03.09.2025
30 min
1536
The story of Karl Koch, known by the nickname Hagbard, became one of the most high-profile during the Cold War. In the second part, we delve into the details of the young German hacker’s cooperation with the Soviet KGB and observe how his actions changed the world’s attitude towards cyber threats. It was thanks to the system administrator Clifford Stoll that the first cyber espionage attacks against US research centers and defense organizations were uncovered.
We left the German hacker Karl Koch, also known as Hagbard, at that difficult moment in his biography, when he and his colleagues established contacts with the Berlin branch of the USSR KGB and began to extract interesting information for Soviet intelligence from American servers in military and scientific organizations. This fascinating process lasted all autumn of 1986 – however, the main characters of this story did not know that from the very beginning their actions did not go unnoticed. Not because they were careless – simply “on the other side of the monitor” at one of the points of penetration was an equally unusual person.
Unlike Karl Koch and his colleagues, Clifford Stoll left detailed memoirs – which greatly help to reconstruct the course of events and how the group of Hanover hackers acted in search of US military secrets. Let’s move for a while from the smoky hacker’s apartment in Hanover to the underground server room in Berkeley, California.
Clifford Stoll, 36, a sysadmin at Lawrence Livermore National Laboratory, looked like a completely canonical mad scientist like Emmett Brown from Back to the Future. His perpetually disheveled hair, jerky gestures and springy gait, constant conversations with equipment and a constant ball on a rubber band in his hand – he might have seemed like a sitcom character, but that’s exactly how he looked in everyday life. His views were no less bizarre: on the one hand, from his student days during Vietnam and the hippie movement, he was categorically anti-war and highly suspicious of the US leadership.
That’s why he refused to work at the same Lawrence Livermore National Laboratory, although the salaries and conditions there were better. However, they worked on military projects there, in particular nuclear weapons and the SOI space program, and Clifford wanted nothing to do with it. For the same reason, he refused to work for the US NSA, despite having the brains and mindset appropriate for this agency. On the other hand, expressions like “damn communist” were among the worst swear words in his language: this is how he often cursed computers that refused to work.
Stoll had wanted to be an academic scientist since childhood, and worked for some time in the field of astrophysics – but under Reagan, funding for basic science, if it was not related to defense, was cut, and he had to retrain as a sysadmin. Fortunately, he became sincerely interested in computers and programming in college.
Clifford joined an already existing team of two sysadmins. The senior of them, Dave, as a test of the novice’s skills, suggested that he look into the problem with their home-made program for calculating machine time payments. For some reason, 75 cents out of a total of 2,387 dollars had not been added to it for the past month. The program, Clifford recalled, was a strange complex of fragments written and added by different people in assembler, Fortran, and Cobol—and he wouldn’t have been surprised to see pieces of code in Sanskrit or Latin there. It worked more against the grain than thanks to it, but from some point in the debugging it managed to do it flawlessly—but now it gave a strange 75 cent glitch. The admin climbed in to figure it out, dug until late at night, and was convinced that the program was not to blame for anything. It’s just that some user with the nickname Hunter used the machine time on Saturday morning and didn’t pay for it.
A small clarification. In his memoirs, Clifford either forgot to specify the exact dates at the beginning of the story, or for some reason did not want to do so — but, judging by what happened next, the first anomaly occurred on the morning of Saturday, July 26, 1986. Usually, in the history of the activities of Karl Koch’s group, the beginning of the hacking of American servers is associated with August — but specific dates are never named, so let’s try to rely on Clifford’s chronology, which gives at least the time and days of the week.
He also says that the anomaly was noticed in the report for a month, and this month cannot be August, because by the beginning of September his attempts to track down the hackers were already in full swing and had been for more than a week. Therefore, although in the previous part August was indicated as the time of the beginning of the first hacking in order to collect a “portfolio” to begin negotiations with the KGB, it is still more correct to associate it with the end of July 1986. But it’s not entirely clear which week in August Clifford was assigned to investigate. So, let’s continue.
