Another way to potentially find wayward insiders is to monitor for the tools
they use to hack into other sites. The latest version of Tally Systems’ Census
line of PC inventory and auditing software is designed to detect tools used by
hackers. The company added more than 400 fingerprints to Census, enabling it
to detect various categories of tools, including those used to launch Trojans
and denial-of-service attacks, crack passwords, break into networks and write
viruses.
Still, the MIT case is a particularly daunting one, given that Tresco was
himself a security administrator. Presumably he would know how to cover his
tracks, even if it meant shutting down some of the security tools designed to
catch him.
In a recent conversation about cyberterrorism, John Pescatore, research
director for Internet security at Gartner Inc., said one of the lessons learned
from the Sept. 11 terrorist attacks is that the terrorists were living among
us. His point was that you don’t know who someday one day could do you harm.
Given that, Pescatore says companies need to do more in the way of background
checking, for their own IT employees as well as their outsourcing providers.
“In the rush to hire people, a year and a half to two years ago, you were just
happy if somebody would agree to work for you, be it in your security group,
your IT system administrators or whatever, let alone who you’re outsourcing
to,” Pescatore says. “So the whole issue of background checking, bonding,
personnel type security, I think not enough attention has been paid to
that.”
Whether such a check would have flagged Tresco is far from clear. By all
accounts, he appears to be the sort of die-hard computer enthusiast that any
firm would covet. How, why or if he got involved in the DrinkOrDie group is
another question. But it once again points to the need to be on the lookout for
insiders conducting surreptitious activity on your organization’s computers,
lest the feds one day walk off with one of your servers.
Paul Desmond is a writer and editor based in Framingham, Mass. He serves as
editor of ecomSecurity.com, a source of practical security information for IT
managers, CIOs and business executives. E-mail him at [email protected]
Editor’s note: This column first appeared on Datamation, an internet.com site.