Still, the MIT case is a particularly daunting one, given that Tresco was himself a security administrator. Presumably he would know how to cover his tracks, even if it meant shutting down some of the security tools designed to catch him.
In a recent conversation about cyberterrorism, John Pescatore, research director for Internet security at Gartner Inc., said one of the lessons learned from the Sept. 11 terrorist attacks is that the terrorists were living among us. His point was that you don't know who someday one day could do you harm. Given that, Pescatore says companies need to do more in the way of background checking, for their own IT employees as well as their outsourcing providers.
Whether such a check would have flagged Tresco is far from clear. By all accounts, he appears to be the sort of die-hard computer enthusiast that any firm would covet. How, why or if he got involved in the DrinkOrDie group is another question. But it once again points to the need to be on the lookout for insiders conducting surreptitious activity on your organization's computers, lest the feds one day walk off with one of your servers.
Paul Desmond is a writer and editor based in Framingham, Mass. He serves as editor of ecomSecurity.com, a source of practical security information for IT managers, CIOs and business executives. E-mail him at firstname.lastname@example.org
Editor's note: This column first appeared on Datamation, an internet.com site.