From the book lists at Adware Report:

All information current as of 15:10:42 Pacific Time, Tuesday, 3 May 2005.

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

   by Clifford Stoll

  Paperback:
    Pocket
    03 October, 2000

   US$11.16 

   Usually ships in 24 hours

Click the button below to . . .

    
(which will add the book to your Amazon U.S.A. "Shopping Cart")

. . . or use your browser's Back button to return to the search-list page.

Editorial description(s):

Amazon.com
A sentimental favorite, The Cuckoo's Egg seems to have inspired a whole category of books exploring the quest to capture computer criminals. Still, even several years after its initial publication and after much imitation, the book remains a good read with an engaging story line and a critical outlook, as Clifford Stoll becomes, almost unwillingly, a one-man security force trying to track down faceless criminals who've invaded the university computer lab he stewards. What first appears as a 75-cent accounting error in a computer log is eventually revealed to be a ring of industrial espionage, primarily thanks to Stoll's persistence and intellectual tenacity. --This text refers to an out of print or unavailable edition of this title.



From Publishers Weekly
A 75-cent discrepancy in billing for computer time led Stoll, an astrophysicist working as a systems manager at a California laboratory, on a quest that reads with the tension and excitement of a fictional thriller. Painstakingly he tracked down a hacker who was attempting to access American computer networks, in particular those involved with national security, and actually reached into an estimated 30 of the 450 systems he attacked. Initially Stroll waged a lone battle, his employers begrudging him the time spent on his search and several government agencies refused to cooperate. But his diligence paid off and in due course it was learned that the hacker, 25-year-old Markus Hess of Hanover, Germany, was involved with a spy ring. Eight members were arrested by the West German authorities but all but one were eventually released. Although the book will be best appreciated by the computer literate, even illiterates should be able to follow the technical complexities with little difficulty. Literary Guild selection.
Copyright 1989 Reed Business Information, Inc.
--This text refers to an out of print or unavailable edition of this title.



From Library Journal
Stoll is an astrophysicist at the Lawrence Berkeley Laboratory who became a computer security expert when his persistence in chasing a computer hacker in West Germany led to the crackdown of an international spy ring. Here, his careful documentation of how he tailed the intruder over a year-long long period reveals for all to see the vulnerability of computer networks, the bureaucratic politics of government agencies, and the irresponsible, damaging actions of hackers. Stoll's interspersal of domestic anecdotes adds a touch of seasoning to the story. Readers who are familiar with computer trojan horses, time bombs, and viruses, and who wish to learn about the "cuckoo's egg," will be delighted with this realistic account. Succinct explanations of computer jargon make the text intelligible for general readers. Recommended for public and academic libraries. Literary Guild selection.
- May Rathbone, Virginia Polytechnic Inst. & State Univ., Blacksburg
Copyright 1989 Reed Business Information, Inc.
--This text refers to an out of print or unavailable edition of this title.



Review
Tom Clancy A spy story for the '90s -- and it's all true.

Chicago Tribune The Cuckoo's Egg is "reader friendly," even for those who have only the vaguest familiarity with computers...a true spy thriller...The hunt is gripping.

The Philadelphia Inquirer Stoll's is the ever-appealing story of the little man bucking the system...great fun to read...lively and thoroughly absorbing.



Review
Cosmopolitan Nothing short of fascinating...Even if you don't know a byte from a bagel, The Cuckoo's Egg will grip you on page one and hold you as ferociously as the best mystery...It's the intensely human, often funny voice of the man on the trail that makes this book so wonderful.



Review
Cosmopolitan Nothing short of fascinating...Even if you don't know a byte from a bagel, The Cuckoo's Egg will grip you on page one and hold you as ferociously as the best mystery...It's the intensely human, often funny voice of the man on the trail that makes this book so wonderful.



Book Description


Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy -- and plunged into an incredible international probe that finally gained the attention of top U.S. counterintelligence agents. The Cuckoo's Egg is his wild and suspenseful true story -- a year of deception, broken codes, satellites, missile bases, and the ultimate sting operation -- and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB.



