Friday, August 1, 2008

Computer Administrator Sabotages System


Terry Childs, a 43-year-old computer network administrator for the Department of Technology in San Francisco has been charged with four counts of computer tampering.

The I.T. specialist had soul access to records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings .

When police asked for a password Childs gave them one that didn't work and
refused to divulge the real code even when threatened with arrest .

The power mad nutter set up a system of modems that would wipe out the cities' records if the city ever had a power failure causing total chaos. The system was due for a scheduled power down as a test and his devices were only discovered by accident.
Administrators say fixing the damage could cost millions of dollars.

Childs
earned $126,735 a year with an extra $22,534 for being an on-call trouble shooter and set the system up as possible job security as he had been disciplined recently for poor performance, it seems that sabotaging multimillion-dollar computer network really cuts into your time and energy.

The crazed I.T. geek is currently
in jail on $5 million bail and claims that the neighbour's dog made him do it . The animal is being questioned by police.

Nathan Ballard, a spokesman for Mayor Gavin Newsom, said, " The majority of I.T. specialists are decent hard working people we need to set an example to the rest that hold down an I.T. job and spam blogs on their breaks that this is not acceptable behaviour. We are hoping to have Child's fingers and eye sight removed so that he will never be in a position to be such a threat ever again."


10 comments:

warriorwoman said...

so, did they get anything out of that dog??

Anonymous said...

"The I.T. specialist had soul access to records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings ."

No, he had sole administrative access to the network routers which controlled the flow of traffic on the network. He was, not coincidentally, the only employee paid by the city to administer the network devices and the only employee paid by the city with clear authorization to do so. He had been for years. Even after his suspension and arrest, the network continued to function as it had been for years.

Anonymous said...

"When police asked for a password Childs gave them one that didn't work and refused to divulge the real code even when threatened with arrest ."

No. Terry Childs was called to a meeting with San Francisco DTIS Deputy Director Rich Robinson and DTIS' new Security Manager, Jeana Pieralde who asked him some questions regarding passwords.

We do not know specifically what they asked, nor specifically what Terry's responses were.

We do know that SF Police Inspector James Ramsey was present, and that he informed Terry Childs that if Terry failed to answer he would be arrested. We also know that Childs did answer, that he was not arrested and that he was allowed to leave.

He was arrested three days later.

An assistant district attorney claimed in the motion to oppose the reduction of bail that although Terry had answered the questions on July 9th, 2008 that the city had somehow been unable to test the passwords provided at the time and thus Terry was allowed to leave.

Apparently, neither of the DTIS department managers knew how to connect to the equipment to test the passwords on that date. Which brings up several questions...

Did they ever figure out how to connect to the equipment for administrative access at all?

Did they only ask for passwords and not for instructions regarding how the passwords could be used?

Did they even know enough to ask specifically for passwords to the equipment in question or did they mistakenly ask for different passwords entirely?

Anonymous said...

"The power mad nutter set up a system of modems that would wipe out the cities' records if the city ever had a power failure causing total chaos."

Wow. The city alleged that Terry had configured at least some of the network routers, which control the flow of data traversing the network, in such a way that their configuration was active and functional but not 'saved'.

One implication of this type of configuration is that if electric power to a device so configured is turned off, the device loses the configuration and will stop functioning as it had been.

Another implication not mentioned by the city is that a network administrator might configure a router this way deliberately to prevent a person who could gain physical access to the router from modifying the saved configuration and having the device continue to function as though nothing had happened when in fact the entire security of the network may have been compromised.

As the sole administrator of those network routers, it was Terry Childs job, for years, to ensure their security. Also, because the network was a WAN to connect city buildings, some of the routers were located in public owned buildings throughout the city where potentially tens of thousands of people could gain physical access to the routers.

Anonymous said...

"The system was due for a scheduled power down as a test and his devices were only discovered by accident."

The devices were the routers which controlled the flow of traffic over the network. The DTIS department had requested the devices, appropriated funds to purchase the devices, authorized payment for the devices and assigned Terry Childs and only Terry Childs to install and configure the devices. The devices were never unknown and thus not "discovered by accident."

It is the specific configuration of at least some of the routers which was "discovered by accident". Which of course raises the question, why did the DTIS department have no knowledge of how its own routers were configured already?

The routers in question are manufactured by Cisco. They include a flash media writer/reader. If no flash media card is present then it is obvious just by looking at the device that its configuration can not be in a saved state within the router. If the cards are present, removing the card and reading it in an alternate reader would reveal whether or not the configuration had been saved. The router would continue to function while this is done and it takes mere minutes to do. The fact that the department management did not know the configuration of their own routers is inexplicable unless they had entrusted all aspects of managing the routers to Terry Childs alone and if they had, how can they then claim that his sole knowledge of the configuration of the routers is criminal?

Also not mentioned by the city is the fact that should any of the routers stop functioning, it would be the responsibility of Terry Childs -as the sole administrator of the routers- to access any such router and restore its configuration to a working state.

Anonymous said...

"Administrators say fixing the damage could cost millions of dollars."

The configuration within each router is a routing table that determines to which other router a given packet of information would be sent next. The routing tables are complex although essentially they are lists of numbers and short text codes. To re-enter such a list does not take much time, certainly less than an hour per device.

The problem is not that reconfiguring the routers would in and of itself cost a great deal of money... its that the DTIS management did not know how to do so nor what the specific routes should be.

The only person in their employee who appears to have known, for years, is Terry Childs.

That situation in and of itself is clear evidence of utter mismanagement within the Department of Telecommunications and Information Services.

Anonymous said...

"Childs earned $126,735 a year with an extra $22,534 for being an on-call trouble shooter and set the system up as possible job security as he had been disciplined recently for poor performance, it seems that sabotaging multimillion-dollar computer network really cuts into your time and energy."

Why was he earning extra money to be on call? Because he was authorized and capable of administering the network and he was the only employee in the city who was.

It was his job -and solely his job- to install the network, configure the routers, maintain and secure the network and the network devices which controlled it.

Terry Childs had filed several informal complaints about a supervisor (Herb Tong) in the DTIS department. In early June, after nothing was done regarding the informal complaints, he filed a formal complaint. He also posted his resume to Craigs List on June 4th, 2008. (http://sfbay.craigslist.org/sfc/res/742696940.html)

He is not charged with any crime related to sabotaging the network - the network continued to function normally even after Childs was arrested.

Anonymous said...

"The crazed I.T. geek is currently in jail on $5 million bail and claims that the neighbour's dog made him do it "

Actually he claims that the entire situation is the result of a misunderstanding and that the management of the DTIS department is incompetent - and dangerously so given that they are responsible for the security of the network over which the majority of city information travels...

voice of reason said...

I.T. people are wizards of Satan and should be burned at the stake.

Anonymous said...

Download Free Casino tyuueooru
http://stonewalljacksoncarnival.org/ - Download Online Casino
All you need to is a well operating computer and an Internet connection and you?re done with your gambling.
[url=http://stonewalljacksoncarnival.org/]Free Games Casino[/url]
Therefore, the more the online casino, the more the casino options and offers as well.
Online Gaming Casino
Online casino seems to take the industry by storm.