SF Admin Gives Up Keys To Hijacked City Network 581
snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."
'the only person he felt he could trust.' (Score:5, Interesting)
Re:'the only person he felt he could trust.' (Score:5, Insightful)
No, instead, he's a paranoid monomaniacal prima donna. If it is was me, I'd rather be a white cat-stroking schemer bent on world domination, because the former demonstrates a sick mind.
Re:'the only person he felt he could trust.' (Score:5, Funny)
Has anyone checked on his wife?
I am just saying...
Re: (Score:3, Funny)
You must be new here.
Re:'the only person he felt he could trust.' (Score:4, Informative)
You must be new here.
Some of us keep the fact that we are married, and have children, a secret.
Oops!
Re:'the only person he felt he could trust.' (Score:5, Funny)
Yeah, I was hoping to get a Reiser out of someone.
Re: (Score:3, Funny)
"I'd rather be a white cat-stroking schemer bent on world domination, because the former demonstrates a sick mind."
Yeah, but think of all the money he saves on cat food!
Re:'the only person he felt he could trust.' (Score:5, Insightful)
I'd say the guy is probably suffering from mental illness.
there are a lot of people who simply never get diagnosed, because they seem to be able to function normally without medication... myself i've had lesser symptoms dating all the way to childhood, but until i had a 'severe' hospitalization requireing symptoms people just didn't think that i was bad off enough.
Re:'the only person he felt he could trust.' (Score:5, Interesting)
"Your mental illness is not real."
Mine is very real. I doubt you've ever spent 6 months in a hospital trying to tell people that human beings are being infected by a computer virus. (note: the computer virus was real, and i was the only person who could actually get it off the machines, because it was infecting the BIOS and had 'symptoms' like going to the desktop in the middle of a full screen video game, that other people dismissed as being 'real')
To this date, with medication I still am hazy on if computer viruses can infect human beings, on a bad day, i look for malware in every OS on every computer i have, with every tool available to me, including many useful FOSS tools like dban which allows complete erasure of the drive...
"You are the product of a society that is unable to deal with stress and disappointment."
I'll give you that, but you've never gone 6 days unwilling to eat food or drink tap water because it's poisoned, luckily this symptom has been dealt with with medication.
you've probably never hidden in a basement with aluminum covering you to block the mind control waves either. related to this is using a FM radio from the 1980's and 3 cell phones, wrapped in aluminum foil to see if they really block broadcaster waves. While you're still slightly concerned about the type of high energy particles that can go through entire mountains...
"Have you ever looked at mental illness in other countries. It is tiny compared to the USA."
That may be, in a rural environment, telling people about stuff i was worried about every day and shit my family would likely instead of taking me to a doctor, that they couldn't afford would just humor me, and try to keep me eating foods and drinking water. Also, I would likely die at a much younger age, because of the lack of medical treatment overall. Not being treated by doctors is not the same as 'not having mental illness.'
"You embody the problem with the world today. A lack of conviction and discipline that has spread like wildfire."
Except my mental illness is real, my doctor even increased my medicines last week, because he though i was having too many symptoms with just 1 medication.
"Go on with your drug induced normality. You will not be mourned."
If only the drugs actually caused normality. Mine do not, i still have paranoid thoughts ever single day, they're random and unpredictable, and medication only does so much. I don't hear voices, i don't 'see things' that other people don't see, i don't walk around calling people names that i don't recognize, as if i was in a dream, and i don't wind up in a hospital writing notes about everything that i'm worried about thinking that magically if i write it a system administrator of the universe (it's all just a simulation in a computer after all) would be able to deal with the problems if i simply wrote enough notes...
I have 4 boxes of various paperwork including my 'note' writing phase.
you sir, have never been mentally ill so you know not what it is like. you've never been convinced, with you were in a hospital that another mental patient could read your mind, and control you for not looking at the pictures of their family when they asked you nicely to look at the photos.
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Let me reply -- I've been there, done that. Not all that, but a little of that.
Back in 1992, I had a urethane or polyester exposure (I'm not sure which). That gave me hyper allergies, so the doctor put me on prednisone, which in 1/10 cases, causes psychosis.
He forgot to mention the possible side effects. But that didn't stop me from getting paranoia.
In my case, I was afraid that someone was putting something in my food to control me. Retrospectively, I think that my brain was essentially diagnosing its own problems, and trying to get me to modify my diet (ummm, could us neurons have a little more of that prednisone please? Or maybe we don't want it after all...)
Now, my mom just tried to keep me eating good food, and eventually the symptoms went away as the withdrawal effects went away. But it alerted me to the facts that (1) people of high IQ and high-stress jobs are highly likely to get a mental illness (2) I am susceptible, at the very least.
But my uncle, who works in psychology, mentioned that if you find yourself susceptible to mental illness, it is advantageous to get a lower-stress, more physical job. If need be, take up running (not all out, just 1/2 to 1 hr a day), gardening (pulling weeds is very therapeutic, I find), or a more physical job, or become a high school gym teacher. Also, avoid those situations that tend to make you more paranoid -- give yourself a break; and avoid those habits which you rationally know are insane. He calls this good mental hygiene.
Based on experience, I think he's right.
I'm right now an aerospace/ocean engineer by training, and a layout tech for a prestress concrete company by trade. I don't keep a computer or a TV at home, and use the computer minimally aside from that. If I absolutely need web access outside of my work computer, I go to a library.
