In 1986, Cliff Stoll’s boss 在任务是让他到实验室的计算机网络中的75美分的会计差异,这是按分钟租给了远程用户的底部劳伦斯伯克利国家实验室。斯托尔,36,调查了微小的异常的来源,拉动它像一个松散的线程它导致了一个令人震惊的之前罪魁祸首:系统中的黑客。

斯托尔然后度过了他人生的下一年以下整个实验室的网络黑客的足迹和新兴的互联网。这样做,我发现像军方和政府入侵广阔的网络成机构开展了一批年轻的德国黑客最终显露在苏联克格勃的服务一直在努力。从斯托尔这微小的初步线索,这是我在1989年后期出版作为一种数字侦探回忆录揭开故事, The Cuckoo’s Egg, turned out to be the very first known case of state-sponsored hacking—a tale far bigger than he could have ever imagined when he began hunting those three quarters missing from his lab’s ledger.

Today, that story has taken on a larger life still. As The Cuckoo’s Egg ITS命中30周年,该书已售出超过100万份。和网络安全从业者在这庞大的读者群更小的核心,它已经成为一种传说:一个孤独的黑客猎人的UR-叙述,一个文本鼓舞了整整一代网络维护者通过大得多的追逐着自己的异常,无限多的恶意网络。

Stoll asks people who have interviewed him to sign his personal copy of The Cuckoo's Egg.

Photograph: Cayce Clifford

As for 69-year-old Stoll himself, he talks about the entire series of events as if he still can’t believe all the fuss he’s caused. “I thought it was a weird, bizarre hiccup I’d stumbled into,” Stoll told me when we first spoke last year, after I called the home number he lists on the very eclectic website for his business selling klein bottles这-blown玻璃古怪,拓扑来说,只有一面,没有外部或内部。 “我没想到会ESTA数十亿美元成为产业。或者必须运行一个大型企业。这或信用报告公司的CEO可能会失去由于计算机安全的他的工作。成千上万的人或在现场,将有事业。在世界各地的许多乡村俱乐部那或国家机构将投身于计算机网络利用的安全漏洞。“

SUBSCRIBE
Subscribe to WIRED and stay smart with more of your favorite writers like Andy Greenberg.

In fact, Stoll is an unlikely legend for his cybersecurity industry admirers. On the day I visited Stoll in his Oakland home last month, just a few days after the 30th anniversary of The Cuckoo's Egg’s publication, he had spent the morning watching Mercury transit the Sun with his telescope. Stoll has a PhD in planetary astronomy and had intended to make stargazing his career before Lawrence Berkeley transferred him—not entirely voluntarily—into the IT department.

Advertisement

当我到达时,我注意到我的他的画室在房子的后面,有一两面墙的房间覆盖发明家,数学家和科学家的印刷图片WHO启发他:菲利克斯·克莱因,阿兰·图灵,埃米诺特。然后我翻了他的办公桌上的铰链,以揭示它下面的墙门。

里面是一个小的,自制的叉车机器人,它住在他的房子下的矮。使用遥控器,看多个屏幕,显示从机器人的摄像头的进给,我有轮子,他在他的家在局促的存储空间小机器人,它的墙壁内衬纸箱,精细地检索制作精美的克莱因瓶包装的完整箱纸。

斯托尔仍然好奇黑客攻击过。几个月之前我提到了,我决定做一个云雀反向工程的一些黑客恶意软件股价的Excel文件看到的藏恶意代码。 “我对自己说‘哦,这里是他们如何在隐瞒了。’这是非常甜蜜和有益的教训,”斯托尔说,坐在他旁边的叉车BOT他车间的地板上。 “话虽如此,我不是很在今天的网络安全感兴趣。我想我更感兴趣。我希望我能帮助人们维护自己的系统。相反,我回去搞清楚如何使一个克莱因瓶,可以坐在没有摇晃“。

