- Tracking a Spy Through the Maze of Computer Espionage
- Cliff Stoll
- Geek Thriller
In the genre of ‘geek thriller’ this book is on a shelf of it’s own.
Of course I heard about Cliff Stoll from his ‘infamous’ TED talk, during which he did mention this book and the events that he described.
Cliff was an astronomer/systems manager at Lawrence Berkeley Lab when he was alerted to a 75-cent discrepancy in the system accounts. This was back in the day when computers were huge and filled rooms, storage devices looked like top loading washing machines from the same era and all the screens were monochrome, black and white, green or amber. When printers were deafening and took huge boxes of green striped paper. The days of acoustic couplers, teletypes and daisy wheels. Computing time was charged to the account of each user in each department. Actually that isn’t so far removed from what Amazon are doing with EC2 today.
What he found out was that someone was accessing the computer, using a GNU Emacs hack to gain system privileges, then copying the password file. This was all done using an account that had lain dormant for some time. The hacker would then seek out other computers to log into using the LBL as a gateway.
For someone like me, the book was fascinating, surely this hacker, once he had the password file, would have been one of the first people to try a brute force dictionary hack to try and ‘guess’ passwords. The password encryption was only one way, the encrypted password could never be decrypted back into plain text. I don’t know if that is still true of Unix systems today. Digital VAX VMS was mentioned as one of the operating systems, a name I haven’t heard of for many years.
It’s a real cat and mouse tale with the mouse almost getting away.
One chapter at the end describes a Unix virus. It was described as a virus but it acted more as a worm, trying to connect to other insecure systems. Cliff tried to unscramble the code to see what it’s purpose was. Phoning other systems managers warning them of the dangers, what to look for and suggesting possible ways to stop it spreading. Over the phone. Nowadays that would be done using email, forums and bulletin boards on the internet. The web being a source of viruses and other nasties as well as a way of high-lighting possible security holes. This was something that simply didn’t exist when this all happened. Of course the beginnings of the web existed but there was no one, not even the software vendors, showing systems managers where their computers could be attacked.
I’m sure this type of book would sell loads of copies today, either as a factual account or one of complete fiction. With The Pragmatic Bookshelf now containing fiction as part of it’s Pragmatic Life series it can only be a matter of time.
Geek Thriller: you heard it here first.