Simon & Schuster
Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized users on his system. The hacker's code name was "Hunter"-- a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy-- and plunging into an incredible international probe that finally gained the attention of top U.S. counter-intelligence agents. The Cuckoo's Egg is his wild and suspenseful true story-- a year of deception, broken codes, satellites, missile bases and the ultimate sting operation-- and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB. --This text refers to an out of print or unavailable edition of this title.



About the Author
When, to the delight of the baffled FBI, CIA, and NSA, Cliff Stoll nailed his spy, he wound up on the front page of The New York Times. The story, broken in 1989, quickly gathered headlines across the nation and Stoll became a genuine, if somewhat unlikely, American hero.

An astronomer by training and a computer expert by accident, Cliff Stoll has become a leading authority on computer security, an issue recognized everywhere as among the most important security problems of our times. He has given talks for the FBI, CIA, and NSA, and has appeared before the U.S. Senate. Stoll is an astronomer at the Harvard-Smithsonian Center for Astrophysics and lives in Cambridge, Massachusetts.



Excerpt. © Reprinted by permission. All rights reserved.


Chapter One

Me, a wizard? Until a week ago, I was an astronomer, contentedly designing telescope optics. Looking back on it, I'd lived in an academic dreamland. All these years, never planning for the future, right up to the day my grant money ran out.

Lucky for me that my laboratory recycled used astronomers. Instead of standing in the unemployment line, I found myself transferred from the Keck Observatory at the Lawrence Berkeley Lab, down to the computer center in the basement of the same building.

Well, hell, I could fake enough computing to impress astronomers, and maybe pick it up fast enough that my co-workers wouldn't catch on. Still, a computer wizard? Not me -- I'm an astronomer.

Now what? As I apathetically stared at my computer terminal, I still thought of planetary orbits and astrophysics. As new kid on the block, I had my choice of a cubicle with a window facing the Golden Gate Bridge, or an unventilated office with a wall of bookshelves. Swallowing my claustrophobia, I picked the office, hoping that nobody would notice when I slept under the desk. On either side were offices of two systems people, Wayne Graves and Dave Cleveland, the old hands of the system. I soon got to know my neighbors through their bickering.

Viewing everyone as incompetent or lazy, Wayne was crossthreaded with the rest of the staff. Yet he knew the system thoroughly, from the disk driver software up to the microwave antennas. Wayne was weaned on Digital Equipment Corporation's Vax computers and would tolerate nothing less: not IBM, not Unix, not Macintoshes.

Dave Cleveland, our serene Unix buddha, patiently listened to Wayne's running stream of computer comparisons. A rare meeting didn't have Wayne's pitch, "Vaxes are the choice of scientists everywhere and help build strong programs twelve ways." Dave retorted, "Look, you keep your Vax addicts happy and I'll handle the rest of the world." Dave never gave him the satisfaction of getting riled, and Wayne's complaints eventually trailed off to a mutter.

Great. First day on the job, sandwiched between two characters who were already ruining my daydreams with their periodic disputes.

At least nobody could complain about my appearance. I wore the standard Berkeley corporate uniform: grubby shirt, faded jeans, long hair, and cheap sneakers. Managers occasionally wore ties, but productivity went down on the days they did.

Together, Wayne, Dave, and I were to run the computers as a lab-wide utility. We managed a dozen mainframe computers -- giant workhorses for solving physics problems, together worth around six million dollars. The scientists using the computers were supposed to see a simple, powerful computing system, as reliable as the electric company. This meant keeping the machines running full time, around the clock. And just like the electric company, we charged for every cycle of computing that was used.

Of four thousand laboratory employees, perhaps a quarter used the main computers. Each of these one thousand accounts was tallied daily, and ledgers kept inside the computer. With an hour of computing costing three hundred dollars, our bookkeeping had to be accurate, so we kept track of every page printed, every block of disk space, and every minute of processor time. A separate computer gathered these statistics and sent monthly bills to laboratory departments.

And so it happened that on my second day at work, Dave wandered into my office, mumbling about a hiccup in the Unix accounting system. Someone must have used a few seconds of computing time without paying for it. The computer's books didn't quite balance; last month's bills of $2,387 showed a 75-cent shortfall.

