Report: SF officials looking for hidden network device
San Francisco officials are trying to find a device on the city's computer network that was allegedly left there by an IT worker who was jailed for refusing to divulge passwords to the city network, the IDG News Service reported on Thursday.
San Francisco network administrator Terry Childs was arrested in July on four felony charges of taking control of the city's computer network and locking administrators out. He remains in jail on $5 million bail despite giving up the passwords to the mayor in a secret jail cell meeting a week later.
The device, which appears to be a router providing remote access to the city's fiber Wide Area Network, was discovered on August 28, the report says.
However, officials didn't know where the device was located and didn't have the user name and password to access it. When they tried to log in, a message was displayed that said the system was the "personal property of Terry S. Childs," according to a screenshot officials filed with the court.
Updated at 5:45 p.m. PT to correct that network is wide area (as in WAN), not wireless.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
PS You can't create an account or login with IE8 Beta 2...
I don't really trust this story.. why would someone be arrested (not sued) but actually put in jail and have a secret meeting with not a lawyer but the mayor, for not giving back passwords after he was fired?
He should have the passwords for all this stuff if he is an administrator, there is no shocking revelation here.. there are also good reasons why you wouldn't reveal a password to your supervisor.
*Real* companies don't even do this usually.. there is not one root password but many separate accounts that have access to it. This appears to be SF's own fault for deploying a moronic security policy.. now it's clear they are using the strong arm of the law against this guy with the arrest, jail, $5 mil bond, and secret meetings.
I think there is more to this story then the bureaucrats in SF want to admit.
If they can attempt to log into it and get screenshots then they have an IP. If they have an IP they have an associated MAC address in the MAC address tables of the router. If they have an associated MAC Address, they can find what port of what switch it is connected to, EASILY.
I'm calling ******** on this - It's planted or fictitious.
There is more to it than just blocking port on a switch. If the guy is smart enough he can wright a script that puts out fake IP.
The guy got fed up with stupid people screwing up the WAN.
- by SirRobinOfPennsynvania September 12, 2008 6:27 AM PDT
- This is an interesting problem SF faces. The device does not belong on the network and has to be found and removed. As long as it remains on the network it remains a threat. The device can bypass firewall and other security measures. Searching for the device will be expensive considering the network is city wide and the router could be interfacing with the network wirelessly. No one will disputer the device is considered apart of the network. Blocking the device is also expensive and ongoing with every upgrade. There is no indication that Terry S Childs was working alone. The device is also secondary to the fact that the administrators have been locked out indicates he took control of the network. Ofcouse this has to be proven. Anyone with administrator access could have easily pinned this incident on Terry Childs considering the only evidence they have is what is that the device displays his name.
- Reply to this comment
-
(9 Comments)