Computer underground Digest    Sun Sep 20, 1992   Volume 4 : Issue 44

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Shadow-Archivist: Dan Carosone
       Copy Editor: Etaion Shrdleau, Srr.

CONTENTS, #4.44 (Sep 20, 1992)
File 1--The Cuckoo's Egg Revisited
File 2--The Egg, Over Easy
File 3--Cuckoo's Egg and Life
File 4--The Egg Hatches
File 5--The Cuckoo's Egg and I
File 6--Comments on Cuckoo's Egg

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited.  Some authors do copyright their material, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: Wed, 29 Jul 92 21:17:34 EST
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: File 1--The Cuckoo's Egg Revisited

Cuckoo's Egg Revisited
by Gene Spafford

When I first read Cliff's book, in draft manuscript form (Cliff sent
me an advance copy), I found it gripping.  So did my wife.  We each
found that when we started it, we couldn't put it down until we
finished it -- both of us staying up past 3am on a weeknight to read
through to the end.  We weren't the only ones.  When the book was
published, I bought copies for some friends, several of whom don't use
computers.  Almost all of them had the same reaction: they found the
book engrossing, entertaining, and informative.  Several of them also
reported spending late nights (and early mornings!) reading to the end.

It wasn't that Cliff set down particularly elegant and engrossing
prose that made the book so captivating, although his writing is
certainly better than many others evidence.  It wasn't because Cliff
recounted some high-tech adventure either -- many of the readers
(myself included) already had experience with computer security
incidents.  So why was the book so interesting to us, and to so many
other people?

It wasn't until a few weeks ago, when Jim Thomas asked if I would do a
short retrospective on the "Cuckoo's Egg" that I thought about this
question.  I even went back and skimmed through parts of the book
again.  Now that I've thought about it, I believe I know why "Cuckoo's
Egg" had such an impact: it was a honest sincere, personal accounting
of one person's internal struggle with right and wrong, as well as
being a challenging mystery story.

Cliff's writing portrayed, for many of us, some interesting conflicts
and value judgments. For instance, having strong opinions about some
governmental and commercial entities, but finding that they are
composed of many well-meaning, genuinely nice people. Or discovering
that not every "harmless" act is really harmless when multiplied
many-fold.  Heroic tales often involve journeys of self-discovery and
the loss of innocence; we saw Cliff undergo both.

To give a more concrete example of this, I consider the anecdote about
how Cliff "liberated" several printing terminals to track the logins a
perfect example of how rules, particularly property rules, may
sometimes be ignored by someone hot on a clever "hack," as Cliff was.
As the story unfolded, he made choices that I know he would have
reconsidered later on.

I also think that Cliff's account of keeping his system open, and
observing the cracker break in to other machines through his, is a
perfect example of how difficult some choices are to make, and how
they must be reevaluated as time goes on.  Was Cliff partially
responsible for those break-ins?  Was his notification of the sites
sufficient to counter the harm he had done?  Is the argument that "the
bad guys would have used some other route" a valid argument?  Seeing
those conflicts, even if indirectly, made the book something more than
just entertaining.

Cliff started as a well-meaning academic with strong views (almost
anarchistic, perhaps), and through the course of his personal
experience became someone with a different view of society.  He
underwent a transformation, on the pages before us, from a
happy-go-lucky scientist, to someone obsessed with a problem.  As he
recounted his growing awareness of the vast vulnerability our
increasing reliability on computers and networks presents, he made us
aware.  And with this new awareness, we read about the change in Cliff
and his view of the world...and how those around him changed their
view of him.

Cliff admits that he second-guesses some of his decisions made during
the time of his pursuit.  He's not sure he did the right thing at
every step, and he has paid a high price for doing what he felt was
right -- losing many things he treasured before and after the
publication of the book.  I think that's in the book, too, although
maybe not explicitly.  Or perhaps its because I know Cliff and have
talked to him about being thrust into the spotlight that makes me see
those things when I reread parts of the book.  He lost some cherished
possessions in the midst of battling for his principles, and that is
always a gripping theme.


So, is "Cuckoo's Egg" still worth reading today?  I think so.  I
didn't find it so gripping this time as the first time I read it, but
I saw more of the internal struggle Cliff went through as he pursued
his investigation.  I also saw how little some things have changed in
the our world of networks.

The book is still entertaining, too.  Cliff's account of drying his
sneakers in the microwave oven sounds like something I'd do, and his
recipe for cookies is still a bonus.

If nothing else, "Cuckoo's Egg" is still a good way to expose the
uninitiated to some of the problems with computer security and
investigation.  For that one reason alone, I think the book will
continue to have value to us -- as a place to get dialog started, if
nothing else.

I reflect on the world in Cliff's book, where sites were regularly
broken into without sys administrators knowing about it, where
security information was difficult to find, and where it was almost
impossible to get law enforcement to care about what was happening.

