A 75-cent billing error bothered him enough to investigate. Ten months later, he'd exposed a German hacker selling U.S. military secrets to the KGB.

In August 1986, Clifford Stoll was new to the job. An astronomer by training, he'd been designing telescope optics for Lawrence Berkeley National Laboratory when his grant funding dried up. The lab didn't want to lose him, so they transferred him to the basement—to the computer center, where he'd manage their systems.

He'd been there two days when his boss, Dave Cleveland, walked in with a problem. The lab's monthly accounting reports were usually flawless, but this month something was off. The numbers didn't match. There was a 75-cent discrepancy between two billing programs.

Most people would have written it off as a rounding error. Seventy-five cents. Nine seconds of computer time. Nothing.

But it bothered Stoll.

He started digging through the logs. That's when he found it: someone had used an account without paying for it. An unauthorized user. And that user had somehow changed the password on the account—which meant they'd need superuser privileges, the same access level as a system administrator.

That was weird.

Stoll could have just disabled the account and moved on. But now he was curious. He figured it was probably some grad student pulling a prank. But how could he prove it? On a Friday evening, as the lab emptied for the weekend, Stoll built a trap. He rounded up fifty terminals—mostly by "borrowing" them from coworkers' desks—and physically attached them to the lab's fifty incoming phone lines. When the hacker dialed in that weekend, Stoll would be able to see exactly which line they were using.

It worked. But what Stoll discovered sent him down a rabbit hole that would consume the next ten months of his life.

The hacker wasn't local. The connection was coming through Tymnet, a packet-switching service that routed calls across long distances. Stoll traced it to a call center at MITRE, a defense contractor in McLean, Virginia, not far from CIA headquarters.

Then he watched in real-time—via a teleprinter he'd attached to the line—as the hacker used Berkeley's computers as a launching pad to break into military bases across the United States. The hacker was searching for files containing words like "nuclear" and "SDI"—Strategic Defense Initiative, President Reagan's proposed missile defense system, which critics called "Star Wars."

Stoll called the FBI.

"Hey, they're breaking into my computer," he told them. "They're stealing military stuff!"

The FBI wanted to know how much money had been lost. Stoll told them: 75 cents.

They weren't interested.

He tried the NSA. Then the CIA. Then the Air Force. Same response. Seventy-five cents wasn't worth their time. No classified systems had been breached—at least not yet. And honestly, computer hacking was so new that law enforcement agencies didn't even know whose jurisdiction it fell under, or what laws might have been broken.

So Stoll kept investigating on his own.

He spent countless nights at the lab, monitoring the hacker's activity. He watched as the intruder copied password files, planted Trojan horses, and methodically probed one military computer after another. The hacker knew both VAX/VMS and Unix systems. And the timing was suspicious—the hacker seemed to be most active around midday Pacific time, suggesting someone in a different time zone. With help from Tymnet officials and AT&T, Stoll traced the calls across the United States. They were being "piggybacked" through multiple systems to hide their origin. But eventually, he found it: the calls were coming from West Germany, specifically from Hanover, via satellite.

Now Stoll had a problem. He needed to keep the hacker online long enough for German authorities to trace the exact location. But the hacker was cautious, rarely staying connected for more than a few minutes. So Stoll—together with his girlfriend—devised a plan while in the shower. They called it "Operation Showerhead." Stoll created a honeypot: a fake department at Berkeley that claimed to be conducting SDI research. He filled an account (supposedly run by a secretary named "Barbara Sherwin") with large files full of impressive-sounding bureaucratese about missile defense systems. All of it was fake, but it looked real.

The hacker took the bait. Intrigued by the "classified" SDI files, they stayed connected longer, downloading the fake documents. It was enough time.

The West German postal service—which controlled the phone system—traced the call to a house in Hanover. The hacker's name was Markus Hess.

And he wasn't working alone.

Hess was part of a ring of German hackers who'd been selling stolen American military and industrial data to the KGB for cash. During his time working for Soviet intelligence, Hess had broken into 400 U.S. military computers, stealing sensitive information about semiconductors, satellites, space technology, and aircraft.

The group—which included Dirk Brzezinski, Peter Carl, and others—had been making deliveries to a KGB agent named "Serge" who worked at a Soviet trade mission in East Berlin. In exchange, they'd received about $54,000 over more than two years. German authorities arrested Hess on June 29, 1987. In 1990, he went to trial. Stoll flew to Germany and testified for three days.

Hess and two co-conspirators were convicted of espionage. They received suspended sentences—20 months for Hess—because the German court concluded that "no serious damage to West Germany has arisen." The hackers smiled at each other when the verdict was read.

A fourth member of the ring, Karl Koch, never made it to trial. He was found burned to death in a forest near Celle, Germany. Authorities ruled it a suicide, though questions remained.

After the trial, Stoll wrote about his investigation in a technical paper titled "Stalking the Wily Hacker" and a book for general audiences called "The Cuckoo's Egg," which became a bestseller. PBS's NOVA turned it into a documentary in 1990 called "The KGB, the Computer, and Me."

Stoll's investigation became one of the first major cybersecurity cases ever documented. His techniques—monitoring logs, tracing network connections, creating honeypots—helped establish the foundations of modern computer forensics. And all of it started because an astronomer-turned-systems-administrator refused to ignore 75 cents.

The lesson? Sometimes the smallest anomaly is a thread. And if you pull it long enough, you might unravel something huge.