Softpanorama 91a (vol.9, No.2) March-April, 1997
Review picked up on the Internet
and adapted for alt.security
by Nikolai Bezroukov
The Cuckoo's Egg by Cliff Stoll is a book about a German student, a hacker actually. This hacker had a strange hobby breaking into military sites. Bad guys from KGB forced him to bring some US military documents. The hacker did not know that KGB guys already obtained everything they wanted using girls and vodka instead of Internet. These backward Russians usually rely on good old tricks. Anyway, even if they obtained something useful it was almost always lost in the huge bureaucratic machine KGB was, or left by drunken agents somewhere in the subway.
Cliff Stoll, an astronomer turned UNIX system administrator, (this kind of disaster happen with astronomers quite often nowadays) works at Lawrence Berkeley Lab. He was going over some problems when he found a 75-cent accounting error (girls should beware dating with former astronomers).
Cliff found a hacker on the system and alerted the CIA/FBI. Since no one would listen to him because the hacker hadn't stolen more than a million dollars or "How to make an A-bomb" FAQ, he started his investigation alone. Cliff hooked up his computer, so that every time the hacker logged on, his beeper would ring. He tried to imitate Sherlock Holms and even get a logbook which he put all his information in. Now when his PC was hooked he could not play Red Alert in his working hours anymore. That made him uncomfortable and he tried to pursue the hacker with double energy.
At last the hacker broke in again and tried to log on by using stolen passwords. This was the day Cliff was waiting for. The FBI/CIA was finally interested, but they only took information from Cliff, never giving any back. They never treated him well and Cliff was always left out in the cold in his own investigation. They traced the hacker throughout the globe and eventually discovered that he was somewhere in Germany.
Since the hacker always tried to get documents from army bases, Cliff made up hundreds of fake military documents and planted them in the computer. Imitating military documents was a pretty dull job, (most of them are usually so stupid). But Cliff was diligent and worked around the clock. Some of these documents were actually much better than the real. Poor former astronomer fail to realize that CIA penetrated and manipulated KGB on such a massive scale that all the mess was probably initiated by CIA request
The hacker was delighted to get Cliff's documents and sent Cliff a letter asking for more information. Unfortunately, it was intercepted first by FBI and then, of course, had found its way to CIA. Bad guys from FBI/CIA didn't let poor Cliff to know who the hacker was and why he was doing this. Cliff had no choice but to follow their instructions. He felt like a pawn.
All in all, he had spent the whole year chasing the hacker. With a miserable result of some fuzzy links to the hacker instead of his own planet. Tragically he was unable to go back to astronomy and even to UNIX system administration. All he wanted was to be interviewed or to chase other hackers. Basically he sacrificed his love life and his job at the Lawrence Berkeley Lab. Now he was good only for interviews. He will never discover a new planet. His beeper always rang when he was with his girlfriend, and eventually she got really mad at him. His life and his career were ruined and out of desperation he became a security consultant.
The main idea of the book is that every time the hacker went onto the Internet and wrote a program, it was like a cuckoo laying an egg and leave it to Cliff to hatch. And after hatching several eggs it's too easy to became a kind of cuckoo and start to give interview after interview. It's a darker side of the story. On a positive side the book could serve as a warning for young people. It teaches us that could happen when some people have too much zeal in catching a hacker and especially in giving interviews. Like in stock trading, too much zeal in interviews make them no good. One should understand that all this intelligence business is to large extent a self-serving sham. This highly payed careerists just deceive public and policymakers about both the necessity and value of their work
Anyway, you never know who is who on the Internet.