EditWYSIWYGAttach PDF Raw View►More Actions▼More Actions


Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
907 Apr 2015 - 13:26ThomasMisa 
822 Jul 2014 - 18:06ThomasMisa 
722 Jul 2014 - 17:35ThomasMisa 
603 Mar 2014 - 11:50norqu036? 
501 Mar 2014 - 11:14norqu036? 
425 Feb 2014 - 10:07norqu036? 
313 Feb 2014 - 13:57norqu036? 
205 Feb 2014 - 12:16norqu036? 
103 Feb 2014 - 09:45norqu036? 

Render style:     Context:


 History: r9 | r7 < r6 < r5 < r4
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Events>EventsCuckoosEgg (revision 5)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

The Cuckoo's Egg

The Cuckoo's Egg, by computer scientist Clifford Stoll, details his investigation of a computer hacker who had gained unauthorized access to a computer at the Lawrence Berkeley National Laboratory (LBL) in 1986. Stoll's ten-month-long hunt in coordination with various law enforcement agencies led to the capture of German hacker Markus Hess.(1)

In August 1986, Stoll's LBL supervisor asked him to resolve an account disparity of seventy-five cents in the laboratory's computer usage bill. Despite its seeming intractability, Stoll was able to establish that a hacker had not only used nine seconds of unpaid-for computer time, but had gained root access to the system by exploiting a vulnerability in the move-mail function in the Emacs text editor, developed by the GNU Project. Stoll determined, with the help of colleagues, on the hacker's next modem-based attack was able to trace the call back to a call center at MITRE, a defense contractor in Virginia, one of the places that the hacker had gained access to in the United States. Stoll then monitored the hacker as he attempted to gain access to computers at various military bases, searching for information on nuclear weapons and on the Strategic Defense Initiative (the "Star Wars" anti-ballistic missile system). Stoll contacted the FBI, CIA, and NSA, but there was some confusion about whose jurisdiction computer hacking fell under.(2)

Finally, Stoll made an educated guess that the hacker lived in a European time zone based on the timing of his attacks. With the help of several employees at Tymnet, the international communications company, Stoll traced the Hacker to West Germany and got in contact with the West German Deutsche Bundespost (the West German Post Office), who had jurisdiction over the country's communications networks. Stoll and the Bundespost then traced the hacker to a university in Bremen. Stoll then set a trap, placing large files with names that the hacker would find attractive on the LBL computer. When the hacker accessed these files, the Deutsche Bundespost was able to trace him to his home in Hanover, and identify him as Markus Hess. Hess was arrested, and it was revealed that he had been selling things he learned to the Soviet Union. Stoll later flew to West Germany to testify at Hess' trial.(3)

Together with other high profile events such as the Robert Morris Worm?, the Cuckoo's Egg incident led the computing community to the conclusion that better organization was needed for dealing with malicious and non-malicious code flaws. One of the results was the formation of the Computer Emergency Response Team (CERT) at Carnegie Mellon University and other such centers that allowed system administrators to exchange information on problems and solutions. The incident also shed light on major jurisdictional issues, particularly when it comes to international cooperation. As hacking methods grow more sophisticated, these problems have remained largely unresolved. (4)

Notes

1 , 2 , 3 : Clifford Stoll, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday, 1989.

4 : Simson L. Garfinkel, "Digital Forensics Research: The Next 10 Years"


Edit | WYSIWYG | Attach |  PDF |  History: r9 | r7 < r6 < r5 < r4 |  Backlinks |  Raw View | More topic actions...
Topic revision: r5 - 01 Mar 2014 - 11:14:57 - norqu036
 
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback