Ego-driven administrator takes city network hostage

by Steve Ragan - Jul 17 2008, 11:27

Terry Childs (43) is the administrator for San Francisco’s Department of Telecommunications and Information Services. According to the San Francisco Chronicle, Childs is acting childish and holding the city’s administrator accounts hostage.

Network administrator who was upset at employer revokes admin access. (IMG:J.Anderson)

Now, the strange part of this story is that Childs is still in control, even as he sits in jail. With bail set to $5 million USD, he will be there for awhile. The Chronicle says that Childs is accused of tampering with the city’s FiberWAN network system, killing off access to other authorized users. The network is still working, but no one has administration access rights. No one but Childs, that is. Apparently Childs started mucking around with the network on June 20, when he became obsessed with a performance review that rated his job performance as poor.Childs worked for the city for about five years, but maybe there is a bigger problem than his imposed network restrictions. According to a report on TechRepublic, Childs crossed into mild stalking too. "Apparently the city hired a new head of security some months ago. She began auditing who had password access to the system. Childs seemed to not handle this well and began photographing her," writes Tricia Liebert. "His behavior became increasingly possessive of the system but he continued to have access to it. In addition, he had access to his boss’s emails regarding his conduct. At least until he was taken into custody on July 13. But why did it take so long?”Why indeed? Childs had a criminal past -- which is not relevant in this issue --but at the same time when you look at what he has done, the past charges of robbery and burglary in the '80s is eerie. After all, he did technically steal the FiberWAN network. No one can access it to perform administrations tasks, and he is reported to have done this as a method of job security.Some have asked why it took so long to limit Childs’ access if he was rated with poor performance. Liebert's article is just one such question. The answer is simple: it’s a city government, and there are processes and red tape to move through. If this were a company, the CIO or CISO would have removed Childs' admin access before the performance review, and likely terminated his job on the spot. IT is not a job market where abuse of trust or poor job performance is tolerated kindly. When you run a city, or help run a city’s network, then trust and performance are even more important factors.How will the city recover? Cisco has apparently been called in to help with the issue. There are rumors and fears that Childs may have opened the network up to the outside. The odds that he has are slim; this is pure ego and control on his part. He will likely withhold the admin passwords, assuming he knows them and didn’t simply reset them by mashing random keys, and let the city suffer for however long he sees fit. He is already in jail, and faces four felony counts according to District Attorney Kamala Harris. His goal was to screw his employer, and he did so.What does this say about the trust process inside a network hierarchy? When one person can control everything, and they abuse that trust, then others are left high and dry. Chime in on the comments section, how would you manage trust in your IT staff? Does your company have a policy for this in place? Are IT employees screened before they are hired? Should they be?

Talkback

Add your comment (no registration required)

page: 1

FreddyBoy1Jul 17th, 2008 - 14:36:34

There are two sides to every story. To expect the architect of a network to watch and do nothing as people plotted against him over that same network is expecting a lot. I cannot imagine Mr. Childs as having much finesse for office politics after so much time building a cutting edge city 'backbone' network. They investigated him and he investigated them. Fair is fair. He is not the first geek lacking in social graces. People were trying to get him fired...!! The fact that the new muni network continues performing flawlessly shows that he did his job very well, regardless of any peer review or 'investigation'. I hate seeing people getting screwed by office politics...

Report this comment

star_navig8rJul 17th, 2008 - 15:17:16

Considering IT geeks are generally over-worked and misunderstood in the business world, I think the U.S. is lucky this type of event is relatively rare. Many corporate shops (city government IS a business!)treat their IT staffs as commodities; to be used up and discarded. It should shock nobody that eventually some of the livestock may bite back!

Report this comment

Treo NinjaJul 17th, 2008 - 15:27:01

It's a good thing that they stopped him prior to his next larger goal - to take over the world!

BTW - How do you randomly mash keys to reset/create a new Admin password? Considering you are required to type in the new password 'twice' to make sure it's the same. Hence, if he successfully typed it twice... is it still considered random?

Report this comment

card25000Jul 17th, 2008 - 15:44:55

This episode in office politics is quite amusing. The truly guilty
individual or individuals are the person or persons who
who gave the employee the poor performance review. The
enormous ego lies with the writer not the receiver. After
many many years as the worker bee and the ultimate supervisor
in government, to my chagrin, I spent most of my time arbitrating
personality conflicts. The true perp in this fiasco is the
individual or individuals who ultimately signed the performance
evaluation. I side with the hacker!. Obviously he has far more
talent than his bosses. The bottom line is now and always will be
'Jealously' on the part of his supervisor or supervisors.

Report this comment

I_ClaudiusJul 17th, 2008 - 16:01:42

I agree that office politics and especially those that take place in Gov't are at best maddening and frustrating but it is still NO excuse to do what he did.

If you think you are being treated unfairly then go find another job. End of story.

To do what Childs has done is ethically and morally bankrupt and now he is facing criminal charges that he has rightly deserved. There is no excuse no matter who well rationalized. To condone what he has done is to condone that behavior in your own organization or at least to say that you also take no responsibility for your own actions.

Report this comment

DPJul 17th, 2008 - 16:48:55

Irrespective of whether everyone was out there to get him (Mr. Childs) or not, such behaviors are unexplainable and the truth is never known.

However, now for the controlling of ENTIRE city network goes, it is purely organization password policies. Things like; never have common usernames (especially if they are administrative privileged). Having 2 usernames, 1 with appropriate administrative privileges that can only be used to perform admin tasks and 2nd for other non-admin day-to-day stuff…. And there are much more granular examples where this comment would not end.

Anywho, in current situation where passwords are not being released, there are ALWAYS ways where it could be reset with little or no downtime (architecture dependent). But apparently, San Fran, City Network’s reputation is already gone.

Report this comment

cwmJul 17th, 2008 - 19:31:25

We of course are not being given all the facts. But it's evident no one was minding the store, and the incompetence goes farther than the accused. Why did the SF Dept. of Technology allow their network to be set up in such a way as to allow a single person to have root access? Heads should roll.

Report this comment

page: 1

Add your comment (no registration required)

Security

Ego-driven administrator takes city network hostage

Talkback

Latest

In The Tech Herald

Site

The Fine Print