Tag Archives: review

Book Review: The Cuckoo’s Egg

Clifford Stoll’s The Cockoo’s Egg [1] was written in 1989 and is based on a real-life hacker story.

The story itself starts with the introduction how Clifford, as an astronomer, who got captured by the mainframes of Lawrence Berkeley Lab as an administrator.

On of his first tasks was to figure out a glitch in the accounting system which resulted into a 75cent difference. At this point Clifford didn’t know where this would lead him. Taking the login-time as a basis for the accounting system, it turned out that there is a former user active, who basically has moved to England some time ago. Neither the less the user is active and seems to be logged into their system locally. His username is Sventek.

Beeing suspicious that it might be a hacker, Clifford starts to monitor Sventek’s activities and soon it turns out that he is right. Equipped with computers, teletypes and printers which he has borrowed from different departments, Cliff watches every keystroke hit by “Sventek”. He monitored theĀ  Tymnet [2] connection, where the hacker usually connects. Tymnet was basically an international network connecting the major cities. The big advantage was that the university had only 5 Tymnet connections, therefore it required less resources to monitor – but still he need to “borrow” the equipment. Beeping twice as soon as somebody logs into the systems, Cliff was unable to have a good sleep under his desk, as some people check their mails at night as well. Neither the less, the hacker has logged on and left a trace on the typewriter. Based on this Cliff was able to find out how the hacker became superuser – via a cuckoo’s egg. Via a bug in the GNU-Emacs Editor [3], Sventek was able to replace the atrun job scheduler [4] with an own version. As soon as the new atrun fires up, it enabled to become the superuser rights – that’s the cuckoo’s egg. Having this concrete proofs, Cliff tried to approach the FBI, CIA, NSA, and other agencies, everybody was interested but nobody felt responsible nor saw the need to react.

Watching the hacker from day to day breaking into foreign systems, Cliff usually tries to contact the local system administrators to set certain actions like resetting the passwords and/or updating the system. Over the time he gets more and more frustrated and furthermore his boss makes pressure to close up the shop.

Back and forth, Cliff was able to trace the Hacker to the German Datex Network, but for a further trace a search warrant was required. Starting to get an international case, certainly the FBI and the CIA got more interested into it. Finally they managed to receive the search warrant. The only open problem was now to keep the hacker long enough on the line to complete the trace. In one of the discussions between Cliff and his girlfriend, the operation Showerhead was born to overcome this problem. The idea was simple: create files, which should interest the hacker. And how to do that? Take any kind of scientific or research documents and replace Mr. with General, Professors with Sergeant and Major and add some “spicy” words. Furthermore they created a project name called SDINET and made up some mail traffic in those regards. In one of their mails the also noted that if further information regards the access to SDINET was required they should contact the secretary via the postal way. Not having a thought that somebody would actually really apply, a letter was received and immediately confiscated by the FBI.

In addition the hacker started downloading all those made-up files, enabling Cliff to call Tymnet and start the trace. Finally the FBI received the number, but did not share it with Cliff. Never being told who’s the real hacker, he at least got the information that they searched his home, and recovered all his equipment. A few weeks later, the story was on the news. Hackers closely related to the CCC [5] has been involved, but finally arrested.

Cliff, finally returned to his job as an astronomer and got married.

The other side of the story was a part of a German movie called: “23 – Nichts ist so wie es schein” [6] which I can highly recommend to watch (for those who understand German).

[1] Clifford Stoll, The Cuckoo’s Egg

[2] Wikipedia, Tymnet

[3] GNU Emacs

[4] unix.com, atrun manpage

[5] Chaos Computer Club

[6] Wikipedia.de, 23 Nichts ist so wie es scheint