Edit WYSIWYGattachfile Attach PDF Raw View►More Actions▼More Actions

Restore topic to revision: You will be able to review the topic before saving it to a new revision

Copy text and form data to a new topic (no attachments will be copied though).
Name of copy:
You will be able to review the copied topic before saving

Rename/move topic... scans links in all public webs (recommended)
Rename/move topic... scans links in CBI_ComputerSecurity web only
Delete topic... scans links in all public webs (recommended)
Delete topic... scans links in CBI_ComputerSecurity web only

Revision Date Username Comment
907 Apr 2015 - 13:26ThomasMisa 
822 Jul 2014 - 18:06ThomasMisa 
722 Jul 2014 - 17:35ThomasMisa 
603 Mar 2014 - 11:50norqu036? 
501 Mar 2014 - 11:14norqu036? 
425 Feb 2014 - 10:07norqu036? 
313 Feb 2014 - 13:57norqu036? 
205 Feb 2014 - 12:16norqu036? 
103 Feb 2014 - 09:45norqu036? 

Render style:     Context:

 History: r9 < r8 < r7 < r6 < r5
[X] Hide this message.
Notice: On June 30, 2016, UMWiki service will be decommissioned. If you have information in UMWIki that needs to be preserved, you should make plans to move it before that date. Google Sites is anticipated to be the most popular and appropriate alternative for users because it offers a more modern and user-friendly interface and unlimited capacity. To learn more about the features of Google Sites and other alternatives, and to identify which one best fits your needs, see the University’s Website Solution Selection Guide. If you have concerns or would like help regarding this change and your options, please contact Technology Help at help@umn.edu
You are here: UMWiki>CBI_ComputerSecurity Web>Events>EventsCuckoosEgg (07 Apr 2015, ThomasMisa)

Current Activitieslock Who is Who?lock People Programs Publications CSHW_2014 Systems Events Mechanisms

The Cuckoo's Egg

The Cuckoo's Egg, a 1989 book by computer scientist Clifford Stoll, details his investigation of a computer hacker who had gained unauthorized access to a computer at the Lawrence Berkeley National Laboratory (LBL) in 1986. Stoll's ten-month-long hunt in coordination with various law enforcement agencies led to the capture of German hacker Markus Hess.(1)

In August 1986, Stoll's LBL supervisor asked him to resolve an account disparity of seventy-five cents in the laboratory's computer usage bill. Despite its seeming intractability, Stoll was able to establish that a hacker not only had used nine seconds of unpaid-for computer time but also had gained root access to the system by exploiting a vulnerability in the move-mail function in the GNU Emacs text editor, a function that allowed users to transfer ownership of files to one another and therefore had system-manager privileges. Exploiting this vulnerability allowed the hacker to move files containing unauthorized instructions into the systems area of the computer's memory, in much the same way that a well-executed buffer overflow attack can. Stoll determined, with the help of colleagues, on the hacker's next modem-based attack was able to trace the call back to a call center at MITRE, a defense contractor in Virginia, one of the places that the hacker had gained access to in the United States. Stoll then monitored the hacker as he attempted to gain access to computers at various military bases, searching for information on nuclear weapons and on the Strategic Defense Initiative (the "Star Wars" anti-ballistic missile system). Stoll contacted the FBI, CIA, and NSA, but there was some confusion about whose jurisdiction computer hacking fell under.(2)(3)

Finally, Stoll made an educated guess that the hacker lived in a European time zone based on the timing of his attacks. With the help of several employees at Tymnet, the international communications company, Stoll traced the Hacker to West Germany and got in contact with the West German Deutsche Bundespost (the West German Post Office), who had jurisdiction over the country's communications networks. Stoll and the Bundespost then traced the hacker to a university in Bremen. Stoll then set a trap, placing large files with names that the hacker would find attractive on the LBL computer. When the hacker accessed these files, the Deutsche Bundespost was able to trace him to his home in Hanover, and identify him as Markus Hess. Hess was arrested, and it was revealed that he had been selling things he learned to the Soviet Union. Stoll later flew to West Germany to testify at Hess' trial.(4)(5)

Together with other high profile events such as the Morris Worm (1988), the Cuckoo's Egg incident led the computing community to the conclusion that better organization was needed for dealing with malicious and non-malicious code flaws. One of the results was the formation of the Computer Emergency Response Team (CERT) at Carnegie Mellon University and other such centers that allowed system administrators to exchange information on problems and solutions. The incident also shed light on major jurisdictional issues, particularly when it comes to international cooperation. As hacking methods grow more sophisticated, these problems have remained largely unresolved.(6)

The Cuckoo's Egg was well-reviewed in the popular press and in trade publications. One concern, expressed by Jim Gawn in Computers & Society, was that Stoll on occasion acted unethically in his pursuit of Hess, particularly when he lied to telecommunications companies in order to get information.(7)(8)(9)

The book led to moderate fame for Stoll, who fashioned himself into a technology writer and critic. Stoll wrote two other books, Silicon Snake Oil: Second Thoughts on the Information Highway (1996) and High-Tech Heretic: Reflections of a Computer Contrarian (2000). Silicon Snake Oil expressed Stoll's concerns about the Internet's influence on society and the economy, while High-Tech Heretic contains his reservations about the use of computers in the classroom, questioning whether too many resources are used on computer literacy programs.(10)(11)


1 , 2 , 4 : Clifford Stoll, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage. New York: Doubleday, 1989.

3 , 5 : Cifford Stoll, "Stalking the Wily Hacker," Communications of the ACM Volume 31 Issue 5 (May 1988), 484-497.

6 : Simson L. Garfinkel, "Digital Forensics Research: The Next 10 Years"

7 : Jim Gawn, "Book Review: The Cuckoo's Egg" Computers & Society Volume 20 Issue 1 (March 1990), 31-33.

8 : Jon Postel "Book Review: The Cuckoo's Egg" ACM SIGCOMM Computer Communication Review Volume 20 Issue 1 (Jan. 1990), 5.

9 : Jed Harris "Nabbed on the Data Highway" New York Times November 26, 1989.

10 : Clifford Stoll Silicon Snake Oil: Second Thoughts on the Information Highway, Anchor Books, 1996.

11 : Clifford Stoll High-Tech Heretic: Reflections of a Computer Contrarian, Anchor Books, 2000.

Topic revision: r9 - 07 Apr 2015 - 13:26:52 - ThomasMisa
Signed in as lewi0740 (NicLewis) | Sign out
UMWiki UMWiki
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding UMWiki? Send feedback