I’m catching up on reading. Next on my reading list is The Cuckoo’s Egg, (Amazon link), Clifford Stoll’s memoir of chasing down a computer hacker in the late 1980s. In it, he describes a very different world, ruled by mainframes and minicomputers, where Unix was something special, IBM still made PCs, but desktop PCs and Macintoshes only received occasional mention, and academia and the military owned the Internet, almost literally. And, oh, by the way, the Cold War was still raging.
The remarkable thing about this book is that it’s an approachable spy thriller, written in 1989, that explains computer security to an audience that had never seen or heard of the Internet. You don’t have to be a security professional to appreciate it, though it’s a classic in the computer security world–many people read it in the late 1980s and early 1990s and decided to get into the field.
Much of the methodology holds up today, and the technology in the book hasn’t really gone away, it’s just more hidden now.
The irony that I read the book on a Nook Simple Touch, which is a small Linux computer with a stack of specialized software on it, isn’t lost on me. It’s easily 120 times more powerful than the most powerful computer mentioned in the book, but today it’s only good enough for reading e-books. I literally carry a Unix computer in my pocket in the form of my Android phone. A great deal has changed in 25 years, but it’s amazing how much–like the fight over the meaning of the word “hacker”–really hasn’t.
The book is a good history lesson, but also a cause for hope. The Unix systems Stoll describes in the book worked reasonably well, but were riddled with security holes. The situation is much better today. People my age think of Unix as reasonably secure and make fun of Windows. People a few years younger than me think of Windows as reasonably secure, which makes sense given that Microsoft has taken security seriously for right about a decade now. And the biggest problem that he lamented about–what to do when you find a security vulnerability–is solved. These days, more and more vendors have taken to paying people who find and responsibly disclose security vulnerabilities to them, which discourages them from selling them to spies.
The book has a few good quotes in it.
“I’d heard (and didn’t believe) rumors that [the NSA] record every overseas phone call and telegram.” (page 97) He probably believes now.
“Three seconds for a round trip? If the signals traveled at the speed of light (not a bad assumption), this meant the hacker was 279,000 miles away. With appropriate pomp, I announced to Lloyd, ‘From basic physics, I conclude that the hacker lives on the moon.'” (page 111)
“The student parking lot included Mercedes, BMWs, and an occasional Volvo. Jeannie’s pride and joy, a beat-up ’81 Chevy Citation, shrank to the remote outskirts of the lot in self-conscious mortification.” (page 145)
“All day long, secret agencies were asking details from me, but nobody ever told me anything.” (page 197) Some things never change. Like that.
“You know the answer. No and no. [The NSA] are trying to secure computers, not catch hackers.” (page 241) Gentlemen, you can’t fight in here! This is the war room! That attitude is different today.
“Those things [IBM mainframes] are dinosaurs.” (page 308) He said it 10 years before I did, but what am I doing in 2013? Trying to figure out the best way to collect logs from mainframes and audit them for security.
It’s an entertaining read, on top of being enlightening. It’s a classic for good reason, so if you haven’t read it before, I wholeheartedly recommend it.