Scan barcode
A review by rbruehlman
The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Clifford Stoll
4.0
The Cuckoo's Egg follows the story of an astronomer who notes a discrepancy in his lab's accounting system and discovers a hacker using a stolen account. Over the next year, he traces how this hacker exploits both real security holes and avoidable poor security practices to trawl through the CIA, FBI, and military's computer systems.
I got recommended this book by a former coworker who makes my technical skillset look like clacking on a prehistoric abacus. So I was expecting this book to be super technical and a bit over my head. This book is actually surprisingly engagingly written and very accessible. It's a true story, but reads like a novel, and you don't need any technical background to understand at all. Stoll does a really commendable job with "explain-it-like-I'm-five" technical explanations--a rare skillset in an industry where everyone is deep in the weeds.
I was pretty surprised by how cavalier the CIA and FBI were about a hacker--they didn't want to get involved until he stole something classified, even though it was quite evident the hacker would eventually become a problem. It's kind of like saying, "Well, this guy is stalking my house, but he hasn't murdered me yet, so, meh, I won't bother calling the police and doing anything about it."
Why would you want a stalker at your house? Why are you waiting for him to murder you before you raise the alarms? I wonder if it was a reflection of the era, where computers were still very much considered a toy of sorts. Hopefully they've changed their tune since. The book definitely gave me a greater appreciation of what a hacker could do with even the average person's computer; a hacker might not be interested in you per se (some might--free credit cards and SSNs are always nice), but they may be interested in using you to do damage to someone else.
I did think this book could have been a bit shorter--it got a bit repetitive later on--but it was an engaging and quick read, so it's mostly a quibble. This is a largely play-by-play book of how Stoll tracked the hacker down, so you won't find a greater analysis of computer security or government security practices, for better or for worse. It lacks depth, but is interesting.
I got recommended this book by a former coworker who makes my technical skillset look like clacking on a prehistoric abacus. So I was expecting this book to be super technical and a bit over my head. This book is actually surprisingly engagingly written and very accessible. It's a true story, but reads like a novel, and you don't need any technical background to understand at all. Stoll does a really commendable job with "explain-it-like-I'm-five" technical explanations--a rare skillset in an industry where everyone is deep in the weeds.
I was pretty surprised by how cavalier the CIA and FBI were about a hacker--they didn't want to get involved until he stole something classified, even though it was quite evident the hacker would eventually become a problem. It's kind of like saying, "Well, this guy is stalking my house, but he hasn't murdered me yet, so, meh, I won't bother calling the police and doing anything about it."
Why would you want a stalker at your house? Why are you waiting for him to murder you before you raise the alarms? I wonder if it was a reflection of the era, where computers were still very much considered a toy of sorts. Hopefully they've changed their tune since. The book definitely gave me a greater appreciation of what a hacker could do with even the average person's computer; a hacker might not be interested in you per se (some might--free credit cards and SSNs are always nice), but they may be interested in using you to do damage to someone else.
I did think this book could have been a bit shorter--it got a bit repetitive later on--but it was an engaging and quick read, so it's mostly a quibble. This is a largely play-by-play book of how Stoll tracked the hacker down, so you won't find a greater analysis of computer security or government security practices, for better or for worse. It lacks depth, but is interesting.