Then I think back over the past few weeks:
   * I have given several continuing education courses in Unix
     security, here in the US and in Europe, this summer, and turnout
     has been good
   * I've spoken on the phone with people in the FBI and US Attorney's
     office whose full-time job is devoted solely to computer crime issues
   * I've read in the paper about several arrests on computer crime
     charges, in the US and in Europe
   * I've corresponded with representatives of several security
     response teams, charged with helping to deal with computer
     security incidents
   * I've received court papers identifying me as a witness in
     an upcoming trial on computer abuse
   * I've been talking with some law enforcement agents in a (unnamed)
     nearby state who are concerned about how to define laws that help
     them stop the "bad guys" yet don't hurt innocent third parties.

How different the world is now from when Cliff began his adventure and
wrote his book!  Although we still have sites run with a cavalier
attitude towards security, and although there are still people who try
to penetrate whatever systems they can, the situation is not the same.
We now have dedicated security officers, a growing security industry,
new laws and law enforcement efforts, and coordinated responses to
unauthorized access and malicious behavior.  It's far from ideal, but
awareness is growing.

Perhaps "Cuckoo's Egg" has had something to do with those changes?  If
so, we should be grateful, perhaps, that this catalyst was crafted by
someone whose vision is that computers are useful if only we can
maintain sufficient trust in each other, and not someone with an urge
to legislate tight controls.  In a way, that is one of the most
enduring aspects of Cliff's writing.  It is clear that he loved some
aspects of computing.  The challenge of tracking his intruder was
clearly an element of gamesmanship  as well as duty.

Cliff, like many of us, came to realize that the world came to his
workstation through the magic of networks and computers.  That world
view, however, is based on a foundation of 1's and 0's that bear no
definitive stamp of who sent them.  The network provides freedoms to
be free of stereotypes, and to express your thoughts to millions.
Your thoughts come through, and the reader need never know if you are
young or old, tall or short, fat or thin, black or red or oriental or
hispanic or mongrel, male or female, hale or crippled.  That same
freedom, however, requires responsibility to not abuse it, and trust
that the 1's and 0's aren't carrying lies.

It was Cliff's anger at the end of the book -- that his trust in what
came across his computer was violated -- that really brought home the
change.  His anger, about how the abuse of trust by a few threatens the
many, clearly came through to me.  His concern for our reliance on
computers also was clear.  And the irony of the epilogue, tugging at
him again, after he said he was giving it all up; "I'm returning to
astronomy" are his final words in the last chapter.  You can't go back
Cliff.  Sadly, none of us can.

------------------------------

Date: 24 Aug 92 23:27:31 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 2--The Egg, Over Easy

The Egg, Over Easy.
Gordon R. Meyer, CuD co-moderator

It's Thursday, August 20, 1992 and I'm watching the President of the
U.S. address his loyal minions.  "Fall of communism...I did that,"
"The reunification of Germany...did that too," "Kuwait is free..thanks
to me," "Events in our country?...blame Congress. It's not my fault".
The telephone suddenly rings...though semi-catatonic I know, just
know, it's the Thought Police.  Shit, what will I tell them?  I was
listening to the President...honest!  You must have me confused with
someone else.  My palms are sweating.  The phone is still ringing.  I
pick it up...

"Guten abend" I say, in my best German accent, hoping it will throw
them off the track.  "Hey Gordon" Jim says without hesitation.  "Jim!
It's you!" Thank God.  I breath easier knowing that it's only Jim
Thomas, co-founder and Keeper-Of-CuD on the line.  I guess I only
thought it was 1984.

Or maybe not.  Before I know it Jim is asking me to write a review of
'The Cuckoo's Egg' for the next issue of CuD.  I check my watch...it's
still ticking.  A quick glance at the calendar on the wall...'1992'.
Hmmmm.  Maybe Jim  is still in his own RNC-induced trance.  "Didn't we
review Cliff's book about..oh...two and half years ago?," I ask
quietly, trying not to wake him too abruptly.  "Yeah."  (It's a full
sentence for Jim, trust me, he can say a lot in  one word.)  Admitting
my confusion, I ask him to explain. "There has been a lot of water
under the bridge since Cliff's book, it'd be good to take another look
at it and see what it has to offer now.  Besides," he added, "we
already have retrospectives from lots of other folks." "Nothing like
good old fashioned peer pressure" I mumble, trying to sound
enthusiastic.  I ask him when he needs the article, knowing the answer
won't be as far in the future as I'd like, say eight or nine months
from now.  "Wednesday latest, tuesday if you can."  Great, so I've got
around five days to find, then re-read, then review the book. How will
I convince him it can't be done?  I start to voice my objections,
starting with "I don't have time to read...," when he cuts me off
before I can finish. "So don't read it again, just review it." Huh?
No, wait, oddly enough it starts to make some sense.  Or least more
sense than what I could hear coming from the television in the other
room.  We discuss the idea a bit more and hang up with me promising to
send the article by wednesday, and Jim making me say "By wednesday the
24th of August 1992 anno Domini, cross my heart and hope to die."
Sheesh, what a slave driver...

