Review: The Cuckoo’s Egg by Cliff Stoll

The Cuckoo’s Egg (1989) is probably THE classic true computer security incident response story. Cliff Stoll, a man with a doctorate in astronomy, gets a job maintaining the computer systems at an astronomy lab. He is charged with explaining a 75-cent discrepancy in the accounts and finds that someone has broken into the network. The intruder jumps from the lab computer to military computers around the United States and turns out to be a foreign spy.

The year was 1986. Computer firewalls had not yet been invented. Laws barely existed that covered computer crime. People who hacked unauthorised into computer networks had been charged with “stealing electricity”. The three-letter agencies in the United States had not yet figured out the scale of computer insecurity or the possibilities and were not interested to investigate cases. This backdrop makes The Cuckoo’s Egg fascinating.

If the book were written today, it would not be called The Cuckoo’s Egg. Today we would just call it a backdoor into the system. Information security was such a new discipline in the ’80s that Cliff got to invent his own phrase to describe what is standard terminology known to the layman today. (Unfortunately we do not use Cliff’s choice of words today.)

Cliff painstakingly sets up a monitoring mechanism to detect the intruder and track his activities in a manner that the intruder will not recognise. The intruder uses dictionary words such as “Hunter” and “Hedges” for his passwords. Cliff’s monitoring system calls him at all sorts of hours to watch the intruder in action. Cliff makes contact with people all over the US to trace the intruder. Only after months of monitoring and meetings with the agencies do they finally get around to moving to catch the perpetrator.

Throughout, Cliff struggles with his politics. As a long-haired hippie, he probably has more in common with the hacker than with the suited g-men of the agencies. Cliff’s interaction with the spooks and character such as Robert “Bob” Morris of the cybersecurity command make for good reading. Along with his investigation, he finds that his politics also change as he realises that the intruder is destroying the trust needed for the internet to be the medium for sharing information that he expects it to be. An astronomer, Cliff is an unlikely person to be considered a computer expert. He was in the right place at the right time and he made the most of his opportunity, leading to arrests in an international investigation. A bonus is thrown in at the end: Cliff is one of the experts called in to deal with the Morris Worm – a computer worm that brought down a large number of internet-connected UNIX servers.

The book is written with a great sense of humour. Cliff, despite being a PhD, successfully plays the ‘little guy’ making his little dent in the information security universe, in fact making it profoundly better. It is a nice read for the layman about information security (or cybersecurity) as a discipline finding its feet and making baby steps. We all use computers and we need to know what can be done with them. Importantly, the book describes the ‘security guys’ as ordinary, relatable human beings with ordinary lives and ordinary motivations.

The Cuckoo’s Egg is a must read for information security practitioners, especially incident responders. The trade craft and dedication shown by Cliff and the initially surprising revelation about the hacker being a spy should motivate incident responders and other security professionals in their jobs.