Comments on: SF employee accused of setting network sabotage time bomb

San Francisco city computer engineer remains held on $5 million bail, accused of hijacking city network and arranging it to self-destruct during the next routine maintenance or outage.

[AndrewRich]

After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".

[AndrewRich]

After reading several different articles about this case, and having no other personal knowledge -- but knowing a lot about how incompetent employees are promoted to managers -- I find myself believing Childs. He went overboard with his protection measures, but I have no problem believing that his managers tried to "git in ther an fix that enternit ixplorer thingie".

[Perry_Clease]

"Childs' lawyer, Erin Crane, says her client has done nothing illegal and is being made a scapegoat by city officials who wanted to get rid of him for no legitimate reason."

I live in California and if, emphasis on "if", I understand the law correctly an employer does not need a reason, legitimate or not, to get rid of an employee. Now a union worker may have different rights depending on the contract, but I don't think that applies to Child's.

As to the legality of withholding the access codes, well we shall see.

[Michichael]

Right to work laws don't apply to contractual employment. For a position like that, I cannot imagine they have a right to work situation. It's definitely contracted out with details of his employment requirements and salary and benefits. They wouldn't trust a high level job like that to somebody without a contract, and most city employees are contract anyway. Just an FYI.

[Perry_Clease]

"Right to work laws don't apply to contractual employment. "

Thanks for the info Michicael

[netPirate]

If a corporation, or in this case, a government wants to ensure that it has complete control over its data then it needs to regularly audit systems and passwords, have key escrow, and, most importantly, not give one person the keys to the kingdom. Dual control systems are good, for instance, don't make your backup admin your primary admin, etc.

[Penguinisto]

FWIW, and judging by what I've read of the guy:

He's an egotist and an overprotective fool who thought himself more potent than the folks who managed him. That said, I sincerely doubt that there was any intent to "destroy the network". Anyone with even passing knowledge of how Cisco routers actually work (and WAN networking in general), knows how drop-easy it is for a not-so-intelligent admin to tear things up accidentally (network loops, black holes, etc etc).

It's an ugly story, and quite frankly, there's more malfeasance on the prosecutor's part (get flashy national-coverage-sized conviction = get elected to higher office) than there is on Childs' part. After all, if the guy really wanted to destroy the network, he could have very easily have done so and made it all look like an accident (or better still - look like incompetence on his co-workers' and/or managers' part)... with 99.9% of his co-workers and managers not even knowing how it happened.

[Michichael]

Look, it's simple. He configured routers in INSECURE LOCATIONS so the configuration files were not saved to flash memory (Think USB stick). That means, as long as it's online, it works, and if it's offline it's wiped clean, instantly setting off warning bells saying something is wrong. Then you log into it, find out what is wrong, and fix it. Also, in the event that the router is broken into and the flash is STOLEN, nothing is compromised. The same password is probably used for all similar devices in the entire network, e.g. the Provider Edge routers have the same password, the Customer Edge have the same password, et cetera.

This is a SECURITY MEASURE not a Malicious attempt. The management KNEW he was the only one with the passwords to the routers and did not put any policies in place to otherwise disperse that password because he was and is the only engineer with intimate enough knowledge of the details to not **** it up. I guarantee you now that the network password is exposed for all of the techs to see, that network is going to "implode."

And they'll blame it on him.

Michichael

[Penguinisto]

I agree ab't the measures being protective, but honestly... why did only one employee have the passwords, and where was the backup image?

Usually you have at least two admins with full access and all the passwords (you can then park the file on a couple of USB sticks right next to the flash images, and have both of 'em dropped off in a safe deposit box at the bank).

[Michichael]

Penguin - according to inside sources, if what I've read is to be believed, there wasn't anyone else competent enough to hold those keys. There were no policies in place that were enforced or enforce-able for backup schemes. They were working on that. This guy was the #1 technical expert and management saw no problems with him having the passwords. "Just call Terry" Until this happened. 50$ says that now that they have the passwords it's going to start having issues...

[AppleSuxLeo]

Is he one of the Village People ?

[inachu]

I agree 100%! I hope some IT reporter keeps us informed.

[Chris-Anderson]

Related Article to That Story: SysAdmin Who Locked San Francisco Network Gives Key to Mayor Gavin Newsom