I also cultivate a strong relationship with my wife, with my kids, and with Christ, praying as most Christians do. Although my prayers do get answers, I mean that in the sense that most strong Christians do, as well. When I've not been sure what to do, and I've prayed for God to close all the doors except the one he wants me doing, I've trusted him for that, and He's done it (as my wife, who is quite mentally stable, can affirm).
Last of all, needless to say, I'd say give up any weapons, and any hope of defending yourself against anything even through other means. Pray, and ask Christ to defend you. But as a potentially mentally ill person, if you're going to defend yourself, you're in trouble anyhow. So give that one up, and put your trust in God as your defender: "You who dwell in the shelter of the Lord, who abide in His shadow for Life; say to the Lord 'my refuge, my rock in whom I trust'. And he will raise you up on eagle's wings, bear you on the breath of dawn, and make you to shine like the sun, and hold you in the palm of His hand."
Re:'the only person he felt he could trust.' (Score:5, Insightful)
"You who dwell in the shelter of the Lord, who abide in His shadow for Life; say to the Lord 'my refuge, my rock in whom I trust'. And he will raise you up on eagle's wings, bear you on the breath of dawn, and make you to shine like the sun, and hold you in the palm of His hand."
And that, I am afraid, is not something that sounds sane at all.. but each to his own.
Re:'the only person he felt he could trust.' (Score:5, Informative)
That is a quote from a psalm that was made into a song.
Not any more insane than quoting Aerosmith.
Re:'the only person he felt he could trust.' (Score:5, Interesting)
well there were times where i questioned things, but there were entire weeks, where i blacked out all memories completely, to top things off i had very little contact with other people, other than via the internet, and at night when my dad was home, on the weekends when mom was home i apparently had a few very weird conversations, that upset her... as for myself, i refused to even go to a evaluation for the job service.... i was very wary of people, especially doctors, even though the thoughts are often classic paranoia, and i knew that the thoughts were so overpowering... I was like 'i have to get the virus off the computer' and all i did was basically nothing useful because i couldn't stay coherent long enough.
i forgot to mention, one day i was convinced by turning the 'power' off at the main breaker, i could stop the virus from infecting things, unless they had battery power....
my mom eventually talked me into going into a hospital, and i spend my 2 weeks at that hospital trying to get out of the hospital, afraid that there were people there infected by the virus... i wound up hopping to a lot of different hospitals, and finally group homes, when medications seemed to be helping, but i was eventually changed to new meds again, when i had a 3-day relapse.
they tried me on a lot of different medications. I saw a lot of different people with different mental illnesses. someone else suggested that stress can cause problems, but not all mental illnesses can be treated just by living a low stress life style. it's true i did have stress, had lost like my 3rd job in 1 year, stress from spending too much time in online RTSes trying to win. but then why didn't the symptoms go away, over 4 months while i wasn't doing any of those things? they didn't go away until i was medicated...
it's nice some people can self treat mild mental illness by not doing stressful work, it's even in the movie office space... for myself, medication was 100% necessary.
Re:'the only person he felt he could trust.' (Score:4, Interesting)
while i agree this guy might not have lost complete control, from my own experience, yes someone with paranoid schizophrenia CAN lose complete control over their actions. it's a very rare symptom, that only occurs with the very worst people, who stop taking their meds, or have gone untreated, or perhaps have 'self' medicated with alcohol. (alcohol as a depressant, can in some small way mitigate some of the symptoms of psychosis, just as some anti-depressants can Cause symptoms of psychosis)
there was one particular day, where i have absolutely no memories of what i did, but apparently i kept saying 'i'm so hungy, i'm starving' i was in a AFH not a group home so they actually gave me more food than they should have, that night when they finally realized i was having hospital bad symptoms (despite medication) i threw up on the way to the hospital, i had over eaten to the point of vomiting...
complete lack of self control, it is a possible symptom of a mental illness that can effect as many a 1% of people. now, if the guy really had a complete lack of self control, he's probably not going to be able to get himself an attorney that would be able to use witness testimony to save his butt... anyways it's a rare symptom of a rare mental illness, and psychosis can result from stress as well, and this guy was under a lot of stress. if it was the stress that made his symptoms, then he should seriously consider a different line of work, when he gets out of prison. and considering he's white collar, and the jail systems are over crowded anyways, he probably won't even be in jail for more than a year or two anyways.
Re:'the only person he felt he could trust.' (Score:5, Interesting)
Anyone having spent that much effort creating a network - and succeeding - would become paranoid and protective of it. I challenge anyone to invest so much in any project and then happily see it messed up by people who are less competent.
However the situation is still messed up, the City should never have allowed one person to take on so much responsibility, and at the first sign that he was becoming indispensable, they should have moved him to another project.
If someone is essential for a project, replace him as soon as you can...
In fact the whole story is a good case study for outsourcing - a small, competent network firm would have done as good a job, and treated the incompetent managers simply as clients, not bosses.
The blame lies squarely with the City, not Childs.
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Re:'the only person he felt he could trust.' (Score:5, Funny)
I'm not sure we want to know what you do with your family at 2 AM in the morning. Wife/girlfriend, sure .. but not the rest of your family
Re:'the only person he felt he could trust.' (Score:5, Funny)
Obviously, you have never met the Aristocrats.
