Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Employee hands over passwords to hijacked San Francisco computer network

By Michael Hatamoto, BetaNews

July 23, 2008, 11:27 PM

Much to the delight of San Francisco computer network officials, Mayor Gavin Newsom was given the password so the city can again have access to its computer network after it was hijacked by a city employee.

Terry Childs, 43, of Pittsburg, California, manipulated the city's computer system and held it hostage for more than a week before handing over the passwords. Specifically, Childs locked city officials out of the FiberWAN network that controls the city's e-mails, law enforcement records, payroll, and other personal records.

He said he changed the access passwords for everyone because he felt his superiors were naive and negligent about security issues and viruses possibly infecting the system. One of the superiors told Childs he could be suspended and lose his job due to insubordination, which apparently triggered the situation.

After being arrested and taken into custody on July 13, Childs is being held on $5 million bail, with the higher figure largely because of fears Childs would make bail and then promptly lock the city out of its network forever

The jailhouse meeting took place between Childs, his attorney Erin Crane, and Mayor Newsom, without the knowledge of San Francisco District Attorney Kamala Harris. Childs and his attorney chose to hand over the passwords to the mayor because he was one of the only people that did not immediately vilify Childs for his actions when the news broke last week.

During a press conference last week, Mayor Newsom said Childs is a "rogue employee" and became "a bit maniacal and full of himself," but still didn't chastise him the same way the local media and city officials did.

After writing down a lengthy security code, Childs then asked Newsom to take the code directly to the Cisco engineers and bypass giving it to city computer officials.

The temporary hostage situation over the city's FiberWAN network has pointed out several procedures San Francisco officials will likely need to fix in the future to prevent a similar situation. City officials indicated Childs, who is a certified Cisco Systems network administrator, was one of the chief designers of the FiberWAN network.

Instead of letting a couple of people, Childs included, have complete access to the city network, each person should only have access to certain parts of the network, officials said. Another security issue is that the city apparently did not keep adequate backups of its computer network in case of major data loss -- or a "rogue" employee hijacking the network.

Engineers from Cisco were brought in to work around the clock to try and gain access to the network, but they had minimal success trying to get through Childs' handiwork before receiving the passwords.

The entire network is now back in the complete control of the city of San Francisco.

Add a Comment (21 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By mortonsoft

edited Jul 29, 2008 - 7:26 PM

I read the article and the comments, and there's one thing that's obvious to me that hasn't been suggested yet: WAS THE I.T. MANAGER FIRED??? What manager would empower a peon employee this way? And no doubt the I.T. manager had no hands-on I.T. experience, or his experience is so old that it pre-dates the term "I.T.". Screw the rogue employee... This was POOR MANAGEMENT. You NEVER give ONE PERSON this much power over your network. Who was this guy's manager? Forrest Gump?

Score: 0

By ajlane17

edited Aug 29, 2008 - 3:27 PM

The article mentions that he was one of the chief designers of the FiberWAN network, which would suggest that he wasn't just some "peon employee" that reported to Forrest Gump (???)... Just my two cents. I do agree that his methodology for getting his point across was a bit extreme though. The strategic aspects of the IT field can be dificult to tackle at times especially when dealing with potential situations that can include heavy price tags (i.e. disaster recorvery on a large scale). I respect Child's position and his efforts to express the importance of the problems he was adamant about resolving, just not his final attempt to do so. I don't argue for the implementation of costly and time consuming solutions because I want to, but because they are necessary for business continuity. If my proposals were shot down, in the manner in which it seems his were, I wouldn't react like that, but I would seriously consider moving on. Who would want to accept that kind of responsibility without being able to do the job properly?

Score: 0

By dracodos

posted Jul 25, 2008 - 11:26 AM

I would think this kind of incident will bring the IT security aspect of network managing to the forefront again. Every single company HAS to deal with it. Not many are willing to or are just not smart enough to think about it.

*Maybe* child's attempt was justified. Thankfully it appears his attempts didn't appear to put anyone at risk. But sadly being marked as a 'rogue' will not do well for his future job-wise

Score: 0

By DatabaseBen

edited Jul 24, 2008 - 4:49 PM

perhaps, child's had some justification because of his superiors in the it dept and the dogma that exists.

obviously the entire department was infected with the virus's called "arrogance", "no-it-all-ism", "no-loads" and "god complex".

there should have been a procedure where he could file a grievance and be protected from retaliation.

anyways, does any one know what was the password?

i bet it was something simple like "kiss-my-a*s"

Score: 0

By imafurby

posted Jul 24, 2008 - 3:18 PM

Mayor Newsom said Childs is a "rogue employee..
That's the pot calling the kettle black if I you ask me.

Score: 0

By ingram091

edited Jul 24, 2008 - 3:20 PM

This is a consistent problem in IT. We go to management and inform them of a problem and that it must be repaired and management in turn brushes it off as an unnecessary expenditure and tells the IT manager to quit rocking the boat.

Then when something happens its their fault...

Now yea, OK In this case it was his fault, cause he did it to prove a point. But I'm sure by that point, the guy was pretty resigned to the fact that he didn't want to work in IT anymore. I certainly wish I didn't ever get into this field. Its by far the most thankless and unappreciated position in any company.

I mean our successes go unnoticed cause everything is running smoothly, Our failures are known by all and ridiculed as we try to recover from disaster. So 90% of the time people think we are unnecessary, and the remaining 10% of the time they are pissed at us cause the network is down while we get it fixed.

