Yahoo: IT Admin Locks up San Francisco's Network ***Updated***

[Zguy28]

IT Admin Locks up San Francisco's Network (PC World)

http://tech.yahoo.com/news/pcworld/148427

- A network administrator has locked up a multimillion dollar computer system for San Francisco that handles sensitive data and is refusing to give police the password, the San Francisco Chronicle reported Monday.

The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code, the paper reported.

The new FiberWAN (Wide Area Network) handles city payroll files, jail bookings, law enforcement documents and official e-mail for San Francisco. The network is functioning but administrators have little or no access.

Childs, who remains in custody, is accused of improperly tampering with computer systems and causing a denial of service, said Kamala Harris, San Francisco's district attorney, on Monday afternoon.

"The bail has been set at $5 million, and the exposure in this case if he were convicted on all counts would be seven years in prison," Harris said.

Harris said it's unknown why Childs tampered with the system. The Chronicle, however, reported that Childs was disciplined recently for poor performance. Childs worked in the Department of Technology for San Francisco, making close to US$150,000 a year, the paper reported.

City officials told the paper that Childs may have caused millions in damage while also rigging the network so that other third parties could monitor traffic, posing a huge data security risk. He is also alleged to have installed a tracing system to monitor communications related to his personnel case.

(Robert McMillan in San Francisco contributed to this report.)

[TimmySmith]

What a joke that town has become.

[Kurd Cudins]

It's a Firesale. Live Free or Die Hard!

[FanboyOf91]

Only 7 years...:doh:

And he's refusing to give the real password?

Sounds like a job for some enterprising young hacker. (Job guaranteed if successful!)

[Thiebear]

Theres only one IT guy and 1 password... nice .

[Zguy28]

Theres only one IT guy and 1 password... nice .

He probably locked the rest of them out before they knew what happened.

I could easily do the same where I work.

[The Sisko]

Nerds of the world UNITE!!

[Corcaigh]

An underperforming network admin working for the local government makes close to $150,000 per year? Their personnel department should be fired along with all the management involved in his pay reviews.

[Larry]

An underperforming network admin working for the local government makes close to $150,000 per year? Their personnel department should be fired along with all the management involved in his pay reviews.

You should see how much porn he got off of the computers of the City Council and the Chief of Police.

[Predicto]

An underperforming network admin working for the local government makes close to $150,000 per year? Their personnel department should be fired along with all the management involved in his pay reviews.

LOL. He doesn't make that much every year. It's just because he did a huge amount of overtime last year....

wait for it.....

setting up this new computer system. :laugh:

[Predicto]

What a joke that town has become.

Thanks. America's Favorite City likes you too.

Maybe Marion Berry can be our three term mayor next.

[DjTj]

Welcome back Predicto.

I'm surprised you can get online with this guy holding your networks hostage. Did you guess the password?

[Predicto]

Welcome back Predicto.

Thank you. It's been hard, biting my tongue this long.

I'm surprised you can get online with this guy holding your networks hostage. Did you guess the password?

Heheh. I don't work for the City - I work for the State of California.

And the city computer system is working pretty well on autopilot. The problem is that administrators can't get in to change anything if they need to.

As Zguy pointed out, this could happen anywhere (and has happened plenty of times before). It's an inherent problem in computer security.

[Zen-like Todd]

Welcome back Predicto.

I'm surprised you can get online with this guy holding your networks hostage. Did you guess the password?

Predicto tried 7,543,257 variations of "natalieportman" before stumbling onto the correct password.

[Larry]

Predicto tried 7,543,257 variations of "natalieportman" before stumbling onto the correct password.

Anybody tried "12345"?

[dfitzo53]

Anybody tried "12345"?

"So the combination is one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"

[Predicto]

Maybe his kid is named Joshua.

[squatch66]

love the spaceballs reference.

[Vicious]

He owned them.

[Zguy28]

Maybe his kid is named Joshua.

How about a nice game of chess?

