Only days after the city of San Francisco regained control of its computer network after an alleged hijacking, a new vulnerability has come to light--this time brought on by the city itself.
The San Francisco district attorney's office has apparently made public nearly 150 usernames and passwords used by city officials to gain access to the city's network. The list was submitted to the court as Exhibit A in a case against Terry Childs, a 43-year-old network administrator for the city who was arrested July 13 on four felony charges of tampering with the city's computer network.
Co-workers accused Childs of setting a "time bomb" that would sabotage the network the next time it went down, either for maintenance or due to a power outage.
Childs had effectively taken the city's network hostage by locking administrators out and refusing to give up the passwords needed to regain access. In a secret meeting with Mayor Gavin Newsom earlier this week, the San Francisco Chronicle reported that Childs handed them over directly to the mayor.
Later in the week, the DA's office reportedly filed a court document to argue against a reduction of the $5 million bail set for Childs, who is being held in the county jail. Exhibit A of the document contained the usernames and passwords used by nearly 150 employees to get into the city's virtual private network. And despite saying the passwords pose an "imminent threat" to the city's computer network, they are now of public record.
A source tells InfoWorld that a second password is needed to gain access to the VPN. Still, giving up these so-called phase one passwords is hardly recommended security policy.
And here I thought we San Franciscans were supposed to be good with this computer stuff.
The computer network hostage crisis in San Francisco is over, thanks to the city's mayor.
Terry Childs, a network administrator for the city of San Francisco, has been in custody since July 13 on four felony charges of taking control of the city's computer network and locking administrators out. Access to much of the city's information was blocked, including law enforcement, payroll, and jail-booking records.
Childs had reportedly refused to surrender the codes to his supervisors, but after a little more than a week as a guest of the city, he apparently had a change of heart and invited Mayor Gavin Newsom to meet with him, according to a report on the San Francisco Chronicle Web site Monday night.
A secret meeting was arranged at the city jail on Monday afternoon, where Childs gave Newsom the codes to the network. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time.
The codes given to Newsom didn't initially provide access to the system, but a call to Childs' attorney got the city back in the system.
Although the city has regained control of its network, not all is necessarily forgiven. Erin Crane, Childs' defense attorney, is expected to cite his cooperation during a court hearing on Wednesday in a bid to have his $5 million bail reduced.
Crane has argued that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job.
"Mr. Childs had good reason to be protective of the password," Crane told the newspaper. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves...He was the only person in that department capable of running that system."
- prev
- 1
- next
