SAN FRANCISCO, July 17, 2008
S.F. Claims IT Worker Hijacked Passwords
City Employee Accused Of Holding Computer Network Hostage; Faces Seven Years In Prison
-
Play CBS Video Video S.F.: City Data In Danger San Francisco's computer system may be held hostage by a disgruntled IT worker, the city says. John Blackstone reports and Maggie Rodriguez talks to the city's district attorney.
-
(CBS/AP)
-
Interactive PC Perils Facts on viruses and other computer menaces, security tips and a timeline of virus attacks.
City officials accused Department of Technology employee Terry Childs of taking over the new FiberWAN (Wide Area Network) by creating a secret password for his own use. The multi-million-dollar computer network stores records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail bookings.
"It's actually the routers under control of this guy," CNET-TV's Tom Merritt explained, as he showed CBS News correspondent John Blackstone the network equipment at the center of the firestorm. "He could go in and change passwords and block traffic and shut all of this stuff for the city of San Francisco down if he wanted to."
Childs, 43, was scheduled to be arraigned Thursday. He was arrested Sunday and held on suspicion of four counts of computer tampering. He did not enter a plea at a court appearance Tuesday.
His public defender, Mark Jacobs, described the bail amount as crazy and suggested the charges resulted from a misunderstanding.
"I don't think he's a threat," Jacobs said. "He didn't kill anybody, and murderers usually get a $1 million bail, so you do the math."
"Think about it in terms of having a safe deposit box at a bank," said San Francisco District Attorney Kamala Harris, "you want to know that you are the only person to have access to that."
"The reality is that we have institutions and systems that have been created with the assumption they will have integrity, that they will be safe and they will not be compromised," Harris told CBS News'The Early Show.
The city says fixing the system and determining whether the alleged tampering led to a security breach could cost millions of dollars. Officials say the exact damage is still being assessed.
Blackstone reports that, so far, everything seems to be running normally. But without the password, it could take the city six to eight weeks to rebuild the entire system.
Prosecutors have not given a motive, but police investigators say Childs recently had been disciplined at work.
"The San Francisco police department has done a fabulous, amazing job in conducting the investigation in this case," Harris said. "They were on it from the beginning. And it's still a work in progress in terms of uncovering and figuring out exactly the expanse of this fellow's work."
If convicted, Harris says that Childs could face seven years in state prison.
© MMVIII, CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.
More From SciTech
Best-selling author Mitch Albom on his first nonfiction work since "Tuesdays with Morrie."
- 1
- 2
- next
See all 30 Comments---------------------------
Posted by lamott2k at 10:02 AM : Jul 18, 2008
According to the San Francisco Chronicle (see http://tinyurl.com/5cgkbz), he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him. ("They weren''t able to do it - this was kind of his insurance policy," said the official, speaking on condition of anonymity because the attempted firing was a personnel matter.) I''d be surprised if you thought this was a legitimate reason to sabotage a network.
But let''s suppose he got suspended a few days for something stupid, like not keeping his desk clean. That would rightfully anger most people, right? It''s heavy-handed. So, would you support his "right" to hijack the network? Even if it put people at risk? How about a fast food worker whose boss p1ssed him off, and decides to respond by spitting in your hamburger? Your viewpoint probably changes as soon as it affects you.
Posted by Dan400Man at 04:50 PM : Jul 17, 2008
Don''t you notice in the story that they''re being very vague with certain details?. Why was Disciplinary action (if any) taken in the first place?. Who''s to say this guy''s buttons weren''t pushed one too many times thus resulting in this. I don''t side with criminals normally, but there''s a fuzzy glare in front of the facts of this case and I feel this is far more than some disgruntled worker letting off steam. He''s *** them hard and I''m convinced he''s got a good reason for it. Only time will tell.
---------------------------
Posted by Hasher47 at 03:11 PM : Jul 17, 2008
I think you meant to say "should not have", and I agree. However, this particular table is "touched" by hundreds of applications, which are used by thousands of users. However, only a very few would ever see the sensitive data from those apps. Making even a simple change like this would have to be tested up the wazoo before it could ever be rolled out to production. Apparently, the powers-that-be decided that it was not a top priority.
---------------------------
Posted by lamott2k at 03:36 PM : Jul 17, 2008
Are you kidding me? Discipinary action (unspecified by the story) is a "legitimate reason"? By that logic, all disciplinary action should result in termination of employment, on the spot, get escorted out the door.
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php
I''d laugh my butt off if it turns out the guy rolled out a patch ''n the routers reset their own passwords to defaults...
Now not telling everybody in advance that it was going to happen, and not putting the password in a couple of physically secure locations separated geographically (read "safes") so as to ensure that they weren''t compromised by the same disaster...
Well, that is criminal.
(There''s the gay joke. Get it?)
Posted by why_ma_raner at 03:19 PM : Jul 17, 2008
I have to somewhat agree. A good percent of I.T. People are nerds who got treated really badly when they were younger. That doesn''t mean everyone that is involved in this business will flip out. But considering the amount of anti-social misfits I''ve dealt with in this industry, it doesn''t surprise me. Although I believe in THIS case, this guy has a legitimate reason to do what he did. Like Chris Rock said, "I''m not saying it''s right, but I understand".
There are fairly simple ways to give admins just the access they need to do their jobs, but the business managers of most organizations don''t understand how this works, so out of ignorance they just find someone they think they can trust and give them the keys. You would think that SF, a city in the center of the techniverse, would have a CIO on board who would know better.
It should scare you, because, a lot of these guys are IT megalomaniacs (right, lamott?) and it just takes one who lacks self-control and acts on his impulses when he feels slighted to do something like this.
Sounds like the ISSO at your company isn''t doing his/her job. You, as an application developer, should have access to the "live" customer DB. ISSO''s are suppose to ensure ''separation of duties''.
Posted by SamTheTVCat at 02:52 PM : Jul 17, 2008
...yes...kinda.
But the last ''upstanding disgruntled city worker'' to cause such a ruckus assassinated the mayor and got away with it because he ate some twinkies . . . if he was angry before, what must he be like now!?!
An act like this is clearly going to wig a lot of people out . . .
Part I
This case is more than about some guy hiding the keys, it''s about why he did it, and what or who else is involved in creating the situation that lead up to this guy making this move. Locking EVERYONE out of the system, then getting arrested, but opting for a public defender?. With his salary he could have his own but it''s obvious that he thought this out for some time before acting on it. This could drag out for years, but I''m sure it''s going to be solved before then.
Part II
And a note to those I.T., Network, Cisco, and System administrators. Stop trying to play Monday Morning Quarterback with your "Solutions" as to how this can be fixed.
%u201CWell first I would bring the energy strobes in the Dilithium crystal chamber down to 7 terrilliam, then activate the flex capacitor and crank the RPM%u2019s to 88MPH. Afterwards, that would cause the kinflap transformer to hiccup, creating a wormhole that will lead to a time 9 Mars minutes before he locked the system out%u201D
If any real admin worth his/her that knows technology (like myself) knows, it''s possible to do this & wreck havoc on any business. There is no easy fix but to get the password, and if an alternate solution exist it''s going to involve lots of money to make it happen. So please with the empty theories like ya''ll know it all.
---------------------------
Posted by ramos937 at 10:19 AM : Jul 17, 2008
ramos937, I forgot to chime in on this earlier. You are absolutely correct that this guy''s manager(s) should be held accountable as well, although you & I have different reasons for feeling that way.. Only two people should have "god" access to the kingdom, a chief I.T. security officer, and a CEO or other board-level officer. In this case, the "CEO" is the mayor. Well, wait a minute, not if it''s the mayor of Detroit, then it''d have to go to... uh... sheesh, the whole damm Detroit city goverment stinks of corruption. (Glad I''m in the burbs...)
"But without the password, it could take the city six to eight weeks to rebuild the entire system."
Sounds like he changed the enable secret on the routers (assuming they are Cisco devices). Resetting this will take about 15 mins. per device, once you got attached to it directly, so that would explain the 6-8 weeks to hit them all (1-2 weeks if the work wasn''t being done by civil servants). The question is, if he tells them the password they should be able to reset it globally from a single console in a matter of hours. So why isn''t he giving it to them?
- 1
- 2
- next
See all 30 Comments