Now, an error of a few thousand dollars is obvious and isn't hard to find. But errors in the pennies column arise from deeply buried problems, so finding these bugs is a natural test for a budding software wizard. Dave said that I ought to think about it.

"First-degree robbery, huh?" I responded.

"Figure it out, Cliff, and you'll amaze everyone," Dave said.

Well, this seemed like a fun toy, so I dug into the accounting program. I discovered our accounting software to be a patchwork of programs written by long-departed summer students. Somehow, the hodgepodge worked well enough to be ignored. Looking at the mixture of programs, I found the software in Assembler, Fortran, and Cobol, the most ancient of computer languages. Might as well have been classical Greek, Latin, and Sanskrit.

As with most home-brew software, nobody had bothered to document our accounting system. Only a fool would poke around such a labyrinth without a map.

Still, here was a plaything for the afternoon and a chance to explore the system. Dave showed me how the system recorded each time someone connected to the computer, logging the user's name, and terminal. It timestamped each connection, recording which tasks the user executed, how many seconds of processor time he used, and when he disconnected.

Dave explained that we had two independent accounting systems. The ordinary Unix accounting software just stored the timestamped records into a file. But to satisfy some bureaucrat, Dave had built a second accounting system which kept more detailed records of who was using the computer.

Over the years, a succession of bored summer students had written programs to analyze all this accounting information. One program collected the data and stashed it into a file. A second program read that file and figured how much to charge for that session. Yet a third program collected all these charges and printed out bills to be mailed to each department. The last program added up all user charges and compared that total to the result from the computer's internal accounting program. Two accounting files, kept in parallel by different programs, ought to give the same answer.

For a year, these programs had run without a glitch, but weren't quite perfect this week. The obvious suspect was round-off error. Probably each accounting entry was correct, but when added together, tenths of a penny differences built up until an error of 75 cents accumulated. I ought to be able to prove this either by analyzing how the programs worked, or by testing them with different data.

Rather than trying to understand the code for each program, I wrote a short program to verify the data files. In a few minutes, I had checked the first program: indeed, it properly collected the accounting data. No problem with the first.

The second program took me longer to figure out. In an hour I had slapped together enough makeshift code to prove that it actually worked. It just added up time intervals, then multiplied by how much we charge for computer time. So the 75-cent error didn't come from this program.

And the third program worked perfectly. It looked at a list of authorized users, found their laboratory accounts, and then printed out a bill. Round-off error? No, all of the programs kept track of money down to the hundredths of a penny. Strange. Where's this 75-cent error coming from?

Well, I'd invested a couple hours in trying to understand a trivial problem. I got stubborn: dammit, I'd stay there till midnight, if I had to.

Several test programs later, I began actually to have confidence in the mishmash of locally built accounting programs. No question that the accounts didn't balance, but the programs, though not bulletproof, weren't dropping pennies. By now, I'd found the lists of authorized users, and figured out how the programs used the data structures to bill different departments. Around 7 P.M. my eye caught one user, Hunter. This guy didn't have a valid billing address.

Ha! Hunter used 75 cents of time in the past month, but nobody had paid for him.

Here's the source of our imbalance. Someone had screwed up when adding a user to our system. A trivial problem caused by a trivial error.

Time to celebrate. While writing this first small triumph into the beginning pages of my notebook, Martha, my sweetheart, stopped by and we celebrated with late-night cappuccinos at Berkeley's Cafe Roma.

A real wizard would have solved the problem in a few minutes. For me, it was unknown territory, and finding my way around hadn't been easy. As a consolation, I'd learned the accounting system and practiced a couple obsolete languages. Next day, I sent an electronic mail message to Dave, preening my feathers by pointing out the problem to him.

Around noon, Dave stopped by to drop off a pile of manuals, and casually mentioned that he had never added a user named Hunter -- it must have been one of the other system managers. Wayne's curt response: "It wasn't me. RTFM." Most of his sentences ended with acronyms, this one meaning, "Read the fucking manual."