Clifford tried to find out who this user was, but it turned out that none of his colleagues had ever started one and had no idea who it could be. Deciding that nothing terrible had happened in any case, they demolished the incomprehensible account and decided that if the owner came to swear, then he himself was to blame and would generally stick 75 cents to the laboratory. However, the next day they received an indignant letter: someone under the nickname Docmaster from Maryland near the capital city of Washington wrote that they had tried to hack him from their laboratory. Just last weekend.
Clifford climbed to understand the logs in more detail – and discovered a single login from the user Joe Swientek. Who supposedly just logged in and logged out after half an hour, but in different system reports the time of activity for some reason turned out to be different by several minutes. When Stoll told his fellow administrators about this, they were very surprised: “UNIX guru” Joe Swientek had indeed worked for them before Clifford was hired. However, he had not logged into the lab system for more than a year, and he was unlikely to do so now, since he had left Berkeley to work in Cambridge, England. Moreover, one of his colleagues continued to correspond with Joe and said that right now he should be on vacation in the deep forest offline.
Clifford thought it might be a hacker, but at first he was more surprised than alarmed. The fact is that the computers at Lawrence National Laboratory were used exclusively for non-military fundamental physics calculations. According to him, many of the scientists who ordered their calculations would be more than happy if some curious computer scientist decided to take an interest in their work, which was not understood by such a large number of specialists on the planet. Security measures on the laboratory’s mainframes were rather symbolic – and the authorities were much more interested in accounting for machine time with timely payment, rather than possible leaks of “useless” data.
In addition, scientists regularly resented even minimal information security requirements as annoying obstacles to their work. Even a login that lasted less than a minute was not counted or limited, and only then the Frankenstein program demanded the correct login and turned on the “counter”. Only after some time did the thought occur to Clifford: what if all the observed miracles indicated that the hacker who logged into the system on Saturday morning for that half an hour and 75 cents managed to seize the rights of the superuser, the administrator? However, even this seemed rather annoying at that time: the main threat in this case seemed to be idiotic jokes with data and accounts from students or other computer geeks. Stoll reported what had happened to the head of the laboratory, who wearily decided to figure it out, find out, stop and report.
The next morning, Clifford sat up and monitored all user logins to the system. At 12:33, the user “Joe Swentek” became active again. He was online for only a minute — but that was enough to determine the port and the transmission rate of 120 characters per second, which was typical for the modem. Stoll initially thought of tweaking the UNIX “daemons” so that they would record all the actions of users who logged in via the modem, but colleagues pointed out that the hacker was most likely a smart Unixoid who would notice this and break something in revenge. Clifford decided to act both subtle and crude at the same time.
On Friday evening, after the end of the working day, he gathered about 50 (!) terminals, teletypes, and in general all the devices that could be hacked into all 50 wires going into the telephone network in the laboratory and record on them everything that the hacker would do on the weekend. He did not inform his superiors or the machine operators, deciding that it was better to “do it and then apologize than to ask and not do it at all.” Soon the room was filled with frantically chirping and printing machines, and Clifford was running miles between them, changing rolls of printing paper and changing magnetic storage devices as they filled up.
Waking up on Sunday morning after another short nap amidst this beauty, the admin began to check the catch again. Just like in the movies, the necessary thing turned out to be on the last device, when Clifford had already lost hope. 24 meters of printout testified in detail about the three hours that the hacker spent in the laboratory system from five to eight in the morning. The last lines were barely readable, because the printer was running out of ink. Reading the logs, Stoll not only made sure that someone from the outside had obtained superuser rights, but also saw how this was done through the same loophole that Marcus Hess found in the movemail utility in GNU-Emacs.