Royalties from The Cuckoo's Egg Stoll的抵押年前还清。今天,克莱因瓶盐提供了他一个,很谦虚收入流。作为网络安全,除了一些会议的会谈,我没有在这个行业工作了几十年。这同样杂食性的好奇心驱使他去追逐他的黑客一年最终导致他在接下来的30投入到他的其他兴趣像数学,电子音乐和物理的没有一个是有是要求一个专家。 “为了一个数学家,我是一个相当不错的物理学家,”斯托尔面无表情地说。 “为了一个物理学家,我是一个相当不错的电脑行家。实际计算机运动员们,他们知道我的人谁是一个很好的作家。世界卫生组织人知道怎么写......我是一个很好的数学家!“


“To a mathematician, I’m a pretty good physicist,” Stoll says.

Photograph: Cayce Clifford

"To people who know how to write," he says, "I’m a really good mathematician!”

Photograph: Cayce Clifford

But if Stoll is a cybersecurity amateur,一些专家曾经有过因为在球场上多少影响。斯托尔公司在业内人士指出,球迷怎么样,他的黑客狩猎30年前,我的首创技术,出于需要,以后将成为标准做法。斯托尔在他的办公桌睡在实验室和编程他的呼机提醒他当黑客登录到在半夜网络。也有设置了数十个打印机抄写每一次击键输入实时黑客。所有这些加起来像第一入侵检测系统。

Advertisement

当斯托尔追查黑客的入侵国防部的MILNET系统,阿拉巴马州陆军基地,白沙导弹靶场,海军船坞基地,空军基地,美国宇航局喷气推进实验室,国防承包商和中央情报局部,斯托尔被映射出的入侵运动就像威胁情报分析员今天所做的。

当我种了数百名假秘密军事文件,他的网络上欺骗他的黑客入停留登录到劳伦斯伯克利系统足够长的一个德国电信员工追查侵入汉诺威黑客的位置,我是建设一个“蜜罐” - 同种诱饵的用于跟踪和定期分析现代黑客和僵尸网络。

The Cuckoo's Egg documented so many of the methods we now use to deal with high-end intruders,” says Richard Bejtlich, a well-known security guru and author of The Tao of Network Security Monitoring: Beyond Intrusion Detection, who has worked on incident response and network monitoring at companies like Corelight and FireEye. “You can see in the book almost everything you need to do in an incident. The mindset, the thoroughness, the commitment to it. It’s all there.”

他的书出版之前就在劳伦斯伯克利国家实验室Stoll的黑客跟踪的工作启发其姊妹机构,劳伦斯·利弗莫尔国家实验室,尝试开发更多的系统,自动防黑客防御。一位工程师那里,托德赫伯利,被授予鉴于建立了世界上第一个网络安全监控软件。 “你可以说,从字面上悬崖开球开始斯托尔整个入侵检测领域。从本质上讲,我们在软件斯托尔全自动多什么做的,“赫伯利说。 “有一次,我打开我们的工具,我们看到有人试图破解每天我们的网络,有时成功。整个犯罪浪潮发生了什么,没有人知道这一点。“

最终赫伯利的网络监控软件的版本部署到超过100个空军网络,包括那些理查德发现自己Bejtlich工作期间,他在军队的时间在90年代末期。作为一个高中生,由Bejtlich迷住已经的平装本 The Cuckoo's Egg, and he reread it during that time in the Air Force. “Every element of what Stoll did, we were doing,” he recalls.

Around 2010, when he was working as director of incident response for General Electric, Bejtlich says he read it again, and found dozens more lessons for his team. He’d later pull them together for a talk about those lessons, "Cooking the Cuckoo's Egg 500 Internal Server Error

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Just as much as its technical lessons, The Cuckoo’s Egg 捕获跟踪黑客太的工作非常个人化的一面。长时间的,摩擦老板,世卫组织要求对发现听取汇报而不共享自己的信息的联邦特工,并与亲人 - 斯托尔当时的女朋友(现在的前妻)的紧张关系并不总是他的感激之夜他的办公桌下睡觉打猎一个看不见的白鲸。 “还有下WHO事件响应书桌睡眠和怪异的时间唤醒。你在入侵者的怜悯,“Bejtlich说。 “谁做了ESTA任何人都可以涉及到从家庭背井离乡,工作的疯狂小时。它是完全熟悉甚至30年以后。“