Re:'the only person he felt he could trust.' (Score:4, Funny)
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Being indispensable in one role will prevent you from being promoted. I was up for a coveted project but it was assigned to a less qualified person because I was too indispensable in my current project. Lest you think management was just letting me down softly, they had me train the person who was assigned the coveted project. That's right. They had me train the person who took the good job, and had me stay on my less-good project because I was really good at my current project.
I'm now trying to become a manager on the other project. They'll probably say that I don't have any experience in the field and promote the person who has it now, but we'll see.
Re:'the only person he felt he could trust.' (Score:4, Insightful)
This assumes that people actually want to be promoted. Personally, as an embedded software engineer, I have no desire to ever go higher than I currently am (which is basically "peon"). Now, I'd certainly like to work on more interesting projects, and leave less interesting ones to less-experienced people, but when you say the word "promotion", that basically means moving "up" into management. I'll pass on that.
If I were in your position, getting stuck with crappy projects while underexperienced people get the better projects, the answer is simple: find a new job. I've found in my 10-year career that the way to progress is to simply change jobs when things get too boring, or the pay too low. You get a huge pay increase (since companies typically don't give very generous raises to loyal employees), you get to pick from several positions at different places, and you get a nice change of scenery and coworkers. Promotions are for losers who want to become managers, thereby losing all their marketable technical skills, and only being valuable to their current company. They can't easily bail out, move to another company and get the same or better pay, like I can. And instead of interesting work, they have to waste all their time in boring meetings. If I wanted to do horribly boring work that I hated, I could have picked an entirely different profession like law and made far more money than any manager at these tech companies I've work at.
Re:'the only person he felt he could trust.' (Score:5, Insightful)
I thought that becoming indispensable meant I was a valuable employee, and I had job security.
When I was similarly obsessed with handling every problem myself, a friend said to me, "The graveyards are full of indispensable people."
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Replace them? No. Distribute their responsibilities and knowledge? Yes. You still want the brainchild around to give input and support; it's just that you need backup in case they get hit by a bus (or paralyzing delusions of grandeur).
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Even more so when it's one's job to make sure it runs correctly. IOW, if he does provide access to others, and they screw up, it's his fault.
While paranoia may have something to do with it, I've found that a reasonable dose of it is healthy. I think, however, that it's more of a case of normal admin paranoia (which is a good thing), coupled with "damned if you do, damned if you don't" workplace policy (e.g. "give him access and you will suffer if he screws up"), that likely led to this paranoia growing to the degree it has.
Sane, logical, people are often driven "crazy" when forced to work in an illogical environment (where no matter what one does, one is "wrong", and the "correct" choice is the one which has the lowest product of "consequences" multiplied by "likelihood of discovery").
I recently took the "high road", and paid a hefty price for it: I had been hired to be subcontracted to a large "three letter" telecom firm. The project manager at this firm wanted my SSN. They had no legitimate reason for it: I was being paid (and had SS withholdings taken) by my employer, not them. The manager claimed that it was necessary for me to get an access badge. I responded that I didn't mind signing in every day and getting a temp badge. The manager then claimed it was necessary for a "background check". I responded that I would happily provide my SSN and any other identifying data (date of birth, drivers' license, etc.) to any reputable, well known, background-checking company of their choice. I was reported as "difficult" and reqested that I be removed. While my employer strongly defended my position, in the end, it was not reasonable that I be paid to be idle, we parted ways amicably, and I quicky found (much better!) work elsewhere.
Turns out the manager in question was allegedly driving those working "for" her as slaves and threatening them with derogatory credit reports from bogus lenders if they did not comply, using one instance of prior theft to justify such "background checks" requiring the SSN.
It was easy, (though expensive), to walk away from that job. But, in this case, lives may very well hang in the balance no matter what choice Childs makes: refusing raises the possibility of the network "going down". Complying, where he has reasonable belief that others will have a good chance of making the network go down, causing havoc in the city, could border on criminal negligence. As far as criminal charges, what could stick? "Theft?" (of access codes).
Should he be fired? Perhaps, for insubordination. But, if the management of the city is so bad that backup systems aren't in place, and properly trained IT staff to run networks, this might be the only way to raise awareness of the problem that could really impact lives of the city's residence. He may have very well done a very good deed -- as the story unfolds we'll know more. At this point, like with all accused, he should receive the benefit of the doubt.
But, regardless of whether he did the "right thing": No good deed goes unpunished, and he should realize this.
Re:Live Free or Die Hard (Score:5, Informative)
he NEVER attacked, nor have they claimed he did. They arrested him and charged him the same day they fired him and he wouldn't give up the password. Then started spewing to the press he "might have" created back doors (lines calling his on-call pager) and sabotaged equipment (not restoring the configs on power cycle to protect the network).. which is already being determined as built-in (but rarely used) features being used correctly. So far the ONLY WRONGDOING they have is refusal to give up the password.
They ARRESTED and managed to get $5M bail for not giving up a password... period.. the rest is misinformation, lack of job skill by his boss, or outright LIES. No wonder he didn't give it up sooner!
Re:'the only person he felt he could trust.' (Score:5, Funny)
Re:'the only person he felt he could trust.' (Score:5, Interesting)
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Hypothetical situation. My job is to keep an eye on a nuclear reactor. It begins to meltdown, and my manager (who isn't trained with the system) instructs me to cool it down. I refuse for [insert reason here].
That's one of many "not doing your job = crime" situations.
He was basically blackmailing / extorting the city of San Francisco - keep me on board or you lose access to the server completely.
What a bad analogy. (Score:5, Interesting)
Let's try this one instead:
You're responsible for maintaining a nuclear reactor. Your manager, who has no idea how to actually runs the reactor comes in and demands to be given all of the necessary keys and passwords to the reactor. The reactor is currently working flawlessly, and there is no obvious reason for your manager to need access to the system.
Do you:
A. realize that this could be very bad for the company, and protect the company by refusing to turn over access to an unqualified person?
B. turn over access to the access to an unqualified person, and just hope that they don't do anything which results in anyone's death, or your working 16hr shifts for the next 3 months straight.
I would argue that choosing "B" could be criminally negligent, and that A is the better choice, however, he should also immediately go to HR and explain why he's violating the order.
In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing.
Re:What a bad analogy. (Score:5, Interesting)
"In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing."
I've worked with this type before. Damn, I've *BEEN* this type before.
Maybe, maybe not. Sounds like this admin was convinced that the rest of the crew were dangerous idiots. Maybe he's unusually paranoid. I vote for paranoid. Just as dangerous as being right, for different reasons. Imagine serious problems occurring while he is in jail. His propable response might be "See? You need to let me out of here so I can fix this and prevent disaster". Suuuuure... I imagine the authorities will swing the door open and let him out to 'fix' things.
If for no other reason, this poor admin is incompetent in a novel, or NOT novel way. He has no competent backup. A kidney stone, myocardial infarct, or even a knee replacement would leave him out of commission, and SF exposed to loss of network. Sheesh. You back up data, you should back up staff as well, wherever possible, and this is clearly in the realm of 'possible'. Even 'essential'.
Of course, the funniest part of this to me is where he claims he can only trust Gavin Newsome. That's F-U-N-N-Y!
Re: (Score:3, Insightful)
Fixed that for you.
Re: (Score:3)
Purposefully damaging the company you work for is grounds for penalty.
If a bus driver purposefully crashes the bus, someone could have gotten hurt, he should be charged with wreckless endangerment, much the same way this guy should be..
Re:'the only person he felt he could trust.' (Score:5, Funny)
It's not wreckless if you crash.
(Laugh, its a joke!)
Re:'the only person he felt he could trust.' (Score:5, Informative)
the more recent article points out he did not do ANY harm after being fired. The "backdoors" were pointed to a pager. The no recover setting would have been to protect the network settings from stolen hardware wiht physical access... because we all know equipment NEVER goes missing from city offices. Sounds like he was overly paranoid but other than not coughing up the password, did NO wrong.
In fact, the fact that there was nobody in the department that could identify what he did, and the police had to go to outside people seems to scream that he's innocent of all of the charges.
As far as the password.. they fired him! No plans made to cover his tasks, or to continue admin services... just give them the password... who knows what they'd accuse him of in 3 months because they don't know what they're doing. Waiting until he's FIRED to ask for documentation is too late... if he's a "criminal" for not giving the info up, they are even more so for not following good security practices and not having this info BEFORE they needed to let him go.
Re:'the only person he felt he could trust.' (Score:5, Insightful)
He stopped providing his services when he was fired. He no longer had an obligation to maintain availability to the systems. He couldn't however do something to cause the system access to be unavailable. Had he refused to provide passwords while an employee, it's a different story.
Otherwise the power company is preventing me "authorized access" to my computer if they turn off my power.
If refusing to provide information to a former employer is a crime, they can save a lot of money firing people and compelling them to continue to work since it would prevent authorized access for them to stop.
Re:'the only person he felt he could trust.' (Score:4, Insightful)
Well, I've got two comments on that:
1. I very much doubt that you're a mental-health professional, so I'll ask you to refrain from making uninformed guesses.
2. The idea that a nuclear war cannot be won seems to be rather pervasive in modern culture, without ever having been proven.
I mean, yeah, ok, I saw Wargames too, and thought it was a fun film. And granted, you were probably at a very impressionable age when that movie came out, so I can't blame you for basing your whole view of nuclear warfare on it. But it's been more than 20 years since then! Grow up already!
Re:'the only person he felt he could trust.' (Score:5, Insightful)
It's just about the most decisive win in history. Doesn't get much better than that!
Oh, wait, you were trying to be sarcastic, right? Gotcha. In that case, I hope you get moded "+5 funny".
Re:'the only person he felt he could trust.' (Score:4, Insightful)
Are you that dense, or just pretending not to understand the point? Different people have different definitions of win. For instance, if we are playing chess, and I shoot you in the head, have I won? A sociopath might think so, but most people wouldn't.
Similarly, we might have won the war by bombing Japan, but many people still count that as a loss for humanity in general. We might have won a nuclear war against the Soviet Union, but it would have involved general, planet wide devastation, thus putting it in the 'loss' column for most people.
I have to ask, does might always make right in your world view?
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Hey dreamchaser, this is your boss. I need write access to the email archives. The SEC has been poking around and, well, you know how it goes.
PS - get back to work.
