Thursday, April 10, 2014

20 Books: Cuckoo's Egg

This is part of a sub-series of postings based on the "20 Books Cybersecurity Professionals Should Read Now".

Clifford's Stoll's book, The Cuckoo's Egg (or to use it's full title The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage) is an early (1989) work on computer breaches and espionage.  I read it when it first came out, and I thought it fascinating at the time.

For those not aware, let's get into it.

Clifford Stoll was at the time (1986) an unemployed astronomer working as a Unix sysadmin at the Lawrence Berkeley National Laboratory.  His boss asked him to looking to a 75cents error in computer usage.  Back in those days, you would be charged for computer usage.

Now, the amount was strange.  An anomaly.  That is important. Otherwise why bother?  It's a trivial amount.  Some companies would just write off a bill of that size as not worth their time.  But this is what triggered things, as it indicated that it wasn't a system error, but a human error.  Someone was hiding (or trying to hide) their tracks.  And this mistake lead to the anomaly, which lead to Stoll looking into it.

Keep in mind this was way before the various cybersecurity systems we think of existed.  No firewalls.  No IDS/IPS or the like.  This was because access was being done in many cases over modems, NOT the Internet.  From his 10 month investigation, Stoll realized this was bigger then just a simple accounting error, and soon brought in the authorities.  Its also interesting that Stoll's girlfriend actually recommended he setup what today would be known as a "honeypot" to attract the hackers and keep them on-line so they could be traced.

It developed that the hackers were from Germany.  It also seemed they'd accessed LBL by mistake, thinking it was Lawrence Livermore National Laboratory, where they do nuclear research.  Thanks to Stoll's efforts, the hacker and a confederate were captured and put on trial.  It would later be shown that the hackers (or some of them) were doing espionage for the KGB.

Stoll wrote up the matter in a more technical article for the Association of Computing Machinery (ACM) called "Stalking the Wiley Hacker" in 1988.  You can read this

The book came next, written for the general audience.

And they then did an episode of the PBS science series NOVA on it:  "The KGB, The Computer, and Me" in 1990.  Interestingly, many of the people involved played themselves.




While the technology may seem primitive, it shows how small, anomalous things can point to bigger issues.  Clearly, you don't want to have to spend 10 months tracking down the source of a computer breach, but having an idea of what is normal on your systems such that abnormal things, no matter how small, can point to bigger issues.

All these works are highly recommended by me.  Check them out!

No comments:

Post a Comment