Cyber-Sleuth Cliff Stoll: How a Mad Genius Exposed Moscow’s Hacker Spies

What would you do if you accidentally discovered hackers were using your computer to illegally access US missile bases? If you’re like astronomer-turned-cyber-sleuth Clifford Stoll, you’d chase down a spy ring operating halfway around the world.

Hackers were a new phenomenon in 1986 when Stoll managed computers for California’s Lawrence Berkeley National Laboratory (LBL). He was a 36-year-old with Einstein-inspired hair and a mind soaring among the stars. His idols were Bletchley codebreaker Alan Turing and German mathematicians Felix Klein and Emmy Noether. 

Stoll - and the world - stood on the cusp of an 80s IT revolution reminiscent of today's AI boom, but cybersecurity was lax. “People paid more attention to locking their cars than securing their data, Stoll says in his thrilling exposé, The Cuckoo’s Egg.

Stalking a hacker

The trouble in Stoll’s computer lab kicked off with a small accounting glitch; there was a 75-cent billing error on LBL’s computer system. It was minor league stuff, but it bugged him anyway. At the time, It cost $300 an hour to go online and most people didn’t even know what the Internet/Arpanet was aside from techies, spies, and NASA types like Stoll. So who, or what, could have caused the error? 

LBL’s computers were hot stuff - cutting-edge SUN workstations with almost 100 megabytes of disk space, 128 kilobytes of memory, and a whiplash speed of 8 megahertz. “We also had fifty 80-megabyte external disk drives the size of washing machines,” Stoll told CalTech. “They sounded like washing machines, too, rattling around like they were on spin cycle.”

As Stoll sat in an astronomy lecture listening to a discussion about gravitational waves one day, a chilling thought seized his mind: What if the accounting mistake was caused by an outsider hacking into LBL’s computer system? It was a radical idea. If Stoll was right, he may have stumbled on the world's first known case of cyber espionage, a hack that would change computer security forever.

‍

‍

The Techno-Thriller Unfolds

To a generation of whitehat and black hat hackers, Cliff Stoll is a cybersecurity icon who stalked a shocking culprit with relentless zeal. When Stoll first started poking around, he wanted to know why there was a 75-cent discrepancy between two accounting programs used to charge for nine seconds of computer use. He discovered someone changed the password on one of the accounts.

“That’s weird,” Stoll thought. The intruder would need to be a Unix ‘superuser’ with the same license as the system administrator to manipulate LBL’s computer. Normally, Stoll would just log in, disable the account, and make the problem go away but Stoll was intrigued. He figured it was probably a university grad student trying to yank his chain but how could he prove it? 

At 5:30 pm one Friday evening, with the lab emptying for the weekend, Stoll built an elaborate, electronic spy trap by relying on a technique he’d learned in grad school - “There will be hell to pay on Monday but it’s easier to give an apology than get permission." Stoll ‘liberated’ 50 of his co-workers’ printers and teletype machines from their cubicles and hooked them up to his computer. If a hacker targeted Berkeley, he could now record it on a printer or a floppy disk.

Stoll drained his flask of hot tomato soup, rolled out his sleeping bag on the office floor, and slept deeply that evening. His hacker did not disappoint.