The Threat From Within

Another way to potentially find wayward insiders is to monitor for the tools

they use to hack into other sites. The latest version of Tally Systems’ Census

line of PC inventory and auditing software is designed to detect tools used by

hackers. The company added more than 400 fingerprints to Census, enabling it

to detect various categories of tools, including those used to launch Trojans

and denial-of-service attacks, crack passwords, break into networks and write


Still, the MIT case is a particularly daunting one, given that Tresco was

himself a security administrator. Presumably he would know how to cover his

tracks, even if it meant shutting down some of the security tools designed to

catch him.

In a recent conversation about cyberterrorism, John Pescatore, research

director for Internet security at Gartner Inc., said one of the lessons learned

from the Sept. 11 terrorist attacks is that the terrorists were living among

us. His point was that you don’t know who someday one day could do you harm.

Given that, Pescatore says companies need to do more in the way of background

checking, for their own IT employees as well as their outsourcing providers.

“In the rush to hire people, a year and a half to two years ago, you were just

happy if somebody would agree to work for you, be it in your security group,

your IT system administrators or whatever, let alone who you’re outsourcing

to,” Pescatore says. “So the whole issue of background checking, bonding,

personnel type security, I think not enough attention has been paid to


Whether such a check would have flagged Tresco is far from clear. By all

accounts, he appears to be the sort of die-hard computer enthusiast that any

firm would covet. How, why or if he got involved in the DrinkOrDie group is

another question. But it once again points to the need to be on the lookout for

insiders conducting surreptitious activity on your organization’s computers,

lest the feds one day walk off with one of your servers.

Paul Desmond is a writer and editor based in Framingham, Mass. He serves as

editor of, a source of practical security information for IT

managers, CIOs and business executives. E-mail him at [email protected]

Editor’s note: This column first appeared on Datamation, an site.