But I'd read the manuals. Operators weren't supposed to add a new user without an account. At other computer centers, you just log into a privileged account and tell the system to add a new user. Since we also had to make several bookkeeping entries, we couldn't run such a vanilla system. Ours was complex enough that we had special programs which automatically did the paperwork and the systems juggling.

Checking around, I found that everyone agreed the automatic system was so superior that nobody would have manually added a new user. And the automatic system wouldn't make this mistake.

Well, I couldn't figure out who had made this goof. Nobody knew Hunter, and there wasn't an account set for him. So I erased the name from the system -- when he complained, we could set him up properly.

A day later, an obscure computer named Dockmaster sent us an electronic mail message. Its system manager claimed that someone from our laboratory had tried to break into his computer over the weekend.

Dockmaster's return address might have been anywhere, but signs pointed to Maryland. The e-mail had passed through a dozen other computers, and each had left a postmark.

Dave answered the message with a noncommittal "We'll look into it." Uh, sure. We'd look when all our other problems disappeared.

Our laboratory's computers connect to thousands of other systems over a dozen networks. Any of our scientists can log into our computer, and then connect to a distant computer. Once connected, they can log into the distant computer by entering an account name and password. In principle, the only thing protecting the networked computer is the password, since account names are easy to figure out. (How do you find account names? Just use a phone book -- most people use their names on computers.)

Dockmaster's electronic mail message was a curiosity, and Dave passed it to Wayne, attaching a question, "Who's Dockmaster?" Wayne forwarded it to me with his guess -- "Probably some bank."

Eventually, Wayne bounced the message to me. I guessed Dockmaster was some Navy shipyard. It wasn't important, but it seemed worth spending a few minutes looking into.

The message gave the date and time when someone on our Unix computer tried to log into Dockmaster's computer. So I scrabbled around the accounting files, looking at Saturday morning's records. Again, the two accounting systems disagreed. The stock Unix accounting file showed a user, Sventek, logging in at 8:25, doing nothing for half an hour, and then disconnecting. No timestamped activity in between. Our home-brew software also recorded Sventek's activity, but it showed him using the networks from 8:31 until 9:01 A.M.

Jeez. Another accounting problem. The time stamps didn't agree. One showed activity when the other account said everything was dormant.

Other things seemed more pressing, so I dropped the problem. After wasting an afternoon chasing after some operator's mistake, I wasn't about to touch the accounting system again.

Over lunch with Dave, I mentioned that Sventek was the only one connected when Dockmaster reported the break-in. He stared and said, "Joe Sventek? He's in Cambridge. Cambridge, England. What's he d oing back?" Turned out that Joe Sventek had been the laboratory's Unix guru, a software wizard who built a dozen major programs over the past decade. Joe had left for England a year ago, leaving behind a glowing reputation throughout the California computer community.

Dave couldn't believe Joe was back in town, since none of Joe's other friends had heard from him. "He must have entered our computer from some network," Dave said.

"So you think Joe's responsible for this problem?" I asked Dave.

"No way," Dave replied. "Joe's a hacker of the old school. A smart, quick, capable programmer. Not one of those punks that have tarnished the word 'hacker.' In any case, Sventek wouldn't try to break into some Maryland computer. And if he did try, he'd succeed, without leaving any trace."

Curious: Joe Sventek's been in England a year, yet he shows up early Saturday morning, tries to break into a Maryland computer, disconnects, and leaves behind an unbalanced accounting system. In the hallway I mention this to Wayne, who's heard that Joe's on vacation in England; he's hiding out in the backwoods, far away from any computers. "Forget that message from Dockmaster. Sventek's due to visit Berkeley RSN and he'll clear it up."

RSN? Real Soon Now. Wayne's way of saying, "I'm not sure when."

My worry wasn't Sventek. It was the unbalanced accounts. Why were the two accounting systems keeping different times? And why was some activity logged in one file without showing up in the other?

Back to the accounting system for an afternoon. I found that the five-minute time difference between the time stamps came from our various computers' clocks drifting over the months. One of our computer's clocks lost a few seconds every day.

But all of Sventek's activities should have appeared in both tallies. Was this related to last week's accounting problem? Had I screwed things up when I poked around last week? Or was there some other explanation?

