Hunt the hacker
- The Cuckoo’s Egg: Tracking a spy through a maze of computer espionage by Clifford Stoll
Bodley Head, 326 pp, £12.95, February 1990, ISBN 0 370 31433 6
It was only a 75 cent deficit, but Clifford Stoll knew it was important that he figure out its origin. Stoll was on his second day on the job. He had just been hired as computer systems manager at the Lawrence Berkeley Lab, a research facility for astrophysicists in Berkeley, California, and his first assignment was to discover why the computer’s books didn’t balance for the previous month.
At first, the new systems manager assumed that the error had resulted from some hiccup deep within the computer’s programming that was rounding numbers off incorrectly, and he set off to right it with all the enthusiasm of a new worker anxious to please his employers. What he found instead was an unauthorised user on the system – a hacker – someone who had secured for himself the same privileges that Stoll enjoyed as systems manager.
The word ‘hacker’, Stoll explains in this gripping account of crime in the murky, half-understood world of computer networking, has two very different meanings. Among professional computer programmers, a hacker is someone who can program creatively, who knows the computer like a friend. ‘But in common usage, a hacker is someone who breaks into computers.’ For himself, Stoll says, ‘the idea of a vandal breaking into my computer makes me think of words like “vermint”, “reprobate” and “swine”.’ Stoll couldn’t figure out why anyone would want to mess around in a computer filled with nothing more interesting than data on particle physics. ‘There’s nothing special here to attract a hacker,’ he says of his lab, ‘no snazzy supercomputer, no sexy trade secrets, no classified data.’ Who was this intruder, he wondered, and what had brought him to the Berkeley lab?
The answer to that question is every bit as thrilling as it would be if The Cuckoo’s Egg were a work of detective fiction. After tracking the hacker through a dense and endless forest of computer networks – what the Science Fiction writer William Gibson has called cyberspace – Stoll discovers that, whoever he is, the hacker is using the Berkeley lab as a way-station to infiltrate sensitive military and intelligence computers all over the United States. It takes the better part of a year to catch him in Hanover, West Germany – a 25-year-old programmer with a bent for excitement and a close business relationship with the KGB.
The Cuckoo’s Egg follows Stoll’s quest for the hacker and reveals how lightly computer security is taken by most government agencies and computer operators in the United States. ‘Look, kid, did you lose more than half a million dollars?’ the FBI asked Stoll when he first called for help. ‘Any classified information?’ He hadn’t, he said, but someone was trying, and sometimes succeeding, to break into military computers. Why weren’t they interested? ‘It’s not in our bailiwick,’ they claimed. Similar calls to the CIA and to the National Security Agency yielded little help. Support for Stoll’s chase came glacially – most agencies believed that their computers were secure from outside tampering. Stoll corrects them, describing the holes in their security systems.
A computer’s operating system, says Stoll, is like an apartment complex, in that it allows a great number of people to work and to play in separate places within a building without bothering each other. Each person has his own apartment and each has his own key to get into it. The complex is maintained by a superintendent who, like most superintendents, carries a big ring with keys to all the apartments on his belt. In the computer the systems manager has similar power. He – or she, although women appear in this book only fleetingly – can read or modify any file or program in the system and can add accounts and programs to the computer’s operating system. Like the superintendent who can open your apartment to fix a leaky tap while you are at work, the manager has the full run of the system. At Berkeley Lawrence Lab Clifford Stoll was the superintendent, and the hacker had copies of all his keys.
Throughout The Cuckoo’s Egg, Stoll asserts that he isn’t a computer genius, just a post-doctoral student who happens to like computers. Don’t let him fool you. His goofy, West Coast hippy style notwithstanding – at points he leaves the chase to bake chocolate-chip cookies (he gives the recipe in a footnote) or to go to a Grateful Dead concert – Stoll is in fact a computer wizard. He describes the complex computer hunt lucidly, explaining with the imaginative grace of a novelist the brilliant manoeuvers that lead him closer to West Germany. Using methods that seem perfectly clear, he figures out that the hacker enters the Berkeley lab over one of fifty different modem lines the lab maintains for scientists who want to link their home computers to the lab by telephone. In an act that can only be described as herculean, Stoll illicitly borrows fifty printers to hook up to the modem lines in order to monitor the hacker’s activities. Although he gets into trouble – ‘Whaddya think this place is, your own personal sandbox?’ his supervisor yells – he also gets a printout of everything the hacker does. He finds out how the hacker breaks in and how he garners the power of a systems manager. He discovers that the intruder has a taste for military data. Moreover, he begins to devise ingenious and elaborate ways to trace the hacker to his home without his ever knowing that he’s being watched. The chase is on.
