San Francisco IT worker arrested in hijacking of city network

A network administrator for the city of San Francisco has been arrested on charges of taking control of the city's computer network and locking administrators out, according to the San Francisco Chronicle.

Terry Childs, 43, was due to be arraigned on Tuesday after his arrest Sunday. He remains in jail on $5 million bail.

Childs, who has worked for the city for five years, is accused of tampering with the new Fiber Wide Area Network after allegedly being disciplined for poor performance. He is accused of electronically spying on his supervisors and their attempt to fire him, according to authorities.

Officials told the newspaper they were making some headway into regaining access to the system, but they fear that Childs has rigged a system to remotely destroy data.

Meanwhile, the network is up and running despite the fact that administrators have limited to no access.

[Jack K1]

I bet the "performance" issues dealt with Childs pestering managers about the network's poor security implementation - and the managers figured it would be easier to fix him than fix the problem.

I see a Dilbert strip in the making.

Jack

[shahnyboy]

you should become a fiction writer for your ability to come up with stuff outta thin air.

[budOlly]

Jack K1, I agree...if one person can take over a network spanning an entire city, AND lock out ALL the Admins, there must be a very poor topology in place. I'd be interested to see what kind of architecture it was built on.

[buddesatva]

There should be a method to tag idiots who do this type of thing. The penalty must include, no future employment in IT for Terry Childs. Building and creating takes brains, creativity and work ethic. This guy is officially out of the club.

[Jack K1]

You assume he's guilty.

[fredtheviking]

Why can't they just replace the hardware and hold the orginal harware as evidence. I know this isn't any small undertaking, but it better than losing data that might be useful in convincting Childs. No doubt expensive, but a small price to pay for Justice. I, also, agree buddesatva comment. Terry Childs may have had good reason to hate his supervisors, but this may be the most irresponsiable thing I have ever heard of.

[dugudr]

Don't they have a superabmin password for the head or is it all admins have the same level of access?

[mobieus]

There are two sides to every story :-) Regardless, to architect an infrastucture where a singel person has the ability to threaten or disrupt - shame on management

[surfandwork]

The greatest danger to a computer network is internal users not outside hackers.

[SeizeCTRL]

So hacking is a $5 million dollar bail, but killing a station wagon full of orphans and raping a nun will run you around $50,000.

This world makes no sense!

[Imalittleteapot]

No no, It makes perfect sense. Every crime is just based on monetary damages. They just don't tell you that. Like if you murder someone you're not really being punished for the murder. You're really being punished for all the money the government had to waste to investigate and put you behind bars. See, with lesser crimes you get cheaper trials. Like a DUI with no jury and you'll probably get probation instead of living off the state. So it doesn't cost them as much so you get a lighter sentence. Never mind the fact that you could have killed someone while driving. With worse crimes you get a more expensive trial where the public defender actually wears a suit or something. So they get madder at you and punish you harder. That's why you get a lighter sentence if you get your own lawyer. Public defenders cost them more money. Get your own lawyer and you've proved to them you're not 100 percent worthless. So maybe you're not as bad to the economy as they thought. With financial crimes it is even worse though. You still have to be punished for the investigation and trial and prison, but now you have to be punished for the money you stole too. That's why money crimes get a harsher sentence. However, if you murder someone they don't get themselves in debt up to their eyeballs and shop at the mall all day. Plus, they won't be paying back the debt they already owe. See, murder is bad for the economy too. It's just a different kind of financial crime. However, it's not as bad as doing millions of dollars worth of damage to a business. So maybe the bail will be cheaper. The life sentences are just left over from the puritan days or something. Eventually they'll work those completely out and serial killers can just pay a fine downtown. What about rape? Who wants to go to the mall after you've been raped right? This goes for other people too. Who wants to leave their house to go shopping when there are rapes taking place? People get scared and stay inside. They don't go out to eat that night. That's a loss of more money. Child porn and pedophiles are the same thing. People start to think the internet is filled with nasty so maybe they don't pay their ISP bills. It's like a big domino effect. The only good thing about all of this is that it's all based on your worth. At least that means criminals are still worthless. I can get behind that. If you consider every crime just a form of financial damage to the economy then the sentences make a lot more sense right? Well, ok maybe it doesn't work like that, but it feels like it sometimes.

[haochela]

5 things a hacker with server level access can do that a nun rapists or orphan killers can't:
1) Shut down the city water supply
2) Lock out all taxpayer and financial records for the city destroying it's ability to collect revenue or pay vendors or service providers
3) Stage a series of untraceable attacks against all tier1 SAN providers in the bay area which service the rest of the country
4) Turn the traffic light system into a series of christmas tree lights.
5) Sell the passwords to the city's IT systems to the highest bidder.

IMHO $5 million is kind of low...

