SF engineer to stand trial in hijacked network

A network administrator will stand trial for allegedly hijacking the network he designed and maintained for the city of San Francisco.

A superior court judge ruled Wednesday that there was enough evidence to hold Terry Childs for trial on four felony charges of tampering with a computer network, denying other authorized users access to the network, and causing more than $200,000 in losses, according to a report in the San Francisco Chronicle. Childs, who has been in custody since July 13, had worked at San Francisco's Department of Telecommunication Information Services for five years. Childs, 44, is being held on $5 million bail and is scheduled to be arraigned on January 13.

Childs is accused of tampering with the city's Fiber Wide Area Network after allegedly being disciplined for poor performance. He was also accused of electronically spying on his supervisors and their attempt to fire him.

Childs allegedly denied other administrators access to the system, which maintains law enforcement, payroll, and jail-booking records. Childs reportedly refused to surrender secret codes that would allow access to the system.

However, after a week in the city's jail, Childs agreed to give the access codes to San Francisco Mayor Gavin Newsom during a secret jail house visit. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time.

Childs' attorney has claimed that there was no destructive intent and that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job.

"Mr. Childs had good reason to be protective of the password," Erin Crane argued in an unsuccessful attempt to lower his client's bail. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system."

[getwired]

Good. He needs to be made an example of. So let me get this straight - a guy who has been threatened to be terminated for poor performance, and "he was the only person in that department capable of running that system".

Sounds like a pretty poorly designed system.

[The_Cinderz]

Honestly, I can't blame him. Corp America has lost all humanity and understanding how things really work.

[getwired]

Yes, you're right. A little extortion should show them!

[aka_tripleB]

I'm not saying the guy shouldn't be charged, but aren't you suppose to be released if you're not charged with anything within 24 hours of your arrest?

[lampropeltis_alterna]

When it gets that bad, you should have the fore sight to walk away.
It's better then a heart attack or a criminal record.

Then again there maybe more to the story and the EFF needs to get involved.

[nfrengle]

A classic case: Some tw*t says
"Terry, I'm sorry, but your performance hasn't been up to snuff."
He says "does this have anything to do with having to have someone at the left side of that bell curve?" His supervisor says "well...we do have to grade some people poorly as well as well."
"I built and run this city's entire network infrastructure! I work on weekends, and any time anything goes wrong, I am the one who can fix it! And you pay me what? $80,000 a year!"
"I'm not sure I like your attitude, Terry."
"I'm not sure I give a ****. You will not like having me as an enemy either. You will not like having no access to any of the systems I built. You will not like seeing what happens when you treat someone who is absolutely integral to the IT systems of San Francisco like an *******."
The rest is history. Can't really blame him for being hacked off or for taking his revenge. Would have been to his advantage to have done so in a way that didn't land him in jail, but still handed his idiot managers a heap of pain.

[whclevelandjr]

> Can't really blame him for being hacked off or for taking his revenge. Would have been to his advantage to have done so in a way that didn't land him in jail, but still handed his idiot managers a heap of pain.

I can. He deserves whatever punishment that's given to him. He sounds like a prima dona. If he wasn't happy then he should have just quit. Anyone stupid enough to pull this stunt, couldn't have possibly been qualified for the job.

[tulsa50]

> Honestly, I can't blame him. Corp America has lost all humanity and understanding how things really > work.

I can blame him easily. Disrupting communications that affects thousands and possibly millions of people is terrorism, and his refusal to reveal the passwords is extortion. There is no excuse for him using his fear of loss of control of a system to hold a city hostage. You are either young and naive or a possible recruit for terrorist organizations. You are not a person who understands the world we live in today. I mean no harm to anyone, but I will protect myself and my family.

[mementh]

Hello black and white, meet Mr Grey.

Sadly this is one that wont be solved easily.. Its entierly possable he was 100% in the right to protect a system he had built from the ground up. It was his baby and like any mother protecting a child he sought to protect it.

I perosnnally lean twoards this, if i built something like this I would want to make sure it worked right, especially when others had in the past shown a willfull disreguard to respect the position to maintain and keep secure the systems.

What I find laughable is that no systems failed or had issue being used during this issue. Had he wanted to Disrupt the System he would have caused some failure somewhere.


It is possable as well that he was in the wrong and trying to cause problems and tried to hold the city hostage.. but once your caught like that.. you have little barganing room to "blackmail" and therefore your idea of him being a terrorist goes down the drain like the idea of WMD's in Iraq.


I am also in the belife that he figured out he would be fired and sought to cause some issues for his replacement in configuring and make the transition difficult and when the fan started to get dirty he told the mayor who was the top dog there maybe in his eyes.

I reserve the right to change my opinion pending new facts but, right now it leans mostly towards the dedicated worker who is just tired of some official causing hours to weeks of repair work and headaches because they did not follow established protocol or tried to go around him to get there pet project done.

I also reserve the right to be unreasonable for any reason.

