Book Review - The Cuckoo's Egg
A book that greatly influenced my career path, The Cuckoo’s Egg by Clifford Stoll1 still holds up after all these years.
I first read this book when I was in college majoring in astronomy, (coincidentally same major as the author). Being as-yet blissfully unaware of the field of computer security was not a hinderance to getting locked-in to this true computer caper story.
The author tells the tale of hunting down the cause of a computer network usage billing discrepancy of 75 cents, ($0.75 USD), at Lawrence Berkeley National Laboratory in 1986. Rather than ignore it he starts digging and soon finds this seemingly innocuous discrepancy was due to an unauthorized user exploiting software vulnerabilities to gain higher priviliges, and then leapfrogging into other connected sensitive government systems.
The fascinating thing about this story in my opinion is while the underlying tech has evolved the basic tactics of exploitation remain the same. For example some of the more glaring security lapses uncovered in the story are cases where sensitive computers and networks are being secured with manufacturer default passwords or an easily guessable credential.
This highlights the well-known security adage that no matter how advanced our systems remain as vulnerable as the weakest link - the weakest link more often than not being the human-factor.
I’d like to believe hardening and performing basic security measures has become the norm for sysadmins since 1986, but computer security news has a way of disproving this almost daily. Remember to change the factory password, folks.
One deliciously nerdy detail I had forgotten until re-reading was Stoll’s description of the Morris Number Sequence (look-and-say sequence), which gives a shout-out to the book from its own wiki article2.