Actually, as far as the investigations suggest, it was not Karl Koch who entered the Lawrence National Laboratory at that time, but Marcus, he is Urmel, collecting with his fellow hackers a “primary set” of data for a future demonstration of his capabilities to the KGB. That night, he had already relaxed under administrative rights and even spent time studying the personal files of employees, including Clifford himself. Then he climbed onto the local network, deleted a utility that seemed to him to be related to access tracking, downloaded an encrypted file with user passwords and left.
On Monday morning, Clifford reported the surveillance to his superiors. The superiors decided that the hacker must be caught, because it was unknown what with such a level of access he could have left in the system, supposedly erasing data from viruses with a timer and other nasty things, and a simple lockout did not solve the problem completely. Clifford was given carte blanche to take any measures to find the hacker, and the FBI and the district attorney were informed about the situation. Cybercrime was already beginning to become a fashionable topic, and on October 2, 1986, the US Senate passed a new law “Computer Fraud and Abuse Act” against hackers.
At the same time, Kevin Mitnick was cracking government networks with all his might, but he would not come to the attention of law enforcement until the following year. However, at that time, simply breaking into someone else’s computer was still considered more of a prank, and cybercrime was understood mainly as stealing funds, programs, or spreading dangerous viruses. The hacking of an unclassified scientific laboratory did not impress law enforcement. The FBI, however, was somewhat interested, but said that one of the computer science students at the University of California was playing a prank. This false confidence could have lasted, but a colleague Clifford Dave drew attention to the fact that the hacker used commands that had long since been discontinued in the version of UNIX-Berkeley commonly used here.
Judging by his handwriting, he was used to the more archaic AT&T UNIX – so, most likely, he had no relation to the West Coast computer science community, where almost everyone had long since switched to UNIX-Berkeley. According to Stoll, to a connoisseur, it was about the same difference as between American and British versions of English: very similar, but some things are obviously and characteristically different.
At 7:51 a.m. on Wednesday, September 10, 1986—the first exact date Clifford could remember—the hacker entered again, disguised as Joe Swientek, but he didn’t linger in the lab and moved on. When Stoll discovered where he was going, he realized that “the evening was no longer difficult.” The trail led to MilNet, a relatively closed military part of American networks that remains connected to the wider Internet. Logging onto one of the servers, the hacker re-registered as Hunter, checked for GNU-Emacs on the machine, and immediately left.
From open sources, Clifford was able to find out that the physical target of the intrusion was located in the US Army training unit in Anniston, Alabama. The unit itself was of little interest to anyone—but the Redstone Arsenal is located nearby. This is a huge base of the US Army, Air Force and Space Forces in northern Alabama with a “population” of tens of thousands of people, where, among other things, secret research is conducted in the fields of missile weapons, UAVs and space reconnaissance. It was here, in particular, that former Nazi scientists and engineers, led by von Braun, were taken after World War II. There was (and is) as much secret data and developments here as in the famous Area 51 in Nevada.
Clifford, without wasting time, found out the official number in the help desk and called the training unit, saying that a hacker was trying to get in. They were surprised, but soon the local army sysadmin Chuck McNutt called back on a closed line and said that he was generally aware, and that “this son of a bitch Hunter” had been trying to get in their way. As Clifford heard, he had logged into the system last Saturday (that is, September 6) and found that a certain Hunter was sitting there, who had managed to waste a lot of machine time. Army admin Chuck demanded that the visitor identify himself, to which he received the answer “Who do you think I am?” – “Name yourself or I’ll kick you out of the system!” – “I’m not going to answer.” Chuck, of course, kicked the user out, after which, as expected, he contacted the local FBI. Where was he… sent. He was also sent there to military counterintelligence, which he asked to take steps to monitor for new hacking attempts. Unlike the CIA and NSA, which were already thinking about such threats, the intelligence officers in sleepy southern Alabama clearly still considered hackers something from the realm of science fiction for bespectacled people.