[tulsa50]

Sorry if I sounded like Mr black and white, and despite your misspellings you raised some interesting points. To me the bottom line is that he didn't pay for the network, didn't OWN it and it wasn't HIS. I try to discourage my customers from doing unintentional damage to their network equipment, but I also would expect that I could be prosecuted if I refused to give them the codes/passwords they need to access those systems if I were unavailable/incapacitated.

[Jay Jennings]

Terrorism!? For pete's sake, let's NOT just call anything terrorism, okay? He may have broken the law, but that doesn't amount to terrorism.

[aka_tripleB]

I'm not saying the guy shouldn't be charged, but aren't you suppose to be released if you're not charged with anything within 24 hours of your arrest?

[HedgesX]

Should the law care whether he was intending to do a good thing out of a need for self sacrifice? Should we (the people) try and determine whether he was working for our benefit or just a selfish, controlling ego hound with an over-enhanced sense of self worth?

The details here are too fuzzy for me to make an informed decision of what's fair and what isn't. Suffice to say, what isn't unclear is that he probably broke the law to accomplish his goal. That has penalties, regardless of the intent. Funny thing about being a martyr, they almost always end up punished to one extreme or the other. I admire many of them, whereas others were no more than ego driving opportunists.

Let's see how that trial goes!

HX

[thisismylasttry]

Sounds like a hell of a good guy, just misunderstood. By the way, don't make him a trustee in charge of the jail computer system :)

[solitare_pax]

While what he did wasn't correct - and was pretty darned stupid - I can see how a toxic boss might have caused him to decide to close the door to the system as a way to get attention and appeal to the mayor - the boss of his boss.

[Idyot]

No one is blaming San Francisco itself?

Where are the city's policies and procedures to protect the administrative passwords of its computer systems?

If Mr. Childs had passed away, the city may very well have had the same problem - except there would not be anyone to blame. In this case the city allowed a single point of failure to develop in its personnel.

[vladimir5130]

Guy shouldn't be charged, but aren't you suppose to be released if you're not charged with anything within 24 hours of your arrest?

[Content edited to remove prohibited spam.]

[thelemurking]

it's a shame that I could go out and rape a bus load of nuns, burn down an orphanage and murder a homeless crackhead and would be out the next day on an incredibly lower bail.

seriously people, $5,000,000 bail?

did he disrupt the system by not allowing someone else to access it? did the system ever shut down or have a failure during that time? how did they come up with the $200,000 in damages figure?

[mikehill33]

Why on earth would this Admin think he could hijack anything that wasn't his?

He should be prosecuted to the fullest extent, made to give up any control he had, and the CITY should be chided as an example of how not to have a contingency plan for failures like this.

[jbx2usa]

I think that this whole situation is most probably overblown. It's hard for someone who's not in the IT field to understand. It can be hard for some who are in the IT field to believe a company would do something like this. Local government is very political and there are some very bad people running it. Sure, the guy shouldn't have held the passwords but that's the way the government IT office worked. So why now is it this guy's fault? I also think that $200,000 in damages is crap but that's what they do. They run up the costs so they can stick a felony on you. Then, they exaggerate the whole situation, get their cronies to make up "damages", and then you go to jail and never work again. The IT field is evil and there are too many managers who don't know what they're doing. These people are threatened by those who have power over them, and they fire anyone who is good at their job. It's a sad state of affairs in the corporate world today.

Terry should have just left the passwords on his desk and walked out. Better yet, he should've given two weeks notice and coasted the last 2 weeks. If they didn't want documentation before his termination, he's not obligated to supply it after. After he was gone, someone would screw up the network anyway and his boss would be in very hot water. Terry could have moved on with his life and probably worked somewhere that treated him better. Instead, he's going to jail and will probably never work in IT again.

[mdwychoff]

I was network administrator for a clueless IT 'manager' encouraged and stood up for an incompetent software vendor who created a network application that brought the entire company network down by crashing the primary server. Several times per day. For two weeks.

When the head of IT refused to deal with either the manager or the vendor, I walked.
I still have my sanity and my health.

The head of IT became a vice president at the company, and is still making bad decisions.
I won!

[frnkblk]

Can't agree with you more -- he should have resigned or given his two weeks notice. But quitting is difficult if there's no other job lined up and the current situation not too unbearable. From the little I've read about Terry, it's possible that he was perhaps too attached to his job for him to be able to envision himself working elsewhere.

[viatetsuo]

so let me get this right... only one guy had the access passwords\keys\rights? are you kidding??? It is a necessity to ensure that at least there is a hard copy of all access credentials store in some sort of secure storage with audit-able access control. can you imagine not being able to pay your taxes (or something network based) because there was only one dude who had access to fix the system and he's acting like an ass, or maybe he died? wow... just, wow.

[frnkblk]

I've seen many small and large organizations where security credentials weren't properly backed up and distributed, and where cross-training was limited.

If there's anything the IT folk following this story should learn is that their own organizations should improve their password management and cross-training.