You guys have got to read this book if you haven't already, I read it when it first came out. It's in a different time period of the computer world than we have been used to, but the people never change.
http://www.ercb.com/brief/brief.0059.html
The Cuckoo's Egg
Clifford Stoll
0-385-24946-2
1989
In its least destructive form, computer hacking is a form of breaking and entering which can cost people hours, days, or months of work due to missing or damaged files or interrupted machine access.
At its worst, when it occurs on computers used in medicine and defense, it is life-threatening vandalism.
Despite this, there are still quite a few network users, particularly students, who profess to believe in "open" systems and free access for all to information, particularly information belonging to such obviously evil organisations as multinationals and the government.
One of the things The Cuckoo's Egg is about is the transformation of one such person, an astronomer turned programmer named Clifford Stoll, into a someone pro-actively concerned about computer security. In 1986 Stoll had just started working on a computer system at the Lawrence Berkeley Laboratory near San Francisco when he noticed a 75-cent discrepancy between the charges printed by two accounting programs responsible for charging people for machine use. What he first thought was a bug turned out to be the beginning of a chase that led him from California to West Germany via the FBI, the CIA, the NSA, and a carpenter's handful of other acronyms, and led to the arrest of a group of German hackers who had been scouring American military systems for material to sell to the KGB.
The technical details of that search are another of the things this book is about. Markus Hess, the hacker Stoll was tracking, exploited a variety of simple loopholes in computer security systems to break into machines belonging to both the military and to civilian defense contractors through the Internet, a network created by the US government which links thousands of academic, industrial, and (unclassified) military computers.
The most engrossing parts of this book are the ones which describe how Stoll patiently watched his hacker, day after day, tracking him first to a local university, then to Alabama, then Virginia, and finally to this side of the Atlantic. There is a lot of technical detail here, which some readers might find off-putting, but Stoll is careful to define his terms (even though he often does this after first using them), and assumes a user's, rather than an engineer's, knowledge of how computers work.
Jurisdiction, or rather organisational quibbles about it, is this book's third subject. Stoll's story shows the inadequacy of present legislation when confronted with crimes like these, crimes in which the perpetrator and the victim may be six thousand miles apart, and no physical evidence may remain after the crime. Once he realized he was dealing with a tenacious intruder, rather than a casual amateur out for a joyride, Stoll contacted his local FBI office.
The attitude he encountered was to plague him throughout his chase: nothing had been stolen, no-one had been kidnapped, and there was less than a million dollars at stake, so the FBI couldn't help, though they wanted to be kept informed. The CIA couldn't help either, although they wanted to be kept informed as well. The NSA's National Computer Security Center (whose responsibility was how to design secure computers, not investigating holes in existing ones), and the Air Force Office of Special Investigation gave the same answers --- no one organisation, it seemed, was responsible for computer security, though many individuals within those organisations understood and feared the erosion of the trust upon which computer networks are built which hacking was causing.
An amateur's search for an electronic criminal, his transformation from a relaxed, comfortably anti-establishment academic into someone with a stake in making the system work, and his struggles with a bureaucracy whose rules had not kept pace with the times --- in reality, this book is about the end of yet another American frontier.
When the computer revolution took off at the beginning of the 1980s, many gurus prophesied that computer networks and personal computing would make society more open and more aware of itself. For a while it seemed as though it could actually happen. Computer companies, and computing departments, were famous for their relaxed attitudes, their combination of Zen and high technology. Public networks managed by volunteers and good faith sprouted all over America, and later in Europe, to connect these people together.
It couldn't last, and didn't. A computer open enough to allow your friends easy access is necessarily open enough to allow such access to strangers, whose good will is not guaranteed. Malicious hacking, and the intentional destruction of property, have been very rare to date (or rather, publicly reported instances of it have been rare --- there is no law to force your building society to disclose how many times its computers have been held to ransom by ex-employees with a grudge), but snooping and pranks have become increasingly widespread.
Robert T. Morris Jr.'s famous worm program in 1988, which is the subject of the epilogue of this book, was only the most public of many nails being driven into the coffin of the open computer society. The gurus who created networks for us made them so useful that we must now give up the rough-and-ready hospitality of the frontier for the self-interest and suspicion of town dwellers.
Stoll is very much a product of that laid-back pioneering society, something which his writing style unfortunately reflects. When he wanders away from his detective story and describes bits of his personal life he becomes embarrassingly Californian --- there's a recipe for cookies in one of the footnotes, and his wife and roommate are both so wonderful and supportive I wanted to reach for a bucket.
His folksiness is the book's only real weak point; while some might object to the detail with which he describes the techniques hackers use, the people in black hats already know them, and the only effective basis for security is understanding.
-- Gregory V. Wilson ( [email protected])
This review was originally published in "The Independent" newspaper, London, U.K., and is reprinted by permission
UADNA-US (Unseen Apostate Directorate of North America-United States)
