I don't think there's anything to see here. The guy stole "already stolen" credit cards and tried to sell them for a profit. He's a con artist, nothing more. There's been a lot of drum-up about US cyber security in the media lately (see: Stuxnet) and methinks its all just a lot of FUD in order to ply the citizenry into allowing "greater government oversight" of the internet and private networks.
Cost is generally not the biggest issue. Your boss is probably against FOSS because most Pay-For-Play software generally comes with support & maintenance contracts issued from the people who wrote the software, which are extremely important to management types, while software like Plone requires a support or maintenance contract through a third-party provider (i found this: http://plone.net/providers )
If you can convince him that the best way for him to handle this situation and all potential future ones is purchasing a third-party support contract which can also be supported by you if need be since the software is open source, then you might have a shot. Otherwise, I'm not sure. I've seen a lot of good software packages turned down as solutions to business problems simply because there was no support contract.
"Gravitation cannot be held responsible for people falling in love." -- Albert Einstein