69 comments

[ 5.9 ms ] story [ 142 ms ] thread
Mr. Stoll I believe eventually spent some time listening to the community, but for a while he had some contradictory views along the lines of the white, black, grey hat or perhaps what we would now call red team. For comparison here is a video from 1989 with a lot of risk management type language from the US government that seems boring and perfectly normal today https://www.c-span.org/video/?7596-1/computer-viruses
(comment deleted)
Mr Stoll internationally traced a KGB-affiliated hacker when almost nobody had heard of the internet[0], more or less invented the long-game honeypot to catch him, and testified at his trial.

One hopes “the community” listened at least as much to him, considering the internet security community apparently was hardly worth a damn before all this happened.

[0] and was, coincidentally, basically the first person to use the term “The Internet” (proper noun, emphasis on The) in widely read non-fiction, outside of a training manual and research document or two.

[flagged]
You mean the guys who admitted to working with KGB?

I mean, I met one of them, they do not hide that part of the story (admittedly in a public interview one of them claimed it actually boosted their career in 1990s)

Right, so it was just as much in their interest as it was in Clifford Stoll's to pretend that this was an international espionage incident?
No, it literally was an international espionage incident. Documented down to money trails, separate "verification" action by soviet agents (who were attempting to verify the data they were being sold), and specific areas of interest.

We're talking very early era of internet, barely 3 years after MILNET was separated from ARPANET, and computer security was less implemented than it should be. Which is why such outrageous hack could happen at all.

If your items are stolen from your car, the police officer can't care, but will take the report. If you say you left your doors unlocked, you also get a lecture. No one will welcome or be impressed by any sleuthing on your part. Maybe you can find your stuff, but is it worth the risk?
This is... an impressively bad analogy. As in it took me some time to even parse if it wasn't by chance something that was supposed to go somewhere else.

Maybe if you're dealing with some innocent "looking" by obvious teen on unsecured system it would have a sliver of relation to what was happening.

If anything, the biggest issue is that when the events happened, there were no "code of practice" to follow. Officials were even less useful than today. Checking for what the unauthorized access was used is today the basic of basics, and part of that comes from the experiences of what Germans call "KGB Hack". Especially when one works in national lab under auspices of Department of Energy, and traces intrusion (again, something I'd take for granted today, to check which way the attack comes if only to bolster future defenses) to a military contractor. The story probably would have ended there if it wasn't one of the first such cases - today I'd call up appropriate unit and led them lead the way.

And even then, sometimes you have to sleuth your way if only to keep the agencies honest, because sometimes the only way to get them actually acting is to publicize what happened so that public starts asking questions.

P.S. And I say that as someone who was born on the other side of the Iron Curtain and would be on short list to be vaporized under american policy of "kill as many civilians as soon as possible"

P.P.S. Sometimes the police/others will, in fact, quietly mention that they might be interested in more data off the books.

The position of the US government as far as I can tell was that this was such little fish at the time that was the reason they didn't pay much attention compared to the ongoing direct network attacks against more valuable assets.
The position was that it was new enough they had no idea what to do. Direct network attacks weren't yet a thing, kremvax was still a joke that provoked because just the idea of having soviet machine on the same network was spooky.

The direct result in government from "KGB Hack", combined with Morris Worm, was to essentially kickstart the whole Network Security Monitoring and creation of agencies that actually took in network security as core mission. Before, best chance would be that you could try hitting up your friendly neighbourhood fed who was pulling the duty of security officer for your facility.

It was pretty damn new that one could connect from as far, and this was still dependant on modem lines. Far cry from the freedom some enjoyed in USA, that if one knew how to phone into a local TIP they could get onto ARPAnet and some places wouldn't ask for passwords at all.

Before, the security was more concerned with what you did locally on specific machine, and in some more expensive cases, complex access controls so people could cooperate on files with different permissions.

My original post, and comment, was that the view of the government at the time was everyday boring security principles that we still use today that mirror a lot of physical security principles. The video goes in detail. I'm sorry I thought you had watched that... If you can make time for it I highly recommend it. It doesn't quite gel with the narrative you have... On public cable television networks nationally, in 1989, senior members of the government spent hours discussing this openly and honestly using the same terms we use today while Mr. Stoll was taking amateur, incomplete conclusions to extremes in the tabloid media.
(comment deleted)
I don't think it was in their interest to incriminate themselves more than to the degree that prosecution was able to proof already.
He spent a long time on Slashdot and other places speaking out against hackers of all types and it wasn't until maybe 1999 or 2000 until he seemed to concede that some aspects of hacking, such as the bug bounties of today, were valuable. Dissent around Mr. Stoll at the time is evident in Phrack and other material from the time. I have the highest respect for the gentleman of course, I'm just trying to raise awareness that he was very much against messing with systems at all, even for exploration or testing, and spent a lot of time in the early to late 90s telling non-computer people to be suspicious of anyone who seems to know too much about computers. It was very offensive to me at the time, but I do know that he did eventually see the light.