[canettijazz]

I think this type of issue is one of the biggest reasons not to switch to electronic voting. How many municipalities have enough money to hire a full time, top notch, honorable and trustworthy IT staff that can maintain the electronic voting systems? Most municipalities set up voting boothes in peoples garages, churches or schools. These voting sites would need secure networks, reliable power, backup power, plus someone that is tech savvy at these voting sites. Usually, the sites are manned by volunteers that tend to be senior citizens - definitely not a group that is typically considered to be tech savvy or on the cutting edge of technology.

[inachu]

I bet 100% he is innocent!
Why? I had something similar happen to me but the person who got locked out of the database was the companies CFO and he was unable to get into the OS.
So he blamed it on me. Some companies hire IT people to use them as the fall guy for failed plans and place all blame on them so they can wash their hands of any problem.

In this case I never touched the OS/HARDWARE but yet I was blamed. This happened years ago. Should I send these people to court for ruining my good name?

[Hoosier-Daddy]

$5 million bail? Why didn't he just claim he's an underage illegal immigrant and SF would have paid air fair to his country of choice? :-)

[usuallysilent]

Make sure a jury of his peers are all network admins or system admins. The fallout from guys like this complicates the admin business while he waltzes off to probation or a fine. Think of how the SOX process originated and the pain that causes! Let him do the BOHICA dance in prison.

His management shouldn't escape either as they hired a guy with a known criminal record in his past.
See http://itknowledgeexchange.techtarget.com/cio/san-francisco-it-hack-story-looks-a-bit-too-much-like-chinatown/?track=NL-973&ad=650631&asrc=EM_NLN_4045471&uid=589355

[pgm554]

This is such a non-story.

If the IT dept followed any type of standards what so ever,they would have backups of the configuration files of all the routers and switches.

You simply do a reset to default and upload the settings back to the devices.

$250k to have somebody do this?
I want that contract!

But wait a minute ,I'm not a transgendered Iranian goat herder ,from the Transvaal,that needs an abortion because I was raped by white supremacists from Orange County .

So I guess that leaves me off the list of approved vendors.

Darn and I would have used that money to help pay for Gavin Newsom's next date with his best friends wife.

[Michichael]

Ever heard of a domain restore tape backup? I mean ****. Not that hard to crack an AD hash, do a directory restore, and set the controller as the primary replication point.

[UNAME_NOT_IN_USE]

As an IT security professional, I would say that this doesn't make much sense as reported.
Any "good" IT Security guy with could fix the access issues with little trouble.
If this is even close to being true, then someone should fire the management that let it get to this point. They should have hired some IT security professionals, done a risk assesment, and had IA controlls in place to prevent this from happening. They need to move the IT oversight to someone else. (Managment probably had admin rights to everything and he probably just removed their admin rights, pissing them off). No mater the case, they should not be alowed to repeat the decisions that led to this. This could happen again if the same managers are left in charge.

[saromero23]

This story is going to have legs but I am afraid it will not likely run in the right direction. All ridiculous characterizations of the wonderful city of San Francisco aside, The City by the Bay must take accountability. This is yet another example of the lack of good governance in a major IT organization. When these events occur I relish the opportunity to showcase how good IT Goverance could have prevented the event (at best),or provided a quick response and resolution (at worse). I fear the media will follow the lead of city leaders and legal officers (management) and focus solely on the network administrator (worker). It is far sexier to focus on the crime, the criminal , and the huge bail, rather the the true culprit and cause, Executive management and poor IT Governance.

Steve Romero, IT Governance Evangelist
http://community.ca.com/blogs/theitgovernanceevangelist/

[ekuhlkamp]

This is ridiculous. 5 million dollar bail for showing the IT professionals of the city of San Fransisco that they were stupid enough to allow one person the power to lock everyone out, and then being unable to find a way back into the network.

Ah, the gray area of justice.

[Dragon_Myr]

It'd be nice if more specifics on the story were reported. I'm sure both sides have their own spin. I'm more inclined to believe the IT guy getting paid $126,000+ a year for that security job. Management always likes to abuse IT people even when outsourced. If something, anything, goes wrong with a computer it's instantly IT's fault. If the budget is short, layoffs start in IT. The $5 million bail and hundreds of thousands of dollars repair bills make me think there's something else going on behind the scenes. Perhaps this IT guy has access to some incriminating evidence against corrupt politicians.

The very fact that San Fransisco's management allowed one person to have full control over the system is evidence that they don't know what they're doing. Maybe if they started hiring qualified, educated, and experienced people instead of using race, gender, and orientation as lead hiring factors then perhaps this whole mess would have been avoided.

Something about this whole thing stinks. Too bad we may never know the whole story.

[tekwiz4u]

Agree with pgm. Reset the devices, and restore from backup before the hack. Can't do it? Then you failed on your backup/restore plan.

[FerhatSavci]

Could it be this guy has some weird password like "F*ckMe!", "MyDadRapedMeIn1971" that he cannot share? I once knew a network engineer, he was brilliant but he was also paranoiac. He would not "write" router configs (i.e., save them in the router's flash memory) for security reasons. If the device was somehow reset, the router would be an expensive, high-tech brick until he reconfigured it.