I'm determined *not* to refer to my copy of The Cuckoo's Egg (The Egg)
for this exercise.  I really do know where it is though, I can see it
on the shelf about ten feet away as I write this, but I'm not going to
cheat and look at it.  I don't need to.  Well, except to see how the
hell to spell "Cuckoo," but that doesn't count. There's no need for me
to tell you what the book says, you know that...or at least you
should.  If you don't know then you haven't read it.  Do so.  Now.
End of review.  (And if you choose to ignore this advice, and not read
it, I swear to God you will regret it because the very first
non-computer person you meet, who finds out about your interest in
security/hackers, will regale you with an enthusiastic 20-minute
summation of 'that one hacker  book'.  So either read it, or never
_ever_ admit you haven't. Trust me.)

Let's look at The Cuckoo's Egg not as a book, but as a landmark...A
cultural/historical icon that escaped from cyberspace into the 'real'
world.  The Egg, for the most part, was the first to introduce to
mainstream (i.e., Non-cyberspace) society the concepts, magic,
implications, and yes, possible dangers, of the networked world.  The
Egg uses popular and familiar "Hollywood" elements (espionage,
government agents, goofy liberal scientists) , and melds them with the
unfamiliar and obtuse (networks, Unix). Classical elements,
fascinating story...It'll sell a zillion copies!  And it did. The Egg
has been in paperback, on Nova, in Congressional hearings, featured on
the Wily Hacker Trading Cards, retold in JPL Comics, selected as a
Book-of-the-Month Club Alternate Selection, and the ultimate in
mainstream acceptance and recognition...condensed for Readers Digest.

No, The Egg is certainly not just a book.  I want to liken it to
_Hell's Angels_ by Hunter S. Thompson.  But I'm not old enough to do
so with any credibility. Thompson introduced people to the outlaw
motorcycle gangs, and showed their lifestyle and organization in a way
that outsiders had never before seen.  We share with HST as he learns
about the Angels, and we wince when gets beat-up at the end.  In The
Egg, we mock Cliff's obsession with the teeny tiny accounting error
that leads to the discovery of The Intruder.  Then, after enticing us
with a Brownie Recipe, he gets us caught up in the chase until we
cheer when the Bundepost gets a trace on the hacker's line. _Hell's
Angels_ is every bit as much as a 'must read' to be able to converse
about motorcycle outlaw gangs, as The Egg is to talk about the
problems of computer security.  Only more so, as I don't think Readers
Digest has ever heard of Hunter Thompson.  (Note to Jim: Don't worry,
I've deleted the discussion of the phallic symbolism of pistols and
yo-yo's.)

The Egg is also important as it documents an era when the FBI, SS,
CIA, Telco Security, and everyone else would laugh off hackers and/or
espionage.  Those days have ended.  In fact, the pendulum has swung so
far in the other direction that Stoll's experience with the laise-
faire authorities seems quaint. For researchers, The Egg marks
somewhat of a transition between Esquire's Cap'n Crunch article, Bill
Landreth's confessional book, and the ill-directed Operation Sun
Devil.

To my knowledge we've never really heard about the 'national defense'
impact any of the information Stoll's hacker may have passed on to the
Soviets.  This is regrettable as The Egg has almost certainly had an
effect on concern about computer espionage.  It would be interesting
to know how this 'classic case' (and oft cited) harmed, or failed to
harm, our "National Security."   Regardless of the affect, it's a
reasonable assumption that Stoll's work has been used as justification
for more than one corporate security program sales pitch.  The Egg is
destined to be a part of Bibliography's and "suggested reading" lists
for many years.

Finally The Egg has also given us its author, Cliff Stoll.  If it
wasn't for his book, and his willingness to share it with the world
(quite literally, I understand, though haven't confirmed, that it has
been translated into many languages) Stoll might well be known only to
his fellow Astronomers. That would be a shame, for although I don't
always agree with Stoll's suggested solutions or characterizations of
the Computer Underground, I think the computer security community
would be a bit more boring without him.

So there you have it, The Cuckoo's Egg thus far.  I'll be interested
in seeing how the book holds up over the next two or three years.  I
predict it will do just fine, joining the ranks of _Hackers_ and _Soul
of a New Machine_, as dog-eared after dog-eared copy gets passed
from one computer enthusiast to another.

Postscript:  For those who just can't get enough of the saga of the
egg, a book published in Germany, _Hacker for Moscow_, tells the tale
as seen from the other side of the terminal.  If you were hungry for
more information about the German/East German connection, and you want
a more detailed description of the actual methods used to gain access,
as only the intruder himself can give, check it out.  Unfortunately,
as far as I know, it hasn't been translated into english...outside of
Langley, VA of course.

------------------------------

Date: Sun, 2 Aug 92 18:51:50 PDT
From: brendan@CYGNUS.COM(Brendan Kehoe)
Subject: File 3--Cuckoo's Egg and Life

Life can take you in any number of directions, some of which may bring
you through Andy Warhol's proverbial fifteen minutes of fame.  Cliff
Stoll found himself propelled into that limelight, caught quite
unawares.  The tale of a six-bit accounting discrepancy leading to
spies and intrigue took the world by storm.  His life has apparently
calmed down now, but the results of his experience are still being
realized by the computing community.  Advances in technology, groups
like CERT and companies with full-time security alert personnel are
all, in part, testament to the work represented by his book.

