At Acar's arraignment in U.S. District Court Thursday, Assistant U.S. Attorney Thomas Hibarger cited a number of reasons why the IT worker should be held in jail pending a bond hearing scheduled for next Tuesday. First and foremost, Hibarger said there was a "serious risk" that Acar, who has relatives in Turkey, would try to flee the country. But Hibarger also pointed to Acar's broad system-access privileges and said prosecutors didn't know for sure that he would be blocked from accessing the district's network.

Federal investigators haven't said whether they think any of the data in the district's systems was compromised as part of the alleged bribery scheme. A spokesman for the U.S. attorney's office said Friday that he couldn't comment on the investigative steps being taken.

Besides ensuring that Acar is locked out of the network, D.C. officials should also review network and systems logs to check on his activities, Ullrich advised. He also said that passwords and other access-control mechanisms need to be reset and that the district's security tools should be evaluated in light of the FBI's claim that one of the alleged bribery incidents involved a purchase of software from security vendor McAfee Inc.

In that incident, according to the FBI, a Washington-based outsourcing and IT services vendor named Advanced Integrated Technologies Corp. (AITC) bought 500 licenses from McAfee on behalf of the district's IT department but then charged the government for 2,000 licenses. Sushil Bansal, AITC's CEO, was the second person arrested by the FBI in connection with the alleged scheme.

It's possible, Ullrich said, that some of the security technologies bought through AITC aren't best-in-class or the best fit for the district's needs. "There probably are questions about the quality of the [security] infrastructure," he said. "Who knows what they bought? Who knows if they took money for selling access to the network or the data?"