photo: https://www.ted.com/
Cybersecurity can become strangely personal at times. Two people who have never met, locked in an intense battle of wits, dueling online for the control of systems, or to simply suss out the other’s identity.
Fictional accounts can hardly begin to reveal what it’s really like going up against cybercriminals. Every nefarious motive in the book has been behind crimes ranging from petty theft all the way up to important matters of national security. Still, just like in the movies, sometimes in the end there is just one lone hero taking a stand who makes all the difference.
The classic story of stalking and capturing a hacker is one of the earliest examples of the great cyber-rivalries of all time, covering a range of incredible plot lines: international intrigue… theft… and even murder.
Sometimes an incredible story is matched up with an incredible storyteller, and when the storyteller is also one of the major participants, you wind up with a tale for the ages.
That’s exactly what happened in the rivalry that set the stage for all subsequent match-ups in cybersecurity, laid out in exquisite, entertaining technical detail by astronomer Clifford Stoll in his 1989 book The Cuckoo’s Egg.
The 75-Cent Mystery That Lead To The Greatest Hacking Case of the 1980s
Though his vocation was astronomy, Stoll’s knowledge of computer systems was what paid the bills when he took a job as a system administrator at Lawrence Berkeley National Laboratory (LBNL) in California.
It was a $0.75 discrepancy in one of the accounting logs at the lab, though, that set the one-time astronomer on a path to becoming a cybersecurity legend. As the new guy on staff, he was assigned the task of tracking down the issue and getting the glitch fixed.
But his investigations showed that the discrepancy wasn’t actually a glitch. Instead, it was one tiny breadcrumb of evidence left by an intruder passing through the LBNL network.
At the time, the Internet was a more open place than it is today and hacking was still somewhat novel. It was equal parts curiosity and duty that lead Stoll to track the intruder’s path through the LBNL systems. But as he unraveled that thin thread of evidence to reveal proof of an intrusion and came to realize the sensitive nuclear research facilities, military bases, and defense contractors the intruder could potentially access, Stoll realized he was dealing with more than just some malicious prankster or cyber-thug.
An Ocean Away, A Spy At Work
That intruder was a West German student named Markus Hess. Based in Hannover, Hess worked intermittently as a programmer after abandoning a degree program in mathematics for studies in informatics at the University of Hagen. Together with a number of friends, he got his kicks exploring and probing systems around the world through hacked remote access phone systems.
As soon as they realized that some of those systems held information that could end up being exploited for real money, Hess and crew made a series of connections with shadowy figures willing to pay for it. Those figures, as it turned out, worked for the KGB… Soviet intelligence agents looking for American military and nuclear secrets. Hess either didn’t know or didn’t care. The money spent the same either way.
This discovery was still nearly a year away for Stoll as he followed the breadcrumbs out of the LBNL network and gradually made connections with administrators of other networks that had been hacked along the way. When he attempted to raise the alarm, he was usually met with disbelief and confusion. Military system administrators didn’t want to believe their systems had been compromised so easily… law enforcement authorities were unclear where their jurisdiction extended or even whether any actual crimes had been committed under current laws.
Although Stoll eventually narrowed down where Hess was coming from and convinced authorities that the hacker had to be stopped, the case was one of the first international hacking incidents, long before there were any systems or protocols in place for inter-agency cooperation on such investigations. And getting federal law enforcement agencies to cooperate wasn’t something that would come easy without having some hard facts to present… and it was nearly impossible to get hard facts without their cooperation.
Stoll went as far as he could on his own, and found himself at an impasse.
Inventing the Digital Honeypot
To identify and arrest the hacker, Stoll invented what is now a classic cybersecurity technique: the honeypot, a server configured to look like an easy mark, but in fact designed to gather data that would identify and incriminate anyone breaking into it.
Hess, unaware that his activities were being so closely tracked, fell for the gambit. He sniffed at the honeypot, saw that the contents (which were fictitious) were exactly what his buyer was looking for, and dove in. He left electronic fingerprints and personally identifying information all over the trap.
United States federal authorities finally had information they could use. They contacted intelligence officials in Germany, who in turn got in touch with the Deutsche Bundespost—the German post office. Bizarrely, for reasons based purely on tradition, the post office actually had authority over online crimes in Germany. Agents of the Bundespost arrested Hess at his home in Hannover, confiscating plenty of incriminating evidence in the process.
Stoll later flew to Germany to testify at the trial held for Hess and his associates. Hess and two others were convicted of espionage and given a 20-month suspended sentence. A fourth defendant named in the case, Karl Koch, was found burned to death in a forest outside Celle, Germany.
Although authorities called Koch’s death a suicide, numerous questions about the nature of the scene led to speculation that he was killed in order to conceal details about the case.
Stoll went on to serve as one of the early voices calling for improved security in computer systems and helped shape the cybsecurity community as it exists in the U.S. today. His efforts to forge cooperative connections between law enforcement agencies and computer operators paved the way for how hacking cases are investigated.
Hess was given what amounted to a hand-slap sentence since none of his offenses seriously harmed the German state, and immediately retreated from the press and shunned further contact with the hacking community.
Efforts to contact and interview him have largely proved fruitless over the years. Whether frightened by Koch’s mysterious death or simply repentant for his role, Hess has remained silent about his part in one of the first great cyber-rivalries.