After all, the computer in the training unit in Anniston had a direct connection to the servers in the secret-filled Redstone Arsenal – its power was used for data processing, because there were often not enough of their own machines, and there were no special tasks for computer calculations in the training unit. Chuck was stunned by Clifford’s story about how this hacker used a loophole in GNU-Emacs at Berkeley.
Moreover, a closer inspection showed that the unknown hacker – probably the same Hess – first got into the computer of the military unit in Anniston in early June, when Koch and company were just starting to think about cooperation with the KGB. Probably simply because he could. However, Chuck decided and tried to convince Clifford that the hacker was most likely a local from Alabama. And he used AT&T UNIX commands because in their southern hinterland few people had yet heard of UNIX-Berkeley. And the military computers there also ran on AT&T UNIX.
Clifford and Dave continued to monitor the hacker’s visits, each time trying to calculate his location. However, each time the traces became more and more diverse, leading to different points around the United States from the West to the East Coast. After some time, Clifford was surprised to discover that there were many more visits by the hacker or hackers than he had thought – because someone had managed to additionally use the accounts of three scientists who had been inactive for a long time, but who continued to be paid, imperceptibly deleting them and replacing them with new ones with the same nicknames.
At the same time, it turned out that using these accounts someone had been going to the servers of several US Air Force bases. And soon Clifford saw in real time how a hacker tried to break into the White Sands Missile Range in New Mexico, where the first nuclear explosion was carried out in 1945 – and in the 80s, according to unofficial rumors, elements of the SOI space missile defense system were tested. But there, as it turned out, computer security specialists were smart, and the penetration did not happen.
Clifford called the FBI and reported what he had seen — but now the feds had sent him too, apparently deciding that the military would figure it out themselves. Moreover, formally, nothing secret was supposed to be stored in Milnet if there was access to the Internet, few people believed in Soviet hackers, and the possibilities of OSINT had not yet been fully understood (although all intelligence agencies had been cheerfully rushing “risk-gained secret data” borrowed from open sources to central offices for more than a decade). After a series of unsuccessful attempts to attract the attention of at least some intelligence officers, and after being sent far away from various FBI units five times, Clifford got to Special Agent Jim Christie.
He represented the Air Force Office of Special Investigations, a little-known in the outside world, the US Air Force Special Investigation Service, which deals with both crime among their servicemen and counterintelligence. Christie took into account Stoll’s information about how the hacker operated, and even supplemented the picture with the assumption that he targeted the White Sands testing site server after studying materials from the Redstone arsenal: the two major military facilities were closely connected, since developments from Redstone were usually felt in White. And both facilities were actively involved in the SOI program.
Clifford discovered a new entrance – the traces once again led to the East Coast, to Virginia. This time the hacker did not just climb into Milnet, but got to the CIA data processing department in Langley and began to remove data there about active American intelligence officers with telephone numbers and email addresses. Clifford, an old hippie, even wondered if he was doing the right thing by interfering with the mysterious hacker? After all, he had never liked the military, let alone special services, and the FBI had recently sent him five times in a row in response to attempts to help in the fight against cybercrime.
Maybe the hacker is not an attacker or even a nerdy student, but an underground hero of the digital resistance who seeks to reveal the dark secrets of the US government to the world? Ironically, this is how the participants of the “Equalizer Project” considered themselves on the other side of the screen, and above all their ideological inspirer Karl Koch. Except for the reckless Pedro, who got involved with the KGB purely for the money, because in the drug trade his physiognomy had become too familiar. Perhaps, if fate had turned out differently, Clifford Stoll and Karl Koch would have even managed to get along.
But in our timeline, Cliff, as he recounted in his memoirs, grabbed the phone and began dialing numbers from the hacker’s downloaded list of CIA employees “so that he wouldn’t have time to change his mind.” The third number, recorded as Edward J. Manning, answered. Unlike the FBI, he immediately understood the scale of the problem. He said that he was most likely interested in the hacker because of something related to the computers of the National Ballistics Laboratory at the Aberdeen Proving Ground in Maryland, and that tomorrow… no, tomorrow is Saturday, on Monday his colleagues would come to Clifford for a meaningful conversation.
Stoll experienced mixed feelings: on the one hand, his confrontation with the hacker was finally taken seriously, on the other hand, he now felt like a traitor to all the ideals of his youth: “I just invited CIA agents to free-thinking Berkeley who supply weapons to various thugs” and generally satrap. However, the meeting was scheduled, and there was nowhere to retreat.
So, the German hacker Karl “Hagbard” Koch, a conspiracy theorist and fighter against the Illuminati, organized a club of like-minded people in Hanover. Since the summer of 1986, they began to extract the contents of computers in various US organizations for the Berlin branch of the USSR KGB for a combination of financial and ideological reasons, becoming “the first hackers of the Soviet special services.” However, on the other side of the planet, at the Lawrence Berkeley National Laboratory, the new sysadmin Clifford Stoll figured out an illegal penetration into his network. When the “authorities” ignored his concerns, he began his own investigation. A few weeks later, Stoll found out that someone was getting into US military bases through his laboratory, and then into the CIA headquarters.
In a sense, Stoll had to step over himself to contact the CIA: it was one thing to have the police and the FBI, which, in his opinion, were basically really fighting criminals, and quite another to have managed to get smeared in the very center. intelligence management. He had disliked their “office” for a long time, deeply and sincerely – for about the same reasons as Karl Koch, only without the conspiracy theory about the “CIA as a tentacle of the global Illuminati conspiracy”. However, other security officials mostly “played football” with him – in the FBI alone, Clifford managed to refuse help with the investigation six times, and even the only person interested in penetrating the servers of military facilities was Jim Christie from Air Force counterintelligence. However, it was the US Air Force facilities that were not affected by the attacks, and therefore the Air Force counterintelligence could not officially deal with the issue. Now, Stoll hoped, at least someone would take the mysterious hackers seriously.
In addition, as Clifford himself wrote in his memoirs, he had some hope that one of the “thugs who smuggle weapons to bloody regimes” would finally do something useful for American citizens. On the eve of the scheduled visit to the laboratory, he even “got carried away” by the fact that these “Big Brother specialists in wet affairs, and they are clearly Republicans” could eliminate him at the same time – if in fact he had accidentally gotten into some big spy games and could turn out to be unnecessary for them. The boss had to calm him down – and even recommend not to show open hostility during the meeting.
Only the detained IT specialist Greg offered to stay in touch, quite surprising with the story that the CIA was by now “literally stuffed with computers” – and not “for overthrowing foreign governments,” as Clifford could not resist teasing, but for processing huge amounts of intelligence and other information. He also said that the CIA had recently encountered a leak of classified data, when an employee of one of the contractors who was expanding their internal computer network decided to keep the classified data for himself for a while – he was not dug up in the forest, as Clifford had assumed, but “was called in for a week on a lie detector, and then”.
However, the impression of the new acquaintance was somewhat spoiled by his mention of the fact that, in addition to computer matters, Greg is involved in creating a network of informants among university students (which, strictly speaking, the CIA is not supposed to do in the United States). But Clifford decided it was worth trying to work with him anyway. Greg promised that he would try to convince his boss, Edward J. Manning—the same one whose contacts the hacker had downloaded and whom Clifford had called, who turned out to be the head of the CIA’s information technology department—to at least informally and “in the gray” way give his approval to participate in the investigation into hackers, if hackers, if hackers were investigated. But until that happened, Stoll would have to continue to monitor everything himself. And keep Greg informed of the news.
The hacker broke into the lab again the next morning—and busily moved across the network, first to Anniston, where he retrieved a file on missile performance, and then to the Army Ballistics Research Laboratory in Aberdeen, where nothing of interest was publicly available. An hour later, the hacker returned—but, to Stoll and his colleagues’ surprise, in some new, cunning way through a local network, which caused their configured intrusion detection and notification system to fail.
