The Threat From Within - Page 2

Dec 24, 2001

Paul Desmond

Another way to potentially find wayward insiders is to monitor for the tools they use to hack into other sites. The latest version of Tally Systems' Census line of PC inventory and auditing software is designed to detect tools used by hackers. The company added more than 400 fingerprints to Census, enabling it to detect various categories of tools, including those used to launch Trojans and denial-of-service attacks, crack passwords, break into networks and write viruses.

Still, the MIT case is a particularly daunting one, given that Tresco was himself a security administrator. Presumably he would know how to cover his tracks, even if it meant shutting down some of the security tools designed to catch him.

In a recent conversation about cyberterrorism, John Pescatore, research director for Internet security at Gartner Inc., said one of the lessons learned from the Sept. 11 terrorist attacks is that the terrorists were living among us. His point was that you don't know who someday one day could do you harm. Given that, Pescatore says companies need to do more in the way of background checking, for their own IT employees as well as their outsourcing providers.

"In the rush to hire people, a year and a half to two years ago, you were just happy if somebody would agree to work for you, be it in your security group, your IT system administrators or whatever, let alone who you're outsourcing to," Pescatore says. "So the whole issue of background checking, bonding, personnel type security, I think not enough attention has been paid to that."

Whether such a check would have flagged Tresco is far from clear. By all accounts, he appears to be the sort of die-hard computer enthusiast that any firm would covet. How, why or if he got involved in the DrinkOrDie group is another question. But it once again points to the need to be on the lookout for insiders conducting surreptitious activity on your organization's computers, lest the feds one day walk off with one of your servers.

Paul Desmond is a writer and editor based in Framingham, Mass. He serves as editor of, a source of practical security information for IT managers, CIOs and business executives. E-mail him at

Editor's note: This column first appeared on Datamation, an site.

Page 2 of 2


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.