Chapter 5 - It is Cliff’s second week at the job. He writes notes about the weekend activity of the hacker. The division chief, Roy, comes around asking for details to know if the hacker caused any damage. Cliff says that the hacker is a super user and can potentially delete everything they have or infect the computers with viruses or other malware. They consider patching the vulnerability and locking the hacker out. But, though that might protect them in the short term, without knowing who the hacker is, they might be at risk of the hacker finding another way to break in. Cliff thinks it might be a college student, but Roy dismisses that since they could connect directly. In the end, Roy says this is ‘electronic terrorism’ and asks Cliff to use all the resources they have to catch the hacker and gives him three weeks.

Cliff’s quote - “The astronomer’s rule of thumb: if you don’t write it down, it didn’t happen.”, made me wonder if taking notes is more natural to people in the sciences. Do researchers and academics take more notes than people in other fields - say sports, politics, etc? Not quite, I guess. Note taking is valuable in any field, and famous people like Ben Franklin did have a regular habit of taking notes.

Chapter 6 - Cliff reflects on his relationship with Martha, on how she is the only person with whom he has had a relationship for more than two years. He likes the freedom of live-in rather than the tie-up of marriage. He wonders if this investigation would impact the relationship since he is spending all the time there, including sleeping. At the office, they decide to set up a new Unix-8 computer where data can come in but not go out. This helps them monitor the traffic from all the users. When the hacker logs in, he tries to get into the new computer but is not able to. They notice that he runs `ps -eafg` command which sets off a flag in Dave’s mind (joke - the flags in the ps command set off a flag in Dave’s mind). Ron from Tymnet gets back, saying that he traced the connection from LBL’s Tymnet port into an Oakland Tymnet office, where someone had dialed in from a telephone. Now, to do a telephone trace, they might need legal orders.

Chapter 7 - If they had to ask the phone company to trace the call, they needed an FBI warrant. When they ask the FBI though, they hit a wall since the FBI wants proof that millions of dollars were stolen, and they were wondering why they were bothered by the 75c discrepancy. But they do get the warrant from the Oakland DA’s office. Dave figures out why the flags in the ps command had bothered him. He says the hacker may not be from Berkeley since he was using the old AT&T Unix syntax. The ‘f’ flag is not needed in Berkeley Unix. They find out that the hacker had stolen the password file. Cliff is not worried because the passwords are encrypted using DES algorithm, and breaking that would need enormous computing power.

We now know that DES is not secure. Though AES-128 is mostly used, many sites increasingly use AES-256 to be more secure. I liked this quote - “record observations, apply principles, speculate but trust only proven conclusions”.

Chapter 8 - On Wednesday, Cliff finds out that the hacker had connected to the system for around 6 minutes and had connected to Milnet. Milnet was a network that belonged to DoD. By looking up the IP address, Cliff figures out that the computer was in the US Army Depot in Anniston, Alabama. He contacts the admin there to find out that they already knew about an intruder named Hunter. Cliff explains about the security hole and how the hacker might have been using super-user privileges.

—

FBI in Alabama had also dismissed the case by citing lack of proof and since millions of dollars were not involved. I guess by the late 80s, the Wiretapping Act was in full force, and govt organizations didn’t want to be involved in wiretapping unless there was an absolute need. Set me thinking about the history of the Wiretapping Act and similar regulations. Here is a rough timeline till the ECPA:

1. 1791: Fourth Amendment to the Constitution (“Right to Privacy”)1: Established the right to freedom from unreasonable searches and seizures. Brandeis’ “Right to Privacy” article came in 1890, which many people credit as the beginning of privacy rights, though 4th Amendment existed for 100 years (?).

2. 1934: Communications Act of 19342: Ensured “appropriate authorization to activate interception of communications or access to call-identifying information”; covered telephone, telegraph, TV and radio communication; established FCC.

3. 1968: Omnibus Crime Control and Safe Streets Act of 1968 (Wiretap Act)3: This act required law enforcement to obtain a warrant for wiretaps. The other way to look at it is, it gave authority to do wiretaps for security purposes in the country.

4. 1974: Privacy Act of 19744: This established fair information practice principles (FIPPs), a set of principles for data collection and processing by govt agencies. This gave rise to OECD guidelines which in turn, influenced GDPR, I think.

5. 1978: Foreign Intelligence Surveillance Act (FISA)5: This was the Wiretap Act equivalent for tapping into communications of foreign criminals/terrorists.

6. 1980: Privacy Protection Act of 19806: Protected journalists and newsrooms from government searches and seizures in most cases.

7. 1986: Electronic Communications Privacy Act (ECPA)7 & Stored Communications Act (SCA): Extended the Wiretap Act to include electronic communications like email. ECPA was already passed during the time “The Cuckoo’s Egg” was taking place.

Other Acts after this - 1994: Communications Assistance for Law Enforcement Act (CALEA), 1996: Health Insurance Portability and Accountability Act (HIPAA), 2001: USA PATRIOT Act, 2006: Pen Register Act, 2018: CLOUD Act.