Clifford Stoll – An astronomy professor who stopped a hacker


Last Updated on 1 year by Christopher G Mendla

In 1986, Cliff Stoll was an Astronomy Professor at Berkley. When a computer administrator was on leave, Cliff was in charge of the systems. He found a 75 cent accounting error and started tracking it down. He eventually exposed a Soviet Bloc hacker who was stealing US Military secrets. His book, The Cuckoo’s Egg details the security issues that allowed the hacker to penetrate some of the most secure systems. The problem is that these vulnerabilities still exist today.

Cliff Stoll strikes me as a guy who lives at the tails of bell curves. He is highly intelligent and can think outside the box. He also took a highly complex topic and turned it into a novel that just about anyone can read and understand.  One of his hobbies is Klein Bottles. They are one dimensional bottles that can hold water.

At the time of the incident, digital forensics really didn’t exist. Stoll’s brilliance was shown in a number of ways.

When he discovered a .75 cent discrepancy, he did not simply ignore it. He followed up doggedly. When Cliff called the FBI and told them them there was a computer breech, they asked how much money was lost. When he told them .75 cents, they told him to get lost.

When we find someone breaking in, we let the bastard in”
FBI – “How much was Stolen?” Stoll “75 cents”
Cliff talks with the NSA

He did not shut the hacker out of the system.  In his own words he “..let the bastard in”

He then went to the NSA  and ran into another brick wall. 

Visit the Town Hall site for the complete set of audio clips from the presentation 

Now, picture a Berkley Hippie Type professor going to the FBI telling them about classified systems that he was watching the hacker access.

Stoll wrote a book called “The Cuckoo’s Egg” that details how he tracked the hacker. It is written like a novel, not a technical book.  He discussed some of the methods that the hacker used to access the Berkley systems and other systems. Unfortunately , these techniques still work today:

  • Exploit unpatched systems. I don’t know how many systems I have come across where they are running operating systems and software that is not patched. Unpatched system allow hackers to use known exploits to gain access.
  • Social Engineering – The hacker would contact people and get passwords using ruses. Yep, Phishing has been around for a long time.
  • Weak or default Passwords – This is obvious but consider that the recent Equifax hack was made possible in part by the use of a default admin/admin id/pw.

Unfortunately users and administrators have not learned the lessons that have been obvious since the mid 1980’s. For about 25 years, I taught computer science classes ranging from 100 to 500 level classes. Whenever possible, I made Stoll’s book mandatory reading.

What makes Stoll amazing is that the majority of people never would have seen that there was a problem much less spent the effort to track it down and come to a resolution.

Leave a Reply

Your email address will not be published. Required fields are marked *