Stoll uses a neat image to explain how the hacker tricks the computer into giving him the super-user privileges of a systems manager. The cuckoo lays her eggs in other birds’ nests, he tells us, and ‘another bird will raise her young.’ By exploiting a little-known hole in a text-editing program common to many large systems called Gnu-Emacs, the hacker is able to lay an egg-program in the computer’s operating system that hatches to grant him the privileges of a system manager. Gnu-Emacs has as one of its many functions an electronic mail program with which the computer users can send data from their accounts to the accounts of friends or colleagues. Ordinarily, mail programs can’t send things to the computer’s main operating system – what is essentially the engine-room for the entire computer is off-limits to all but the systems manager – but Gnu-Emacs, because of a glitch in its design, can. So the hacker writes a program that feeds off the operating system to grant him systems manager privileges, sends it to the closed area and watches it hatch. Then the hacker removes the program, saving it for later use, and erases his tracks.
As a systems manager, the hacker is able to open little-used accounts within the main computer and then, using his ill-gained respectability, attempt to break into computers connected to the Berkeley lab by a communications network that services computers all over the world. He can’t steal anything big, just try doorknobs, looking for words like ‘sdi’, ‘stealth’ and ‘nuclear’. But Stoll wants him caught. Every time the hacker comes onto the Berkeley computer he has the power to erase files, rearrange data and destroy the system. Phone traces show that the intruder is coming from West Germany, but the calls come at late hours and an exact trace is hard to secure. The hacker doesn’t stay on the computer long enough. Stoll thinks about closing up the Gnu-Emacs hole and ridding himself of the hacker at this point, but some mixture of civic responsibility and pride forces him to keep trying. Stoll and his girlfriend come up with a plan to keep the hacker interested and on the computer long enough to complete a trace. They invent a bogus file filled with information about a new Star Wars project called the ‘Strategic Defense Initiative Office’. Recycling thousands of pages of data on astrophysics and writing phony directives that mention deadlines and classified meetings, they make it seem as if the Berkeley lab has just landed a large Government contract to manage a new computer network called SDINET. The hacker pounces on the spurious information, reads through it all and copies it onto his own computer. The trace is completed and the hacker, who sold the information he gathered about American military computers to the KGB, is arrested.
Markus Hess, the West German who had plagued Stoll, didn’t start out as a spy. He had dropped out of the University of Hagen, where he studied mathematics and physics, to program computers. Like a ham radio operator, he used his computer to try to reach points far away from his office in Hanover. As he voyaged over the networks available to him, he discovered that many systems managers left their back doors unlocked, allowing him to penetrate other networks that led him in turn to America. Searching for a new challenge, he decided to target military computers. He was phenomenally successful. In a smoky Hanover beer garden, Hess told a fellow hacker of his latest exploits. That friend, a programmer with cash flow problems and a proclivity for good cocaine, knew just what to do. He spoke with other hackers across Germany, who led him to a meeting with agents of the Soviet KGB. Hess and his friend gave the KGB printouts from military computers, techniques for breaking into American computer networks, even computer designs. In return, they received money and drugs. When last heard of, Hess was free on bail in West Germany, awaiting trial for espionage. His friend disappeared in May 1987. ‘In an isolated forest outside of Hanover,’ Stoll reports, ‘police found his charred bones next to a melted can of gasoline... No suicide note was found.’
In his own quiet way, Stoll becomes a hero. He is invited to give talks in Washington and at the headquarters of the security agencies that had earlier shunned him: the FBI, NSA and the CIA. He meets and talks with Robert Morris, the NSA’s computer security guru and, incidentally, father of the Cornell graduate student-hacker whose 1988 worm virus devastated computers all over the United States. As a result of his experience, he says, Stoll became ‘pro-active – almost rabid – about computer security’. Computers, he realised, have become a common denominator that recognises no political, intellectual or bureaucratic bounds. Each terminal, he says, ‘is a door to countless, intricate pathways, leading to untold numbers of neighbours’. A computer network is a delicate, personal thing, he concludes, and if sullied by crime, ‘it could consume itself with mutual suspicion, tangle itself up in locks, security checkpoints and surveillance.’
Innocence continues to reign on most of the networks, though. Computer crime is still a young corruption. There isn’t much in the way of security today to stop a hacker with persistence and nerve. As Stoll points out repeatedly, there are hundreds of holes in the security systems of American computers. Using the general information The Cuckoo’s Egg provides, a friend of mine was able to break into the operating system of a computer in one of the largest banks in New York. He became a systems manager and, with a single keystroke, he could have wiped out their files. He didn’t, of course, but as Stoll points out, the guys in black hats might, just for fun.