Copyright © 1989, 1990 by Clifford Stoll



Reader review(s):

What is a seventy-five cents worth?, October 30, 2001
Cliff Stoll was an astronomer, but he became the systems manager at Lawrence Berkeley Lab. When he took the position, he discovered a 75-cent accounting error that indicated there was either (1) a bug within the code of the accounting program, or (2) unauthorized users on his system.

Science is precise, and therefore Stoll began an investigation that ended up changing the intelligence community. His extensive testing and experiments revealed not only unauthorized access, but also the flaws of computer security. He studied the methods, the data path, and the signals (both false and true) through an electronic maze that eventually led him to "Hunter."

Early in his exploration, he discovered a six-second-time delay between transmission and receipt. It took three seconds for the data link from New York to reach Berkeley. What happened to the extra three seconds? Stoll reevaluated his findings, and eventually found the three missing seconds. It was the transmission time from Europe to New York.

The Cuckoo's Egg is Stoll's incredible story that eventually led to Hunter, a group of computer hackers and spies who were connected with the KGB and operating out of Germany. They had used our own services to piggyback onto valid signals. They jumped from system to system randomly to meet their goal. They obtained entrance to highly classified government sites.

This is the suspenseful, true story of one scientist's ingenious methods that brought down a spy ring. I read this book when it was first released and treasure my copy. Clifford Stoll had included his e-mail address, and graciously responded to my questions.

This book is not out-of-date. It opened the door to the world of computer investigations. The story is fascinating, and the writing is excellent. Five stars.

Victoria Tarrani

Now it's time for the Hunter to become the hunted!, December 14, 1999
This was the second computer security book I read and it was like adding flame to a fire because it increased my curiosity and prompted me to want to know more about it, so I ended up reading Cyberpunk by Katie Hafner and John Markoff to get a more inside look. If you start reading it then you'll probably finish it the same day. It talks a scientist that stumbles on a mistake in the accounting part of his job as a scientist at Lawrence Berkely Lab and he makes the mistake into a chase through cyberspace. In the book the author takes on the role as a modern day Sherlock Holmes and in the end he realizes that it was only elementary.

Dealing with the CCC (Chaos Computer Club), Hunter (the main hacker), and the different networks will really make you think and keep you on your toes. Read it and see for yourself just how intense the experience will be. I advise you to get some sleep before you start because you probably won't be getting any anytime soon.

Excellent book., November 13, 1997
This book suceeds on many levels. Its a well written suspenseful spy novel that evolves very smoothly and engages the reader very early on. It is also an excellent description of computer / telecommunications technology that most anyone can understand, since he goes to the trouble to stop and explain, in laymens terms, UNIX utilities, daemon outputs, satellite technology, and microwave-oven protocol (check out the sneaker-melting fiasco on p 269). Stoll proves to be hell-bent on capturing the rogue user despite the lack of support from superiors and government agencies, and the toll it takes on his personal life. His frustrated accounts of his treatment at the hands of federal agencies as he petitions assistance from the FBI, the CIA, the NSA (among others) in capturing this potentially dangerous mole are testaments to the power of beaucracy in this country. However, he still manages to humanize the employees of these otherwise caricatured federal agencies by describing them as real people who want to help, rather than just surly trench-coated spies. I especially enjoyed reading about Stoll's low-tech solutions to slowing the hacker as he rifled through delicate documents by jangling keys over the connector to resemble static (simply cutting the line would have tipped the hacker off). This is a very enjoyable book, and I'd also recommend the reader try to find a videocassette copy of the NOVA TV special on PBS. Although it loses a lot of the book's details in the attempt to condense into one hour, it allows the viewer to see and hear the author, one of the quirkiest, most entertaining techno-goobers you'll come across.

