Clifford Stoll and the Cuckoo's Egg

Article draft pending. This piece will reconstruct Clifford Stoll's year-long investigation into a 75-cent accounting discrepancy at Lawrence Berkeley National Laboratory that led him to uncover a KGB-sponsored espionage operation. Sections will cover Stoll's background as an astronomer reassigned to manage the lab's computer systems, his discovery that an unauthorized user was accessing the system for roughly nine seconds more than the billing records could account for, his decision to track the intruder rather than simply patch the vulnerability, the months of painstaking monitoring (using printouts, pagers, and improvised tools because no incident response playbook existed), his identification of the hacker as Markus Hess operating from Bremen, Germany, the frustrating jurisdictional battles between the FBI, CIA, NSA, and German intelligence over who was responsible for investigating, the honeypot operation Stoll eventually built to lure Hess into staying connected long enough for a trace, and the publication of "The Cuckoo's Egg" in 1989, which became one of the first mainstream books about computer espionage. The piece will frame Stoll's investigation as the birth of incident response and threat hunting, disciplines that now employ thousands of people but in 1986 were improvised by a single astronomer with a pager and a printer.