[Zguy28]

The Story Behind San Francisco's Rogue Network Admin

Paul Venezia, InfoWorld

http://www.pcworld.com/businesscenter/article/148669/the_story_behind_san_franciscos_rogue_network_admin.html

Last Sunday, Terry Childs, a network administrator employed by the City of San Francisco, was arrested and taken into custody, charged with four counts of computer tampering. He remains in jail, held on US$5 million bail. News reports have depicted a rogue admin taking a network hostage for reasons unknown, but new information from a source close to the situation presents a different picture.

In posts to my blog, I postulated about what might have occurred. Based on the small amount of public information, I guessed that the situation revolved around the network itself, not the data or the servers. A quote from a city official that Cisco was getting involved seemed to back that up, so I assumed that Childs must have locked down the routers and switches that form the FiberWAN network, and nobody but Childs knew the logins. If this were true, then regaining control over those network components would cause some service disruption, but would hardly constitute the "millions of dollars in damages" that city representatives feared, according to news reports.

Apparently, I wasn't far off the mark. In response to one of by blog posts, a source with direct knowledge of the City of San Francisco's IT infrastructure and of Childs himself offered to tell me everything he knew about the situation, under condition that he remain anonymous. I agreed, and within an hour, a long e-mail arrived in my in box, painting a very detailed picture of the events. Based on this information, the case of Terry Childs appears to be much more -- and much less -- than previously reported.

A Man and His Network

It seems that Terry Childs is a very intelligent man. According to my source, Childs holds a Cisco Certified Internetwork Expert certification, the highest level of certification offered by Cisco. He has worked in the city's IT department for five years, and during that time has become simply indispensible.

Although Childs was not the head architect for the city's FiberWAN network, he is the one, and only one, that built the network, and was tasked with handling most of the implementation, including the acquisition, configuration, and installation of all the routers and switches that comprise the network. According to my source's e-mail, his purview extended only to the network and had nothing to do with servers, databases, or applications:

"Terry's area of responsibility was purely network. As far as I know (which admittedly is not very far), he did not work on servers, except maybe VoIP servers, AAA servers, and similar things directly related to the administration of the network. My suspicion is that you are right about how he was "monitoring e-mail"; it was probably via a sniffer, IPS, or possibly a spam-filtering/antivirus appliance. But that's just conjecture on my part."

Like many network administrators who work in the rarified air of enterprise network architecture and administration, Childs apparently trusted no one but himself with the details of the network, including routing configuration and login information. Again, from the source's e-mail:

"The routing configuration of the FiberWAN is extremely complex. Probably more so than it ought to be; I sometimes got the feeling that, in order to maintain more centralized control over the routing structure, [Childs] bent some of the rules of MPLS networks and caused problems for himself in terms of maintaining the routing.

"Because the system was so complex (and also because he didn't involve any of the other network engineers in his unit), Terry was the only person who fully understood the FiberWAN configuration. Therefore, to prevent inadvertent disruption of this admittedly critical network, he locked everyone else out. I know most of the networking equipment ... does use centralized AAA, but I get the impression he may have configured the FiberWAN equipment for local authentication only."

Childs' attitude toward other administrators is by no means unusual in the IT industry. This is generally due to the fact that admins who are tasked with constructing and maintaining networks of this size and scope care for them like children, and eventually come to believe that no one else could have the knowledge and skills to touch the delicate configurations that form the heart of the network.

Full Article at link...

[Thiebear]

This is why you force vactions and every 6 months you do job rotations.

Actual Project plans... help as that the others in the group help make it happen. SOP and documention so that anyone (in the group at least) could do it. QA checklists etc.

[zoony]

An underperforming network admin working for the local government makes close to $150,000 per year? Their personnel department should be fired along with all the management involved in his pay reviews.

that's just above the poverty level in San Fran.

[Duckus]

I think this is hilarious. Dude should plea bargain himself down to parole for the password.

[jpillian]

So why did he do this again?