On a friend's advice, this week I found at the library and read The Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage by Clifford Stoll. Wow. What a read: a true story about an astronomer-programmer who as a beginning system administrator finds evidence of an intruder and ends up spending the better part of a year tracking him down to West Germany where he's involved in selling US military information to the KGB. Wow.
I think I'm a little behind the times. This book was published in 1991 and it feels like everyone involved in computing apart from me knows about it by now. The fact that the story is over 20 years old now makes the book fascinating for a number of reasons apart from the simple tracing of the cracker. Stoll goes into detail about the lifestyle at the Lawrence Berkeley Laboratory and his own thoughts on the political and social responsibilities of computer network users.
The story is from a time when, at least in academia, computer systems were relatively open. Multiple users shared computers generally in order to work collaboratively. One of his conclusions in the book is that we must work hard to maintain trust rather than put energy into abusing that trust, because of the damage it does to the network and how easily we can work together.
I guess we failed. Not that I was old enough to do anything about it but it's a damn shame to see that that's how it went. It's a fact of online life now that everything online needs to be locked down. Even if you want to be share your data, the more mechanisms you make available for that data to be shared the more software you're exposing which could potentially have bugs in it. And inevitably there are people out there who wish to exploit those bugs, for a variety of reasons. Sigh.
The second interesting point was in his epilogue discussion about the transmission of a worm: a conclusion that computer networks have robustness due to the diversity of types of nodes. A virus for a VAX can't run on an IBM system, etc. Though he couldn't possibly have foreseen it at the time, we're seeing a heavy convergence towards web applications right now. What used to be a diversity of operating systems with standard network protocols is now becoming a diversity of web browsers with standard markup and javascript.
I think he has valid point even though it was made quite a while ago now. The ability for us to have operating system/browser diversity derives directly from open standards and open implementations. Look what happens when there's a bug in Adobe's flash implementation. Oops, everyone's vulnerable. And being closed source doesn't help. Let's keep our standards open.
The final point which I found particularly interesting was Cliff's own change of opinion. Initially he took a fairly loose apathetic view that breaking into other systems for fun could be just playful or even a good thing if it exposed problems. By the end of his ordeal he decided that the very act of messing with other people's systems is damaging simply because of the goodwill and trust which is lost, not to mention the amount of time which people like him have to spend working on problems they wish they didn't have.
A great book. Go read it sometime. You wouldn't have to be a computer person to appreciate it either, but it probably helps. :)