Every now and then I’ll read a book which I add to my library on the history of security. The Cuckoo’s Egg by Cliff Stoll has definitely earned its place among them. Well written for a non-technical audience, with enough detail for those of a more technical leaning to fill in the gaps, it’s a great read.
From the initial discovery from an accounting error down to an intruder’s unfamiliarity with software, through over a year of careful and methodical tracking, monitoring, and running headlong into bureaucratic brick walls (which may be familiar to some), to a dramatic climax. Throughout Stoll gives a very personal, first-hand account of the hunt, the effect that being a computer security expert can have on your life (early morning calls may bring back bad memories for some), and the way that looking into security deeply enough brings about the realisation that while it is a solution, and is needed, the need for openness cannot be overstated.
Especially interesting are the principles which Stoll details during his chase of the spy, all of which are in use in some form today. Of course, the criticisms of certain agencies only ever taking in information and not sharing it, to the detriment of innocents, is a political position that many would agree with even now – particularly given some recent leaks of vulnerability stockpiles.
If you’re looking for a security read for the beach (or, more appropriately at this time of year in front of the fireplace with a hot, alcoholic drink) then this is definitely one to grab. And if you’re looking for a Christmas present for your security aware and/or professionally paranoid friends or family then I cannot recommend The Cuckoo’s Egg highly enough.
Subjects: autobiography, computer espionage, counter-espionage, security