in the second quarter of the book, " the cuckoos egg" by cliff stoll, Stoll spent a great deal of time and effort
tracing the hacker's origin. He saw that the hacker was using a 1200 baud connection and realized that the intrusion was coming through a telephone modem
connection. Over the course of a long weekend he rounded up
fifty terminals, mostly by "borrowing" them from the desks of co-workers
away for the weekend, and teleprinters and attached them to
the fifty incoming phone lines. When the hacker dialed in that weekend,
Stoll located the phone line, which was coming from the tymnet routing service. With the help of Tymnet, he eventually tracked the intrusion to a call center at mtire , a defense contractor in mclean Virginia
Stoll, after returning his "borrowed" terminals, left a teleprinter
attached to the intrusion line in order to see and record everything the
hacker did. Stoll recorded
the hacker's actions as he sought, and sometimes gained unauthorized
access to military bases around the United States, looking for files
that contained words such as "nuclear" or "SDI". The hacker also copied password files and set up trojan horses
to find passwords. Stoll was amazed that on many of these high-security
sites the hacker could easily guess passwords, since many system admin
never bothered to change the passwords from their factory defaults.
Even on army bases, the hacker was sometimes able to log in as "guest"
with no password.
Over the course of this investigation, Stoll contacted various agents at the fbi,cia, nsa, and air force.
Since this was almost the first documented case of hacking Stoll was the first to keep a log on the hacker everyday, there was some confusion as to jurisdiction and a general
reluctance to share information.