Not likely! (Score:3, Funny)
I *am* the boss, you ignorant clod! ;-)
Re:'the only person he felt he could trust.' (Score:5, Insightful)
Hmmm...under what Statutes?
While employed he was authorized to access those systems. He didn't access them after his employment was terminated, so it isn't Computer Tresspass or anything similar.
The system works, so he didn't break it.
While they can certainly fire him for insubordination, I'm not exactly sure what he could really be charged with.
Re: (Score:3, Insightful)
>While they can certainly fire him for insubordination, I'm not exactly sure what he could really be charged with.
This is City Hall...
The more I read the less I know... (Score:5, Insightful)
This story has a real obvious 'bad guy' in Childs.
Arrogant, supposedly unstable, egotistical.
But there are odd, contrary, little pieces of this tale that intrigue me.
I'd like to see some comprehensive treatment of this tragicomedy written a year from now, when the dust has settled, and Childs' side of the story can be heard as well.
Re:The more I read the less I know... (Score:5, Funny)
Agreed. But only if it's in the form of a Broadway musical.
Re:The more I read the less I know... (Score:5, Funny)
And written by Joss Whedon, starring Neil Patrick Harris.
We can call it Admin Horrible.
Re:The more I read the less I know... (Score:5, Funny)
Instead you will get a made-for-TV movie with oodles and oodles of computers running 12 screens each and a funny OS that only have warnings in 100 point sans-serif fonts and backgrounds which look suspiciously like an FBI badge.
But the hero will be a down-on-his-luck gay single parent who obviously uses a Mac Book Pro to compute the primes needed to crack the passwords (while drinking a triple grande latte and eating a scone).
Oh, and explosions. It will have lots of explosions.
Almost forgot the half-naked teenage girls^Wboys (forgot, this was SF).
Re:The more I read the less I know... (Score:5, Interesting)
I agree completely.
There seems to be a lot more going on here than what we see.
The conspiracy side of me thinks that there's something fishy going on in the department. He found out and got fired because of it. Except he acted fast and hijacked the network. Hence why he only gave the password to the mayor...
Did anyone else... (Score:5, Funny)
Re:Did anyone else... (Score:5, Funny)
Mayor: For your act of bravery we give you the key to the city's network!
Citizen: Uh thanks, I guess I'll use that to download porn, and umm, upload torrents, and stuff...
Mayor: Give use the key back.
Actually ... (Score:5, Funny)
Re:Actually ... (Score:5, Funny)
Worst....Apple product.....EVER!
Re:Actually ... (Score:5, Funny)
Hey, it's possible. I'll never forget the first time we ran l0phtcrack on our 3000-user domain, back before any password policy was in place. It cracked 60% or 70% of the passwords in the first 30 minutes, and the list was full of good blackmail material.
I remember scanning down the password list and coming across 'nosexforme'. Then I looked at the user name and collapsed laughing. The guy was someone everyone in the department knew, and he was a friendly, personable guy. Everyone ALSO knew his wife - the Ice Queen, who worked on the financial side and ruled over our department with an iron fist.
Every person who came over to the console to see what the laughter was about did the same thing - looked at the password, followed the line over to the username, figured out who it was, realized the implication, and collapsed laughing.
Ok, so it was maybe a little unprofessional of us, but we couldn't help it. And we all liked the guy, so it really engendered more sympathy than ridicule... and reinforced what we all thought of his wife anyway.
Re: (Score:3, Funny)
Re:Actually ... (Score:5, Funny)
*sigh* you just targeted the wrong audience.
He was just too embarrassed by the password - ibonkedmydad
Fixed!
Expose mismanagement (Score:5, Insightful)
"Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion."
The fact that one employee had complete control over the network should be enough of a sign. Of course this is management, so they're all likely still confused on what's going on and need to have another meeting.
Miserable Slashdot (Score:5, Insightful)
1. The problems between IT and Management are so bad across the board that there is a famous cartoon relating these problems. This famous cartoon spawned the "PHB" reference. So...to listen to an IT guy complain of incompetent management shouldn't be a surprise at all. Please everyone, raise your hand if you have been handed complete and utter bullshit requirements or policies that some "PHB" without a technical clue has demanded that you implement. Now...raise your hand if you were stupid enough to EVER give them administrative rights over ANYTHING.
2. The media has a fucking field day with "evil hackers". This is so bad that the world "hacker" now means criminal and hordes of geeks wimpering and moaning about how the media stole the word. So...the media reporting on yet another "evil hacker holding city hostage" should be taken with a grain of salt. Sensationalist crap reported by people that have less than 0 IT understanding to the masses who also have less than 0 IT understanding. Million to one odds says that if they actually reported the more technical facts of this case the ratings would be near 0 and this story would have never gotten to be so high profile.
3. He did give the password to the person at the top of the chain of responsibility for this. Which to me sounds like the most appropriate thing to do. If you are so concerned that everyone is an incompetent fool then your only option is to go straight to the top. Imagine how much trouble this guy would be in if he gave out these passwords to a bunch of corrupt and incompetent folks who did bring the city down? At least this way everything continued functioning.
Finally...and most concerning to me is a quote from the article.
But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time-consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."