The cosmopolitan appeal of The Cuckoo's Egg cannot be ignored,
however.  Fully half the importance of a message is its capacity to be
conveyed to as many people as possible.  Cliff accomplished this, in
spades.  Rather than limit the audience to technophiles who would eat
up the juicy details, The Cuckoo's Egg offered readers an insight into
how a "diamond in the rough" might go about dealing with what amounted
to an impossible situation.  Following Cliff as he was knocked about
from pillar to post, finding no help at all from those we would assume
are paid to investigate such things, made for truly fascinating and,
sometimes, disturbing reading.

Just over two years ago, I spent Christmas with a friend and his
family, the cost of returning to my native Maine proving prohibitively
high.  While browsing a North Pennsylvania mall, we happened upon The
Cuckoo's Egg in a bookstore, and my friend chose to buy it as a gift
for his father.  Someone I consider to be the perfect example of a not
terribly advanced, but quite comfortable, computer user, his dad was
instantly captured by the engaging story.  He literally inhaled it,
along with dozens of cigarettes, over the course of not more than two
days.  Chapter One on Tuesday, "THE END?" on Thursday evening.  A
flurry of questions hit over the weekend: was the network used at
Widener University, where we were Computer Science majors, capable of
these things?  had we ever seen anything like what had happened to
"that astronomer"?  wouldn't it be cool to have it happen to us?

The notoriety Cliff Stoll gained from what could be termed an ordeal
was not, in my opinion, the reason The Cuckoo's Egg had to happen.
Rather, it accomplished precisely what it set out to do: bring the
concerns of information security into the thoughts and conversations
of thousands of people.  People who would otherwise not have ever
encountered what may well prove to be one of the most decisive factors
in our world's future as we fast approach the new millennium.

------------------------------

Date: Mon, 14 Sep 92 11:14:49 CDT
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 4--An Ideal(istic) Egg

Cliff Stoll, the hippy, might appreciate the irony of The Cuckoo's Egg
(TCE) symbolizing for the "hacker generation" what Altamont did for
the counter-culture of the sixties. Cliff Stoll, the socially
committed astronomer would take little pleasure in the prophetic power
of his observations.  For those of the sixties, the free Rolling
Stones concert at Altamont was seen as a west-coast version of
Woodstock--a chance to frolic, engage in the excesses of "freedom from
responsibility," and live out a fantasy inspired by a romantic image
of the flower-power culture. A beating death by the Hell's Angels
"peace keepers," seemingly high numbers of drug overdoses, and
spiritual rain darkened the event.

Altamont itself did not kill the "hippy dream" any more than TCE had a
terminal effect on the hacker counterculture. Nonetheless, the
experiences recounted in TCE provided an icon for the passing of a
romantic era of hacking into one in which personal responsibility (or
lack of it), personal excesses, and increasing abuse without concern
for the consequences were eroding a culture from within.  Like the
decay of the sixties' culture, the hacker culture of the 1980s was
invaded by newcomers who lacked the romantic idealism of those who had
come before them. As access to computers increased, a hoard of
newcomers moved in, bringing with them the problems that face any
community in a population explosion.  In TCE, Cliff only documents one
slice of the problem by describing one incident that symbolized the
problems of a new society when trust and respect for the rights of
others breaks down.

In long-lost correspondence, Eric Smith once suggested that TCE
represented a turning point for Cliff, for the "hacker community," and
for computer users who who lived outside the pale of exploratory
computer use.  Cliff's work raised consciousness, a few hackles
(including my own), praise, and criticism. It was written before
Operation Sun Devil, but was read by many of us in the context of the
Legion of Doom and Phrack indictments. It was cited by some law
enforcement agents in documents and other media as a means of
exaggerating the "Hacker Menace" as a national security threat to
justify their excesses in early 1990.  As a consequence, it was not a
work that received many neutral readings.  Ironically, much of the
criticism directed at Cliff and his work reflected the same passion
that prompted Cliff to write it:  Betrayal of trust and opposition to
injustice and predatory behavior.  The metaphors of betrayal and loss
permeate TCE. Openness, whether in our personal relationships or on
computer systems, require trust. When that trust is violated, we lose.
Cliff's persona seeps continually out of the book. One can picture him
with keyboard in one hand, yoyo in the other, chocolate chip cookie
crumbs scattered about, and sneakers steaming in the microwave,
sharing each chapter with the woman he loves with joy and
anticipation.  The intellectual and other rewards he reaped from his
labor also carried a burden.  The nearly three years' experience and
corresponding time to reflect on events since then cannot but make a
re-reading of The Cuckoo's Egg a somewhat sad experience.  Cliff has
written elsewhere of his personal losses: Some friends abandoned him,
he was unfairly criticized, his relationship dissolved, and he found
himself at the center of controversy not of his own making.

