Editorials
Publishers Weekly -
A 75-cent discrepancy in billing for computer time led Stoll, an astrophysicist working as a systems manager at a California laboratory, on a quest that reads with the tension and excitement of a fictional thriller. Painstakingly he tracked down a hacker who was attempting to access American computer networks, in particular those involved with national security, and actually reached into an estimated 30 of the 450 systems he attacked. Initially Stroll waged a lone battle, his employers begrudging him the time spent on his search and several government agencies refused to cooperate. But his diligence paid off and in due course it was learned that the hacker, 25-year-old Markus Hess of Hanover, Germany, was involved with a spy ring. Eight members were arrested by the West German authorities but all but one were eventually released. Although the book will be best appreciated by the computer literate, even illiterates should be able to follow the technical complexities with little difficulty. Literary Guild selection. (Oct.)Library Journal
Stoll is an astrophysicist at the Lawrence Berkeley Laboratory who became a computer security expert when his persistence in chasing a computer hacker in West Germany led to the crackdown of an international spy ring. Here, his careful documentation of how he tailed the intruder over a year-long long period reveals for all to see the vulnerability of computer networks, the bureaucratic politics of government agencies, and the irresponsible, damaging actions of hackers. Stoll's interspersal of domestic anecdotes adds a touch of seasoning to the story. Readers who are familiar with computer trojan horses, time bombs, and viruses, and who wish to learn about the ``cuckoo's egg,'' will be delighted with this realistic account. Succinct explanations of computer jargon make the text intelligible for general readers. Recommended for public and academic libraries. Literary Guild selection.-- May Rathbone, Virginia Polytechnic Inst. & State Univ., BlacksburgGregory V. Wilson
The Cuckoo's EggIn its least destructive form, computer hacking is a form of breaking and entering which can cost people hours, days, or months of work due to missing or damaged files or interrupted machine access. At its worst, when it occurs on computers used in medicine and defense, it is life-threatening vandalism. Despite this, there are still quite a few network users, particularly students, who profess to believe in "open" systems and free access for all to information, particularly information belonging to such obviously evil organisations as multinationals and the government.
One of the things The Cuckoo's Egg is about is the transformation of one such person, an astronomer turned programmer named Clifford Stoll, into a someone pro-actively concerned about computer security. In 1986 Stoll had just started working on a computer system at the Lawrence Berkeley Laboratory near San Francisco when he noticed a 75-cent discrepancy between the charges printed by two accounting programs responsible for charging people for machine use. What he first thought was a bug turned out to be the beginning of a chase that led him from California to West Germany via the FBI, the CIA, the NSA, and a carpenter's handful of other acronyms, and led to the arrest of a group of German hackers who had been scouring American military systems for material to sell to the KGB.
The technical details of that search are another of the things this book is about. Markus Hess, the hacker Stoll was tracking, exploited a variety of simple loopholes in computer security systems to break into machines belonging to both the military and to civilian defense contractors through the Internet, a network created by the US government which links thousands of academic, industrial, and (unclassified) military computers. The most engrossing parts of this book are the ones which describe how Stoll patiently watched his hacker, day after day, tracking him first to a local university, then to Alabama, then Virginia, and finally to this side of the Atlantic. There is a lot of technical detail here, which some readers might find off-putting, but Stoll is careful to define his terms (even though he often does this after first using them), and assumes a user's, rather than an engineer's, knowledge of how computers work.
Jurisdiction, or rather organisational quibbles about it, is this book's third subject. Stoll's story shows the inadequacy of present legislation when confronted with crimes like these, crimes in which the perpetrator and the victim may be six thousand miles apart, and no physical evidence may remain after the crime. Once he realized he was dealing with a tenacious intruder, rather than a casual amateur out for a joyride, Stoll contacted his local FBI office. The attitude he encountered was to plague him throughout his chase: nothing had been stolen, no-one had been kidnapped, and there was less than a million dollars at stake, so the FBI couldn't help, though they wanted to be kept informed. The CIA couldn't help either, although they wanted to be kept informed as well. The NSA's National Computer Security Center (whose responsibility was how to design secure computers, not investigating holes in existing ones), and the Air Force Office of Special Investigation gave the same answers --- no one organisation, it seemed, was responsible for computer security, though many individuals within those organisations understood and feared the erosion of the trust upon which computer networks are built which hacking was causing.
An amateur's search for an electronic criminal, his transformation from a relaxed, comfortably anti-establishment academic into someone with a stake in making the system work, and his struggles with a bureaucracy whose rules had not kept pace with the times --- in reality, this book is about the end of yet another American frontier. When the computer revolution took off at the beginning of the 1980s, many gurus prophesied that computer networks and personal computing would make society more open and more aware of itself. For a while it seemed as though it could actually happen. Computer companies, and computing departments, were famous for their relaxed attitudes, their combination of Zen and high technology. Public networks managed by volunteers and good faith sprouted all over America, and later in Europe, to connect these people together.
It couldn't last, and didn't. A computer open enough to allow your friends easy access is necessarily open enough to allow such access to strangers, whose good will is not guaranteed. Malicious hacking, and the intentional destruction of property, have been very rare to date (or rather, publicly reported instances of it have been rare --- there is no law to force your building society to disclose how many times its computers have been held to ransom by ex-employees with a grudge), but snooping and pranks have become increasingly widespread. Robert T. Morris Jr.'s famous worm program in 1988, which is the subject of the epilogue of this book, was only the most public of many nails being driven into the coffin of the open computer society. The gurus who created networks for us made them so useful that we must now give up the rough-and-ready hospitality of the frontier for the self-interest and suspicion of town dwellers.
Stoll is very much a product of that laid-back pioneering society, something which his writing style unfortunately reflects. When he wanders away from his detective story and describes bits of his personal life he becomes embarrassingly Californian --- there's a recipe for cookies in one of the footnotes, and his wife and roommate are both so wonderful and supportive I wanted to reach for a bucket. His folksiness is the book's only real weak point; while some might object to the detail with which he describes the techniques hackers use, the people in black hats already know them, and the only effective basis for security is understanding.
β Dr. Dobb's Electronic Review of Computer Books