Really...so basically these people didn't document ANYTHING. Because config files or not, rebulding your network if you bothered to document things isn't all that hard, it's just time consuming. But straight from their man there they would be stuck interviewing people for anecdotal stories becaues they were too incompetent to bother documenting the network. Nevermind that they seem to have cut their IT staff from 350 to 100 over the last few years. So it sounds like their IT staff was just the favored bucket to take money from, which is hardly new thinking these days. It amuses me to no end when companies/governments treat their IT staff like overpaid housekeeping, largely unneccessary drains on budgets, and an unimportant support function and then scream bloody murder when the shit hits the fan.
Re: (Score:3, Insightful)
Usually, when shit hits the fan (as in, firing 60% of your workforce), your operation is understaffed. The very first thing people start skipping is documentation. And that's true everywhere, not just IT.
Re:Miserable Slashdot (Score:4, Insightful)
I don't know how you document things but I generally draw some basic diagrams so I know where everything can be found and where the physical cables go, that does not change very often, and is easy to keep up to date. ACLs and things like QOS and priority rules, IP translations etc change all the time. I certainly make notes about anything exotic but I don't document everything. What I did do is put all config file(s) in CVS everytime I make changes, for some switch is some office some place that is the documentation.
I think this is a perfectly adequate practice in lots of environments.
Just out of curiosity... what if he isn't? (Score:5, Interesting)
Re: (Score:3, Interesting)
Is it possible that as a administrator of a SAN/Network, he saw some significant security issues, and when he presented them to his supervisors was slammed for reporting the problem -- including being fired? I know from experience the feeling: Management does not like to know that they've screwed up, and will fight kicking and screaming rather that admit that they've done something wrong.
Not that you need it, but I'll second this from my own experience. Still job hunting for that matter. Grr.
-Matt
Re: (Score:3, Interesting)
Reading a lot of comments about him being a nut job. My question is - what if he isn't? Is it possible that as a administrator of a SAN/Network [...]
Wait, you lost me there.
As a recovering sysadmin who ran a Cisco network covering 8 time zones myself, I feel comfortable saying that admins of my acquaintance range from a little crazy to a lot crazy.
You have to be at least somewhat obsessive to worry about all those niggling details and tiny inconsistencies that can bring things crashing down. A big helping of paranoia is entirely necessary to stay two steps ahead of anybody wanting to break into your network. And it's hard to say you have a good sense of
Sounds like a Heroes episode (Score:5, Funny)
"Save the network. Save the world."
It Being San Francisco... (Score:5, Funny)
...Couldn't the guy have just MARRIED the computer system, then claimed that it couldn't testify against him under Spousal Privilege [wikipedia.org]?
The Fountainhead (Score:4, Interesting)
was there a crime (Score:3, Insightful)
you really can't claim the his knowledge of the password as property of the city and access to the network was never blocked (only to changing his configurations). City could have rebooted an used a new configuration at any time.
lets face it there really is no precedent for charging someone for not giving up a password.
And the Password Is... (Score:3, Funny)
Protecting his reputation? (Score:4, Insightful)
Knowing how many government IT departments act (blame EVERY failure on the guy that was just fired or left) - his actions could be considered a protective act, of not just the network, but his reputation. As odd as it sounds, he just guaranteed his exit interview was with the mayor, not some HR peeon that has no clue what means when the network fails. In doing so he has protected his network (which ran flawlessly without other folks getting in), his reputation will have to wait until his day in court. The city of SF may wish to avoid that . . .
cluge
Is this irony? (Score:5, Funny)
To have someone ELSE give the "key to the city" to the mayor?
Political Fiction 102 (Score:3, Insightful)
Another chapter in a very cautionary tale regarding workplace politics. This is how playing a good political game from the bottom always ends badly. Very, very badly.
SFPD .... that would allow unauthorized connections to the FiberWAN ...
This factoid, bereft of any detail whatsoever permanently casts the Admin as the Black Hat. He manages a WAN so of course there will be undocumented, but approved (by someone somewhere) devices accessing the WAN. But the admin has no method of getting his case heard by the court of public opinion. None.
It fact has yet to be established that the WAN was being held ransom or otherwise. The admin has yet to be heard from!
I'm not arguing for this Admin, because it seems like he committed quite a few wrongs along the way. But this is how fragile one's system admin career actually is.
Integrity (Score:5, Insightful)
I agree with many others that point out the gaps in the headlines. The so called "rest" of the story. This circumstance didn't just develop in a week. This case is a classic story of I/T service immaturity - which could be caused by dastardly BOFH's or equally by incompetent management failing to initiate/fund a proper plan. Or both.
Once you strip away the glorius certifications and acronyms that give you credibility, all that's left is your integrity. Terry Childs has gone to jail to keep his intact. So he's either really stupid or really right.
Within the linked article is a link to the original InfoWorld "scoop" that contains copy from a confidential source. That copy contains statements that back Childs as having proposed and promoted an I/T security policy, which would be a first step toward process maturity (having a process in the first place).
My guess is when the dust settles, the story will be as follows:
Child's side of the story (Score:3, Insightful)
He should have written up his side of the story and handed it over to the local papers.
Then, offer to hand the admin passwords over to the city as a position code based upon the text of his story as printed.
Re:Falling Down (Score:5, Funny)
Re:Falling Down (Score:5, Funny)
I guess Newsom is an MCSE/CCNA and therefore is trusted.
It's actually Newsom's perfect hair that generates a trust enhancement field. Terry Childs saw through this, but recognized the hair as a superintelligent alien symbiont that is on our planet to save us from ourselves, so he gave the passwords directly to the hair.