What was the cause of all this? By now, most know that TCE was about
tracking an intruder into UC/Berkeley's computer system who was
noticed as the result of a miniscule accounting error.  Cliff
discovered that his system was being used by the hacker to access
other systems, and, like a cyber-bloodhound, followed the intruder
into other systems and then retraced the steps and ultimately located
him on a system in Germany.  The narrative made a fascinating
detective story, and when read from the protagonist's perspective, one
couldn't help root for the detective. Methodologically, patiently,
painstakingly, the narrator pursued his quarry. Guided by the same
passion for solving a puzzle that motivates hackers (and researchers)
and by the feeling that if things are not quite right they should be
fixed, Cliff combined curiosity and technology in a way that one
might argue celebrates the original hacker ethos while adamantly
opposing its excesses.

When I first read the Cuckoo's Egg in early 1990, the Legion of Doom,
Phrack, and Len Rose were facing legal problems. Sun Devil was still a
few months away.  Prosecutors, the media, and others alluded to the
work to demonstrate the "hacker menace," to raise the spectre of
threats to national security through espionage or disrupting the
social fabric, and to generally justify the need to bring the full
weight of law enforcement down upon teenage joyriders.  Although Cliff
has taken a strong and unequivocal stand on civil liberties and has
publicly denounced excesses that violate Constitutional rights, he had
no power of the use of the images that some took from the book. This
led some at that time, myself included, to associate him with the
excesses.  Ironically he was in a sense victimized by the same law
enforcement excesses as others in early 1990. By attempting to alert
us to a problem, he was unwittingly caught up in it, and the messenger
was mistaken for the message. As a series of posts on
comp.org.eff.talk indicated this past summer, the mistake lingers.

And what *IS* Cliff's message? In TCE and elsewhere, he has made it
quite clear: Cyberspace must be based on trust.  The sixties' idealism
of a better world through cooperation and respect for others' rights
is not simply a "PC" perspective, but an ethos that is essential if
computer technology and its benefits are to be widely shared.  Those
who intrude on others subvert this trust, and virus-planters are akin
to putting razor blades in the sand at the beach.  The attitude of
some that it's a right to try to hack into systems with impunity
subverts the freedom of others, and when trust dissolves, so does
freedom.

In some ways, Cliff Stoll *is* The Cuckoo's Egg.  His persona has been
planted in our psyche, his images have become part of our lore, and
his non-compromising insistance on establishing a culture of trust and
mutual respect provide a model for teaching young computer users that
responsibility comes with knowledge. Gordon Meyer provides the best
summary for the legacy of The Cuckoo's Egg: It has hatched and his
given us Cliff Stoll and an image of curiosity, decency, and class
that can help civilize the cyber-frontier.  And there aren't many
books or authors about which that can be said.

------------------------------

Date: Thu, 17 Sep 92 23:23:46 EDT
From: Mike Godwin <mnemonic@EFF.ORG>
Subject: File 5--The Cuckoo's Egg and I

THE CUCKOO'S EGG and I
By Mike Godwin

Copyright (c) 1992, Mike Godwin

I won't say that THE CUCKOO'S EGG is *the* book that changed my life,
but it's certainly *one* of those books. Here's how it happened:

In the middle of my last year of law school (1989-90), I was getting
bored with the local BBS scene in Austin, Texas. So, I decided it was
finally time to do what I'd been planning for a few years--getting an
account on a University of Texas system and participating in the huge,
distributed, free-floating conference system called Usenet.

By sheer chance, this decision came at a time when the Net was
particularly hungry for information about hackers and the law. Usenet
was still abuzz with discussion about the Internet Worm case, and
there was also a lot of talk about the so-called "Legion of Doom"
searches and seizures, which focused on three alleged hackers in
Atlanta. (As a third-year law student preparing to become a Texas
prosecutor, I had plenty of answers to the legal questions that
flooded Usenet newsgroups like misc.legal and comp.dcom.telecom.)

And, of course, there were lots of references to a book by some guy
named Stoll, who apparently had caught some hacker spies. A fellow
Austin BBSer named Al Evans told me he'd been enthralled by the book,
and when I saw it listed in the new acquisitions at my law school's
library, I decided to check it out.

The book was a revelation, and it kept me up half the night--I ended
up reading it in one sitting. The mystery of the Hannover Hacker was
only part of what fascinated me--the book, almost incidentally,
included the first *interesting* discussion I'd come across of the
structure and dynamics of the Internet. The image I formed of the
Hacker's leaping from network to network helped me begin to appreciate
the vast, complicated, deeply connected computer and telephone
networks that crossed the oceans and pierced national borders without
a pause.