A true spy story involving computer crime, October 26, 2002
It starts with a 75-cent discrepancy in an account for computer time and ends with the arrest of a small group of German hackers. The journey from this start to the end is one of the most amazing in all of computing. Along the way, it involves the National Security Agency, the Federal Bureau of Investigation, the Central Intelligence Agency, the National Aeronautics and Space Administration, all branches of the United States military and the Soviet KGB. Fortunately, in the end the good guys emerge victorious, but it is hard to feel very comfortable about it.
This is a story about unauthorized access into computers, where the trespassers are after military and economic data. All information considered of value is sent to the Soviet KGB in exchange for money and drugs. A major undercurrent of the story is the lack of cooperation between the American federal agencies and how they refuse to commit themselves to anything. In the aftermath of the tragedy of 9-11, this is unsettling, as it appears that the lack of communication between the different agencies is where the real failure occurred on that terrible day.
Cliff Stoll is a combination computer programmer and astronomer who was the primary actor in the events that led to the apprehension of the hackers. A self-admitted California hippie type, he started being anti-government and yet ended up lecturing to some of the most governmental of institutions. In the end, he gives some of the best arguments as to why unauthorized access to computers is a serious crime. As a scientist, he understands how all benefit from the free flow of information and mutual trust and how hackers destroy that, forcing all into a state of perpetual paranoia.
This is one of the best popular books on computing that has ever been written. While there are some passages that require a bit of computer expertise to understand, they are very few and not essential to the understanding of the story. It also leaves you wondering as to how many other systems have been entered where the tracks are either nonexistent or have been ignored.

Real Research, January 14, 2000
"When you're doing real research, you never know what it'll cost, how much time it'll take, or what you'll find." So advised physicist Luis Alvarez, Nobel Laureate, in response to Clifford Stoll's lament about lack of support for solving a seemingly insignificant problem - a missing 75 cents in thousands of dollars of computer billings at the Lawrence Berkeley Laboratory (LBL). Dr. Alvarez might have added that life has a wry sense of humor. Dr. Stoll, astronomer looking at the vast reaches of space, ran out of grant money and was transferred to the computer center in the basement of LBL. He was given the momentous task of tracking down a missing 75 cents in the department's computer billings. How trivial can you get? But Dr. Stoll tracked that missing sum, oblivious to the time it would take, the money it would cost, or where it would lead. And in so doing, he probably made a far bigger name for himself than if he had continued his astronomical studies uninterrupted for the rest of his life.

By now, many people know that Clifford Stoll caught a hacker breaking into computer systems, that networks of computers are intimidating entities, and that good and evil lurk even in scientific settings. Larger issues may not stand out so well, though, such as the nature of research . . . real research. Oh sure, we spend billions of dollars on research, but most of it is safe research: we know what it will cost (the amount of the grant), how long it will take (till the end of the grant), and what we will find (enough material that can be arranged in some boilerplate format to satisfy peers we have managed to befriend). Real research is not safe research, so is not practiced by most researchers.

For a condensed view of real research, read pages 86 and 87 of the hardback edition. For an extended explication, read the whole book. Be aware, however, false trails abound as to what is required to do real research. Growing long hair, riding bicycles, and raising your own vegetables are not requirements. Leftist politics, listening to the Grateful Dead, and being at Berkeley are also not requirements. No, the requirements are those stated succinctly by Luis Alvarez. All else is tinsel.

Finally, I thank Clifford Stoll for taking such meticulous notes. Without them, he probably would not have solved his "case," but more importantly, he couldn't have written "The Cuckoo's Egg."

The unintentional counterespionage agent, September 24, 2002
_The Cuckoo's Egg_ has everything most fictional detective novels wish that they had: a personable detective who doesn't mean to get involved as deeply as he does, federal agencies who just can't seem to take action, and a criminal mastermind who has everybody stumped until he encounters our detective. The best part of this whole book is that it really happened-- a feat that fictional mysteries can never match.

I knew Stoll's work through the more technical article "Stalking the Wily Hacker" and was pleasantly surprised to see how well Stoll was able to translate the technical side into a book-length narrative. IMO, this is significantly better than other more recent books about computer crime and still worth a read today (both for information and entertainment).