Re:Falling Down (Score:5, Funny)
If he believes that the Mayor is going to be reconfiguring the routers he certainly is a nutjob!
Re: (Score:3, Insightful)
If he trusts a mayor that has no problems violating state laws when it suits his purpose, he has a lot to learn...
Re:Falling Down (Score:5, Insightful)
unconstitutional state law.
We should be able to work this out. Maybe we can just agree that you get to keep your handguns and I get to get married.
Re:Falling Down (Score:4, Insightful)
Re: (Score:3, Insightful)
It's the folks inland that think that how other people get married is going to effect their own marriage. It's how the unconstitutional law was voted on and passed.
How often do married couples end up in divorced in this state, like 2/3rd the time? Seems like the institution of marriage was damaged long before the gays got interested in the idea.
Of course people can go through the more complex process of amending the California constitution and make gay marriage illegal for real. The anti-gay lobbyists just
Re:Falling Down (Score:4, Funny)
Re:Falling Down (Score:4, Interesting)
Are you suggesting that people who are pro-gun are automatically anti-gay?
Seems to work that way. However the reality is that a large number of you'all, seem willing to write off other people's freedoms (both those that are and those that should be) just to be able to protect yourself if the government decides to start treating you the way that you allow it to treat others.
Re:Falling Down (Score:4, Insightful)
The California constitution is an "actual" constitution as well. At least we Californians like to think so.
Our legal system doesn't work on a majority rules basis. If the majority of Californians voted that you, Bryansix, weren't allowed to get married, you'd still be able to say, hey, that's not a valid law, because it discriminates against me specifically, and we have constitutional protections that say people are equal under the law.
And just because something wasn't permitted in the past isn't a good indication that we should keep it that way: As recently as 1967 there were state laws banning marriage of white and non-white people.
The "activist" judge overseeing Loving v. Virginia found that this wasn't consistent with our concept of equality under the law and overturned it. Mildred and Richard Loving's rights were protected even though many people at the time undoubtedly found their relationship distasteful.
And now three republican and one democratic California Supreme Court justices have ruled that preventing gay couples from marrying violates their civil rights. I have no doubt that in forty years we'll look back on this case in a similar way.
What I'm saying here is... this is legit. This is the judicial system doing what the judicial system is there to do.
So, stop with the whining already and suck it up. :)
Re:Falling Down (Score:4, Interesting)
How many laws have you violated when it suited your purpose? I'd be willing to bet you do it a lot more often than a public person like a Mayor.
Re: (Score:3, Insightful)
Maybe he agreed with what the mayor did in that case? Just because you think he was wrong doesn't mean everyone else does. Rose Parks broke the law, too. Good luck finding anyone reputable to agree that she did the wrong thing.
Re:Falling Down (Score:5, Insightful)
Martin Luther King once said, "An individual who breaks a law that conscience tells him is unjust, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for the law."
It was also a law that the California Supreme Court later declared unconstitutional, so it seems like in retrospect it was a pretty good call.
Comment removed (Score:4, Funny)
Re:Self-defeating (Score:5, Interesting)
He's probably hoping for whistleblower protection, and intends to show that he was being terminated wrongfully for threatening to blow the whistle.
It may be a desperation move, but until the facts come out, we don't know. If it turns out that he was being terminated wrongfully, it's possible that the city of SF could be forced to keep him on their payroll... on the other hand, I'd speculate that he's grasping at straws.
I've read some about the "situation", and all I think all we know for certain is that we don't know anything for certain yet.
Re:Not too bad... (Score:5, Funny)
Re:Do I understand this correctly? (Score:5, Insightful)
Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?
Attaching old-fashioned modems to the console ports of routers and switches is sometimes done in order to allow the administrator to remotely access the equipment during a major network failure.
It's not an egregious "vulnerability", assuming the console it password protected. That statement was spun to make it sound like they were back doors, when in reality this was likely done for no other reason than to facilitate emergency maintenance.
Please note I am not defending Childs generally. I'm just saying that the way they've minced words in some of these allegations gives me pause.
Re:Do I understand this correctly? (Score:5, Informative)
Most folks aren't familiar with WAN management, so they probably still don't get what you're saying.
People: Installing backdoors in a WAN saves you a 1+ (sometimes much more than 1+) hour trip somewhere to check a stat or reset a device. Installing backdoors in a LAN is lazy. In other words, the difference is geography. As a WAN manager if you don't have what's called an "out of band" management plan, you're an idiot. (Or you have a micro-sized WAN.) It's also not something that's left secretly, it's planned and secured like any other WAN exposure.
Good luck!
-Matt
Re: (Score:3, Interesting)
I suspect "unauthorized" in this context might well mean "Childs".
It's not unheard of to have dialup access to a network device, in case you're locked out from the network facing side; I don't know if someone who is as, apparently, paranoid as Childs is would give them self such a fall back though.
Re:Do I understand this correctly? (Score:4, Interesting)
The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN.
Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?
It sounds to me like Mr. Paranoid Admin was so paranoid that people had started to do what they tend to do when Mr. Paranoid Admin is so paranoid they can't get anything they need done.
They'd started to work around him.
Net result: All sorts of little unauthorised connections popping up.
