RSSEmployee hands over passwords to hijacked San Francisco computer network
By Michael Hatamoto | Published July 23, 2008, 11:27 PM
Much to the delight of San Francisco computer network officials, Mayor Gavin Newsom was given the password so the city can again have access to its computer network after it was hijacked by a city employee.
Terry Childs, 43, of Pittsburg, California, manipulated the city's computer system and held it hostage for more than a week before handing over the passwords. Specifically, Childs locked city officials out of the FiberWAN network that controls the city's e-mails, law enforcement records, payroll, and other personal records.
He said he changed the access passwords for everyone because he felt his superiors were naive and negligent about security issues and viruses possibly infecting the system. One of the superiors told Childs he could be suspended and lose his job due to insubordination, which apparently triggered the situation.
After being arrested and taken into custody on July 13, Childs is being held on $5 million bail, with the higher figure largely because of fears Childs would make bail and then promptly lock the city out of its network forever
The jailhouse meeting took place between Childs, his attorney Erin Crane, and Mayor Newsom, without the knowledge of San Francisco District Attorney Kamala Harris. Childs and his attorney chose to hand over the passwords to the mayor because he was one of the only people that did not immediately vilify Childs for his actions when the news broke last week.
During a press conference last week, Mayor Newsom said Childs is a "rogue employee" and became "a bit maniacal and full of himself," but still didn't chastise him the same way the local media and city officials did.
After writing down a lengthy security code, Childs then asked Newsom to take the code directly to the Cisco engineers and bypass giving it to city computer officials.
The temporary hostage situation over the city's FiberWAN network has pointed out several procedures San Francisco officials will likely need to fix in the future to prevent a similar situation. City officials indicated Childs, who is a certified Cisco Systems network administrator, was one of the chief designers of the FiberWAN network.
Instead of letting a couple of people, Childs included, have complete access to the city network, each person should only have access to certain parts of the network, officials said. Another security issue is that the city apparently did not keep adequate backups of its computer network in case of major data loss -- or a "rogue" employee hijacking the network.
Engineers from Cisco were brought in to work around the clock to try and gain access to the network, but they had minimal success trying to get through Childs' handiwork before receiving the passwords.
The entire network is now back in the complete control of the city of San Francisco.
I read the article and the comments, and there's one thing that's obvious to me that hasn't been suggested yet: WAS THE I.T. MANAGER FIRED??? What manager would empower a peon employee this way? And no doubt the I.T. manager had no hands-on I.T. experience, or his experience is so old that it pre-dates the term "I.T.". Screw the rogue employee... This was POOR MANAGEMENT. You NEVER give ONE PERSON this much power over your network. Who was this guy's manager? Forrest Gump?
Score: 0
|I would think this kind of incident will bring the IT security aspect of network managing to the forefront again. Every single company HAS to deal with it. Not many are willing to or are just not smart enough to think about it.
*Maybe* child's attempt was justified. Thankfully it appears his attempts didn't appear to put anyone at risk. But sadly being marked as a 'rogue' will not do well for his future job-wise
Score: 0
|perhaps, child's had some justification because of his superiors in the it dept and the dogma that exists.
obviously the entire department was infected with the virus's called "arrogance", "no-it-all-ism", "no-loads" and "god complex".
there should have been a procedure where he could file a grievance and be protected from retaliation.
anyways, does any one know what was the password?
i bet it was something simple like "kiss-my-a*s"
Score: 0
|Mayor Newsom said Childs is a "rogue employee..
That's the pot calling the kettle black if I you ask me.
Score: 0
|This is a consistent problem in IT. We go to management and inform them of a problem and that it must be repaired and management in turn brushes it off as an unnecessary expenditure and tells the IT manager to quit rocking the boat.
Then when something happens its their fault...
Now yea, OK In this case it was his fault, cause he did it to prove a point. But I'm sure by that point, the guy was pretty resigned to the fact that he didn't want to work in IT anymore. I certainly wish I didn't ever get into this field. Its by far the most thankless and unappreciated position in any company.
I mean our successes go unnoticed cause everything is running smoothly, Our failures are known by all and ridiculed as we try to recover from disaster. So 90% of the time people think we are unnecessary, and the remaining 10% of the time they are pissed at us cause the network is down while we get it fixed.
Indeed a janitor tends to get more respect then a typical IT tech or manager from the rest of the business world.
Score: 0
|A-friggen-men, brother!! Never again would I do that kind of work.
The nastiest folk of all are the damned secretaries to the higher ups (pres, vp, etc) when they don't have immediate access to Word, Excel, etc and every file on the network. I remember getting a fairly bad thrashing from one of those ingrates when somehow she screwed up her dictionary file and could not locate a backup. It was all the IT depts. fault that there was no easily accessible backup (and must have been our fault that her file got messed up to begin with). God, I wanted to slap her.
Score: 0
|I'm sorry, but any real IT person with a honest shred of intelligence and *integrity* would not have done this (childish) act. This smacks of someone developing a temper tantrum because no one would listen to him. I don't know a single IT person who admits they would do this, the maturity level ranks down there with a elementary school kid. He needs to be fired with loss of all benefits and never allowed to hold a IT job in SF again.
EDIT: The guy should be glad he wasn't in the military and did something like this...
Score: 0
|Any IT guy that would actually admit he would do this...would be fired very quickly...so don't expect anybody to actually ADMIT they would do it.
I'm sure he was fired, and I'm sure it will be almost impossible for him to get a job at this point...
Score: 0
|How come that I never ever read any real news on this site despite its name. Anything is a day old in overseas news. Granted - there is the time zone but that means at least 50% should appear here 1st. Relating to this story - Apparently large portions of the network is still locked down. Here's the latest in case this link works and someone cares: http://www.infoworld.com...still_locked_out_1.html
Maybe Jaq can save the day and post some more advertisements as news...
Score: 0
|Now be a good boy and give the Mayor back his network......... no more video games for you....
Score: 0
|LOL! I love it! Liberals being lax about security.
Score: 0
|One would think those liberals would model their security after nice conservative firms.....like Diebold! ;)
Score: 0
|Well, as long as they still pull in the money to subsidize the larger non-coastal Hillbilly territory it's OK I guess...
Score: 0
|I'm surprised one person can bring a network of that magnitude down so easily. As a programmer/engineer of sorts it makes sense that 20 or so people should have security codes and that to gain full access to the system it should require as least 3 of the codes.
Score: 0
|It's not that they didn't have the passwords ("codes"), it's that he took the passwords and changed them so they were denied access.
The thing that I find funny is that they're suggesting, "One person shouldn't have access to everything. 20 ppl should have access to smaller portions".
Ok ... so what happens when that person dies unexpectedly or something along those lines?
The mayor should have access to everything, passwords "codes" should not be able to be changed by *anybody* but the mayor himself or other elected official. (although sometimes the mayor might not be the best person, either ... look at scandal w/ the Detroit's mayor re: the hooker that is now deceased)
Or, god forbid, someone makes the extra backups.
Score: 0
|You didn't actually read his comment at all, did you.
He suggested having to have at least 3 people supply their passwords for anyone to be able to access the whole system or indeed change any of the passwords.
Score: 0
|Look up: Hacking 101.
Score: 0
|Nice , See what a little respect gets you.....
Cooperation.
Score: 0
|In the computer world, absolutely. Just be careful what worlds you paralell this to, because it doesn't work in every world.
Score: 0
|Criminals do not deserve respect and what this guy did is criminal. I doubt he got any real respect just fake ones :) kind of like what a hostage negotiator gives, oh wait.
Well I have no idea what this guys future is, but I doubt it's going to be very bright.
Score: 0
|