This is an old revision of the document!

Book Review: The Cuckoo's Egg

I've been re-reading Clifford Stoll's The Cuckoo's Egg – Tracking a Spy Through the Maze of Computer Espionage (Doubleday, 1989, hardcopy ISBN 0-385-24946-2, paperback ISBN 0-7434-1146-3 – inexpensive used copies available at, as an enjoyable holidays diversion and a real trip in the way-back machine! I don't recall exactly when I first read this book – must have been in the early 1990s – but re-reading it from the distance of almost 30 years (New Year's 2019) has been a whole new experience.

This is Cliff Stoll's chronicle about chasing an early black-hat hacker (a system cracker) in the early days of networked computers, with primitive trans-Atlantic connections, Tymnet, early LAN/Ethernet, and a nascent Internet with only a few hundred thousand [!!] computers connected overall, mostly in universities, some businesses and the military.

In the mid-1980s, Stoll was an astronomer at Lawrence Berkeley Labs who got displaced (reassigned?) to computer system management duties, on DEC VAX computer systems (he spells 'em as “Vax”, as a proper noun, not the acronym that it is) running both VMS and Unix (the Berkeley flavor, of course). The LBL user community included astronomers, physicists, and plenty of other scientific-academic types. Attitudes were open, sharing, and security-naïve; Stoll's world-view, like most of his colleagues, was hippie-soaked, fully distrustful of authority, “the man,” and of government in general. Yet he had to turn to members in the usual TLA (three-letter-acronym) organizations for help in his chase.

Researching a 75¢ computer time accounting error (yes, they “charged for computer time” in those days), he discovered a black-hat cracker in the LBL computer systems – he then spent the next months trying to chase the interloper down. The story is all about Cliff's persistence, frustrations, and the learning he earned in the pursuit: networks, hardware, telecomm, OOP, Unix and VMS, and more. Spoiler alert… He caught the bad guy – actually, a whole spy ring, not surprising, given the KGB's sponsorship of early break-in activities during the last years of the Cold War. Stoll was, temporarily at least, acclaimed as a national hero. Actually, quite an intriguing detective and espionage story.

But what struck me most, from this perspective of 30-odd years later, is just how innocent and naïve everyone was about computer security in those days. Especially in academe and the research labs, passwords were viewed as an anti-social obstacle, and were treated cavalierly at most military installations. The bad-guy “broke into” several military VMS systems just by “guessing” the default passwords for the privileged SYSTEM (default password MANAGER) and FIELD (SERVICE) – Fortunately, VMS system installation has progressed considerably beyond those defaults today. The bad-guy also hit numerous Unix systems, quickly trying and succeeding with common root account passwords (including admin, root and 1234). Several government contractors (major defense-industry corporations) were “wide open” and available for the bad-guy to leap-frog through to other systems, all while the defense contractors' system managers were professing that “our systems are totally secure and impenetrable!” Stoll showed them all a new, emerging reality.

In the intervening 30 years, we've seen not only the rise and domination of today's Internet (remember, it was immature when Stoll wrote this book), and the eclipse or transformation of the ad-hoc point-to-point networks, Tymnet, and the dedicated MilNet. The U.S. Armed Forces made a big noise about “security” and “classified/top-secret,” but were largely clueless about its implementation on actual computer systems. The TLA-organizations, including the FBI and CIA, were similarly clueless, both about the technology and about the application of then-available cyber-crime laws. The NSA was no help at all, although it's tiny new offshoot organization, the NCSC (National Computer Security Center), became an interested ally. Since the bad-guys were ultimately tracked to Germany, jurisdictional issues and “not my bailiwick” tied Stoll's hands right down to the end of the chase.

Why am I recommending that you read a 30+ year-old book? Well, partly because I'm not only an old VMS and computer geek, but I'm a computer history geek. At three decades remove, Stoll's tale of computer crime, and of the adjoining security naïvety, is as relevant today as it was then. It's one thing to smile and smirk at the innocence, the immature understanding of computer technology, and of technology's impact on business, governance and society. But it makes you wonder: Are we any more sophisticated, or wise, about computer security issues and practices today?

Read this book… and decide for yourself.

the_cuckoos_egg.1546396727.txt.gz · Last modified: 2019/01/02 02:38 by lricker