The experience of the Lawrence Berkeley Laboratory in tracking an intruder suggests that any operating system is insecure when obvious security rules are ignored. How a site should respond to an intrusion, whether it is possible to trace an intruder trying to evade detection, what can be learned from tracking an intruder, what methods the intruder used, and the responsiveness of the law-enforcement community are also discussed.