THE CUCKOO'S EGG by Clifford Stoll, New York: Doubleday, 326 pp., $19.95
IT all began in August 1986, when Clifford Stoll, a newly-hired astronomer and computer jockey at the Lawrence Berkeley Laboratory, discovered a mysterious account on his computer system. It was built by an intruder who had tapped into LBL's computer via an international computer network.
Who was the intruder?
So opens ``The Cuckoo's Egg,'' Dr. Stoll's first-person account of his 10-month quest to learn the identity and the motivation of his elusive electronic visitor. In the process, Stoll opens the reader's eyes to the world of computer networks, transcontinental satellite links, and computer espionage.
Although Stoll could simply have deleted the hacker's account and continued his astronomical work as if the problem were solved, he decides to build a monitoring station and watch the hacker's moves. Soon Stoll's suspicions are confirmed: The hacker knows a myriad of ways to break into LBL's computer system. Closing one door would have just pushed the hacker to another, or he might have bypassed LBL entirely, marauding around the rest of the computer network unobserved. No, Stoll realizes, the only way to stop this hacker will be to catch him.
In days that follow, Stoll learns that the hacker has done far more than spend 75-cents of computer time: With the help of computer networks that crisscross the world, the hacker has used the LBL's system as an electronic base for breaking into military and defense contractor computers all over the country.
It doesn't take genius or cunning to break into most computer systems, Stoll learns, just patience and persistence. Perhaps one in 50 computers that the hacker discovers have an account named FIELD with the password SERVICE. The hacker's plan of attack resembles a thief who walks down a row of houses, Stoll writes, methodically twisting the doorknob of each: Sooner or later, somebody is bound to have left his or her house open.
Once inside, the hacker scours the system for names and passwords of other computers. It isn't long before the hacker has built up a repertoire of systems that he can invade at a moment's notice. On many of these systems, the hacker has attained ``system privleges,'' or the ability to change or delete any file that he chooses. For the moment, though, the intruder is content to merely read and wait.
Fortunately, Stoll isn't.
In addition to following the pursuit of the wily hacker, ``The Cuckoo's Egg,'' chronicles Stoll's inability to interest the United States security agencies in his case. Agents from the Central Intelligence Agency say all they can do is watch; the Federal Bureau of Investigation refuses to get involved until classified information is stolen or more than a half-million dollars of computer resources are lost. And, to Stoll's amazement, the chief scientist at the National Computer Security Center informs him that the NCSC's bailiwick is to design computers that are theoretically secure, not to come to the assistance of those who are having break-ins.
Stoll's calling is astronomy, not prose, and it shows in a narrative that is often self-conscious and uneven. Fast-paced dialogue and accounts of break-ins stumble into awkward descriptions of computer terminology that is neither understandable nor relevant. Undoubtedly, most readers will gloss over these page-long forays.
Another element that readers will miss is character development. ``The Cuckoo's Egg'' is billed as a coming-of-age-story in which Stoll, a self-described liberal living in the `People's Republic' of Berkeley, Calif., learns the importance of the FBI, CIA and the National Security Administration, even to the point of helping them, much to the chagrin of his Berkeley friends.
The book also follows the developing love story between Stoll and Martha Matthews, a law student at Berkeley and now his wife, who thinks up the ruse that Stoll finally uses to catch the hacker. If Stoll had gone into greater depth describing Martha and his friends, it would have helped the reader to empathize with his predicaments.
As a regular user of the networks mentioned in the book, I wished that Stoll had included more computer printouts in the text of the book. It would have been nice to actually ``see'' the hacker at work, the way Stoll did, and to read some of the sensitive-but-not-classified secrets that the hacker had learned. Since, by Stoll's own account, the information has already been sold to the KGB, there would be little harm in reprinting it.
Many of the computer security holes that Stoll writes about are still present in computers systems around the country. Indeed, Stoll says that he was asked not to put the precise details of how to exploit the holes in his book. But ``the men in black hats'' already know about these holes, Stoll said in a recent interview: It is only the legitimate users of the systems that are being deceived by a veil of secrecy. The title of the book comes from a trick that the hacker commonly used to take over Stoll's computer system.
The fact that everything in the book is true, and that only a handful of names have been changed, only adds to the story's excitement.