Cyber Security Lessons From The Cuckoo's Egg
A book on cyber security from 1986 shouldn’t appeal today, but what visionaries knew about security 30 years ago still holds true today. Here’s why.
In 1986, computing remained on the edge of society. Despite a boom in home computing in the 1980s, technology was surprisingly primitive. Apple Macs came with 4MB of RAM. IBM PCs ran MS-DOS via 5.25-inch floppy discs. Remember that? Tim Berners-Lee was five years away from launching the World Wide Web, and Prestel was hailed as the future of digital communications. This was the beginning of the digital world.
Reading The Cuckoo’s Egg
We know what you are thinking. A book? An actual book? Yes, it might sound outdated. Yet amid the fledgling IT infrastructure of 1986, the principles of modern malware and hacking were already at play. In the University of California’s Lawrence Berkeley laboratory, astronomer Clifford Stoll was tasked with investigating a 75-cent disparity in a mainframe computer’s usage accounts. It transpired that nine seconds of processing time were stolen by a hacker exploiting vulnerabilities in a Unix text editor system.
The cyber-espionage battle that followed was detailed in a 1989 book called The Cuckoo’s Egg. As an autobiographical tale of Stoll’s attempts to trace a hacker across global communication networks, this real-world spy novel provided many people with their first exposure to cyber security. It perfectly blended Cold War hostility, computing mystique and the privacy-versus-security debate.
Modern Day Cyber Security Resemblances
Considering it was written three decades ago, The Cuckoo’s Egg still chimes neatly with modern insecurities – both human and technological. Its fast-paced first-person narrative details how a foreign hacker managed to access supposedly secure military networks by using the default passwords set up when they were installed. Insecurities include guest access permissions handed out to Lawrence Berkeley visitors, insecure networks enabled hackers to install Trojans and technicians failed to patch outmoded software with known vulnerabilities.
This may sound uncomfortably familiar to a modern-day IT manager. The Cuckoo’s Egg proves cyber security hasn’t changed much since the days of Unix and mainframes – even if programming languages and hardware capacity have evolved beyond recognition. Crimes that once involved an insecure Tymnet telephone line is now perpetrated across an equally vulnerable wifi connections. Similarly, the Trojans used to steal Unix passwords and personal data are similar to the ones targeting today’s Android phones and Chrome browsers.
Lessons From The Experts
So what can today’s IT professionals learn from Clifford Stoll’s eight-bit security battles? Firstly, vigilance is still vital. Ignoring those nine seconds of stolen processing time would have allowed the hacker to continue undetected. Instead, Stoll’s investigations led to prosecutions for crimes including espionage. Transparency among security agencies is equally important. This is especially true since the State-sponsored hacking of Lawrence Berkeley was compounded by data silos and the inability of rival Government agencies to work together. And anyone who uses passwords like “password” or “guest” doesn’t deserve to retain their job.
Another lesson to emerge from The Cuckoo’s Egg is the value of non-financial data. The FBI shrugged off Stoll’s warnings because there was no monetary value attached to the information being targeted. Yet as the author points out, “What’s the value of a high-temperature superconductor?” Similarly, the Ashley Madison data theft two years ago had little fiscal impact on its victims, but it did lead to divorce and deaths. Any company harvesting or storing sensitive information has a moral obligation to apply cutting-edge security protocols. These practices deter all but the most skilled or determined criminals.
Above all, The Cuckoo’s Egg demonstrates the more things change, the more they stay the same. This true-life exposé remains a fascinating read for every IT professional. This book is an essential tome for anyone involved with cyber security. To put it simply, read this book. You won’t regret it.