Clifford Stoll managed some computers at Lawrence Berkeley National Laboratory in California. One day, in August 1986, his supervisor (Dave Cleveland) asked him to resolve a USD$ 0.75 accounting error in the computer usage accounts. He traced the error to an unauthorized user who had apparently used up 9 seconds of computer time and not paid for it, and eventually realized that the unauthorized user was a cracker who had acquired root access to the LBL system by exploiting a vulnerability in the movemail function of the original GNU Emacs.
Over the next ten months, Stoll spent a great deal of time and effort tracing the hacker’s origin.
The Cuckoo’s Egg on Wikipedia.