Jan 25

Computer Security History–The Cuckoo’s Egg and Visibility

Here’s a quick blog article about name dropping…er…my brushes with computer security history.

For those that don’t know, there was a book written in 1989 call “The Cuckoo’s Egg: Tracking a Spy Through imagethe Maze of Computer Espionage”. It’s a fascinating look into one of the first fully documented hacking events in computer history. The author, Cliff Stoll, did a very good job at keeping a log of all the goings on and that information helped set the balls in motion around jurisdiction and information sharing. (credit Wikipedia) The book is set in 1986, long before the Internet and the web. This woke up authorities to the dangers of malicious hacking.

I don’t know or have ever met Cliff unfortunately. I have, however, met three people mentioned in the first few pages. What prompted me to post this was that in my Dinner with Infamy post, some familiar names popped up. In that post, I write about my dinner with hacker Kevin Mitnick. In Kevin’s book, The Ghost In the Wires, Kevin mentions the names of a few friends of mine. One of the people mentioned at the beginning of both books is Andy Goldstein.

Andy is one of the most talented software engineers on this planet. Incredibly brilliant and someone I’m lucky enough to call my friend. I worked with & for Andy back at DEC on the VAX/VMS 6.0 release and I still see him about once or twice a year. Andy helped Cliff with some aspects of computer security at the time. He also taught me a bunch about computer security back in the day. (when I ran one of the first firewalls in DEC!)
Two other people, mentioned in the first page or two are Wayne Graves and Dave Cleveland. In one of my roles in the VMS Development Group at DEC was one of working on the beta releases. As part of that job, I would visit customers who were running beta versions of VAX/VMS 6.0 and make sure the beta was going smoothly. I was their central technical contact during this time.
Wayne worked for http://www.axarosenberg.com/ after his time at Laurence Berkeley National Lab. He ran beta versions of everything and I would fly out to San Fran and stay near his office in Orinda for about 3 days. We’d hang out, drink wine and I’d help him with technical stuff and making sure he had everything he needed for the beta. I did this for about 2 years, flying out every 3-6 months. It got so that the bartender (Seamus) at a pub called Fiddlers Green down near Fisherman’s Wharf would recognize me when I walked in and he’d start pouring me a pint of Guinness. There’s a side story there were I ALMOST got to go drinking with John Lee Hooker and Van Morrison but, alas, I had to leave early to get up to have breakfast the next morning with….
…Dave Cleveland. The other systems admin in the book. He was still working at Laurence Berkeley, in the same office he worked in when Cliff was there. Shortly before heading out to see him, I watched the PBS Nova adaptation of the book. (Part 1 is here on YouTube http://www.youtube.com/watch?v=v1swbLfrP6g). It was filmed at LBL. I went to meet Dave for breakfast the next morning after my close brush with famous rockers and as I was walking thru the halls, I realized that I was in the SAME place that was shown 9 seconds into the video.
Needless to say, that was one of the coolest moments of my geek life. Almost as good as getting ripped with Van who, according to Seamus, the next morning couldn’t find his limo. When I asked where it was, Seamus responded with “Right in front of him!”
That’s my true story and I’m stickin’ too it.

In summary, the same concepts used in this book by Cliff still apply today. Logging actions taken by users (real or hacked), correlating information and understanding your vulnerabilities still stand. The difference is that today, you can’t write your log information in a log book. Things are happening WAY too fast. You need a Security Incident and Event Management tool, especially in the fluid environment of the virtual infrastructure.

Visibility is key. If you’re at EMCworld, I’ll be giving a session entitled “You Can’t Manage What You Can’t See: Visibility for the Virtual World”

I hope to see you there,