**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.12 (June 10, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.12 / File 3 of 5 *** *************************************************************** Stoll, Clifford. The Cuckoo's Egg. Doubleday, 1989. 326 pp. (Reviewed by Charles Stanford) Stoll's work has received extremely mixed reviews, and most of the reviews were based on the reviewers' personal attitudes towards computer use. This review is no exception, but it does attempt to address some of the literary concerns that should arise in a book review. Stoll takes us on a "spy hunt" -- it is not a fluke that the book is located right next to "I Led Three Lives" and other laughable works of espionage fiction disguised as reporting. His grant money "ran out" and so, to keep eating, he begins to work for the computer center in Berkeley. (No explanation of why it "ran out." Did he complete the work? Was his renewal rejected through the "peer review process?" Did he even try to renew?) There is a 75 cent shortfall and he is given the task of finding out where that 75 cents went. He describes his subsequent activity with remarkable candor, guilty as he may be of committing several crimes himself. He finally gives information leading to the arrest, but not necessarily the conviction, of a "hacker." That's about it. One of the most annoying aspects of the book is not, however, Stoll's pursuit of the hacker but his interminable self-justification and annoying self-description.. One has the feeling that Stoll himself knows that his activity was obsessive and nearly insane because he so often attempts to justify it, painting himself as a liberal hippie type wearing blue-jeans and complete with long hair and a "sweetheart" who can beat him at wrestling. How cool it all is! Like, man, geez, like. We learn of him putting his tennis shoes in the micro-wave and how he rides a bicycle to work uphill and how he believes in love and trust and the Grateful Dead and how he and his "sweetheart" eventually get married and live happily ever after. He grows up, you see. Not since "Love Story" by Eric Seal have I seen such a vapid piece of self-indulgence. I was about to say at least Eric Segal . . . , but really could not think of anything that would differentiate the two. Almost at random, we can look at some of his less personal statements and see this same thread: "As pure scientists, we're encouraged to research any curious phenomena, and can always publish our results." (P. 15) Unfortunate that this particular "pure scientist" lost his grant. But what about that curious phenomena? What about a strange computer or a new computer? Is that not curious phenomena? No, because the "varmit" was a "hacker" and therefore wearing a "black hat." No, I am not paraphrasing, these are Stoll's actual words. He really isn't a hippy after all -- he is a frustrated Hopalong Cassidy, the Lone Ranger with his faithful sidekick "sweetheart," tracking down the varmits, by gum! I have also heard that some of the techniques he describes in the book have been used by "hackers" to gain access to mainframe computers but, before you run out and buy the book on that account, allow me to present some of the information Stoll gives. He starts out by trying to monitor every single call coming into the computer, grabbing P.C.s from offices for that purpose. He finally applies his expertise. He notices that the calls come in at 1200 baud and are therefore from outside and would therefore come in only on certain lines. Amazing bit of deduction, wouldn't you say? You see, he points out, 1200 baud is a slower rate of transfer than 9600 or more. And he even explains what "baud" is. With such esoteric information as this getting out all over the country, I wonder why this book hasn't been suppressed. We also learn that Kermit is a file transfer protocol. Of course there are some things in the book that the normal 12 year old with a Commodore 64 might not have known and this book is conveniently written on that level. For example, if you want to logon to a Unix system, try the password "root," logon "root." If that doesn't work, try "guest." If that doesn't work, try UUCP. If you are 12, perhaps Stoll has sent you on to a life of crime. On a VAX, try "system" account, password "manager, "field, "service," and "user," "user." (p.132). And don't forget the Gnu-Emacs hole (132-133). Of course, one would be much better off in simply getting hold of a UNIX manual and reading it, but then he would not have had the fun of learning all about "sweetheart" and her halloween parties as well. I'd put the money on the manual. Actually, of far more interest in this area would be the article he published on the subject which is cited in the book ("Stalking the Wily Hacker," Communications of the ACM, May, 1988). More troubling is Stoll's use of the term "hacker." He uses it in its popular, media, law-enforcement definition which is, loosely put, "varmit." According to the HACKERS DICTIONARY, available from listserve@uicvm, this is the definition of a Hacker: HACKER (originally, someone who makes furniture with an axe n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value (q.v.). 4. A person who is good at programming quickly. Not everything a hacker produces is a hack. 5. An expert at a particular program, or one who frequently does work using it or on it . . . . 6. A malicious or inquisitive meddler who tries to discover information be poking around. Obviously, only the last, and least used, definition even remotely approaches the term "varmit." Unfortunately, many hackers, when approached by law enforcement officers, will readily admit to being hackers when questioned about it. Don't make that mistake, varmits. As a self-proclaimed hippie-type, Stoll has his greatest trouble in explaining why he is so close to the CIA and FBI (which, by the way, had the most sensible approach to this whole episode). Now what could you possibly come up with to explain that sort of activity. Unfortunately, being a hippie by self-definition, he could not use patriotism. He couldn't say he was in it for the money (which he is, despite his protestations to the contrary) since that is not hippieish -- it is "uncool." He comes up with "trust." A nice, honorable, clean sounding term. Yes, trust it shall be. You see, all the network users trust each other, now don't they? The proposition is almost laughable to anyone who has ever been on a network, but Stoll will talk about the community of trust that has been established, a trust that is being destroyed and eroded by varmits. His appropriation of that word is almost obscene when one considers what his self-aggrandizement has done to that very trust he so values. One argument he uses to