Book review on “The Cuckoo’s Egg: Tracking a Spy through the Maze of Computer Espionage, by Clifford Stoll, 1989”

http://www.amazon.com/The-Cuckoos-Egg-Tracking-Espionage/dp/1416507787/ref=sr_1_1?ie=UTF8&qid=1364050553&sr=8-1&keywords=cookoo%27s+egg

The book tells a real story about the first “documented” computer espionage. Although the book was written 25 years ago by Clifford Stoll, it is still very relevant to many our current affairs on the so-called “cyber wars”.

It starts with that the author, an astronomer of the Lawrence Berkeley Lab, was “recycled” to the Lab’s IT department as a computer administrator when his grant money for astrophysics ran out. His first assignment was to investigate a 75-cent shortfall of a 2,387-dollar bill for computer usage – someone had used a few seconds of computing time without paying for it. The story ends up with an arrest of several West German computer hackers who stole US military secrets and traded them for money and drugs with the former Soviet KGB.

Despite the lack of communication between the different security related agencies around the world, Clifford’s determination and persistence finally paid off and he tracked down those hackers.

Many technical details are not presented in this book, but Clifford’s effort can be easily visualised with very little computer network knowledge. To make the long story short on what happened in this book, those international computer hackers broke some US civilian’s network accounts first, including Lawrence Berkeley Lab’s, and then used them to access other  US  military networks. A broken account can be used to plant a piece of malicious code, just like a cuckoo’s egg, in its host computer to gather further information, particularly, the scrambled password file for breaking other’s accounts.

People may wonder why a scrambled password may not be safe. As a matter of fact, the called “dictionary attack” will ascertain those scrambled password because the old UNIX scramble method used a one-way hash function rather than a key controlled encryption process. That is, the cuckoo’s egg transfers a scrambled password file out of its host computer to the hacker’s computer, and then the hacker tries potential passwords from a pre-compiled password dictionary off-line. Because many people choose easily memorable words as their computer passwords, some of the passwords contained in the scrambled password file may be tried out. The hacker can try as many times as he wants for a scrambled password is off line. The broken accounts can be used by a computer hacker as a relay station to further explore other networks because these accounts may have higher privileges.

On the other hand, it’s not trivial to track down a hacker. To a computer security professional, it is a joke to accuse some institution as a hacker base because their IP (Internet Protocol) address is involved. We all know that the Internet transfers information in the form of IP packets, just like Royal Mail delivers postal letters. An IP address is just an identification of a station (i.e. a computer network server) of that an IP packet passes. If an IP address were used as “evidence”, Berkeley University Library could be accused as a hacker institution in Clifford’s time.

As a matter of fact, those computer hackers attacked the US Deport computer systems through hacked Berkeley University accounts with a route via Tymnet, Pacific Bell, AT&T, Virginia Telephone Exchange, ITT, German Datex and the final German telephone service.

To catch the spy, Clifford kept quiet and built his “off-band” surveillance tools to monitor hackers. That is, he hided his existence when a hacker was in action and his tools should not be detected by hackers. It's sneaky, but in this way, he could hoax the hacker on the line long enough to let other spy catchers along the communication links to track the spy down.

A lot of pages are about Clifford’s dealing with FBI (the Federal Bureau of Investigation), CIA (the Central Intelligence Agency), NSA (National Security Agency), the National Aeronautics and Space Administration, and some branches of the US military. This part is somewhat of over-kill and I also think the author might exaggerate some scenarios. However, at the end of the book, it records the first large-scale Internet Worm incident, the Morris worm, which brought down more than 2,000 computers.

I like the book because it provides many first-hand experiences from the author to track down computers hackers unlike the over-simplistic cyber wars in the news. It is an interesting book and provides some background on computer security. It is 'a spy story for the 90s - and it's all true' (Tom Clancy). I highly recommend it.