book-reviews


The Cuckoo's Egg

by Cliff Stoll

Rating: ★★★★

A shockingly comprehensive book. Stoll describes the long and painful process of tracking down a hacker breaking into his system back in the late 1980s. The story has many too-beautiful elements, beginning with its almost trivial start, hunting for the source of a 75-cent discrepancy between two different user time accounting programs. The case slowly ramps up, with Stoll pursuing leads throughout national and international networks, and ends up involving the FBI, NSA, CIA and KGB.

Stoll leads the reader through it all with a relaxed and relatable style, using (usually startlingly good) analogies to explain the intuition behind the technical details of the systems or exploits he encounters during his investigation, and inserting context about how the investigation intertwined with his life and his personal and professional relationships. Computer scientists often commit the sin of dazzling their reader with the complexity of what they're working with -- Stoll does the opposite, he untangles the babble and makes it easy to follow.

I was most struck by how much of computer security is covered in the book. This was one incident, all taking place before I was born, but in his investigation Stoll covers incredible amounts of the field. Many of the methods he attempted -- something knocked together over a week or so -- can now be seen as heralds for whole areas of cyber security research. The issues he highlights -- from information-sharing to the tensions between hacker ethics and security agency bureaucracy -- are all still highly topical. The book seems like the whole field in a microcosm -- one man's battle against an intrusion somehow outlining the next 30 years of this fight.