I found Cliff's story also to fit well with what I knew, from my own
associations with researchers, what life can be like for working
scientists. There is a point in the book where Cliff's curiosity and
desire to find "the answer" kicks into overdrive--it's then that you
see why he became an astronomer. For me, one of the most inspiring
passages in the book is Cliff's account of his discussing the Hacker
with Nobel Prize-winner Luis Alvarez:

   "Permission, bah. Funding, forget it. Nobody will pay for
    research; they're only interested in results," Luie said.
    "Sure, you could write a detailed proposal to chase this
    hacker. In fifty pages, you'll describe what you knew, what
    you expected, how much money it would take. Include the names
    of three qualified referees, cost benefit ratios, and what
    papers you've written before. Oh, and don't forget the
    theoretical justification.

   "Or you could just chase the bastard. Run faster than him.
    Faster than the lab's management. Don't wait for someone
    else, do it yourself.  Keep your boss happy, but don't let
    him tie you down. Don't give them a standing target."

    That's why Luie won the Nobel Prize....

And yet, the same singleminded approach that Cliff (and I) found so
inspiring in Alvarez also inspired a lot of the criticism that Cliff
has faced from some quarters since the book was published. (More about
this later.)

At the time I read the book, it had not yet come out in paperback.
When I finished CUCKOO'S EGG, I looked again at the forward and
discovered that the author had left an e-mail address. Although not
always swift on the uptake, I managed to deduce from this that Cliff
wanted feedback from his readers, so, after some hesitation, I sent
him a letter in e-mail, giving him my reactions, and making a joke
about a humorous grammar error in Chapter 45 (for the curious, it's in
the top two lines on page 255 in the Pocket Books paperback).

To my surprise, I had mail back from Cliff the next day! He was
interested to hear my reactions, and was surprised to discover that I
was a law student--his wife, Martha, had been a Berkeley law student
during the events chronicled in the book, and was now a clerk for
Supreme Court Justice Harry Blackmun! We discussed the need for more
people on the Net with genuine knowledge of the law--few people had
had more experience than Cliff in running up against the "two
cultures" division between those representing the legal system (not
just lawyers, but also the FBI and the Secret Service) on the one
side, and the programmers, scientists, and students who populated the
Net on the other.

And as our correspondence progressed, we found ourselves talking from
time to time about the "hacker cases" that were being reported on
Usenet and in the news media. Cliff had seen what happened when
well-meaning and informed law-enforcement agents, like Mike Gibbons of
the FBI, took on a case in which a computer intruder clearly sought to
steal military secrets and sell them to Eastern Bloc spies. What we
both were seeing now were cases in which law-enforcement agents and
prosecutors were making obvious mistakes and damaging people's rights
in the process. The "Legion of Doom" hackers, for example, were
accused of stealing the source code for the Emergency 911 System from
a BellSouth computer--yet to anyone with even basic knowledge of what
a computer program looks like, the E911 "source code" was nothing more
than a bureaucratic memorandum of some sort, with a few definitions
and acronyms thrown in.

(The myth that the Legion of Doom defendants had access to the E911
source code persists to this very day: columnist "Robert Cringely" of
INFOWORLD once reported the "fact" that the AT&T crash of 1990 was due
to Legion of Doom sabotage, and that same "fact" appears, along with
numerous other egregious errors, in the diskette-based press kit for
the new movie "Sneakers.")

My growing interest in these hacker prosecutions, my discussions with
Cliff and others, and my reflections on THE CUCKOO'S EGG started
changing my postings on Usenet. Whereas before, I'd limited myself to
fairly dry and academic dispositions in answer to abstract legal
questions, I found myself getting emotional about some of these cases.
The more I learned about how the seizures and prosecutions were
hurting individuals and chilling free discussion on the Net (I even
lost an account myself as one sysadmin ended public access to his
system in order to minimize risk of having his system seized), the
more I found myself arguing with those whose justified anger at
computer intruders led them to justify, uncritically, any and all
overreaching by law enforcement.

And then this War On Hackers struck closer to home. On March 1, 1990,
an Austin BBS, run by the nationally famous role-playing-game
publisher Steve Jackson Games was seized by the United States Secret
Service. Although neither Jackson nor his company turned out to be the
targets of the Secret Service's criminal investigation, Jackson was
told that the manual for a role-playing game they were about to
publish (called GURPS Cyberpunk and stored on the hard disk of the
company's BBS computer) was a "handbook for computer crime."

The seizure, which shocked Austin's BBS community, had the potential
to put Jackson, an innocent third party, out of business. The sheer
magnitude of the effect on Jackson and his business outraged the
members of an Austin BBS called "Flight," which numbered both me and
Jackson among its users. Even more outrageous was the failure of the
media to pick up on the injustice that had occurred--one Flight user
pontificated that this was because the mainstream press had no
interest in BBSs, which publishers saw as nothing more than potential
competition.

I thought this theory was crazy. I had worked as a newspaper
journalist before I went to law school, and I'd even taken time off
from law school to edit my university's newspaper. I started arguing
on Flight that the media hadn't covered the story because they didn't
know about it. Or, at least, they didn't understand the issues.