Indeed a janitor tends to get more respect then a typical IT tech or manager from the rest of the business world.

Score: 0

By kprovance

posted Jul 28, 2008 - 3:39 PM

A-friggen-men, brother!! Never again would I do that kind of work.

The nastiest folk of all are the damned secretaries to the higher ups (pres, vp, etc) when they don't have immediate access to Word, Excel, etc and every file on the network. I remember getting a fairly bad thrashing from one of those ingrates when somehow she screwed up her dictionary file and could not locate a backup. It was all the IT depts. fault that there was no easily accessible backup (and must have been our fault that her file got messed up to begin with). God, I wanted to slap her.

Score: 0

By ir0nw0lf

edited Jul 24, 2008 - 11:22 AM

I'm sorry, but any real IT person with a honest shred of intelligence and *integrity* would not have done this (childish) act. This smacks of someone developing a temper tantrum because no one would listen to him. I don't know a single IT person who admits they would do this, the maturity level ranks down there with a elementary school kid. He needs to be fired with loss of all benefits and never allowed to hold a IT job in SF again.

EDIT: The guy should be glad he wasn't in the military and did something like this...

Score: 0

By Niro

posted Jul 24, 2008 - 12:28 PM

Any IT guy that would actually admit he would do this...would be fired very quickly...so don't expect anybody to actually ADMIT they would do it.

I'm sure he was fired, and I'm sure it will be almost impossible for him to get a job at this point...

Score: 0

By preinterpost

edited Jul 24, 2008 - 9:10 AM

How come that I never ever read any real news on this site despite its name. Anything is a day old in overseas news. Granted - there is the time zone but that means at least 50% should appear here 1st. Relating to this story - Apparently large portions of the network is still locked down. Here's the latest in case this link works and someone cares: http://www.infoworld.com...still_locked_out_1.html

Maybe Jaq can save the day and post some more advertisements as news...

Score: 0

By CyberDoc999

posted Jul 24, 2008 - 5:44 AM

Now be a good boy and give the Mayor back his network......... no more video games for you....

Score: 0

By Jackanapes

posted Jul 24, 2008 - 2:43 AM

LOL! I love it! Liberals being lax about security.

Score: 0

By preinterpost

posted Jul 24, 2008 - 8:58 AM

Well, as long as they still pull in the money to subsidize the larger non-coastal Hillbilly territory it's OK I guess...

Score: 0

By zenarcher

posted Jul 24, 2008 - 3:27 AM

One would think those liberals would model their security after nice conservative firms.....like Diebold! ;)

Score: 0

By Genus

posted Jul 24, 2008 - 1:12 AM

I'm surprised one person can bring a network of that magnitude down so easily. As a programmer/engineer of sorts it makes sense that 20 or so people should have security codes and that to gain full access to the system it should require as least 3 of the codes.

Score: 0

By shicaca

posted Jul 24, 2008 - 6:04 AM

It's not that they didn't have the passwords ("codes"), it's that he took the passwords and changed them so they were denied access.

The thing that I find funny is that they're suggesting, "One person shouldn't have access to everything. 20 ppl should have access to smaller portions".

Ok ... so what happens when that person dies unexpectedly or something along those lines?

The mayor should have access to everything, passwords "codes" should not be able to be changed by *anybody* but the mayor himself or other elected official. (although sometimes the mayor might not be the best person, either ... look at scandal w/ the Detroit's mayor re: the hooker that is now deceased)

Or, god forbid, someone makes the extra backups.

Score: 0

By Paul Skinner

posted Jul 24, 2008 - 6:20 AM

You didn't actually read his comment at all, did you.

He suggested having to have at least 3 people supply their passwords for anyone to be able to access the whole system or indeed change any of the passwords.

Score: 0

By Kompressor

posted Jul 24, 2008 - 7:05 AM

Look up: Hacking 101.

Score: 0

By sx66gns

posted Jul 24, 2008 - 12:05 AM

Nice , See what a little respect gets you.....

Cooperation.

Score: 0

By kbsoftware

posted Jul 24, 2008 - 11:15 AM

Criminals do not deserve respect and what this guy did is criminal. I doubt he got any real respect just fake ones :) kind of like what a hostage negotiator gives, oh wait.

Well I have no idea what this guys future is, but I doubt it's going to be very bright.

Score: 0

By bourgeoisdude

posted Jul 24, 2008 - 9:38 AM

In the computer world, absolutely. Just be careful what worlds you paralell this to, because it doesn't work in every world.

Score: 0

Oct 7 - 7:00 PM ET Amid hints of Firefox Mobile alphas, 'Fennec' moves forward

Oct 7 - 5:27 PM ET Job gains and losses in IT: The latest numbers

Oct 7 - 5:19 PM ET Despite an announcement, 'Kilimanjaro' may not be the next SQL Server

Oct 7 - 5:00 PM ET CEA: Holiday TV, game machine sales to rise this year, despite economy

Oct 7 - 4:52 PM ET Is the US fast becoming a 'third world' for smartphones?

Oct 7 - 4:18 PM ET Mail Goggles a lot of $(@)!# fun, but safety net has holes

Oct 7 - 3:41 PM ET Verizon loses in jury trial against Cox, two patent claims invalidated

Oct 7 - 12:37 PM ET Real suspends RealDVD in wake of MPAA lawsuit

Oct 7 - 12:01 PM ET Rambus wins again as Supreme Court denies Samsung's appeal

Oct 7 - 10:38 AM ET AMD's huge gamble: Foreign investors will co-own new foundries