Unemployed British computer programmer Gary McKinnon has found himself a full-time occupation.
Accused of hacking into US government computer systems, he now has his work cut out to try to explain away charges that could see him face a huge fine and a lengthy jail term. Although McKinnon has not been arrested, US district attorney Paul McNulty said his office is working with Britain's national high-tech crime unit to extradite him to the US.
If the British courts agree to send him across the pond, McKinnon would be the first person to be extradited to face hacking charges. In the current political situation, McNulty obviously wants to send a firm message out to hackers. " If you hack us, we will find you. We will prosecute you and we will send you to prison," he is reported to have said.
If there is any substance in the allegations, a glance at McKinnon's career history suggests that many organisations are not taking IT security so seriously. McKinnon's CV, seen by Computer Weekly, shows that he worked as a penetration tester with a leading City investment bank and also that he did a stint as a security consultant.
In both positions he would have been given extensive access to highly sensitive corporate data. McKinnon has not been charged with or convicted of any offence, but the furore surrounding the allegations against him must act as a sharp reminder to anyone managing IT staff that corners cannot be cut in the recruitment process.
It is important that organisations check the credentials of IT security workers before they are recruited. While it is unlikely that HR will unearth a past membership of the Cult of the Dead Cow, verifying that an applicant did work where they said they did and that their referees can vouch for their character will go some way to ensuring that you are taking on someone who can be trusted.
No-one would appoint Ronnie Biggs to guard the Crown Jewels but how many companies properly investigate the suitability of their IT security people?
McKinnon is alleged to have accessed computers at Nasa and the Pentagon by exploiting known security glitches in Microsoft's Windows NT and Windows 2000 operating systems. He is accused of scanning more than 65,000 computers in an attempt to identify system administrators who had failed to install protective patches.
This again highlights worries about the security of Microsoft products. While the Seattle giant swears it is finally making inroads in this area the ubiquity of Microsoft software means there are still many bugs out there that can be exploited by the hacking community.
If you are responsible for a large number of PCs the process of scanning and fixing vulnerabilities is an onerous one but, until Redmond gets its act together, it is vital that you keep on top of it.