Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

SF Admin Gives Up Keys To Hijacked City Network

Posted by timothy on Wednesday July 23, @11:25AM
from the please-let-this-be-the-end- dept.
Security News
snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."

Related Stories

[+] News: Disgruntled Engineer Hijacks San Francisco's Computer System 1082 comments
ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."
[+] News: The Inside Story On the San Francisco Network Hijacking 471 comments
snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."
Firehose:Rogue Admin Gives Up Keys to Hijacked SF Network by snydeq (1272828)
[+] Entertainment: San Francisco DA Discloses City's Passwords 333 comments
snydeq writes "The office of San Francisco District Attorney Kamala Harris has made public close to 150 usernames and passwords used by various departments to connect to the city's VPN. The passwords were filed this week as Exhibit A in a court document arguing against a reduction in $5 million bail in the case against Terry Childs. Though they placed the passwords in the public record, city prosecutors do seem to think that they are sensitive. InfoWorld's Paul Venezia, who has been following the case closely, provides further analysis of the technical details in the city's case. 'By themselves, [the passwords] would not be enough to allow anyone to access the network via VPN,' Venezia writes, 'but the fact that the city entered them into evidence is quite shocking. At the very least, they'll have to shut down their VPN access for awhile until they've changed them all and modified the configurations of some large number of VPN clients.'"
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

SF Admin Gives Up Keys To Hijacked City Network 25 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • 'the only person he felt he could trust.' (Score:5, Interesting)

    by UnknowingFool (672806) on Wednesday July 23, @11:31AM (#24305193)
    From my viewpoint, it appears that Mr. Childs wasn't so much a malevolent person as much as he was paranoid and protective. We've all met this admin before. He won't give you any rights that you may need to do your job because you could screw "his computers". I'm not saying what he did was right or legal but he may not be the white cat stroking, maniacally-laughing villain that the initial news reports made him to be.

  • The more I read the less I know... (Score:5, Insightful)

    by Stanistani (808333) on Wednesday July 23, @11:35AM (#24305241) Homepage Journal

    This story has a real obvious 'bad guy' in Childs.

    Arrogant, supposedly unstable, egotistical.

    But there are odd, contrary, little pieces of this tale that intrigue me.

    I'd like to see some comprehensive treatment of this tragicomedy written a year from now, when the dust has settled, and Childs' side of the story can be heard as well.

    • Re:The more I read the less I know... (Score:5, Funny)

      by tb()ne (625102) on Wednesday July 23, @11:38AM (#24305311)

      I'd like to see some comprehensive treatment of this tragicomedy written a year from now, when the dust has settled, and Childs' side of the story can be heard as well.

      Agreed. But only if it's in the form of a Broadway musical.

    • I'd like to see some comprehensive treatment of this tragicomedy written a year from now, when the dust has settled, and Childs' side of the story can be heard as well.

      Instead you will get a made-for-TV movie with oodles and oodles of computers running 12 screens each and a funny OS that only have warnings in 100 point sans-serif fonts and backgrounds which look suspiciously like an FBI badge.

      But the hero will be a down-on-his-luck gay single parent who obviously uses a Mac Book Pro to compute the primes needed to crack the passwords (while drinking a triple grande latte and eating a scone).

      Oh, and explosions. It will have lots of explosions.

      Almost forgot the half-naked teenage girls^Wboys (forgot, this was SF).

    • Re:The more I read the less I know... (Score:5, Interesting)

      by salveque (1221584) on Wednesday July 23, @11:44AM (#24305411)

      I agree completely.

      There seems to be a lot more going on here than what we see.

      The conspiracy side of me thinks that there's something fishy going on in the department. He found out and got fired because of it. Except he acted fast and hijacked the network. Hence why he only gave the password to the mayor...

  • Did anyone else... (Score:5, Funny)

    by 4pins (858270) on Wednesday July 23, @11:35AM (#24305247) Homepage
    Did anyone else wonder why a SourceForge administrator had the keys to a city's network.
  • He was just too embarrassed by the password - ibonkedmymom.

  • Expose mismanagement (Score:5, Insightful)

    by grandbastard (1312837) on Wednesday July 23, @11:36AM (#24305257)

    "Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion."

    The fact that one employee had complete control over the network should be enough of a sign. Of course this is management, so they're all likely still confused on what's going on and need to have another meeting.

