The Electronic Spy

The Cuckoo’s Egg begins by painting the portrait of a struggling academic who runs out of grant money in his field and is forced to take a job in a loosely related computing role as a systems administrator at the Lawrence Berkeley National Laboratory. What starts as a simple fish-out-of-water story of an astronomer turned burgeoning computer expert rapidly becomes a thrilling ride as the author, Cliff Stoll, discovers a small inconsistency in an accounting program which leads, through skillful investigation and no end of diligent effort, to the discovery of an act of electronic cyber warfare espionage the likes of which the United States had never seen. While the plot of the book is stunningly entertaining, perhaps more compelling is the lesson that no matter how complicated the security system, carelessness on the part of human users will always be an unavoidable vulnerability.

Stoll, who was trained as an astronomer, begins to work in the Lawrence Berkeley National Laboratory(LDL) at the University of California at Berkeley. Stoll sets the stage for the chase to come by playing down his programming abilities, quoting his old astronomer colleagues: “’Cliff, he’s not much of an astronomer, but what a computer hacker!’ (The computer folks, of course, had a different view: ‘Cliff’s not much of a programmer, but what an astronomer’” (1989, p. 9)! This humble description of his own programming ability is quickly discredited as Stoll is asked to investigate a minor accounting discrepancy of $0.75. Given that an hour of computing time is charged at $300 and the error was so small as to account for only seconds of time, Stoll’s first conclusion is that “the obvious suspect was a round-off error” (1989, p. 5), in which minor errors in rounding hundredths of cents compound, over many cycles, into small but noticeable amounts. Much to his frustration, however, he cannot locate an error in any of the accounting programs that the laboratory uses. What he does discover, however, is that the unauthorized computing time originated from a user who shouldn’t exist.

This user, initially operating on the username “Hunter”, is thought to be simply a clerical error, but Stoll quickly discovers multiple other fraudulent users, among them an account named “Sventek”. Even more troubling, these accounts have super-user access enabling them unrestricted edit privileges over the most sensitive system files throughout the network. He concludes, then, that someone was penetrating the LDL system. “So how do you find a hacker? I figured it was simple: just watch for anyone using Sventek’s accounts, and try to trace their connection” (1989, p. 15). This hacker, however, shows no familiarity with the makeshift code that comprises much of the customized operating system in the LDL network, implying that he is not affiliated with the lab. Tracing him would not be easy, even less so because it soon becomes clear that his hacking is not limited to the network at LDL, but rather is traceable to numerous other networks, several of them military. The method he uses to access these networks is the same: he is able to guess a password, typically “guest” or something equally simplistic, and then he exploits a bug in a client to plant a file in a system directory which, when executed, gives his account system-level privileges. This planted file, because it is trusted and executed by the operating system, is likened by Stoll to the egg of the Cuckoo which is raised by another bird under the impression that it is its own.

Though the hacker’s activities clearly have national security ramifications, Stoll is unable to enlist the aid of law enforcement or military agencies. Over the course of the book, the Federal Bureau of Investigations is most reluctant to assist, refusing almost a dozen requests for aid. The CIA and the Air Force Office of Special Investigations are more supportive, but limit their input to advice and information rather than manpower or official support. It was only when the hacker’s location is determined to be abroad, in West Germany, that official help is found. The idea that a foreign interloper is hacking his way through military computer networks in search of classified information is enough to wake the interest of American and German authorities. Eventually, through the cooperation of many international agencies, the hacker’s location is identified. In order to catch the hacker in the act, however, they have to keep him on the connection for a long period of time. To convince the hacker to remain active for this long period of time, a false treasure trove of information is invented and stored in a location that only the hacker could access. The hacker falls for it, and that is enough for the German authorities to arrest him.

The most powerful message in the book is unquestionably that a single man, possessing boundless determination and an unrelenting will to succeed, can accomplish anything he decides to accomplish. From the technology perspective, however, the more chilling message is that even the most complex, expensive, and well-designed security structures are only as good as the human personnel who use them. The events in The Cuckoo’s Egg tell a story of multibillion dollar agencies whose systems were rendered utterly defenseless because an analyst decided to make his password “guest”, or a secretary who kept a word document of the week’s security codes on her desktop. There is no magical solution to this problem. If The Cuckoo’s Egg teaches anything about security, it is that no hacker can overcome a wealth of caution, and no amount of planning can make up for carelessness on the part of the end user.

Though it reads like a breakneck thriller, Cliff Stoll’s The Cuckoo’s Egg imparts serious wisdom about the nature of network security. Though the battle of wits between hacker and system administrator is rarely as dramatic as the book portrays, the lessons taught about determination, will, and patience apply to every modern scenario.

Reference

Stoll, C. (1989). The cuckoo's egg: Tracking a spy through the maze of computer espionage.New York, NY: Doubleday.