Monthly Archives: December 2013

How a 75-cent error led to a true spy mystery

Computer lab

Who’s watching us? Do you ever wonder? Computer lab image courtesy of Ronnieb, Morguefile.

It’s often the tiniest of errors that trip up somebody who’s into no good.

Back in the mid-1980s, there was an astronomer called Cliff Stoll, who worked as a computer systems administrator at Lawrence Berkeley Lab in California. One day, his boss brought him a 75-cent accounting error and asked him to find out what caused it.

But this little error led to one mystery after another. The account’s user didn’t have a valid billing address.  Another account showed activity from someone other than the original owner of the account.

And the mysteries kept growing. Through patience, persistence and a lot of hard work, Cliff Stoll eventually determined that a foreign hacker was invading the security of U.S. computer systems and stealing sensitive military and security information.

It’s one of the first documented cases of digital forensics, and Cliff Stoll wrote a wonderful book about his experiences: The Cuckoo’s Egg: Tracking A Spy Through The Maze Of Computer Espionage. The book is an engaging mix of his life in the Berkeley area and his effort to catch the thief, who proved to be a German hacker called Markus Hess.

I love this book because it’s a funny mixture of Cliff’s home life (sneakers getting melted in the microwave!) as well as a good description of how the hacker was found and caught through a honeypot trap. Cliff explains technical information in layman’s terms, so it’s easy for even non-computer experts to understand.

I’ve been re-reading this book since I saw it in the library and haven’t read it in a while. It’s interesting to compare the differences in cyberspace since this book was originally published and what the Internet is today.

Cliff also faced some bureaucratic resistance when he tried to report the spying to the government. At the time, hacking wasn’t considered all that villainous and cyber crime was a new field. Some government agencies claimed that the activity wasn’t in their jurisdiction, but that’s changed now. Agencies such as the FBI and Interpol have divisions and programs dedicated to cybercrime.

This was the book that taught me some important bits of cyber security: E-mail is not private, passwords and usernames should not be given out in e-mail and passwords should be as secure as possible. Since this book was published a couple of decades ago, I think people are more security-minded but they still don’t pick passwords that are secure enough. (Here are 25 of the least secure passwords.)

But maybe in this age of social media, we’ve learned to make an intelligent compromise about what we reveal about ourselves online and what we should never say online. Blog readers, your thoughts?

24 Comments

Filed under Writing