Officials from the Customs Service, which is leading the investigation, were pressuring students and others believed to be involved in the ring to talk or face prison time.
One such suspect, Christopher Tresco, 23, was working as a systems analyst at the Massachusetts Institute of Technology, one of the schools raided on Dec. 11. According to the Boston Globe, Tresco is alleged to have been operating near the top level of the piracy ring, dubbed DrinkOrDie. As a result of his involvement, several MIT computers were seized, including at least one server.
A Gateway store in Pennsylvania also was involved in the raid, and one of its employees was questioned. Additionally, employees at the companies that made the pirated software are also under suspicion. The pirated goods include the Windows XP operating system, computer games and even recent hit movies such as "Harry Potter and the Sorcerer's Stone." In all, the investigation touched 27 cities and five countries.
In Tresco's case, authorities allege he was using MIT computers to conduct at least some of his illegal activies. What was he supposed to be doing? Maintaining the security systems for MIT's Economics Department.
You've heard this sort of story before, that it's the insiders you have to watch out for as much as outside intruders. But the DrinkOrDie episode brings it to light in stark fashion.
What could MIT have done to detect Tresco's allegedly illicit activities? E-mail filtering software may have helped. Tools such as Baltimore Technologies' MIMEsweeper, SurfControl's SuperScout and Marshal Software's MailMarshal scan the content of e-mail messages looking for predefined keywords that indicate a potential security breach or simply non-business activity. In this case, if the tool was programmed to flag "DrinkOrDie," or the larger "warez" ring, Tresco may have been caught.
The same vendors have products that scan the content of Web sites and monitor the sites employees are visiting. Here again, such a tool may have alerted MIT if Tresco was indeed up to no good, given the ring allegedly operated its own site, www.drinkordie.com, which has since been shut down.