From Phrack #32

``The Cuckoo's Egg'' captures many of the popular stereotypes of hackers. Criminologist Jim Thomas criticizes it for presenting a simplified view of the world, one where everything springs from the forces of light (us) or of darkness (hackers) (Thomas90). He claims that Stoll fails to see the similarities between his own activities (e.g., monitoring communications, ``borrowing'' monitors without authorization, shutting off network access without warning, and lying to get information he wants) and those of hackers. He points out Stoll's use of pejorative words such as ``varmint'' to describe hackers, and Stoll's quote of a colleague: ``They're technically skilled but ethically bankrupt programmers without any respect for others' work -- or privacy. They're not destroying one or two programs. They're trying to wreck the cooperation that builds our networks,'' (Stoll90, p. 159). Thomas writes ``at an intellectual level, it (Stoll's book) provides a persuasive, but simplistic, moral imagery of the nature of right and wrong, and provides what -- to a lay reader -- would seem a compelling justification for more statutes and severe penalties against the computer underground. This is troublesome for two reasons. First, it leads to a mentality of social control by law enforcement during a social phase when some would argue we are already over-controlled. Second, it invokes a punishment model that assumes we can stamp out behaviors to which we object if only we apprehend and convict a sufficient number of violators. ... There is little evidence that punishment will in the long run reduce any given offense, and the research of Gordon Meyer and I suggests that criminalization may, in fact, contribute to the growth of the computer underground.''

http://phrack.org/issues/32/3.html

> Dissent around Mr. Stoll at the time is evident in Phrack

You don’t say!

I mean, you got a guy going on Geraldo and such fear mongering and accusing the government of doing nothing while the most senior level of the US government as public as possible describes modern sounding risk management ideals... And people forget that security through obscurity was a deeply prized thing, and all of this was before firewalls.

If you were to tell Mr. Stoll and his audience that that in the future one of the most popular information places would be called Hacker News they would get the opinion very quickly that the good guys apparently lost in the future. I guess I can't really describe it, but this mindset would've been very bad had it survived, but thankfully it hasn't, and couldn't.

This would've been impossible probably, but ideally Mr. Stoll should've worked to explain in detail the vulnerabilities and mitigations and tried to explain those things as making crime inevitable. That's what we do today, but for a long time people thought that was just giving bad people ammunition instead of how we see it today as part of a whole arsenal of perspectives and strategies.

In the late 90s during several Q&As Mr. Stoll came around to agree with many of our modern concepts of security, once he understood more of the game mechanics and some other understandable confusion stuff... He wasn't as online perhaps as many people are today, and to my understanding never formally worked in security nor wanted to.

This guy wrote book in 1989. There is a section, where he asks some NSA guy about project Echolon, and if they recorded some phone call he needs for investigation. 25 years before Snowden! Always cracks me up :)
I found the Snowden thing funny-odd...

Echelon was something a lot of online techies had heard of by 1989. (I was just a teen, and I'd heard of it.) There was at least one book about it.

It was so well-known, and joked about, for so long, that one time I made a nerdy joke referencing Echelon to an ex-NSA person. When they responded simply, "What's Echelon?", I realized I'd put my foot in my mouth, by rudely putting them in an awkward position. I guess that they still weren't allowed to talk about even long-public information about it.

Before the Snowden disclosures there were all these capabilities and methods that you would've come up with, if you'd taken a smart techie and asked them, "If it was your job to build out surveillance capability, with NSA scale of resources, what kinds of things would be possible with what you know of computer-ish technology today?"

After all the decades of jokes and speculation, it was still funny-odd to see that, yes, it's for real.

Not entirely like Galaxy Quest, but at least the dorky parts: https://www.youtube.com/watch?v=nF_6OfgbF7c

I think the issue is that while even techies, who were not part of IC instinctively knew that the story as presented to the general population simply did not add up and explanations like 'we are only grabbing x out of y' are unlikely, the general population either did not understand or did not want to understand what it meant.

It took the more salacious variants of those stories like nsa people spying on exes[1] to get public mildly interested.

The sad thing is you are not wrong; as little as I knew back then in an irc channel. I remember after a particularly questionable comment I made a follow up with comment basically telling nsa its a joke. Then again, today people seem to add 'fbi agent' trope.