Then it hit me. Why was I sitting at my terminal *talking* about
reaching the media, when what I should be doing is making sure that
the story gets publicized? With something of the same singlemindedness
I think Alvarez was talking about, I set out to see that the story of
the Steve Jackson Games raid, and of the other cases, got reported in
the mainstream press. I gathered together several postings from local
BBSs and from Usenet, and I drove down to the Austin
American-Statesman office to talk to a reporter I'd been referred to
by a friend of mine who worked on the newspaper's copy desk. I took
with me photocopies of the statutes that give the Secret Service
jurisdiction over computer crime and lots of phone numbers of
potential sources. At the same time, I called and modemed materials to
John Schwartz, a friend and former colleague who was now an editor at
Newsweek.

The story made the front page of the American-Statesman the following
weekend.  And John Schwartz's story, which covered the Steve Jackson
Games incident as well as the Secret Service's involvement in a
nationwide computer-crime "dragnet," appeared in Newsweek's April 30
issue. When the latter story appeared, I realized that (in a much
smaller way, of course) I'd managed to do to the media what Markus
Hess had done to Lawrence Berkeley Labs, and what Cliff Stoll had done
to the puzzle created by Markus Hess:  I'd hacked it!

And yet, really, I can't take full credit for getting the story of the
SJG raid out; if I hadn't read THE CUCKOO'S EGG, I'd never have
started a dialog with Cliff, and I'd never have begun to piece
together the significance of the wrongheaded hacker prosecutions that
we heard so much about it 1989 and 1990.

That's why it always strikes me as odd, and even offensive, when some
net.yahoo decides that Cliff's book is responsible for all the
offenses committed by law-enforcement agents in their efforts to fight
computer crime. As Cliff himself has remarked,

    I've found [the book] used to justify increased security,
    raids on bulletin boards, and monitoring of network traffic.
    It's also used to refine legislation, to expand the Internet,
    to better define what constitutes asocial behavior on the
    networks.

It started out as a good story, but Cliff has seen it become the
justification for all sorts of actions, both positive and negative.
And yet Cliff, because he actually took the leap and tried to explain
to law enforcement what was going on, often gets much of the blame for
the negative results, and little of the credit for the positive ones.

This shortsighted, "kill the messenger" mentality may explain why a
few readers have gone so far as to vilify Cliff and his book, saying
things like "Cliff Stoll is just as much amoral a hacker as Markus
Hess." Even when those readers are making the criticism in good faith
(and I think many of them are simply motivated by the common American
vice of Let's Criticize the Famous), I think they're victims of a
basic confusion. True, Cliff was as *singleminded* as Markus Hess was.
(It takes a singular obsession to start wearing a beeper designed to
go off whenever a certain user logs in.) But the moral and
philosophical dimension of his actions was far different from those of
Hess, Pengo, and their associates. Although a few of them justified
their actions in political terms, for the most part the East German
hackers cracked systems in order to get money or drugs; in the book
Cliff tracks the hackers partly in order to solve what had become to
him a "scientific" problem, but also--as he begins to realize himself
in the book--in order to restore a community order that has been
violated and disrupted.

It is this same sense of a need to protect this vast, virtual
community that has led Cliff to change the way he talks about the
Cuckoo's Egg case over the last few years. I've had the privilege
several times of seeing Cliff entertain an auditorium full of rapt
listeners with the story of that tiny accounting error on the LBL
computer. Nowadays, he ends his presentation on an
uncharacteristically sober note: he reminds his audience that the need
to keep computers secure and to instill shared values in our online
communities *never* justifies the government's violation of the civil
liberties of individuals.

To me, all this casts Cliff and his book in a different light. Even
now, I can't say I necessarily approve of all the actions Cliff took
in trying to catch the East German hackers. (It is a measure of how
much the world has changed since CUCKOO'S EGG that it seems odd to
write the words "East German.") But when I reflect for a moment and
try to imagine what kind of people I'd want to share this networked
community with, it's hard to think of a person better than Cliff
Stoll--ferociously smart, passionately curious, self-doubting,
idealistic, and (to his own surprise, perhaps) deeply moral.

------------------------------

Date: 29 Jun 92 06:11:10 GMT
From: stoll@ocf.berkeley.edu (Cliff Stoll)
Subject: File 6--Hatching the Cuckoo's Egg

HATCHING THE CUCKOO'S EGG

   Copyright (c) 1992 by Cliff Stoll
   This version is posted to Usenet; ask me before you repost or
   reprint it.  Resend it across networks or archive it on
   servers, but don't include in any digests, publications, or
   on-line forums.  Ask me first, and I'll probably say OK.

Yes, I'm active on the Usenet, often reading, seldom posting.  I
keep a low profile partly because I'm busy (writing a book about
astronomy) and because I worry that my opinions are given too
much attention due to my notoriety.

You'll find my e-mail address in the front page of every copy of
Cuckoo's Egg.  I read and reply to all my mail.  However, because of
the huge number (about 18,000 in 3 years), I seldom write more than a
short answer.  Often I get 3 weeks behind in replying to my mail.

Letters astonish me with their diversity:  some say I'm a villain,
others a hero. I see myself as neither, but as an astronomer who got
mixed up in a bizarre computer mystery.

