SF employee accused of setting network sabotage time bomb

Bail for a San Francisco city employee accused of hijacking the city's network remained at $5 million on Friday after prosecutors accused the worker of rigging the network to sabotage it the next time it was shut down for maintenance or due to a power failure, according to The San Francisco Chronicle.

Terry Childs, 43, was arrested July 13 on charges of tampering with the city's computer network. He remained in jail after the hearing on Wednesday.

In a secret meeting with Mayor Gavin Newsom on Monday, Childs revealed the passwords to the system so officials could take back control of it.

However, the Sheriff's Department and Park and Recreation Department remained locked out, although the network was in operation, the newspaper reported.

"He had a malicious intent to destroy the entire network," Prosecutor Conrad del Rosario is quoted as saying.

Childs' lawyer, Erin Crane, says her client has done nothing illegal and is being made a scapegoat by city officials who wanted to get rid of him for no legitimate reason.

[AndrewRich]

After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".

[AndrewRich]

After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".

[Perry_Clease]

"Childs' lawyer, Erin Crane, says her client has done nothing illegal and is being made a scapegoat by city officials who wanted to get rid of him for no legitimate reason."

I live in California and if, emphasis on "if", I understand the law correctly an employer does not need a reason, legitimate or not, to get rid of an employee. Now a union worker may have different rights depending on the contract, but I don't think that applies to Child's.

As to the legality of withholding the access codes, well we shall see.

[netPirate]

If a corporation, or in this case, a government wants to ensure that it has complete control over its data then it needs to regularly audit systems and passwords, have key escrow, and, most importantly, not give one person the keys to the kingdom. Dual control systems are good, for instance, don't make your backup admin your primary admin, etc.

[Penguinisto]

FWIW, and judging by what I've read of the guy:

He's an egotist and an overprotective fool who thought himself more potent than the folks who managed him. That said, I sincerely doubt that there was any intent to "destroy the network". Anyone with even passing knowledge of how Cisco routers actually work (and WAN networking in general), knows how drop-easy it is for a not-so-intelligent admin to tear things up accidentally (network loops, black holes, etc etc).

It's an ugly story, and quite frankly, there's more malfeasance on the prosecutor's part (get flashy national-coverage-sized conviction = get elected to higher office) than there is on Childs' part. After all, if the guy really wanted to destroy the network, he could have very easily have done so and made it all look like an accident (or better still - look like incompetence on his co-workers' and/or managers' part)... with 99.9% of his co-workers and managers not even knowing how it happened.

[Michichael]

Look, it's simple. He configured routers in INSECURE LOCATIONS so the configuration files were not saved to flash memory (Think USB stick). That means, as long as it's online, it works, and if it's offline it's wiped clean, instantly setting off warning bells saying something is wrong. Then you log into it, find out what is wrong, and fix it. Also, in the event that the router is broken into and the flash is STOLEN, nothing is compromised. The same password is probably used for all similar devices in the entire network, e.g. the Provider Edge routers have the same password, the Customer Edge have the same password, et cetera.

This is a SECURITY MEASURE not a Malicious attempt. The management KNEW he was the only one with the passwords to the routers and did not put any policies in place to otherwise disperse that password because he was and is the only engineer with intimate enough knowledge of the details to not **** it up. I guarantee you now that the network password is exposed for all of the techs to see, that network is going to "implode."

And they'll blame it on him.

Michichael

[AppleSuxLeo]

Is he one of the Village People ?

[inachu]

I agree 100%! I hope some IT reporter keeps us informed.

[Chris-Anderson]

Related Article to That Story: SysAdmin Who Locked San Francisco Network Gives Key to Mayor Gavin Newsom