[1]https://www.reuters.com/article/idUSBRE98Q14H/

Yeah we knew (or strongly suspected) that long before Snowden, NSA had massive capabilities.

I think one reason that this knowledge faded into the background is that in the 80s/90s it was mostly tech geeks who where concerned. Many people didn’t use computers or Internet at all back then. So to them it all probably felt very abstract. And then people forgot about it. Until Snowden revealed what he had found.

Same here; I'm probably MIS-remembering, but I "remember" well before the Snowden leaks reading about the mysterious room at AT&T that was suspected to be where "someone" kept all the equipment for tapping.

IIRC (and I likely don't), what I read was some employee that saw people coming in and out with equipment, some of which he recognized as storage and other data-reading stuff, and a lot he didn't, and he was made VERY aware that he was not to talk about this, or even be in the area any longer or ever again, for any reason.

My recollection was that I did this reading in the mid 90's. But the wikipedia article for that room dates later, so this is the cause of my apprehension of placing the exact time.

There were a few days back in the 90s where all the tech sites would run a campaign where everybody was supposed to send emails full of red flag words: "bomb" and "assassinate" and "terrorism" and what have you. It was specifically to mess with NSA surveillance operations.
Forever, there was a file included in stock Emacs, `spook.el`, which could be hooked up to automatically add random strings of "interesting" keywords to each of your email or Usenet messages (in signatures, or in headers like `X-Spook`).

https://www.gnu.org/software/emacs/manual/html_node/emacs/Ma...

Looks like copyright date of 1988:

https://github.com/emacs-mirror/emacs/blob/master/lisp/play/...

https://github.com/emacs-mirror/emacs/blob/master/etc/spook....

Try `M-x spook RET` in an Emacs buffer.

It could be dismissed as a crazy conspiracy theory pretty easily until Snowden, imo.
Everyone should read the book! (The Cuckoo’s Egg) - it’s really awesome.
There's quite a few interesting cameo's, including Robert Morris (Morris Worm) and Paul Graham himself.
pg too? I had totally forgotten about that.
I was curious and found the one mention of pg, in the discussion of the Morris Worm:

So Bob Morris's son froze two thousand computers. Why? To impress his dad? As a Halloween prank? To show off to a couple thousand computer programmers?

Whatever his purposes were, I don't believe he was in cahoots with his father. Rumours have it that he worked with a friend or two at Harvard's computing department (Harvard student Paul Graham sent him mail asking for "Any news on the brilliant project"), but I doubt his father would encourage anyone to create a virus. As Bob Morris Sr, said, "This isn't exactly a good mark for a career at NSA."

I seemed to have recalled there was a bit more than just a mention, but I might have confused it with some other stuff I read. A lot of well known figures seemed to have crossed paths during the early days of the internet which I found pretty fascinating
I read the book a long long time ago (highly recommend it) and only now, watching the video, recognized Stoll as the Klein Bottle guy.
I read the Cuckoo's Egg when I was in like 6th grade, and even though I didn't REALLY understand what was going on at the time, I've always wondered if it subconsciously influenced me towards becoming more computer-savvy, to my present day form as a command line junkie ;)

IIRC I randomly picked it out from the local Borders too (realize I'm dating myself with that one) so that's some real "Dalai Lama reincarnation" stuff going on there. Like it was fated...

One security company I worked at had it as required reading for new hires - you were given a copy as part of onboarding.

I honestly think that was an excellent idea - there’s a good amount of valuable lessons for an analyst to glean from reading it.

I can think of very few other books in the IT security field that are as well written and as compelling besides maybe Silence on the Wire, The Tangled Web, or Innocent Code.

I remember reading an excerpt of this book in Australian Personal Computer magazine when I was a kid, and then the book some years later. Was a great story.
Bought a klein bottle from Cliff Stoll a few years ago.

https://www.kleinbottle.com

He enclosed a really nice brief note. Amazingly nice guy!

I've gotten a couple of things from his shop. I was genuinely shocked at how friendly and helpful he was. It was probably the best "customer service" interaction I've ever had.
I love Cliff, This Story about His Elementary School's Teacher teaching him about Matrices cracks me up every time (From a Numberphile podcast)

https://www.tiktok.com/t/ZT8tfa5wN/

That was wholesome, thanks for linking
amazing story, thanks by the way it's the first time I see a tiktok link on hn :)
[flagged]
actuall, since 17.3 i can do just that by: safari > youtube > fullscreen playback > power button > power button (yes, again) > play from lockscreen
Nice find - but this works for audio only, and only if you don’t open any other apps. I’m talking about being able to minimise the video to a small window while you use another app. Unless I’ve misinterpreted your instructions.
You’ll need Vinegar extension for safari for that. It forces standard video player on youtube.com, and you’ll have to uninstall YT app.
Whoa! Thanks - that’s exactly what I needed. Downloaded, paid, celebrated.
works for video on my end.

but, yes, i must have misunderstood your requirements. the steps let me have the video running while the device is locked (for music, voice, etc). this was always possible in some way or another, but since the last patch it works out of the box.

It’s a great story, and a fun book to read. However, while I can see the thrill of the chase, I can’t help but think Stoll’s superiors had the correct, pragmatic response more suited to the future of the internet - “close the loophole and move on”.
I've given up trying to find the old "Science Fiction" series shown on ITV in the UK: https://www.imdb.com/title/tt1380838

The first episode is "Spycatcher" and based on The Cuckoo's Egg, so I wonder how similar it is to the other productions. Unfortunately, I can't find it in the usual places and "Yorkshire Television" who owns the footage doesn't exist anymore.

(comment deleted)
This really made my day, what a fantastic blast from the past.
Cliff Stoll is a hero of mine. I grew up reading his books, and the Cuckoo's Egg is very close to my heart. Really opened my eyes to the Internet and the birth of modern technology. I remember when I was a kid I looked his phone number up, and he just happen to be listed in the book, so I called him up. He could not have been more kind.
What happened to Markus afterwards? The sentence seems to be pretty light so I guess maybe the USSR had a hand in it. With his skills he could definitely do a lot in the computer industry.
Pengo had been quite successful, from what I've seen.

Definitely felt more successful than me even before I heard (through alternate means) who I talked with XD.

Never seen anything about what happened to Markus afterwards and seemed gauche to ask.

After doing some internet sleuthing, I'm about 95% sure I know what he's doing today, and if it who I suspect, he has had a decent career in IT. Would rather not post my findings to respect the man's privacy.
I am currently reading "CYBERPUNK: Outlaws and Hackers on the Computer Frontier" and can recommend it if interested in pre/early computer hacking (Phreaking, BBS, VAX/Digital). First third is about Mitnick and friends, second about Pengu and CCC friends.
The Cuckoo's Egg was a fantastic read to me back in the mid-90s as my worldview was shaping up. (among other, like Soul of a New Machine, Hackers by Steven Levy, Masters of Deception, etc)
I've recently read The Cuckoo's Egg and as a person that has been born into technology it's really interesting how Cliff goes to explain concepts that these days are understood as common knowledge.
Here's what happened to me:

- Reached out to a Russian troll on twitter via DM to discuss some specific topic he had mentioned. I try to engage the conversation on this topic which requires "blowing up his cover".

- The shill gets angry and asks me to imagine what he would do to me.

- My reply convince him I'm a US intelligence officer. After some nervous back and forth between blocking and unblocking me, someone else seems to be on the other side of the line and asks me to talk to my manager/officer, using some spy scheme from a movie. I back the fuck out.

- About a week later, I realize there is an "iCloud" segment in my finder left vertical bar. All the sync settings are ticked, including stuff I do not use. I go check the sync folders' last modified time: a mere two hours after I had this conversation on Twitter.

- Go back on twitter to see what the shill is up to. He's complaining about suffering a breach of his iCloud account and blames some intelligence service in Frankfurt, providing a picture of the building.

I have no idea what I have stepped into. Was it some counter-intel honey pot ? Then it was pretty well made. Or are these people genuinely working for some russian service ? If so, then they are batshit crazy, arrogant and not as professional as one may expect.

As a result I nuked my github and stopped using my phone, my watch, youtube account, etc. I was promised open brain surgery/interrogation by people that are allegedly expert doxxers and torturers and thought I was an intelligence soldier fighting against them.

I had a similar experience many years ago and learned my lesson and stopped engaging this way with people I didn't know. Later I learned just how easy it is to dox people using stylometry (see: how Ted Kaczynski was caught) or by finding a careless mistake (see: how Dread Pirate Roberts was caught). I was glad then that I learned to be cautious.
This is exactly how I "blew up" his cover. The fact he used low quotation marks "disproved" the claim he was from western europe (mostly). I have no certitude though. This could well be intentional if this was a counter-intel honey pot, in which case I kneel. Would you mind sharing your anecdote, keeping things blurry as I did ?
(comment deleted)
I shared some info then deleted it. Best not poke that sleeping dog.
After a infosec course for non ict people, someone wanted to know more. I recommended The Cuckoo's egg.

We are 30 (I guess?) years after that book, and I still have nothing better to recommend.