I'm now back in Berkeley/Oakland/San Francisco.  I've cut down on
public speaking, mainly because it's exhausting.  I'm a member of the
EFF, ACM, CSPR, BMUG, AAS, ARRL, NSS, pay all my shareware fees, and
floss nightly.


# Point of the book:

I started out by writing a technical summary in the Communications of
the ACM, 5/88.  This article, "Stalking the Wily Hacker" was for
computer techies ... I wrote it in an academic style, and with more
technical detail than Cuckoo.

***     Before asking for more information     ***
***       about Cuckoo's Egg, please read      ***
***           Stalking the Wily Hacker         ***

Throughout that article, as well as the book, I emphasized the many
mistakes I made, the difficult choices I worried about, and the need
for communities to be built upon trust.

I began writing a book about the fundamentals of computer security in
a networked environment.  This was the logical expansion of my CACM
article.  My friend, Guy Consolmagno, read the first 5 chapters and
said, "Nobody will read this book --it's just about computers and
bytes.  Don't write about things.  Write about people."

I'd never given it much thought, so I tried writing in first person.
You know, using "I" and "me".  Weird ... kinda like walking around
nude.  It's a lot safer hiding behind the third person passive voice.
Since I'd never written anything before, I just followed instinct.

I began weaving in different threads:  a textbook, a mystery, a bit of
romance, and with my sister's suggestion, a coming of age story.
Kinda fun to jump from one subject to another.

Although I strongly object to anyone breaking into another's system, I
didn't wish to write a treatise against hackers, crackers, or phone
phreaks.  Rather, I wanted to tell what happened to me and how my
opinions developed.

I wrote the book for fun, not money or fame.  These have no value to
me.

# What's happened since then:

A year after Cuckoo's Egg was published, operation Sun Devil was
carried out, Steve Jackson Games was busted by the Secret Service, and
Craig Neidorff arrested.  I knew nothing about these events, and was
astounded to hear of them.

The Cuckoo's Egg has been misused to justify busts of innocuous
bulletin boards, restrictive new laws, investigations into networked
activity, and who knows what kind of monitoring by big brother.  It's
also been misused as a cookbook and justification by bd guys to break
into computers.  I disagree with all of these.  Strongly disagree.

I've repeatedly testified before congress and state legislatures:  I
don't want to lose the friendly sandbox that our usenet has become.
Our civil rights -- including free speech and privacy -- must be
preserved on the electronic frontier.

At the same time, we must respect each others rights to privacy and
free speech.  This means not writing viruses, breaking into another's
computer, or posting messages certain to cause flame wars.  Just as
important, it means treating each other with civility, respect, and
tolerance.

# On being notorious:

This incident has been good to me in a few ways:
   1) My folks are proud of me.  Nothing makes me feel better.
   2) I've made many friends, over networks, at meetings,
      and by mail.
   3) Several old friends have looked me up.

And there's a downside:
   1) Alas, but the most important person in my life has left.
      Deep sadness and hurt.
   2) I've become a target of phone phreaks and crackers.
   3) No privacy.
   4) I'm stereotyped and pigeonholed.
   5) Some people become jealous.
   6) Several old friends have hit me up for money.

# Answers to specific questions:

1) Did Cliff violate Mitre's computers?  As written in Cuckoo's Egg,
chapter 25, I logged into Mitre Washington Computer Centre and
demonstrated the insecurity of their system.  Immediately afterwards,
I called Mitre and described the problem to them.  Up to that point,
they (and I) didn't know where the problem was coming from.  For a
week prior to touching their system, I was in contact with several
Mitre officers; we had a working arrangement to try to solve our
mutual problem.  Moreover, I contacted the CEO of Mitre (James
Schlessinger) who questioned me at length and thanked me.

2) Did Cliff run off on his own?  At the very start, I contacted three
attorneys:   our general counsel, my local district attorney, and a
friend at the ACLU.  Additionally, I asked several professors of law
at Boalt Hall and a number of law students.  My boss, my lab director,
and my colleagues knew what was happening.  I contacted systems
managers at Stanford, UC/Berkeley, and military sites.  I did my best
to keep these people in the loop.

3) Was Cliff some kind of sheriff of the west, trampling over rights?
Uh, I never thought of myself that way.  Indeed, much of the time, I
felt this was a chance to do science -- apply simple physics to a
curious phenomenon and learn about the environment around me.  As much
as possible, I wished to remain invisible to the person breaking into
my computer, while prodding others to take action.  As a system
manager, I did my best to monitor only the intruder, to keep him from
hurting others, and to find out why he was in our system.

4) Did Cliff track these people to support a political position?  No.

5) Am I happy at the sentences meted out to the German defendants?
They received 1-2 years of probation and stiff fines.  I don't take
joy in wrecking another's life -- rather, I'm sad that this entire
incident happened.  I am glad that they did not end up in prison, glad
that at least one of them has said that he will never again break into
computers.


-Cliff Stoll  29 June 1992

------------------------------

End of Computer Underground Digest #4.44
************************************