但有一个令人兴奋的一面Stoll的故事还有:为有志网络维护者的理想场所,其中许多人希望有一天发现自己的侦探主角的故事像一个斯托尔写道。 “人们进入网络安全的梦想,他们将在这样的工作,”克里斯·桑德斯,创建基于一个疗程安全顾问说: The Cuckoo's Egg called "The Cuckoo's Egg Decompiled." “They imagine finding the thing that becomes the bigger thing. We all want to live that. Some live it and some don’t. But we all get to live it vicariously through Cliff.”

Advertisement

Stoll makes and sells blown glass klein bottles that, topologically speaking, have only one side, with no inside or outside.

Photograph: Cayce Clifford

That fantasy version of Cliff Stoll is hard to make out in the mad scientist, klein bottle-selling Cliff Stoll of today. But, it turns out, underneath 30 years of layered polymath whimsy, the obsessed hacker hunter is still there.

After he finishes giving me a tour of his workshop, Stoll sits me down in his cluttered dining room lined with books, including a full 20-volume set of the Oxford English Dictionary, one of the first things he says he bought with his Cuckoo's Egg advance. He starts reminiscing, telling a story about his hacker hunting that isn’t in the book.

500 Internal Server Error

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

我没有在书中提到的是,我亲自赫斯后来认识了。当斯托尔叫汉诺威附近的策勒的德国小镇用来作为案件的专家证人,因为我已经告诉它,我遇到了赫斯在法院浴室,即将直面我已经在网上追捕的黑客一年。赫斯公认斯托尔,并开始询问他在英语为什么我有这么顽强地追求他。 “你知道你对我做?”问赫斯,根据Stoll的30岁的回忆。 “你会得到我送进监狱!”

Stoll says he simply told Hess, “You don't understand,” walked out of the bathroom, and testified against him. (That telling of events couldn’t be confirmed with Hess, who has no contact information available online and hasn't commented publicly on The Cuckoo's Egg 在几十年。汉斯甚至棉铃虫,当时赫斯同谋之一,告诉我,我不知道如何找到他acerca。此外棉铃虫指出,黑客ADH始终是勘探技术发现,没有钱俄语他自己的主要动机。我认为赫斯,谁被赋予了20个月的缓刑对他的入侵,可能也有同感。)

在小说的这一点上,斯托尔变为沉默,他的脸扭曲成一个痛苦的表情。慢慢地,我意识到他的愤怒。然后斯托尔告诉我什么,我真的想告诉赫斯:“如果你那么聪明,如果你是如此辉煌,使一些将使互联网变得更美好!找出什么是错的,使之更好!不要去拧与信息属于无辜的人!“斯托尔说。

Advertisement

我被他的拳头敲着他的餐桌惊动了我。 “不要以为你是授权侵入计算机,因为你聪明。没有!你有责任为那些已经建立这些制度,那些维持这些网络,是谁建的微妙的软件。你有责任给你的同事和我一样的行为道德“。

这是其他成分Stoll的黑客狩猎痴迷,而在其他许多相同的驱动器在全球网络安全谁跟着他,不只是好奇,而是一种低燃烧的道德义愤。对于斯托尔,这似乎从一些其他的互联网用户的时间来干记住,即使存在的万维网之前的时间以及何时互联网的大多数理想主义的学者和科学家们像他一样的娇客。黑客,或者,至少前罪犯和国家资助的人,来了。

“I remember when the internet was innocent, when it crossed political boundaries without a care, when it was a sandbox for intellectually happy people,” Stoll had told me in our first phone call. “Boy, did that bubble burst.”

He never imagined, 30 years ago, that the internet would become a medium for dark forces: disinformation, espionage, and war. “I look for the best in people. I want to live in a world where computing and technology are used for the good of humanity,” Stoll says. “And it breaks my heart.”


More Great WIRED Stories