  • Miserable Slashdot (Score:5, Insightful)

    by db32 (862117) on Wednesday July 23, @11:52AM (#24305567) Journal
    So...I certainly don't know if this guy is crazy or not, but there are a few things that I am surprised the /. crowd really hasn't bothered with.
    1. The problems between IT and Management are so bad across the board that there is a famous cartoon relating these problems. This famous cartoon spawned the "PHB" reference. So...to listen to an IT guy complain of incompetent management shouldn't be a surprise at all. Please everyone, raise your hand if you have been handed complete and utter bullshit requirements or policies that some "PHB" without a technical clue has demanded that you implement. Now...raise your hand if you were stupid enough to EVER give them administrative rights over ANYTHING.
    2. The media has a fucking field day with "evil hackers". This is so bad that the world "hacker" now means criminal and hordes of geeks wimpering and moaning about how the media stole the word. So...the media reporting on yet another "evil hacker holding city hostage" should be taken with a grain of salt. Sensationalist crap reported by people that have less than 0 IT understanding to the masses who also have less than 0 IT understanding. Million to one odds says that if they actually reported the more technical facts of this case the ratings would be near 0 and this story would have never gotten to be so high profile.
    3. He did give the password to the person at the top of the chain of responsibility for this. Which to me sounds like the most appropriate thing to do. If you are so concerned that everyone is an incompetent fool then your only option is to go straight to the top. Imagine how much trouble this guy would be in if he gave out these passwords to a bunch of corrupt and incompetent folks who did bring the city down? At least this way everything continued functioning.

    Finally...and most concerning to me is a quote from the article.
    But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time-consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."
    Really...so basically these people didn't document ANYTHING. Because config files or not, rebulding your network if you bothered to document things isn't all that hard, it's just time consuming. But straight from their man there they would be stuck interviewing people for anecdotal stories becaues they were too incompetent to bother documenting the network. Nevermind that they seem to have cut their IT staff from 350 to 100 over the last few years. So it sounds like their IT staff was just the favored bucket to take money from, which is hardly new thinking these days. It amuses me to no end when companies/governments treat their IT staff like overpaid housekeeping, largely unneccessary drains on budgets, and an unimportant support function and then scream bloody murder when the shit hits the fan.

  • Just out of curiosity... what if he isn't? (Score:5, Interesting)

    by Bomarc (306716) on Wednesday July 23, @11:54AM (#24305609) Homepage
    Reading a lot of comments about him being a nut job. My question is - what if he isn't? Is it possible that as a administrator of a SAN/Network, he saw some significant security issues, and when he presented them to his supervisors was slammed for reporting the problem -- including being fired? I know from experience the feeling: Management does not like to know that they've screwed up, and will fight kicking and screaming rather that admit that they've done something wrong. For me -- most recently this includes bogus Business Requirements, and critical Business Requirements that are not being met. I've found significant security holes in the where I currently work. Presented the problems to management. The response - don't call use, we'll call you.

    • Re:Self-defeating (Score:5, Interesting)

      by Red Flayer (890720) on Wednesday July 23, @11:43AM (#24305391) Journal

      So Childs pursues the one course of action that is guaranteed to lead to his never being allowed to look after so much as a toaster, never mind his beloved network. Not very smart.

      He's probably hoping for whistleblower protection, and intends to show that he was being terminated wrongfully for threatening to blow the whistle.

      It may be a desperation move, but until the facts come out, we don't know. If it turns out that he was being terminated wrongfully, it's possible that the city of SF could be forced to keep him on their payroll... on the other hand, I'd speculate that he's grasping at straws.

      I've read some about the "situation", and all I think all we know for certain is that we don't know anything for certain yet.

    • Re:Do I understand this correctly? (Score:5, Insightful)

      by seanadams.com (463190) * on Wednesday July 23, @11:47AM (#24305469) Homepage

      Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?

      Attaching old-fashioned modems to the console ports of routers and switches is sometimes done in order to allow the administrator to remotely access the equipment during a major network failure.

      It's not an egregious "vulnerability", assuming the console it password protected. That statement was spun to make it sound like they were back doors, when in reality this was likely done for no other reason than to facilitate emergency maintenance.

      Please note I am not defending Childs generally. I'm just saying that the way they've minced words in some of these allegations gives me pause.

    • Re:End of the days (Score:5, Interesting)

      by legutierr (1199887) on Wednesday July 23, @11:55AM (#24305637)

      What was the point of holding back for so long now. Now he just lost the last hope for his negotiation.

      Or, he wasn't holding back in order to negotiate, but because he wanted to get the opportunity to tell all of his grievances to the one person who he thought might have the power and wherewithal to "fix" the situation. From reading about the motions that his lawyers have filed in court, it seems that Childs is willing to risk going to jail just to be able to publicize the hard time he's been having at work for the past couple of years. In fact, he might have willingly accepted or even pursued the prospect of prosecution because he knew that he would then have a public forum to air his views, and possibly embarrass his bosses (which, despite their best efforts, he has).

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2008 SourceForge, Inc.