To Clifford’s even greater surprise, it turned out that the login this time was from a laboratory working on nuclear weapons in Livermore, and it was from them that someone had gotten into them this time. Immediately contacting the sysadmin in Livermore, they managed to find out: the hacker had obtained the password from Clifford on the network for an employee who had been there and there, and who had been careless enough to save the login-password pairs in a plain text file. However, she refused to track down where the hacker came from and simply blocked the account: “If the authorities find out, many heads will roll, and I will personally punish this idiot.”
The next day, the hacker got through Stoll’s network to the MIT Artificial Intelligence Laboratory in Cambridge, Massachusetts – as we can see, the interests of Karl Koch’s group were not limited to purely SOI program issues, and SOI issues. True, the MIT system turned out to be quite unusual – and he had to figure out how it all worked, often referring to the built-in help system. Over the weekend, Clifford, in order to get some rest, completely cut off the laboratory network from the Internet, and on Monday it turned out that there were persistent attempts to penetrate it from such places as the army base in Anniston, Laboratory II at MIT, the nuclear laboratory in Livermore, and even a Livermore-related one.
Stoll was convinced that the hacker actively used a simple, but very effective method in those naive times: he diligently searched all available networks of scientific organizations, starting with his laboratory, in search of files with login-password pairs of scientists. And then he looked for similar logins, which usually coincided with surnames, in networks of a military nature. This is how, in particular, he got into MIT. The hacker was a regular on the network of the Lawrence Berkeley National Laboratory because, on the one hand, it actively worked on nuclear topics, and on the other, unlike Livermore, it was unclassified. Its network was constantly and fully connected to the Internet, but many scientists and engineers worked there, who at the same time had a direct relationship to military and secret programs in much more closed organizations. And many of them treated computer security as an annoying formality that could be ignored for convenience.
At that time, Clifford was feeling very unwell. The third week of the deadline granted to him by his superiors to detain the hacker was coming to an end, after which it was assumed that he would return to purely work duties and not be distracted by “nonsense”. Colleagues in the laboratory, who were not aware of details such as hacking military and intelligence facilities, were already openly talking that the already eccentric Stoll had finally succumbed to paranoia. Moreover, he had “attracted the hackers” to Berkeley, where few people were happy to see them. There was no help from either the FBI or the CIA. It was necessary to speed up somehow, and in intense thought, Stoll had an idea of how to at least start to calculate the hacker’s location.
He realized that to download files, the hacker usually used the Kermit protocol and software, which were widespread at that time. During the data transfer, a constant ping was performed to confirm the correctness of the process. Clifford decided to try to experimentally measure the speed of the ping between the computers in the laboratory and the hacker using an improvised oscilloscope. The first measurements gave about three seconds, and the calculations came out to be something like the distance from the Earth to the Moon. After discussing the issue with colleagues and physicists working in the laboratory, Stoll realized that it was necessary to make corrections for a whole range of additional factors that delay the passage of signals in the network – and to understand the objective speeds, experiments were needed.
Using old and new acquaintances from different parts of the United States, he was able to determine an approximate correspondence between geographical distance and the speed of pings in Kermit: about 1 second per 2 thousand miles (about 3.2 thousand kilometers), for example, between Berkeley and New York. Based on the data previously received from the telephone company, the hacker had most likely entered the American segment of the Internet through Virginia on the East Coast. That meant there were two seconds or four thousand miles to go. The assumption that the hacker could be operating from outside the United States was beginning to grow into certainty.