Outstanding!, March 3, 2001
Cliff Stoll wrote a wonderful mistery book which happens to be real and a great motivation to learn the tools of his (ours?) trade: operating systems, protocols, editors ... There is the exact mixture of people, thrill and science, each one enhancing the others. This is a very uncommon talent. I wonder what would be a technical book written by Stoll, provided he didn't change style! I tell you this: whenever I get saturated of computer stuff (argh! new languages every semester...) I turn back to Stoll. All my sense of wonder is recovered. This is perhaps the perfect book for one who just started to use a computer, and takes it for just a fancy typewriter: she will respect and love her "third half" of the brain. I read Cuckoo's Egg about ten times!

Great story, well written, a must., July 8, 1997


This is a story of a young astronomer who was ignoring his proper job and playing with computers too much, who discovered some alarming hacking into US defence computers and decided to track down the culprits.

Stoll is a persistent thoughful and imaginative investigator and occasionally puts his scientific training to good use, for example when he theorises on the location of the hackers based on their network latency.

I found this utterly enthralling, and it is the only book where I have literally read it through from start to finish unable to put it down, which in my case meant getting to bed at 5.30 in the morning.

As well as a fascinating story of hacking and detection, the book contains wry anecdotes of the total gulf between Unix, VMS and Apple Mac users. Although the story is 10 years old, these attitudes still prevail to this day. And of course Unix still RULES!!!!

The age of the story is revealed when a mini-computer is described as being powerful because it musters 10 MIPS. These days that won't support a mail program :-)

The book also relates in intimate detail the dreadful buck-passing that went on for months before the US powers finally did something.

Interspersed with the main story are some bits and pieces of Stoll's own life and this reader found it a little sad how he devoted so much time to catching the hackers whilst fully aware that his girlfriend was missing him at home, and then in a wistful series of postscripts we learn they split up - perhaps there was some connection.

This is the best of all of these books on computer crime - a must!

Ton of historical info and several current security concepts, October 13, 2003
I loved reading about the mid-80s computing environment. I've been in infosec (Unix/IDS and networking) for a few years now but the world in which Stoll operated was vastly different than our internet. However there are several concepts that are huge today in information security that Stoll used/documented 15 years ago. Examples:

1. Diversity in computing. Stoll mentions at least twice that diversity in computing is a defense for worms and human attacks. While one can argue that this is not feasible, this idea certainly isn't contentious enough to fire someone over, which is what just happened to security researcher Dan Geer for saying this (don't cross MS).

2. Honeypots. Stoll created fictitious information on his computer to lure the attacker into looking at that info long enough to get a trace. Not exactly a modern honeypot but pretty close.

3. No cooperation between govt branches. Enough said.

4. BAD PASSWORDS. Most of the attacker's arsenal was plunking away at default accounts with lame passwords. Fast forward 15 years and think about how far we've come.

5. Attackers' ridiculous attempts to justify breaking into someone's systems by claiming they're doing the victim a favor by displaying their security problems.

6. Responsible disclosure of bugs and security holes. Stoll ponders how to do this in the late 80s. It took until 2003 for most ppl to agree to give vendors about 1-3 months notice before going public.

My only complaint was that it gets a little repetative near the end with Stoll calling around and trying to get anyone to help him instead of just leeching info. But if that was boring for me it must have been much worse for him.

Overall a solid book that allows us "youngsters" (born mid-70s or later) a glimse of the centralized computing world, I'm just sorry it took me so long to read it.

The Cukoo's Egg, November 29, 2004
I bought this book because it was refenced in a book I was using for a computer course in college. The idea of the story sparked some interest, so I purchesed it. I read the entire book in a day, and I never read. I could not put it down. The story isn't necesarilly so perfectly written that I could not pull myself from it, rather it was the fact that everything was real. It amazed me that "hackers" were up to the tricks and methods that are still used today. I say "hackers" because really they (or the media) have hijaked the term.

Anyway, I don't want to give out too much about the story, but if you think you would like this story, you will. Especially if you have knowledge of Unix or VAC systems. Ah, nostalgia. And even if you don't know about those systems, it will give you a good idea of where computers have come from.

I give it 5 stars due to its very nature: a true story that has step-by-step documentation to back everything up.


{end of page}

(Page code from the SEO Tools, Toys, and Packages site)