IT Administrator holds city of San Francisco hostage!

I guess the Bastard Operator from Hell is working in San Francisco these days.
A network administrator has allegedly locked up a multimillion-dollar computer system for the city of San Francisco that handles sensitive data, and he is refusing to give police the password

Terry Childs, 43, was arrested Sunday and has been charged with four counts of tampering with a computer network. According to the office of San Francisco District Attorney Kamala Harris, Childs made changes to the city's Fibre WAN (wide area network), allegedly rendering it inaccessible to administrators. He also "set up devices to gain unauthorized access to the system," the DA's office said in a statement.

The Fibre WAN is used to connect computers in buildings throughout the city and carries about 60 percent of the networking traffic for the city government. On Tuesday it was functioning normally, but the city no longer has administrative access to the switches and routers on the network, according to Ron Vinson, chief administrative officer with the city's Department of Telecommunication Information Services.
...

Childs is a network administrator with the city's Department of Telecommunication Information Services, which runs the city's critical IT operations, including the e-mail system, Web site, 311 call center and telecommunications infrastructure.

From the SF Chronicle:
... the city's new FiberWAN (Wide Area Network), (is) where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

I wonder how clever an administrator he is? For instance, is there a bit of software watching Terry Child's own name in payroll, that will start formatting databases if his name is deleted? If he were really clever, he could also have another bit of code looking for his name in the inmate booking area.

I wonder if the computer could give the police the go-ahead to let him go? Now that would be clever! I have no idea if it's possible.

According to the Chronicle Childs has been working for San Francisco for about 5 years, and he was good at what he did. Still, he started getting delusions of power, and his supervisor tried to fire him.
"They weren't able to do it (fire him) - this was kind of his insurance policy," said the official, speaking on condition of anonymity because the attempted firing was a personnel matter.
...

As part of his alleged sabotage, Childs engineered a tracing system to monitor what other administrators were saying and doing related to his personnel case, law enforcement officials said.


Now the city is worried that Child's has some sort of remote access to the system, so they're keeping him in a cell away from computers - just in case he sends the doomsday code to the city computers.

I wonder who... or what... he would call with his one free phone call?

==============
20 July Update:

Paul Venezia from INFOWORLD has more details and explains Childs motives better. Childs' motives seem a bit more innocent:
If the details given to me in this e-mail are accurate, it would appear that this case is not nearly what it seemed originally. Perhaps it comes with the pressure and responsibility of the job, or the belief that the network they’ve built is simply too complex for mere mortals to comprehend, but it’s not uncommon for highly skilled network administrators to become overprotective of their networks, or for networks of significant size to become an extension of the person who built them.

It certainly appears that Terry Childs believed San Francisco’s FiberWAN network was his baby, and that by refusing to allow others to access the inner sanctum was in the best interests of the city, the citizens, and perhaps most importantly, himself.
Thanks to the Lippard Blog for writing about this.

4 comments:

NerdMom said...

NerdDad and I were discussing this idiot. Did he really think it would enable him to keep his job? I think that if he just wanted to rook them and teach them a lesson he would have blocked the entire network including himself and it would have been much harder to arrest him. (Not that I advocate illegal activities;).

Calladus said...

Speaking as an electrical engineer, I can think of a LOT of diabolical things that this engineer could have done.

Fortunately, almost everything I can think of leaves some sort of trail that could be followed, unless he pulled some sort of Milton Waddams 'burn the place down' method to cover his tracks.


I was in a similar position at one point - at my last employer I was the guy who programmed all the product testing machines, and then passworded the hardware to keep the users from fooling around with them. I really tried not to be the sole "keeper of passwords", but no one else wanted the job.

When I finally quit to work for my current employer, I gave all the passwords to my supervisor - who promptly got himself fired a month later. (It's a long story.)

3 months into my new job, 250 miles away, I got an urgent phone call from the factory manager asking me if I still knew the passwords to the machines! The factory was losing a LOT of money because the new manufacturing engineer couldn't load new test software.

They had asked my old supervisor for the passwords, and he told them he didn't know what they were, but that he was sure he could figure it out if the company hired him as a consultant for a week at a thousand dollars a day.

So they called me. The manager said it wasn't my fault, and mentioned paying me - but I told him not to be silly and rattled off all the passwords that I knew. I had no idea that they would even work - after all, my supervisor could have changed 'em.

But he didn't. They got into the machines and got products running on the factory again. I got a very nice thank you card and an unexpected $100 gift card for Home Depot.

I also got a job offer - but the company picked up and moved from California to North Dakota - (which is why I quit!) and I'm a hot weather type of fella.

Calladus said...

'scuse me, I meant to say South Dakota instead of North Dakota. But still, when I hear "Dakota" I think "too flipping cold!"

Anonymous said...

"The Terry Childs case in its own words" with links to the court documents including the motion for bail reduction which sheds some light on his motivation.
http://weblog.infoworld.com/venezia/archives/017979.html