In case you missed all of Cliff Stoll's written articles, TV interviews, or lecture circuit appearances, "The Cuckoo's Egg" is about a year-long effort to apprehend Mark Hess. Hess was a West German hacker who broke into computers all over Europe, North America, and Japan through a tangled web of computer networks. Until his capture, Stoll watched Hess attempt to break into over 400 computer sites on Milnet and Arpanet. Hess was successful in about 40 of his attempts.
Stoll first became aware of the hacker's presence when he discovered a 75 cent accounting error in the Unix system he was administering. One thing led to another, and he soon realized an unauthorized user was on his system. Instead of getting rid of the account and locking out the hacker, Stoll methodically kept notes and records on the hacker's every move. Stoll alerted all the government agencies that he thought could act upon the case. He started performing traces with the help of Tymnet, a data carrier on which Hess was placing his calls.
As his activities grew, the more interest government agencies showed in Hess. It became apparent the hacker was coming from Europe and showed a strong taste for documents concerning the Star Wars project. The slow wheels of bureaucracy started to move. The FBI, the only agency with the authority to act on the case, officially asked for help from West Germany. With their help, the FBI was quickly able to identity the hacker. He was arrested nearly one year after Stoll first discovered the accounting error in his system.
"The Cuckoo's Egg" excels in giving detail into the inner workings of the people involved in capturing Mark Hess. Stoll provides all the glorious detail of the agencies involved in the case, what their role was, what their response was to the intrusions, and what their actions were. He tells what the CIA said and did, as well as the NSA and FBI. Everybody's role and their relevance to the case is discussed.
"The Cuckoo's Egg" provides excellent advice for any network hacker. Stoll explains what traces took place, how long they took to perform, and what the stumbling blocks were in catching the hacker. Stoll tells how many system administrators knew their systems were actually being attacked. If the hacker did succeed in penetrating the system, Stoll describes how many realized it and what they did once they found out. By seeing the strong and weak spots of system operators and nets, a network hacker is more able to act in a manner which is prudent to his security, while making him aware of more opportunities.
Stoll mentions the techniques used by the hacker to gain access to a system, and the security flaws exploited. The security flaws are not described in detail, but anyone familiar with the computer systems mentioned should already be aware of them.
"The Cuckoo's Egg" does take Stoll's reactions a bit too far at times. Stoll says the hacker managed to break into an account when all the hacker did was log into a guest account. (Account name: Guest or Anonymous. No password.) He fails to consider that these accounts are set up precisely for guests, regardless of whether or not they log in for malicious reasons.
Stoll also makes too big a deal out of old security holes. He is shocked to learn of the Gnu-Emacs holes, which go back to the early 80's (see some of the Tap issues). The X-Preserve hole for the vi editor is another discovery for Stoll, even though that hole is equally well known. Stoll's real shock comes at learning that anybody can take a public readable encrypted password file, and use the same password encryption scheme as the host computer to make dictionary guesses at passwords. This method is perhaps the oldest of them all.
"The Cuckoo's Egg" also suffers in part from its "novelist" approach at times. Perhaps as a way of stretching out the material, the book is full of irrelevant aspects of Stoll's life and thoughts which have nothing to do with the matter at hand. He constantly bores the reader with personal interactions between him and his wife-to-be, describes how he spent Halloween, Christmas, and every other day, and continually interjects his own "cutesie" observations on life. Stoll also brings back so many immaterial analogies and stories from his grad school days that the reader would think he spent the better part of eight years just to get his master's degree. Most hackers reading the book could hardly give a rip about Stoll's personal life.
From a security standpoint, The Cuckoo's Egg stands alone. No other book goes into the gripping detail of the operations used to catch Mark Hess. To Stoll's credit, he kept a detailed lab book of every activity, conversation, and contact during the entire affair. His notes made for an accurate retelling. Any hacker working on a net would benefit from reading this book by learning about the weak spots in the networks as well as how to avoid being tracked down as Mark Hess was.
(Dr. Williams)
Links:
ACCESS:
The Cuckoo's Egg
Clifford Stoll
Doubleday
$19.95, 326 pgs.