support his activities is that your own credit information is in one of those systems. Now you wouldn't want that available to the general public would you? Would you want a 12 year old to know your buying habits? The fact is that corporate America knows this and wants to keep it their exclusive domain. Whether the information is false or not, they do not want you to know about it, but they will share it amongst themselves. Sometimes they sell the information back and forth. I think there is far more danger from that than there is from some "varmit," peeking into one of their systems. Those lily-livered, sap sucking, sidewinders (sorry, couldn't help it). Clifford Stoll now "... lives in Cambridge with his wife, Martha Matthews, and two cats he pretends to dislike." (p.327) I think that is a very touching, cute, detail about him, perfect to end the book because it is typical of the sorts of things he litters the manuscript with throughout. This is where the review should end. It is neat, compact, obligatory description, sustained attack, and has a cute ending to wrap things up, and this is how I would end it if I were getting paid to write the review. However, since I am not getting anything out of this, I feel free to add a bit more, also gratis. Since Stoll lists his E-Mail address, and since I like to be thorough, I decided to write him a note and see what would happen. Why should I just decided that he is posturing? Why not find out for sure? Maybe the address does not work. What could be lost by trying? (Well, I could have the three letter agencies after me but the pursuit of truth and so on is more important --well, perhaps.) At any rate, I had two major questions lingering in my mind: just what was this grant all about and does he get much nuisance mail as a result of publishing his E-Mail address. I sent the questions to his number at about 3:30 my time and started to pack for a trip out of town. Shortly thereafter, I logged on again to check last minute mail and to delete a bunch of stuff and found this on my screen: "56 30 May cliff@cfa253.harv Re: questions". Well, I could not just leave at that point. Frankly, I was a bit surprised. I had expected to get some note from somewhere along the networks to the effect that the user was unknown or perhaps some indication that a trace had been started by some illiterate narc. Instead, Stoll had replied, almost immediately, to my note. Hm, he seems to attend to his E-mail they same way I do mine. This is how he answered the first question: Grant money ran out? In short, the project moved to Hawaii. I was on the design team for the Keck Observatory Ten Meter Telescope. The Science Office, at LBL, designed the instrument. As the design progressed into construction, there was less research to do and more contract oversight. This, in turn, meant that our grant money ran thin. So I began working part time at the computing center. And so, for lack of proper federal funding, the entire spy/witch hunt began. An interesting thing about this is what kind of astronomy is being done? It reminds me of wanting at one time to be a cosmologist and being deflected time and time again by other considerations. Stoll may have started with an interest in the stars, perhaps in the origin of the universe, but wound up working with the computers instead. Oh well, nothing wrong with that, but interesting just the same. I wonder when he last was able actually to look through a telescope. The next question was a bit loaded as I knew he had gotten not only nuisance mail but some pretty nasty threats. I also knew of some other attempts, but no matter. His response is interesting: Nuisance mail? Yes, a few morons send anonymous mail; I've received threatening phone calls and such not. Compared to the mountain of nice mail I've received, I'm happy that I published my e-mail address. In fact, the best part of publishing the book has been the letters. I answer each one personally - no form letters or macros. Cheers, Cliff Stoll So what does this indicate? He was not posturing! I remembered then seeing him on CSPAN, an hour long interview with no commercial interruptions and, at that time, I found it difficult to believe that he was posturing, but now I'm even more certain. In short, he actually believes what he wrote. There is probably not one false note in the book. Which raises an even more troubling problem. I am able to understand someone who pretends to be for such issues as "trust" in order to gain acceptance -- almost every politician falls into this category and I grew up in Chicago when Daley Sr. was Mayor. What is almost frightening is someone who actually believes that he is making the world safe for democracy, freedom, and the American way by camping out under his desk at the computer lab with sixteen P.C.'s whirring away monitoring the mainframe, rigging up a pager so that every time a call came in he could peddle uphill in hopes of catching the miscreant. But there is more. I wrote him another note. I wanted to clarify a few other things. For example, I found the personal parts of the narrative problematic. I told him so and asked him if they were his idea or forced upon him by a zealous editor. I asked a few other questions as well and he responded. However, I also asked for permission to reprint his answers verbatim, but he either overlooked the request or thought it irrelevant considering his response which was, basically, to the effect that I should go ahead with the review based on my response, not his replies. At any rate, the gist of the letter, a rather lengthy one, was that one thing lacking in our culture is a popular literature relating to technology and that he wanted to help correct this deficiency. In other words, the book is not written for people who already know about computers (indeed, this seems to be a major source of confusion on the matter), but for the general public, the lay folk out there, who know nothing about networks. The people who think anyone who works with computers is some sort of recluse, a demented misfit. (Gordon Meyer's infamous Masters Thesis comes to mind here.) Stoll has an excellent point here -- we do lack such a literature. Certainly, the work of Carl Sagan and earlier Isaac Asimov served somewhat to breach this gap, but not the way Stoll's does. In fact, I have already begun work on one of my own, tentatively titled "Cops, Cuckoos, and Computer Jurisprudence." In short, if you know a bit about computers and computer networks, are familiar with UNIX and a few operating systems, you already know too much to enjoy this book. If you are entirely ignorant of them and if you liked Love Story, this is the book for you. Charles Stanford =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+