On Dec. 11, federal law enforcement agents conducted raids at several U.S.
universities and software companies in an apparently successful attempt to
break up a software piracy ring. More raids were conducted over the following
week and 150 computers were seized, according to a report in The New York
Times.
Officials from the Customs Service, which is leading the investigation, were
pressuring students and others believed to be involved in the ring to talk or
face prison time.
One such suspect, Christopher Tresco, 23, was working as a systems analyst at
the Massachusetts Institute of Technology, one of the schools raided on Dec.
11. According to the Boston Globe, Tresco is alleged to have been
operating near the top level of the piracy ring, dubbed DrinkOrDie. As a result
of his involvement, several MIT computers were seized, including at least one
server.
Think about that for a minute. Imagine federal law enforcement agents one day
burst into your data center, disconnect a server or two – no telling which
ones- and walk away with them. Then think about having the name of your
organization splashed all over the headlines of your local metropolitan
newspaper in connection with such a scandal, not to mention national news
vehicles. That’s exactly what happened to not only MIT but Duke University, the
University of California at Los Angeles and the Rochester Institute of
Technology.
A Gateway store in Pennsylvania also was involved in the raid, and one of its
employees was questioned. Additionally, employees at the companies that made
the pirated software are also under suspicion. The pirated goods include the
Windows XP operating system, computer games and even recent hit movies such as
“Harry Potter and the Sorcerer’s Stone.” In all, the investigation touched 27
cities and five countries.
In Tresco’s case, authorities allege he was using MIT computers to conduct at
least some of his illegal activies. What was he supposed to be doing?
Maintaining the security systems for MIT’s Economics Department.
You’ve heard this sort of story before, that it’s the insiders you have to
watch out for as much as outside intruders. But the DrinkOrDie episode brings
it to light in stark fashion.
What could MIT have done to detect Tresco’s allegedly illicit activities?
E-mail filtering software may have helped. Tools such as Baltimore
Technologies’ MIMEsweeper, SurfControl’s SuperScout and Marshal Software’s
MailMarshal scan the content of e-mail messages looking for predefined keywords
that indicate a potential security breach or simply non-business activity. In
this case, if the tool was programmed to flag “DrinkOrDie,” or the larger
“warez” ring, Tresco may have been caught.
The same vendors have products that scan the content of Web sites and monitor
the sites employees are visiting. Here again, such a tool may have alerted MIT
if Tresco was indeed up to no good, given the ring allegedly operated its own
site, www.drinkordie.com, which has since been shut down.