By the end of September 1986, the hacker’s activity began to decline – he appeared almost every day, but only for a few minutes, and in early October he disappeared completely. Due to a coincidence, it was at this time that the story became the property of the press: Clifford felt sorry for a sysadmin from Stanford University, who was being teased by an elusive hacker – with a completely different handwriting and most likely from among the students, and he told about his investigation. Soon, an article by John Markoff, already known to us from the history of Kevin Mitnick, was published in the San Francisco Examiner newspaper, where he brightly painted the hacker’s antics at Stanford, and also mentioned that there were problems of a similar nature at the Lawrence Laboratory. The hacker appeared online again on October 12, and immediately went to the base in Anniston, but there the admin had already deleted the account he was using. Demonstrating thoughtfulness and a good understanding of his business, the hacker managed to quickly find the “bookmark” he had left in the summer for such a case in the system, and calmly continued to dig through the files.
After some time, he reappeared in the laboratory system – and methodically changed the passwords on all accounts used on lblhack: literally “hacking Lawrence Berkeley Laboratory”. Why this was done is not entirely clear, but it can be assumed that Karl Koch’s team at that time planned to sell the KGB logins and passwords for independent login, and predictably did not want to “burn” their own. Just on Halloween, October 31, the hacker again surpassed himself in Stoll’s eyes, famously breaking into the Elxsi laboratory computer with UUCP attributes, which Clifford himself did not know about, registering there with the nickname Mark. This was already a clear audacity – since, with a 99% probability, it was Marcus Urmel Hess from Karl Koch’s team who did it.
Stoll, tired of pretending, tried again to attract the attention of the competent authorities – and again everything was thrown out with his hands. Including the FBI for the seventh time – and what’s more, through his superiors he was given to understand that he had already screwed up the FBI quite a bit. Clifford, in particular, was squinting at the fact that from the point of entry in Virginia it was possible to track the hacker further, but hacking a computer in California, according to the then law, could not be a reason for action by the FBI or anyone else in Virginia.
But this time he received advice from a security officer at the California Department of Energy, whose sphere of activity the laboratory belonged, to contact the only non-classified unit of the NSA – the National Computer Security Center. It was considered the least prestigious in the NSA, but there was a chance that Stoll would at least not be sent there right away. Clifford also had an extremely negative attitude towards the NSA – not without reason, believing that they listen to and read other people’s conversations day and night without paying much attention to the formal legality of this fascinating process.
But there was nothing to be done. Zeke Hanson from the NSA’s NCCL was sincerely interested in the investigation, but he said that from a legal point of view he could not help in any way. Although he would discuss the issue with the leadership. Stoll described how after this conversation he was simply in prostration: he had been trying with all his might to protect the national security of the United States for many weeks, but all the powerful intelligence services of the superpower refused to help him for formal and bureaucratic reasons and looked at him almost as if he were a fool.
Clifford had been afraid of the secret services since his youth, seeing them as powerful and law-abiding organizations—but upon closer acquaintance, they appeared to him as bureaucrats helpless before formal instructions who stubbornly refused to deal with a direct and obvious threat to national security and their own data.
Perhaps the first hackers in the service of the KGB would have remained unknown to the general public, but Clifford Stoll, after a few minutes of the most gloomy reflection, decided that he still had to get on the tail of those who were so brazenly using the computer network under his responsibility. Even if the special services were completely “on the ball” about what was happening. At the end of November 1986, he accidentally found out that a formal warrant was not required to determine the telephone number from which the connection was made: companies usually refused to do this at the request of citizens simply to get rid of unnecessary trouble and to prevent fans of idiotic pranks.
He finally managed to “press” the company using the methods of social engineering beloved by the Customs and finally find out the number 703/448-1060 – and then, using them, referring to the dropped call, find out the location of the phone. It turned out to be in an office closely connected with the American military-industrial complex and intelligence services in the field of secret projects and developments of the NGO MITRE Corporation, McLane, Virginia. Right next to the CIA headquarters in Langley. And this was one of those organizations, penetration of which by foreign intelligence was supposedly more dangerous for US national security than in Langley or the Pentagon.
