Book Review: Clifford Stoll’s “The Cuckoo’s Egg – Tracking a Spy through the Maze of Computer Espionage”

I haven't done "book reports" since I got out of public school, and usually those were sort of "forced" on me (if I expected to get a decent grade in the class, that is). Maybe I just didn't have the passion about those books.

Since then, I've read many, many books including novels, textbooks, non-fiction self-help books, historical treatises, and technical instruction. And only a few have inspired me to write a "book report" (aka "book review"). I've gone through being a teacher (English, Japanese, and science), newspaper staff photographer/writer, and finally a freelance and staff technical writer-editor. As a result, I've worked on writing and editing many, many books (installation manuals and user guides, mostly, but also troubleshooting guides, release notes, patch notes, and training materials).

My initial job as a tech writer at a military base (U.S. Army White Sands Missile Range (WSMR), New Mexico) started with documentation for radars and missile launchers, but eventually led me into the computing software and hardware field, where one of my early jobs at Lawrence Livermore National Laboratory (LLNL) included working directly with a supercomputing facility.

One of my colleagues recognized that I was sort of new at computing. She knew that I liked to read novels and she recommended for me to read Clifford Stoll's book, "The Cuckoo's Egg". I'm glad she did, because this book was a great introduction to the world of computer networking and IT security. It was a thrilling read -- along the lines of Tom Clancy, Michael Crichton, Ian Fleming, Janet Evanovitch, John Le Carré, John Grisham, Stieg Larsson, and other writers. 

However, rather than a fictional novel, this book was a fascinating first-hand account of an astronomer turned network system administrator turned amateur detective sleuthing out an intruder in the wires. The book is well-written and has a personal touch with humor and insight into the writer's life in Berkeley, while detailing how he chased the hacker through the wires. I first read the book in 1992, two years after it had been published. Recently, during a bit of boredom with this Covid-19 mess, I saw it in my bookcase and decided to read it again. I was not disappointed. It was interesting how relevant the book still is. 

The story?

An astronomer, Cliff Stoll, is assigned to ride herd on his department's network back in the days when time was sold to users who would pay to access the department's mainframe computer system (a process called "timesharing" to help cover the cost of having the thing). On Stoll’s 2nd day at work, his boss noticed a 75-cent discrepancy on one of the billing statements and asked him as a systems manager to track down the user who incurred this charge. This small discrepancy led him to dive into the maze of the new Internet (based on DARPA's Arpanet and Milnet) and a fascinating glimpse into how lax security measures enabled an intruder to easily access and "play" in places like Lawrence Berkeley Laboratory, Lawrence Livermore National Laboratory, White Sands Missile Range, NASA, Mitre, SRI, Redstone Arsenal, Aberdeen Proving Ground, and even the Pentagon to steal sensitive information. Since I had worked at three of these places, this relevancy helped the story resonate with me.

Stoll kept detailed records in his diary and logbook, and from his daily notes starting in 1986 he chronicled his methods of discovering, tracing, and tracking the intruder. Stoll completed his book in 1989 and published it in 1990.

I was a newbie to computers, networking, and IT security, so it was helpful that Stoll provided easily understandable "tutorials" on aspects of command line interface (CLI) access to servers through the "root" account and Telnet, and how network users could be "tracked" through telecommunications substations and DEC VAX/VMS clusters. He describes the use of different kinds of modems with varying baud rates, online "bulletin boards", some of the differences between Berkeley Standard Distribution (BSD) UNIX and AT&T UNIX, and how Gnu Emacs works. He describes how he set up "traps" of printers that when triggered by access to various areas of the systems he was responsible for, would not only send an alert to his pager, but provide a printout of the activity from the unauthorized intruder. He describes how he set up dummy folders and files within the system that would look "juicy enough" for the intruder to break into to snoop around. This enabled him to track the intruder with less danger to the more sensitive areas of the systems (a form of what is now called a "honey-pot").

Even after compiling substantial data and proof of foreign intrusion into sensitive military and government facilities and presenting this evidence of the data breaches to the authorities, he got little help from telephone company, the police, the FBI, the military, and even the CIA and NSA. The officials pretty much ignored his requests. They didn't think what he found was important and said that he was on his own. The bureaucrats didn't want to get involved with what they thought was a wild goose-chase. It was only after he discovered the breach of data involving nuclear and other military secrets that the U.S. authorities started to believe him and take action with coordinating the detective work with the foreign authorities.

The book is well-written and has a personal touch with humor and insight into the writer's life in Berkeley (even including recipes for his chocolate chip cookies), while detailing how he chased down the intruder.

Now that I have worked for many years with computer software, networking and IT security companies, I can appreciate more what Stoll went through when tracking his intruder. In those days, the SIEM providers such as LogRythm, Splunk, Q-Radar, and ArcSight did not exist. SSH did not exist. Advanced firewall filtering did not exist. Much of the computer forensics of recovering data did not exist. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) did not exist. And security training to prevent against social engineering and phishing and spear phishing did not exist. In those days, the computer world was much more na?ve about their systems’ vulnerabilities.

For people considering getting into the field of IT or cyber security or even those who have been in the industry for many years, I highly recommend this book as an eye-opening and informative yet entertaining read.

-----------------------------

Dave Gardner, of Pacific Consultants Group, is a documentation professional with extensive experience in analyzing, scoping, planning, scheduling, budgeting, researching, organizing, writing, editing, and producing scientific, technical, and regulatory compliance publications. He is available for quick-turn-around and long-term documentation projects. For more information on how he can help you with your documentation needs, contact him through LinkedIn messaging.