Cybersecurity Book Review: The Cuckoo’s Egg

Tracking a Spy Through the Maze of Computer Espionage

A while ago I listened to The Cuckoo’s Egg by Cliff Stoll as an audiobook. I just had one question after hearing this story: How is this not yet a movie? I did some searching around and found a documentary on the topic but no box office thriller. Perhaps it takes a certain type of geekiness to appreciate this book but I can’t see how anyone could not be fascinated reading this game of cat and mouse.

We need more people in cybersecurity you say? Why not share this story with kids in school who might be interested in how an astronomer got involved tracking a hacker trying to break into government and military systems across the United States? I am onto another book now that tells the stories of other cybersecurity professionals. One went into the profession because he read Stoll’s book.

The Cuckoo’s Egg was written at a time when people didn’t understand the implications of cybersecurity attacks or take them seriously. Perhaps many still don’t, but I think if Cliff Stoll called up today to tell someone in the government a hacker was accessing military systems to view or remove data the reaction might be a bit different. The challenge in this book was, in part, to get anyone to listen to him.

As always in cybersecurity, people in Stoll’s organization at a university didn’t see the point and wanted to shut the whole operation down after it went on for what seemed like too long to them. They didn’t care that other military and government systems were affected. It wasn’t their job or responsibility and it impacted their budget.

What intrigued me also as Stoll took steps to capture the hacker was his knowledge of things beyond what I know about logical cybersecurity — the software and bits and bytes we examine and control to try to secure our systems. Cliff Stoll was using physical devices and knowledge in other domains to try to hone in on his adversary. Not only that, his girlfriend helped him create some contrived information to try to trick the hacker into hanging around long enough to capture him.

What this book really demonstrates is that as a cybersecurity professional, it helps to be creative and think like an attacker — a phrase that gets thrown around in security sometimes. But as I heard Adam Shostack, one of the top experts on the topic of threat modeling say in a presentation at BSides Vancouver, people outside of cybersecurity might understand what that means. By reading this book they will. Cliff Stoll recounts the back and forth with his adversary and how a cybersecurity professional tries to determine what might be effective in uncovering and identifying a cyber thief.

Technology has changed quite a bit since the publication date of this book. It is still relevant though because as I write about in the last chapter of my own book on cybersecurity, the more things change the more they stay the same. Cybersecurity fundamentals and concepts in this book are the same as those that cause the SolarWinds Hack I’ve been writing about recently: connected networks and stolen credentials.

I highly recommend this book to anyone interested in cybersecurity. You’ll also like it if you are the kind of person who likes spy movies or crime shows where law enforcement is trying to capture a criminal.

Teri Radichel

If you liked this story please clap and follow:

Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research

© 2nd Sight Lab 2021

____________________________________________

Want to learn more about Cybersecurity and Cloud Security? Check out: Cybersecurity for Executives in the Age of Cloud on Amazon

Need Cloud Security Training? 2nd Sight Lab Cloud Security Training

Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.

Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.

Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts