S.F. Claims IT Worker Hijacked Passwords

City Employee Accused Of Holding Computer Network Hostage; Faces Seven Years In Prison

(CBS/AP)  A city computer engineer accused of tampering with San Francisco's new computer network to give himself exclusive access was ordered held on $5 million bail.

City officials accused Department of Technology employee Terry Childs of taking over the new FiberWAN (Wide Area Network) by creating a secret password for his own use. The multi-million-dollar computer network stores records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail bookings.

"It's actually the routers under control of this guy," CNET-TV's Tom Merritt explained, as he showed CBS News correspondent John Blackstone the network equipment at the center of the firestorm. "He could go in and change passwords and block traffic and shut all of this stuff for the city of San Francisco down if he wanted to."

Childs, 43, was scheduled to be arraigned Thursday. He was arrested Sunday and held on suspicion of four counts of computer tampering. He did not enter a plea at a court appearance Tuesday.

His public defender, Mark Jacobs, described the bail amount as crazy and suggested the charges resulted from a misunderstanding.

"I don't think he's a threat," Jacobs said. "He didn't kill anybody, and murderers usually get a $1 million bail, so you do the math."

"Think about it in terms of having a safe deposit box at a bank," said San Francisco District Attorney Kamala Harris, "you want to know that you are the only person to have access to that."

"The reality is that we have institutions and systems that have been created with the assumption they will have integrity, that they will be safe and they will not be compromised," Harris told CBS News'The Early Show.

The city says fixing the system and determining whether the alleged tampering led to a security breach could cost millions of dollars. Officials say the exact damage is still being assessed.

Blackstone reports that, so far, everything seems to be running normally. But without the password, it could take the city six to eight weeks to rebuild the entire system.

Prosecutors have not given a motive, but police investigators say Childs recently had been disciplined at work.

"The San Francisco police department has done a fabulous, amazing job in conducting the investigation in this case," Harris said. "They were on it from the beginning. And it's still a work in progress in terms of uncovering and figuring out exactly the expanse of this fellow's work."

If convicted, Harris says that Childs could face seven years in state prison.

[dan400man]

Don''''t you notice in the story that they''''re being very vague with certain details?. Why was Disciplinary action (if any) taken in the first place?. Who''''s to say this guy''''s buttons weren''''t pushed one too many times thus resulting in this. I don''''t side with criminals normally, but there''''s a fuzzy glare in front of the facts of this case and I feel this is far more than some disgruntled worker letting off steam. He''''s *** them hard and I''''m convinced he''''s got a good reason for it. Only time will tell.
---------------------------
Posted by lamott2k at 10:02 AM : Jul 18, 2008

According to the San Francisco Chronicle (see http://tinyurl.com/5cgkbz), he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him. ("They weren''t able to do it - this was kind of his insurance policy," said the official, speaking on condition of anonymity because the attempted firing was a personnel matter.) I''d be surprised if you thought this was a legitimate reason to sabotage a network.

But let''s suppose he got suspended a few days for something stupid, like not keeping his desk clean. That would rightfully anger most people, right? It''s heavy-handed. So, would you support his "right" to hijack the network? Even if it put people at risk? How about a fast food worker whose boss p1ssed him off, and decides to respond by spitting in your hamburger? Your viewpoint probably changes as soon as it affects you.

[lamottjackson]

Are you kidding me? Disciplinary action (unspecified by the story) is a "legitimate reason"? By that logic, all disciplinary action should result in termination of employment, on the spot, get escorted out the door.

Posted by Dan400Man at 04:50 PM : Jul 17, 2008

Don''t you notice in the story that they''re being very vague with certain details?. Why was Disciplinary action (if any) taken in the first place?. Who''s to say this guy''s buttons weren''t pushed one too many times thus resulting in this. I don''t side with criminals normally, but there''s a fuzzy glare in front of the facts of this case and I feel this is far more than some disgruntled worker letting off steam. He''s *** them hard and I''m convinced he''s got a good reason for it. Only time will tell.

[bill517]

This is silly. The only motive a geek could have is for the purpose of maintaining the system. This is the silliest story I''ve read recently.

[dan400man]

Sounds like the ISSO at your company isn''t doing his/her job. You, as an application developer, should have access to the "live" customer DB. ISSO''s are suppose to ensure "separation of duties".
---------------------------
Posted by Hasher47 at 03:11 PM : Jul 17, 2008

I think you meant to say "should not have", and I agree. However, this particular table is "touched" by hundreds of applications, which are used by thousands of users. However, only a very few would ever see the sensitive data from those apps. Making even a simple change like this would have to be tested up the wazoo before it could ever be rolled out to production. Apparently, the powers-that-be decided that it was not a top priority.

[dan400man]

... Although I believe in THIS case, this guy has a legitimate reason to do what he did. Like Chris Rock said, "I''''m not saying it''''s right, but I understand".
---------------------------
Posted by lamott2k at 03:36 PM : Jul 17, 2008

Are you kidding me? Discipinary action (unspecified by the story) is a "legitimate reason"? By that logic, all disciplinary action should result in termination of employment, on the spot, get escorted out the door.

[missingamerica]

They should try

http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworkedDevices.php

I''d laugh my butt off if it turns out the guy rolled out a patch ''n the routers reset their own passwords to defaults...

[missingamerica]

I don''t see any problem with changing the passwords on all the routers.

Now not telling everybody in advance that it was going to happen, and not putting the password in a couple of physically secure locations separated geographically (read "safes") so as to ensure that they weren''t compromised by the same disaster...

Well, that is criminal.

[whymayiask]

What a load of BS. They pay a guy to run a secure network, the arrest him because it is secure? I wonder who he has the junk on?

[extremophil]

If it''s San Francisco, the password is either "fairytale" or "pervert".

(There''s the gay joke. Get it?)

[lamottjackson]

It should scare you, because, a lot of these guys are IT megalomaniacs (right, lamott?) and it just takes one who lacks self-control and acts on his impulses when he feels slighted to do something like this.

Posted by why_ma_raner at 03:19 PM : Jul 17, 2008

I have to somewhat agree. A good percent of I.T. People are nerds who got treated really badly when they were younger. That doesn''t mean everyone that is involved in this business will flip out. But considering the amount of anti-social misfits I''ve dealt with in this industry, it doesn''t surprise me. Although I believe in THIS case, this guy has a legitimate reason to do what he did. Like Chris Rock said, "I''m not saying it''s right, but I understand".