Clifford Stoll – An astronomy professor who stopped a hacker
Cliff Stoll strikes me as a guy who lives at the tails of bell curves. He is highly intelligent and can think outside the box. He also took a highly complex topic and turned it into a novel that just about anyone can read and understand. One of his hobbies is Klein Bottles. They are one dimensional bottles that can hold water.
At the time of the incident, digital forensics really didn’t exist. Stoll’s brilliance was shown in a number of ways.
(note – the au files linked below will download)
When he discovered a .75 cent discrepancy, he did not simply ignore it. He followed up doggedly. When Cliff called the FBI and told them them there was a computer breech, they asked how much money was lost. When he told them .75 cents, they told him to get lost.
|Cliff and 75 Cents|
|Let the bastard in|
|Cliff talks with the NSA|
He did not shut the hacker out of the system. In his own words he “..let the bastard in” Listen at cliff04 (from https://town.hall.org/radio/University/Stoll/cliff04.html)
He then went to the NSA and ran into another brick wall. Cliff Stoll talks with the NSA (from https://town.hall.org/radio/University/Stoll/cliff04.html)
Now, picture a Berkley Hippie Type professor going to the FBI telling them about classified systems that he was watching the hacker access.
Stoll wrote a book called “The Cuckoo’s Egg” that details how he tracked the hacker. It is written like a novel, not a technical book. He discussed some of the methods that the hacker used to access the Berkley systems and other systems. Unfortunately , these techniques still work today:
- Exploit unpatched systems. I don’t know how many systems I have come across where they are running operating systems and software that is not patched. Unpatched system allow hackers to use known exploits to gain access.
- Social Engineering – The hacker would contact people and get passwords using ruses. Yep, Phishing has been around for a long time.
- Weak or default Passwords – This is obvious but consider that the recent Equifax hack was made possible in part by the use of a default admin/admin id/pw.
Unfortunately users and administrators have not learned the lessons that have been obvious since the mid 1980’s. For about 25 years, I taught computer science classes ranging from 100 to 500 level classes. Whenever possible, I made Stoll’s book mandatory reading.
What makes Stoll amazing is that the majority of people never would have seen that there was a problem much less spent the effort to track it down and come to a resolution.
- Clifford Stoll vs the KGB hacker – A nova documentary about one of the first people to uncover a hacker
- 8 Track tapes
- Remote locks and lockboxes for your home.
- Add a booster fan for chilly rooms with hot air registers (works with air conditioning also)
- Why you should NOT send your resume to every recruiter who sends an email about a position
- Math and logic just seem to escape some people
- The Commodore 64 ‘computer’
- The Florida International University Bridge Disaster – Some background information.