So what can today’s IT professionals learn from Clifford Stoll’s
eight-bit security battles? Firstly, vigilance is still vital.
Ignoring those nine seconds of stolen processing time would have
allowed the hacker to continue undetected. Instead, Stoll’s
investigations led to prosecutions for crimes including espionage.
Transparency among security agencies is equally important. This is
especially true since the State-sponsored hacking of Lawrence
Berkeley was compounded by data silos and the inability of rival
Government agencies to work together. And anyone who uses passwords
like “password” or “guest” doesn’t deserve to retain their job.
Another lesson to emerge from The Cuckoo’s Egg is the value of
non-financial data. The FBI shrugged off Stoll’s warnings because
there was no monetary value attached to the information being
targeted. Yet as the author points out, “What’s the value of a
high-temperature superconductor?” Similarly, the Ashley Madison
data theft two years ago had little fiscal impact on its victims,
but it did lead to divorce and deaths. Any company harvesting or
storing sensitive information has a moral obligation to apply
cutting-edge security protocols. These practices deter all but the
most skilled or determined criminals.
Above all, The Cuckoo’s Egg demonstrates the more things change,
the more they stay the same. This true-life exposé remains a
fascinating read for every IT professional. This book is an
essential tome for anyone involved with cyber security.
Content review: The Cuckoo’s Egg
We were excited about this book because, as Rebekah illustrated
over the course of our last three calls, the story tracks the first
documented case of cyber-espionage. In the late 1980s, processes
and tools for incident response and intrusion analysis were
virtually non-existent, and the author, Cliff Stoll (an
astronomer-turned-computer-wiz), was creating process on the fly as
he tracked a hacker through his lab’s network and across the globe.
Many of the methods Cliff used—and the problems he encountered—are
still relevant and common today.
Plot points (Beware: Spoilers!)
- The whole story starts with a tiny accounting error: Cliff gets
curious and digs into a $0.75 billing discrepancy, only to discover
a hacker has been logging onto his lab’s network using stolen
accounts.
- There was nothing in place to track the hacker, and there was
no single place to track the hacker; Cliff and friends had
to improvise, create their own information-sharing network, and
pull other disciplines into the investigation. Cliff had to develop
hypotheses and ways of testing them.
- Eventually, the right co-investigators were identified at
various telecommunications carriers (relationship-building FTW!),
and the hacker is traced to Germany. However, Cliff doesn’t have a
ton of luck getting help from the federal government, and the
hacker continues to find ways to break into computers, even after
system admins have been warned about the threat. Cliff and his
partner (super lawyer) Martha set up honey docs for the hacker,
hoping to keep him on the line long enough that they can complete a
trace. Spoiler: It works!
- Eventually, folks in DC start paying more attention. Cliff
briefs intelligence agencies on the hacker and monitors the
hacker’s activities while waiting for the arrest (side note:
international relations are hard). The hacker—a West German
resident—is finally caught, and in true blockbuster style, our hero
and heroine, Cliff and Martha, decide to get married. Cue upbeat
pop music as the credits roll!
Security myths we encountered in The Cuckoo’s Egg
- Cliff didn’t believe a hacker could guess their archaic
passwords.
- The system administrator didn’t think anyone could create new
users.
- The belief that many networks were ‘isolated’ and therefore
couldn’t be reached was evident at several points in the
story.
“Let’s be a tad careful and change our important passwords.”
Themes
- Understanding adversaries: “The hacker didn’t
succeed through sophistication. Rather he poked at obvious places,
trying to enter through unlocked doors. Persistence, not wizardry,
let him through.”
- The vulnerable nature of networks: “It doesn’t
take brilliance or wizardry to break into computers. Just
patience.”
- The dilemma of disclosure: To publish or not
to publish? “If you don’t publish, nobody will learn from your
experience. The whole idea is to save others from repeating what
you’ve done.”
- Has the exchange of information (fundamentally)
changed? “Hacking may mean that computer networks will
have to have elaborate locks and checkpoints. Legitimate users will
find it harder to communicate freely, sharing less information with
each other.”
Discussion questions
- What was the biggest challenge Cliff faced during the
investigation?
- How has reading this book changed your understanding of threat
intelligence?
- Have we gotten better or worse at dealing with incidents and
system vulnerabilities over the past three decades?
Takeaways
Ultimately, there were a number of simple and critical
points we pulled from the book:
- Curiosity is key. A seemingly insignificant
inconsistency kicked off the entire series of global events
recounted in The Cuckoo’s Egg. Never underestimate the
power of a keen mind and a beckoning rabbit hole.
- Forensic data is invaluable—as was Cliff’s propensity
for documentation.
- Use the scientific method: Without the ability to
formulate hypotheses and test them in a methodical way, we are, as
Cliff said, “gathering facts, not interpreting them.”
- Look outside the security domain for methods and
insights. Being able to apply methodologies and practices from
other disciplines enriches and expands threat intelligence
capabilities.
- Share information; build relationships; profit (at
least intellectually). Cliff built a network of people who helped
him succeed in his investigation, but also who supported him when
he was stressed and stuck. Sharing information and breaking down
silos was crucial to his overall success.