Podcast Summary: HISTORY This Week – "An Astronomer Hunts a KGB Hacker"
Release Date: September 8, 2025
Host: Sally Helm
Guests: Cliff Stoll (astronomer, author), JJ Widener (cybersecurity expert)
Overview
This episode explores the groundbreaking story of Cliff Stoll, an astronomer-turned-sysadmin, as he stumbles into the world of cyber-espionage in 1986. What begins as a 75-cent accounting anomaly at Lawrence Berkeley Lab leads Stoll down a rabbit hole, ultimately connecting him to a sprawling, international espionage operation led by Markus Hess, a hacker working for the KGB from Hanover, Germany. Through dramatic storytelling and interviews, the episode brings to life not only one of the first cybercrime investigations but also the moment when the innocence of the early internet came to a sudden end.
Key Discussion Points and Insights
1. The Accidental Discovery (01:05–08:02)
- Cliff Stoll is introduced: an astronomer at Lawrence Berkeley Lab whose grant runs out, pushing him into systems administration.
- Just two days in, a colleague flags a crash in the accounting system—a 75-cent discrepancy.
- Stoll’s curiosity leads him to find an unregistered user account consuming computer time.
Quote:
"Somebody calls us and says, 'Hey Cliff, the accounting system has crashed.'"
– Cliff Stoll (05:12)
- Stoll first suspects harmless local activity or student mischief.
- However, early network logs show the intruder is leveraging weak, easily-guessed passwords to break into other, highly sensitive systems, including military installations.
Notable Commentary:
“My curiosityometer moved into the yellow zone.”
– Cliff Stoll (08:02)
2. Getting Serious: Tracing the Intruder (12:38–17:00)
- Stoll sets up a primitive but ingenious monitoring system: he “liberates” printers from offices, connecting them to each phone line to print all network traffic.
- Spending nights on the floor with these “critters,” Stoll collects evidence of the intruder accessing military networks.
Memorable Moment:
"One computer took up four or five rack panels filled with fans... It was like trying to sleep in a noisy room."
– Cliff Stoll (14:10)
- Stoll’s boss, Dave Shirley, finally gives him the green light after reviewing the hack attempts:
"'I want you to nail the bastard.'"
– Dave Shirley, via Cliff Stoll (16:46)
- Attempts to involve the FBI are initially rebuffed.
“When you lose half a million dollars, call me back.”
– FBI agent, via Cliff Stoll (17:12)
3. The Chase Across Networks and Continents (17:44–22:35)
- Local law enforcement steps in, and Stoll creates an alarm system to alert him whenever the hacker appears.
- Physical phone line traces are complex and slow, requiring coordination with police and phone companies.
- Stoll meticulously documents every intrusion; the NSA and CIA show some interest but offer no direct help.
Quote:
"He says, look, we're at the NSA. I can't even confirm that I'm talking to you… Help me? No, come on."
– Cliff Stoll (19:30)
4. The Breakthrough: The Trail Goes to Germany (21:00–22:42)
- Eventually, traces show the intruder’s traffic routes through Mitre Corp (a defense contractor) and then, via digital networks, all the way to Hanover, Germany.
- Mitre insists their systems are “impenetrable,” but evidence proves otherwise.
Quote:
"I said, look at the logs of your outbound modems. And they did, and said, uh, oh, we have a problem."
– Cliff Stoll (21:14)
5. Trapping the Hacker: Digital Countermeasures and the “Honeypot” (24:38–29:12)
- With the FBI finally involved, Stoll collaborates internationally; traces require waking up German technicians in the middle of the night.
- To keep the hacker online during traces, Stoll invents fake files and bureaucratic memos about a made-up “Strategic Defense Initiative Network”—a classic honeypot.
Quote:
“You put a pot of honey out there so that people will go in and have all the food they want. Meanwhile, you are tracing them backwards.”
