• On TV.com: Julie is HOT (and so is TV in a FLASH)
advertisementGet Smart about Business Spending
July 23, 2008 1:13 PM PDT

SF employee accused of setting network sabotage time bomb

by Elinor Mills

Bail for a San Francisco city employee accused of hijacking the city's network remained at $5 million on Friday after prosecutors accused the worker of rigging the network to sabotage it the next time it was shut down for maintenance or due to a power failure, according to The San Francisco Chronicle.

Terry Childs, 43, was arrested July 13 on charges of tampering with the city's computer network. He remained in jail after the hearing on Wednesday.

In a secret meeting with Mayor Gavin Newsom on Monday, Childs revealed the passwords to the system so officials could take back control of it.

However, the Sheriff's Department and Park and Recreation Department remained locked out, although the network was in operation, the newspaper reported.

"He had a malicious intent to destroy the entire network," Prosecutor Conrad del Rosario is quoted as saying.

Childs' lawyer, Erin Crane, says her client has done nothing illegal and is being made a scapegoat by city officials who wanted to get rid of him for no legitimate reason.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

security,

insider threat

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Apple plugs holes for domain spoofing, other attacks
Microsoft launches Forefront Protection 2010
'60 Minutes'--Cyberwar: Sabotaging the system
Microsoft to fix holes in Windows, Office
Google privacy controls: Most people won't care
Zero-day flaw found in Web encryption
Mac Game: Art project or malware?
Corporate bank accounts targeted in online fraud
Related
14 more charged with insider trading
'60 Minutes'--Cyberwar: Sabotaging the system
Net safety conference to call for digital citizenship
Lessons for Nook from Zune
Facebook database outage cut off about 150,000
Week in review: Data loss disasters
Crave giveaway of the week: official rules
Flickr hit with Tuesday morning outage
Add a Comment (Log in or register) (13 Comments)
  • prev
  • 1
  • next
by AndrewRich July 23, 2008 1:54 PM PDT
After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".
Reply to this comment
by AndrewRich July 23, 2008 1:54 PM PDT
After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".
Reply to this comment
by Perry_Clease July 23, 2008 1:59 PM PDT
"Childs' lawyer, Erin Crane, says her client has done nothing illegal and is being made a scapegoat by city officials who wanted to get rid of him for no legitimate reason."

I live in California and if, emphasis on "if", I understand the law correctly an employer does not need a reason, legitimate or not, to get rid of an employee. Now a union worker may have different rights depending on the contract, but I don't think that applies to Child's.

As to the legality of withholding the access codes, well we shall see.
Reply to this comment
by Michichael July 23, 2008 4:25 PM PDT
Right to work laws don't apply to contractual employment. For a position like that, I cannot imagine they have a right to work situation. It's definitely contracted out with details of his employment requirements and salary and benefits. They wouldn't trust a high level job like that to somebody without a contract, and most city employees are contract anyway. Just an FYI.
by Perry_Clease July 23, 2008 5:29 PM PDT
"Right to work laws don't apply to contractual employment. "

Thanks for the info Michicael
by netPirate July 23, 2008 2:28 PM PDT
If a corporation, or in this case, a government wants to ensure that it has complete control over its data then it needs to regularly audit systems and passwords, have key escrow, and, most importantly, not give one person the keys to the kingdom. Dual control systems are good, for instance, don't make your backup admin your primary admin, etc.
Reply to this comment
by Penguinisto July 23, 2008 2:51 PM PDT
FWIW, and judging by what I've read of the guy:

He's an egotist and an overprotective fool who thought himself more potent than the folks who managed him. That said, I sincerely doubt that there was any intent to "destroy the network". Anyone with even passing knowledge of how Cisco routers actually work (and WAN networking in general), knows how drop-easy it is for a not-so-intelligent admin to tear things up accidentally (network loops, black holes, etc etc).

It's an ugly story, and quite frankly, there's more malfeasance on the prosecutor's part (get flashy national-coverage-sized conviction = get elected to higher office) than there is on Childs' part. After all, if the guy really wanted to destroy the network, he could have very easily have done so and made it all look like an accident (or better still - look like incompetence on his co-workers' and/or managers' part)... with 99.9% of his co-workers and managers not even knowing how it happened.
Reply to this comment
by Michichael July 23, 2008 4:23 PM PDT
Look, it's simple. He configured routers in INSECURE LOCATIONS so the configuration files were not saved to flash memory (Think USB stick). That means, as long as it's online, it works, and if it's offline it's wiped clean, instantly setting off warning bells saying something is wrong. Then you log into it, find out what is wrong, and fix it. Also, in the event that the router is broken into and the flash is STOLEN, nothing is compromised. The same password is probably used for all similar devices in the entire network, e.g. the Provider Edge routers have the same password, the Customer Edge have the same password, et cetera.

This is a SECURITY MEASURE not a Malicious attempt. The management KNEW he was the only one with the passwords to the routers and did not put any policies in place to otherwise disperse that password because he was and is the only engineer with intimate enough knowledge of the details to not **** it up. I guarantee you now that the network password is exposed for all of the techs to see, that network is going to "implode."

And they'll blame it on him.

Michichael
Reply to this comment
by Penguinisto July 23, 2008 4:47 PM PDT
I agree ab't the measures being protective, but honestly... why did only one employee have the passwords, and where was the backup image?

Usually you have at least two admins with full access and all the passwords (you can then park the file on a couple of USB sticks right next to the flash images, and have both of 'em dropped off in a safe deposit box at the bank).
by Michichael July 24, 2008 1:55 PM PDT
Penguin - according to inside sources, if what I've read is to be believed, there wasn't anyone else competent enough to hold those keys. There were no policies in place that were enforced or enforce-able for backup schemes. They were working on that. This guy was the #1 technical expert and management saw no problems with him having the passwords. "Just call Terry" Until this happened. 50$ says that now that they have the passwords it's going to start having issues...
by AppleSuxLeo July 24, 2008 4:02 AM PDT
Is he one of the Village People ?
Reply to this comment
by inachu July 24, 2008 6:33 AM PDT
I agree 100%! I hope some IT reporter keeps us informed.
Reply to this comment
by Chris-Anderson July 25, 2008 11:13 AM PDT
Related Article to That Story: SysAdmin Who Locked San Francisco Network Gives Key to Mayor Gavin Newsom
Reply to this comment
(13 Comments)
  • prev
  • 1
  • next
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET