Introduction
Another interesting cybersecurity book I have read this year. It’s fascinating to read about the Cyber security investigation by Cliff Stoll to catch the hacker. Book starts with Cliff Stoll tries to identify the discrepancy in the accounting system(I think 75c) and he ended up chasing the hacker and along the way Cliff learnt the weakness of the system.
Title of the book (The Cuckoo’s Egg) means Cuckoo’s lays the egg on someone nest and in this context hacker exploits the weakness of the system and plants the backdoor. Hacker tries to stay stealthy by hiding the activities to some extent without being caught over a period of time. However, I don’t understand or still a mystery how the Author able to log all the activity and follow-up the hacker including his lateral movement. Regardless it’s recommended book for anyone to have fun to read and also the same time learn about some hacking concepts.
What this story about?
It started at lab where Cliff Stoll investigating the accounting error and all the events unfolded in US just like any other hollywood movies. When Cliff founds out someone exploiting the weakness of GNU Macs( I don’t know what is that but I don’t bother researching) and logging to sensitive network.
Cliff setup a trail to identify and catch the suspect. Initial investigation suggest its teenager somewhere in US tries to poke around the computer but over the time Cliff found out the hacker tries to login some of the critical system consistently and downloading the sensitive files.
During the course of the investigation Cliff contacted the FBI, NSA, Energy sector and CIA about the hacker. Initially none of the organisation ready to help because of the monetary value or the impact caused by hacker. Cliff pursued the hacker on his own with little help.
And also it reminds me the hacker exploits the weakness which is not different from current cybersecurity hacks. 80% of the breach happens because the systems uses default password and connected to internet.
How does it end?
Tracking the hacker day and night over the period of months with little help.Cliff able to narrow down where this connection is coming from and to an extent able to identify who is behind the attack and the hacker is working with KGB for money to sell the top secret US information.
Cliff Stoll contacted the relevant authorities to pursue the case by explaining how it’s important to stop the hacker abusing the network. Finally hacker is arrested and the more details about the hacker can be found online https://en.wikipedia.org/wiki/Markus_Hess
Learnings from the book
Some of my highlights of the books are
- 90% of the hack is not complex and I would argue it matches with current cyber security trend. For e.g. keeping the default username and passwords . System is exposed to internet so to avoid this scenario change the default username and password and keep the system not exposed to internet.
- Honeypot is the key. Need to have visibility to disrupt the hacker or buy some time. This book teaches about how Cliff Stoll created the fake documents and hacker fell for it. So the honeypot or honeykeys to understand to understand the hackers mindset. This reminds me about my next topic of Canary tokens to monitor sensitive commands.
Who Should Read it?
Anyone wants to spend their weekend relaxed and also to improve the cybersecurity knowledge. It’s fun to read and at the same time it teaches few techniques about deny and disrupt the bad actors.
Conclusion
Overall, I have enjoyed this book even though some of the exploits is not applicable to current environment but principals may still apply. I am looking forward to read more books like this. If you are interested in similar type of books don’t forget to checkout https://vasanthselvaraj.com/?p=129