– Cliff Stoll (27:03)
- Success: The hacker is traced to 16 Lachsestrasse, Hanover, Germany. German law enforcement wants to continue surveillance before arresting the suspect.
6. The International Espionage Web (28:07–31:44)
- A mysterious letter arrives from Laszlo Belo (Pittsburgh), mentioning the fake network—a clue that stolen data reached the KGB via intermediaries.
- Laszlo Belo, with a shady background and KGB ties, becomes the link to Markus Hess, the real “Sventek” behind the hacks.
- The case expands: Hess, part of a ring, breached nearly 400 computers worldwide, selling secrets to the Soviet Union.
Quote:
“These hackers were by no means just a bunch of kids fooling around, but were on the puppet strings of Eastern European, East German and Bulgarian and Russian intelligence organizations.”
– Cliff Stoll (29:47)
- Stoll testifies in Germany; only Markus Hess gets convicted with a suspended sentence. The affair spotlights vulnerabilities in nascent computer networks.
7. Legacy: The End of Internet Innocence (31:12–32:30)
- Stoll’s dogged methodology—detailed logs, pattern analysis, relentless pursuit—inspires the future of cybersecurity operations.
- The investigation catalyzes the formation of cybercrime units in the US and sets the tone for global digital law enforcement cooperation.
Quote:
“He was taking in logs... All that stuff is exactly what cybersecurity defense operations does. Yeah, he definitely wrote the book on some of this stuff, man.”
– JJ Widener, cybersecurity expert (31:44)
- Final reflection by Cliff Stoll:
“When something's there and you can't figure it out, it's not a problem. It's an opportunity.” (32:17)
Notable Quotes and Memorable Moments
-
Cliff Stoll, on his transition from astronomy to sysadmin:
“I went down and started working on... just being a sysadmin.” (04:57) -
JJ Widener’s password advice:
“Like, don’t make them your kids names. 1, 2, 3, 4, 5. If you’re really secure, you put an exclamation mark at the end, because everybody knows that exclamation mark is going to protect you to the nth degree.” (06:37) -
Cliff Stoll, on why he kept persisting:
“If you bother somebody often enough, eventually they'll learn your name. You'll annoy them enough that their no will morph into a maybe.” (24:49) -
Cliff Stoll, describing catching the hacker:
“My sweetie and I are dancing in the backyard singing Ding Dong, the witch is dead.” (27:30)
Important Timestamps
- [01:05] – Start of story/incident
- [04:06] – Cliff introduces his background
- [07:31] – Stoll discovers unauthorized user activity
- [12:38] – Begins monitoring network traffic with printers
- [14:10] – Describes physically staying the night in the lab
- [16:46] – Boss tells Stoll to pursue the hacker
- [17:12] – FBI dismisses the case
- [19:02] – NSA expresses only mild interest
- [21:00–21:42] – Breakthrough: trace points to Mitre Corp and then to Hanover, Germany
- [22:42] – First identification of the German origin
- [24:38] – FBI and German police collaboration
- [27:03] – Creation and success of the "honeypot"
- [28:29] – Letter from Laszlo Belo connects the espionage dots
- [31:12] – Trial and legacy: the end of innocence for the internet
- [32:17] – Final reflection and episode close
Tone and Style
- Playful yet urgent—matching Stoll’s eccentric, persistent personality.
- Technically detailed, historically grounded.
- Genuine astonishment at how modest beginnings (75 cents!) can trigger a global incident.
- Strong narrative drive; a mix of expert interviews and firsthand recollection.
Conclusion
This episode deftly tells the story of how a minor computer accounting error spiraled into one of the earliest and most consequential cyber-espionage discoveries, fundamentally changing how we view and defend computer networks. Cliff Stoll’s curiosity and persistence not only unmasked Markus Hess and his connections to the KGB but also helped invent the field of cybersecurity, showing that sometimes, what looks like a nuisance is in fact an opportunity to change history.
