Initially, Terry Child’s hijacking of the San Francisco computer network had a rebellious vibe about it that was, well…sort of admirable. However, much has happened in the last couple of weeks that has painted him as more than a simple disgruntled employee. Now it seems that Childs is actually a brilliant but deeply disturbed individual that sought to take down the network that he constructed based on paranoia and insatiable need for power and revenge.
Apparently, the passcodes recovered by Mayor Gavin Newsom last Monday did not grant administrator access to the entire system as everyone had hoped. Instead, they provided access to a computer at the Hall of Justice that no one was aware of. They also discovered that Childs had set up more than 1,000 computer modems in locked cabinets and other hiding places as part of a network he was building right under the noses of his superiors. Prosecutors now believe that Childs envisioned a meltdown of the entire system that would target supervisors he considered to be incompetent and inferior to himself. And, the best part was that the system was booby-trapped so that routine system maintenance would trigger the destruction of sensitive city records. Child’s hands would be clean–so to speak.
We have also learned that Childs had a troubled past and lied about it to get his job. As a teen, he spent time in jail for aggravated robbery and was arrested a second time for assault. Police have also recently found ammunition in his home that he was not authorised to have. Why his past was not uncovered during a background check is unclear, but when you put a man in charge of the entire computer network for the city of San Francisco, you would think that due diligence would be in order. At this point, Childs remains in prison with bail set at $5 million until further decisions regarding his fate are set during a hearing on September 24th. [SF Gate and SF Gate]
Rich Robinson
August 6, 2008 at 7:58 AM
“hijacking of the San Francisco computer network”
Report PermalinkHow does one hijack something over which one has been given sole authority and control? If an airline assigns a single pilot to operate a plane including locking the cockpit door to prevent unauthorized access and then sends a mid-level manager to demand access to the cockpit without authorization… is the pilot a hijacker for refusing to open the door?
Rich Robinson
August 6, 2008 at 8:01 AM
“that sought to take down the network that he constructed”
Report PermalinkTo the contrary, all evidence shown so far suggests that he went to great lengths to protect and secure the network including an effort to prevent unauthorized tampering with the routers configurations by anyone who might have been able to gain physical access to the routers located in public buildings throughout the city.
Rich Robinson
August 6, 2008 at 8:06 AM
“based on paranoia and insatiable need for power and revenge.”
Report PermalinkThe security of the network was his job. The city had no other employee charged specifically with ensuring the security of their critical FiberWAN network. Some degree of “paranoia” would seem to be a prerequisite in the position of ensuring that administrative access to the network is secure from unauthorized persons. The fact that it is not clear who or whether anyone else was authorized to have administrative control over the network routers is a management problem, not a crime committed by the sole person employed to protect the network.
Rich Robinson
August 6, 2008 at 8:09 AM
“Apparently, the passcodes recovered by Mayor Gavin Newsom last Monday did not grant administrator access to the entire system as everyone had hoped”
The passwords volunteered to Mayor Newsom by Terry Childs did in fact give the city full administrative control of the FiberWAN network routers. As a security measure, Terry Childs configured the routers in such a way that the only point of access on the network from which full administrative control was possible was from a terminal in the San Francisco Police Department at the city’s Hall of Justice building. This is evidence of sound security practice, not of wrongdoing.
Report PermalinkRich Robinson
August 6, 2008 at 8:14 AM
“They also discovered that Childs had set up more than 1,000 computer modems in locked cabinets and other hiding places as part of a network he was building right under the noses of his superiors.”
The DTIS department for which Terry Childs worked authorized the purchase of and paid for all this equipment and communications lines needed for them to be installed and used as standard system management access points. These are completely normal in any large wide-area-network and more importantly, the city’s claim that they were unaware of equipment which they ordered, received, made available to Terry Childs and subsequently paid for is absurd.
Report PermalinkRich Robinson
August 6, 2008 at 8:23 AM
“And, the best part was that the system was booby-trapped so that routine system maintenance would trigger the destruction of sensitive city records.”
The devices which Terry Childs administered were routers which controlled and directed network traffic, not servers which stored city records. Allegations of ‘booby-traps’ were made regarding the fact that some routers on the WAN did not have their current configurations saved to flash media, thus if the power were to go off, the system administrator would have to connect to the router and reestablish the configuration. What isn’t mentioned in most of the coverage is that this would be an advisable security precaution in a situation in which the routers were located in public buildings throughout the city where potentially tens of thousands of persons could gain physical access to the routers and tamper with the saved configuration and the router would continue to function within the network with the end result of completely compromising the security of the network. This is evidence of a network administrator securing a network.
Report PermalinkHerb Tong
August 10, 2008 at 1:56 AM
Any Cisco router can be reset at any time by anyone who has physical access to it. After being reset, any password or configuration in the router is lost and the defaults are used instead. Thus the city had the ability to administer the routers any time they chose. The routers would also need to be configured for proper operation on the network and by their own admission it is that which the city could not do. How is Terry Childs criminally responsible for the city’s ignorance of how to configure Cisco routers?
Report Permalink