Hacker News new | ask | show | jobs
by bazzargh 4569 days ago
I reread the Cuckoo's Egg only last week, it's still very enjoyable. One striking thing, given recent relevations, was the role of the NSA - Stoll had slight counterculture suspicions of what they were capable of, but generally they were treated as trustworthy security experts. This line - when Stoll hears about a vulnerability in VMS 4.5 - is especially funny in retrospect:

"Wait a second. That operating system was certified by NSA. They tested it and certified it secure."
1 comments
georgemcbay 4569 days ago
As a 40 year old who was hacking in his early teens (by both meanings of the word), this isn't that striking to me. It was common for people back in this time frame (the events of Cuckoo's Egg) to half-jokingly make "Echelon keyword" lists where they would insert dubious words as postscripts in email or on usenet posts. I spent quite a bit of time hanging around the MIT Media Lab building (where GNU/FSF was located at the time) and it was an open secret (and source of lots of joking) that one of the always-locked doors there lead to a "spook closet" where some guy nobody there really knew would come and pick up mag tapes once in a while (with the implicit assumption that the tapes were a traffic dump of data going through the routers there).

The NSA revelations of late aren't really that surprising in context with my prior experience, other than that it was surprising that the leaks so thoroughly confirmed a lot of suspicions and showed that their tentacles into commercial service providers were even more extensive than originally thought.

link
bazzargh 4568 days ago
Yup, I used spook.el back then too. And as I said, Stoll had suspicions - he thought the NSA listened to all the traffic, and why not - it was all unencrypted telnet sessions.

But the common impression then was that the NSA knew how to crack ciphers because they had the researchers, and that their unexplained changes to standards were improvements (for example, they changed DES to resist differential cryptanalysis 20 years before that technique was "discovered"). The notion that the NSA did more than just restrict key lengths to weaken crypto is recent.

link