not get online until after the internet explosion of 1995. This book talks about the internet as it was being created. The early networks, ARPA, MILNET, TYMNET, various US Military bases as well as other computer networks in the private sector both in USA and around the world.


If you remember the 1983 movie WARGAMES about a high school student David who broke into NORADs computer (named Joshua) and almost started WW3. The computer networks and methods he used to "play games" were similar to what Hunter was doing.

Anyway - back to the Cuckoo's Egg. In the beginning there was 75 cents missing!!!

75 cents of computer time and use, that NOONE was being billed for.
Cliff Stoll was given the job to bill someone for that 75 cents.
It didnt take him long - there was a new user on the system called Hunter.

But noone at the Livermore Berkeley Laboratory would admit to adding the user Hunter to the computer system. So Stoll decided to find out who did. It turns out the hacker gave himself super user status (what we now call administration status) and privileges and created the new account called Hunter for himself. This didnt take very long to discover either.

Giving oneself super-user status involves laying a cuckoo egg or uploading a small file or program into the system - which is then moved by the computer into the secure area. That was a bug (AKA a Gnu-Emacs hole) right there. The file should not have been moved into the secure area. The program then becomes a super user allowing the hacker free and open access to that computer and to the networks it is connected to.

Hunter still had to gain access to computers and he needed passwords. He would regularly copy the list of users and their encrypted passwords - something that only a super user can do. Stoll finally worked out that Hunter had a cracking program that went through the English dictionary and encrypted every single word and then compared that encryption with the list. When a match was found, that was the password and another user was compromised.

Hunter also did not create a whole heap of new users. NO, he used old accounts that were still valid, but which had not been used for at least a year. This way he did not trip any alarms by creating new unknown accounts. These old accounts SHOULD HAVE BEEN removed, when their owners left the facility, but they weren't. In some ways the facilities left themselves wide open to be hacked, but Hunter should also not have been doing what he was doing either.

Trying to find Hunter's physical location was the hard part. Stoll put a printer on the cable that Hunter would usually come in on, and was therefore able to print out every keystroke that Hunter typed. It took Stoll almost a year to track Hunter down over the networks and telephone lines all the way to Germany. Stoll's documentation were the boxes and boxes of print-outs plus his log books of daily activities.

Stoll tried to get the FBI, the CIA, the Air Force OSI and even the NSA all involved, but none of these agencies were willing to do anything about Hunter - for 2 reasons.
1 - because there was no money or classified secrets being stolen
2 - Hunter was not in the USA

Hunter was stealing....but he was stealing the non-classified secrets!!!

Hunter turned out to be a German hacker named Markus Hess, a member of a hackers club called Chaos Computer Club or CCC. Markus was being paid by the KGB to provide certain types of information. He was also doing this hacking for the challenge and to prove that the military networks were as just as lax about computer security as the rest of the computer networks.

Hess was eventually arrested and went to trial in 1990. Two other CCC club members were also on trial. A third club member committed suicide. Stoll testified against Hess. Hess was found guilty of espionage and was sentenced to a suspended prison sentence plus community service. No jail sentence.

This all happened over 1987 and 1988 - just months before the Berlin Wall fell and before Ceauşescu was shot.

There are very few books that I like to re-read over and over again.
This is one of them. Every 4 to 5 years I will re-read it.
A good way to learn about the creation and origins of the internet.

1 comment:

Anonymous said...

This sounds interesting. I like this type of story, especially when its true