Book Review-

Stoll, Cliff. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage.

New York: Doubleday, 1989.

Review

The Cuckoo's Egg is broadly written story meant to entertain readers while showing them the potential dangers and securities flaws lying in our networks. The premise of the title refers to the nesting habits of the cuckoo bird. This analogy helped to showcase one of the more clever hacking tricks employed by the hacker in the story. Just like how the cuckoo lays its eggs to be hatched in another bird's nest, the hacker snuck an alternate program into the systems area of a UNIX so that when it ran, the system would grant him Systems Administrator privileges. This was one of most and few nasty tricks the hacker had in his arsenal

The true shock value of the book came from the most mundane parts. Between rare spurts of computing ingenuity came long sessions where the hacker ran from system to system merely guessing passwords. The point repeatedly raised by this was that hackers succeeded not through brilliance and genius, but through persistence and the carelessness of others. Most of the time, the hacker was able to exploit default user settings and enter systems as guests or visitors. From there, he could lay his cuckoo egg and work his way up to a super user. The recurring theme reinforced by Stoll here was that our own lack of caution and basic knowledge of the system invited hackers to waltz right into our systems. According to him, it was akin to not knowing how to lock your door right, or not even knowing you had a door somewhere.

All of these hacking sessions were woven into a narrative interspersed with tidbits of the author's personal life and his contacts with government agencies. The personal parts varied between unnecessary and refreshing. At times, they added some humor and humanity to a story that otherwise might seem too dry and obsessively focused. The author's account of his attempts to gain the cooperation of outside entities was almost as alarming as the ease with which the hacker moved from system to system. For the vast majority of the book, most of the more prominent government agencies seemed apathetic to his cause. If not that, then they were kept from helping by reasons of bureaucracy, ignorance, and jurisdiction. The maddeningly slow pace with which the government responded to repeated attacks on its computer were discouraging at the very least. In the present day though, with the increased prominence of computers and a more paranoid government, this apathy hopefully is not much of an issue anymore. It might even be at the other extreme.

In his dealings with the government, Stoll slightly overplays his tongue-in-cheek humor about being a long-haired counterculture hippie working with the suit and trench coat government spies he was supposed to hate. Though some of this humor was funny throughout, the constant comparisons between his background and theirs got somewhat repetitive. In telling the story, there was an attempt to show Stoll's character development from typecasting longhair to responsible citizen. Along these lines, Stoll goes into great detail to develop his justification for doing what other hippies would exile him for: helping the gunrunners catch a mischievous child or possibly a fellow left-winger. For much of the book, the author seemed almost more bent on convincing and justifying himself than on appealing to the reader. Again, he shows a development throughout the book, and recounts various clashes with colleagues and driends over the hacker hunt.

By the end of the book, he is strong in his drive to bring the hacker to justice. At that point, he makes a clear case to the reader that hackers aren't just curious kids, freedom fighters, or pranksters. Nor are they tireless programmers who should be thanked for showing us the holes in our system. According to Stoll, they are criminals who not only invade and destroy systems and steal information, they undermine the basic trust needed for us to use these systems effectively. Not only that, but they require us to encumber our systems with heavy security measures that make systems less user friendly and efficient. The points made here are still very pertinent today.

All of this posturing seems backed up in the events of the story. As the author continues to track the persistent spy over the course of the year, he watches his hidden adversary rifle through dozens of military systems and steal countless files. After a year's worth of tracing various breakthroughs and a few dead ends the hacker is finally tracked way back to Germany and then back to the KGB. This final connection paints the hacker and hacking in general in a much more sinister light. It sends a sobering message to those who would argue against the reasoning for his dogged pursuit.

Critique

What some would argue to be the strength of the book, others would point out as the most glaring weakness. This would be the general lack of technical information given in the book. While the author spends some time getting into some of the hacker's tricks ( like the GNU_EMAC mail forwarding bug or the password snatching and cracking programs), he sticks mostly to describing the administrative aspects of catching the hacker. For the vast majority of the book, it's him catching the hacker online and getting other people to trace him. Those looking for a gritty technical log of exactly how the hacking and tracking was done are sure to be disappointed.

However, it could be argued that the lack of technical depth did more than just make the book accessible to more people. Given that the story took place over ten years ago, many of the tricks and technologies would be obsolete by now. What is still important it the basic idea of hacking and security. The emphasis probably wasn't meant to be exactly on how the hacker did it; it was more that he was able to. That issue is what should be taken from the book. It should encourage readers to take a stronger stance against hacking and be more careful about protecting their own systems.

The other possible reason for the general simplicity of the book was to make let the ease with which the hacker worked have a greater impact on the reader. As he stated many times in the book, the hacker wasn't any smarter or more creative than the next guy. He was just persistent and patient. The lack of technical detail came because most of what the hacker did was just to connect to systems and guess default passwords. That, and the few tricks he had were repeated ad nauseum. This was meant to show how systems were so weak, anyone with a little knowledge and a lack of ethics could hack into computers. It also stripped away some of the mystique surrounding hackers, making them seem less brilliant and more insidiously methodical.

Perhaps the one other critique would be the repetitive nature of the author's accounts of his personal life and thoughts. In the beginning of the book, it seemed to break up some of the flow and take the reader away from the point of the story. It seemed as if his side stories of his home life were somewhat contrived and added in as filler space. As the book got on, though, sometimes these came to be welcome diversions from the grind of the slow-motion chase. That being said, some of Stoll's moral justifications and reactions to working with the CIA did get pretty old. This is forgivable, though, considering the book would probably get to be a good deal more tedious without a dose of humanity injected into it. In the end, this book was a good read and a good peak into the basic ideas of how hackers work. They don't do the impossible; we just make it easy for them.