When Stoll traced the hacker’s intrusions to the Department of Defense’s MILNET systems, an Alabama army base, the White Sands Missile Range, Navy shipyards, Air Force bases, NASA’s Jet Propulsion Laboratory, defense contractors, and the CIA, Stoll was mapping out an intrusion campaign just as threat intelligence analysts do today.
When he planted hundreds of fake secret military documents on his network that tricked his hacker into staying logged into the Lawrence Berkeley system long enough for a German telecom employee to trace the intrusion to the hacker’s location in Hanover, he was building a “honeypot”—the same sort of decoy regularly used to track and analyze modern hackers and botnets.
“The Cuckoo's Egg documented so many of the methods we now use to deal with high-end intruders,” says Richard Bejtlich, a well-known security guru and author of The Tao of Network Security Monitoring: Beyond Intrusion Detection, who has worked on incident response and network monitoring at companies like Corelight and FireEye. “You can see in the book almost everything you need to do in an incident. The mindset, the thoroughness, the commitment to it. It’s all there.”
Even before his book was published, Stoll’s hacker-tracking work at Lawrence Berkeley National Labs inspired its sister institution, Lawrence Livermore National Labs, to try to develop more systematic, automated defenses against hackers. An engineer there, Todd Heberlein, was given a grant to build the world’s first network security monitoring software. “You could literally say that Cliff Stoll kick-started the entire intrusion detection field. We essentially automated in software much of what Stoll was doing,” Heberlein says. “Once I had our tools turned on, we saw people every day trying to hack our network and sometimes succeeding. An entire crime wave was happening and no on ..
Support the originator by clicking the read the rest link below.
