Kalpana Kalpana (Editor)

The Cuckoo's Egg

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
8.4
/
10
1
Votes
Alchetron
8.4
1 Ratings
100
90
81
70
60
50
40
30
20
10
Rate This

Rate This

Language
  
English

Media type
  
Print

ISBN
  
0-385-24946-2

Originally published
  
1989

Page count
  
326

Country
  
United States of America

4.2/5
Goodreads

Publication date
  
1989

Pages
  
326

Dewey Decimal
  
364.16/8/0973 21

Author
  
Clifford Stoll

Publisher
  
Doubleday

OCLC
  
43977527

The Cuckoo's Egg t3gstaticcomimagesqtbnANd9GcQn9iiqrOQr05Tiij

Similar
  
Ghost In The Wires: My Adven, Silicon Snake Oil, The Hacker Crackdown, The Art of Deception, Kingpin

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL).

Contents

Book vlog 2 the cuckoo s egg


Summary

Author Clifford Stoll, PhD, an astronomer by training, managed computers at Lawrence Berkeley National Laboratory in California. One day in 1986 his supervisor, Dave Cleveland, asked him to resolve a US$0.75 accounting error in the computer usage accounts. Stoll traced the error to an unauthorized user who had apparently used 9 seconds of computer time and not paid for it. Stoll eventually realized that the unauthorized user was a hacker who had acquired Superuser access to the LBNL system by exploiting a vulnerability in the movemail function of the original GNU Emacs.

Early on, and over the course of a long weekend, Stoll rounded up fifty terminals, as well as teleprinters, mostly by "borrowing" them from the desks of co-workers away for the weekend. These he physically attached to the fifty incoming phone lines. When the hacker dialed in that weekend, Stoll located the phone line, which was coming from the Tymnet routing service. With the help of Tymnet, he eventually tracked the intrusion to a call center at MITRE, a defense contractor in McLean, Virginia. Over the next ten months, Stoll spent enormous amounts of time and effort tracing the hacker's origin. He saw that the hacker was using a 1200 baud connection and realized that the intrusion was coming through a telephone modem connection. Stoll's colleagues, Paul Murray and Lloyd Bellknap, assisted with the phone lines.

After returning his "borrowed" terminals, Stoll left a teleprinter attached to the intrusion line in order to see and record everything the hacker did. He watched as the hacker sought, and sometimes gained unauthorized access to, military bases around the United States, looking for files that contained words such as "nuclear" or "SDI". The hacker also copied password files (in order to make dictionary attacks) and set up Trojan horses to find passwords. Stoll was amazed that on many of these high-security sites the hacker could easily guess passwords, since many system administrators had never bothered to change the passwords from their factory defaults. Even on military bases, the hacker was sometimes able to log in as "guest" with no password.

Over the course of this investigation, Stoll contacted various agents at the FBI, CIA, NSA, and Air Force OSI. This was one of the first—if not the first—documented cases of a computer break-in; and Stoll seems to have been the first to keep a daily logbook of the hacker's activities — At the very beginning there was confusion as to jurisdiction and a general reluctance to share information. The FBI in particular was uninterested as no large sum of money was involved.

Studying his log book, Stoll saw that the hacker was familiar with VMS, as well as AT&T Unix. He also noted that the hacker tended to be active around the middle of the day, Pacific time. Eventually Stoll hypothesized that since modem bills are cheaper at night, and most people have school or a day job and would only have a lot of free time for hacking at night, the hacker was in a time zone some distance to the east.

With the help of Tymnet and various agents from various agencies, Stoll found that the intrusion was coming from West Germany via satellite. The Deutsche Bundespost, the German post office, also had authority over the German phone system, and they traced the calls to a university in Bremen. In order to entice the hacker to reveal himself, Stoll set up an elaborate hoax — known today as a honeypot — inventing a fictitious department at LBL that had supposedly been newly formed by an "SDI" contract, also fictitious. When he realized the hacker was particularly interested in the faux SDI entity, he filled the "SDInet" account (operated by the imaginary secretary Barbara Sherwin) with large files full of impressive-sounding bureaucratese. The ploy worked, and the Deutsche Bundespost finally located the hacker at his home in Hanover. The hacker's name was Markus Hess, and he had been engaged for some years in selling the results of his hacking to the Soviet KGB. There was ancillary proof of this when a Hungarian spy contacted the fictitious SDInet at LBL by mail, based on information he could only have obtained through Hess. Apparently this was the KGB's method of double-checking to see if Hess was just making up the information he was selling them.

Stoll later flew to Germany to testify at the trial of Hess and a confederate.

References

The Cuckoo's Egg Wikipedia
(Text) CC BY-SA