The Threat From Within - Page 1

Dec 24, 2001

Paul Desmond

On Dec. 11, federal law enforcement agents conducted raids at several U.S. universities and software companies in an apparently successful attempt to break up a software piracy ring. More raids were conducted over the following week and 150 computers were seized, according to a report in The New York Times.

Officials from the Customs Service, which is leading the investigation, were pressuring students and others believed to be involved in the ring to talk or face prison time.

One such suspect, Christopher Tresco, 23, was working as a systems analyst at the Massachusetts Institute of Technology, one of the schools raided on Dec. 11. According to the Boston Globe, Tresco is alleged to have been operating near the top level of the piracy ring, dubbed DrinkOrDie. As a result of his involvement, several MIT computers were seized, including at least one server.

Think about that for a minute. Imagine federal law enforcement agents one day burst into your data center, disconnect a server or two - no telling which ones- and walk away with them. Then think about having the name of your organization splashed all over the headlines of your local metropolitan newspaper in connection with such a scandal, not to mention national news vehicles. That's exactly what happened to not only MIT but Duke University, the University of California at Los Angeles and the Rochester Institute of Technology.

A Gateway store in Pennsylvania also was involved in the raid, and one of its employees was questioned. Additionally, employees at the companies that made the pirated software are also under suspicion. The pirated goods include the Windows XP operating system, computer games and even recent hit movies such as "Harry Potter and the Sorcerer's Stone." In all, the investigation touched 27 cities and five countries.

In Tresco's case, authorities allege he was using MIT computers to conduct at least some of his illegal activies. What was he supposed to be doing? Maintaining the security systems for MIT's Economics Department.

You've heard this sort of story before, that it's the insiders you have to watch out for as much as outside intruders. But the DrinkOrDie episode brings it to light in stark fashion.

What could MIT have done to detect Tresco's allegedly illicit activities? E-mail filtering software may have helped. Tools such as Baltimore Technologies' MIMEsweeper, SurfControl's SuperScout and Marshal Software's MailMarshal scan the content of e-mail messages looking for predefined keywords that indicate a potential security breach or simply non-business activity. In this case, if the tool was programmed to flag "DrinkOrDie," or the larger "warez" ring, Tresco may have been caught.

The same vendors have products that scan the content of Web sites and monitor the sites employees are visiting. Here again, such a tool may have alerted MIT if Tresco was indeed up to no good, given the ring allegedly operated its own site,, which has since been shut down.

Page 1 of 2


0 Comments (click to add your comment)
Comment and Contribute

Your comment has been submitted and is pending approval.



 (click to add your comment)

Comment and Contribute

Your name/nickname

Your email


(Maximum characters: 1200). You have characters left.