In being too paranoid, you wind up creating exactly the situation you fear the most: a network with lots of uncontrolled, unknown systems appearing creating security holes where none previously existed. Doesn't matter how many fancy "no unauthorised access" features your infrastructure has, sooner or later someone's going to succeed in working around them. The last thing you need to do is give them an incentive.
Re:End of the days (Score:5, Interesting)
What was the point of holding back for so long now. Now he just lost the last hope for his negotiation.
Or, he wasn't holding back in order to negotiate, but because he wanted to get the opportunity to tell all of his grievances to the one person who he thought might have the power and wherewithal to "fix" the situation. From reading about the motions that his lawyers have filed in court, it seems that Childs is willing to risk going to jail just to be able to publicize the hard time he's been having at work for the past couple of years. In fact, he might have willingly accepted or even pursued the prospect of prosecution because he knew that he would then have a public forum to air his views, and possibly embarrass his bosses (which, despite their best efforts, he has).
Re:LOL, omg the net (Score:5, Insightful)
Although I find your delivery crude, I agree with your message.
I would not be surprised in even the slightest if the now-branded "paranoid" admin is hailed as a hero in the future for exposing precisely what he has set out to expose.
200 people in eight years?
Enough security risks to compel him to likely ruin his life for what he believes is a good cause?
Why is it so silly to give the benefit of the doubt to someone who, up until his last action, has been trusted with some of the most valuable information the city has to offer?
Re: (Score:3, Insightful)
I wholeheartedly agree. The gist of many of the other posts on this story is that the only ethical and moral answers to this problem are "A" "B" and "C". He chose "D" - none of the above. The problem with moral and ethical debates is that no matter what you think, the person making the desicion is going to make it on the basis of their morals and values. Unless, its illegal - but sometimes you don't have a legitimate choice.
Some are calling him disgrunteled, deranged, mentally ill here. I'm sure some of you
Re:Well... (Score:4, Funny)
Political_Correctness ?
Re: (Score:3, Informative)
The person who received the password is the only one that Childs trusts. Why? Why was he allowed to give himself such complete and solitary access over the network? Why did his management or his co-workers never question this? Was this arrangement by his design, or specifically by his management?
At first I thought the guy was just screwed up, but I keep asking "who benefits" out of th
Re:meaning no disrespect to the guy... (Score:4, Interesting)
If I was working on designing and building a network, and I had it all up and running perfectly, should I destroy it because my boss tells me he has a better way ? What if I was a db admin who had already implemented a whole organisations internet requirements using (my|postgre)sql when a retarded buzzword compliant boss decided I should use access instead ? Should I delete everything and re-implement using access, or should I keep what I've done and start again separately with the access, so that when it all falls to shit I haven't lost anything ?
It's hard to implement two network designs concurrently, so it becomes one or the other. Why suffer the complete waste of time involved by starting again for the sake of a damn fool manager ? Better to hold out for as long as you can, so that there is a chance of getting the correct solution adopted. If they want to sack you for NOT doing something detrimental to the system, then that's their own stupid fault. If you do it their way and get fired anyway (because their way doesn't work), what have you gained ?
This guy wasn't holding anybody to ransom, making extortionate demands of his employers, or killing fluffy kittens. All he has done is refuse to give the keys to someone else's Ferrari (which he is ultimately responsible for) to a 14 year old crackhead joyrider.
This seems to me to highlight the difference between good employees and time wasters. A good employee will always have the interests of the employer at heart, and will assume ownership of problems using those interests as a basis for operation. A time waster turns up every day, does their "job" to the letter, no more, but frequently less. They don't care about the end product or the delivery of such. They just do the hours and take the money.
I know which camp I fall into, as I am used to being an employer and an employee. If I give someone a job, I would prefer they did it intelligently to achieve the best result as outlined in the requirements, not just do what I tell them, because if I have to tell you what is required for every little nuance, then I may as well have done the job myself.
Would you really just hand over the keys to a system that you spent years building, to someone who outranks you but has no idea of the power contained in having access to those keys ? For all you know they might leave the passwords on a post-it note on their monitor.
Final point - the civilian sector is NOT the army. You don't HAVE to comply with idiots above you, grow a pair and stand up for what's right. If you ARE right, then nothing too bad will happen. If you bend over for anybody with a title then you might get a title in the future, but at the cost of having any respect, self or otherwise. While it is only a movie, Crimson Tide demonstrates the principle quite well.
Re: (Score:3, Insightful)
One of his precious illegal aliens that he gives sanctuary to just murdered a man and his two sons because their car was in his way. Fuck Newsom. Fuck him to hell.
This is ridiculous. Yes, the cops screwed up by letting a violent criminal go. But that has nothing to do with a good sanctuary policy, which improves public safety.
The main thing cops need is information. What crimes are happening. Who's committing them. Where to find them. If people are afraid to talk to the cops, then cops don't get the information they need. If you want to fight crime among illegal aliens, and especially if you want to go after gangs like MS-13, you need the illegal aliens to be willing
Re:i can't believe the posts defending this wackjo (Score:4, Insightful)
Because clearly not divulging the admin password to a network that continues to operate normally is exactly equivalent to premeditated murder. How blind of us not to see that.
Re:So what's the problem? (Score:4, Informative)
No, because we all read the part about where he disabled the ability [cisco.com] to do exactly what you suggested he do.