Question

In 1-2 pages (a paragraph or so for each item), describe your top 3 security-related takeaways or security insights you noted while reading the book.(cuckoos egg.)

• These insights can be about anything you noted in the story (chocolate chip recipes do not count, though) whether it is about technology, investigative/(pre)forensic techniques—technical or otherwise, preventative, reactive, collaboration (or lack thereof) between entities/organizations/groups, etc

Answer 1

So what can today’s IT professionals learn from Clifford Stoll’s eight-bit security battles? Firstly, vigilance is still vital. Ignoring those nine seconds of stolen processing time would have allowed the hacker to continue undetected. Instead, Stoll’s investigations led to prosecutions for crimes including espionage. Transparency among security agencies is equally important. This is especially true since the State-sponsored hacking of Lawrence Berkeley was compounded by data silos and the inability of rival Government agencies to work together. And anyone who uses passwords like “password” or “guest” doesn’t deserve to retain their job.

Another lesson to emerge from The Cuckoo’s Egg is the value of non-financial data. The FBI shrugged off Stoll’s warnings because there was no monetary value attached to the information being targeted. Yet as the author points out, “What’s the value of a high-temperature superconductor?” Similarly, the Ashley Madison data theft two years ago had little fiscal impact on its victims, but it did lead to divorce and deaths. Any company harvesting or storing sensitive information has a moral obligation to apply cutting-edge security protocols. These practices deter all but the most skilled or determined criminals.
Above all, The Cuckoo’s Egg demonstrates the more things change, the more they stay the same. This true-life exposé remains a fascinating read for every IT professional. This book is an essential tome for anyone involved with cyber security.

Content review: The Cuckoo’s Egg

We were excited about this book because, as Rebekah illustrated over the course of our last three calls, the story tracks the first documented case of cyber-espionage. In the late 1980s, processes and tools for incident response and intrusion analysis were virtually non-existent, and the author, Cliff Stoll (an astronomer-turned-computer-wiz), was creating process on the fly as he tracked a hacker through his lab’s network and across the globe. Many of the methods Cliff used—and the problems he encountered—are still relevant and common today.

Plot points (Beware: Spoilers!)

• The whole story starts with a tiny accounting error: Cliff gets curious and digs into a $0.75 billing discrepancy, only to discover a hacker has been logging onto his lab’s network using stolen accounts.
• There was nothing in place to track the hacker, and there was no single place to track the hacker; Cliff and friends had to improvise, create their own information-sharing network, and pull other disciplines into the investigation. Cliff had to develop hypotheses and ways of testing them.
• Eventually, the right co-investigators were identified at various telecommunications carriers (relationship-building FTW!), and the hacker is traced to Germany. However, Cliff doesn’t have a ton of luck getting help from the federal government, and the hacker continues to find ways to break into computers, even after system admins have been warned about the threat. Cliff and his partner (super lawyer) Martha set up honey docs for the hacker, hoping to keep him on the line long enough that they can complete a trace. Spoiler: It works!
• Eventually, folks in DC start paying more attention. Cliff briefs intelligence agencies on the hacker and monitors the hacker’s activities while waiting for the arrest (side note: international relations are hard). The hacker—a West German resident—is finally caught, and in true blockbuster style, our hero and heroine, Cliff and Martha, decide to get married. Cue upbeat pop music as the credits roll!

Security myths we encountered in The Cuckoo’s Egg

• Cliff didn’t believe a hacker could guess their archaic passwords.
• The system administrator didn’t think anyone could create new users.
• The belief that many networks were ‘isolated’ and therefore couldn’t be reached was evident at several points in the story.

“Let’s be a tad careful and change our important passwords.”

Themes

• Understanding adversaries: “The hacker didn’t succeed through sophistication. Rather he poked at obvious places, trying to enter through unlocked doors. Persistence, not wizardry, let him through.”
• The vulnerable nature of networks: “It doesn’t take brilliance or wizardry to break into computers. Just patience.”
• The dilemma of disclosure: To publish or not to publish? “If you don’t publish, nobody will learn from your experience. The whole idea is to save others from repeating what you’ve done.”
• Has the exchange of information (fundamentally) changed? “Hacking may mean that computer networks will have to have elaborate locks and checkpoints. Legitimate users will find it harder to communicate freely, sharing less information with each other.”

Discussion questions

• What was the biggest challenge Cliff faced during the investigation?
• How has reading this book changed your understanding of threat intelligence?
• Have we gotten better or worse at dealing with incidents and system vulnerabilities over the past three decades?

Takeaways

Ultimately, there were a number of simple and critical points we pulled from the book:

• Curiosity is key. A seemingly insignificant inconsistency kicked off the entire series of global events recounted in The Cuckoo’s Egg. Never underestimate the power of a keen mind and a beckoning rabbit hole.
• Forensic data is invaluable—as was Cliff’s propensity for documentation.
• Use the scientific method: Without the ability to formulate hypotheses and test them in a methodical way, we are, as Cliff said, “gathering facts, not interpreting them.”
• Look outside the security domain for methods and insights. Being able to apply methodologies and practices from other disciplines enriches and expands threat intelligence capabilities.
• Share information; build relationships; profit (at least intellectually). Cliff built a network of people who helped him succeed in his investigation, but also who supported him when he was stressed and stuck. Sharing information and breaking down silos was crucial to his overall success.