Share
Yesterday, during his appearance in court, Terry Childs (43) pled not-guilty, but remains in jail on $5 million USD bail. Childs was the administrator for San Francisco’s Department of Telecommunications and Information Services. According to the San Francisco Chronicle, Childs is acting childish and holding the city’s administrator accounts hostage.
Childs claims he is not-guilty on all four counts. His bail is upheld. (IMG:J.Anderson)
Update:
During his appearance in court yesterday, Childs pleaded not-guilty on all four counts of computer tampering. The Chronicle reports that his lawyer, Erin Crane, called the case a big misunderstanding and claims it has been blown out of proportion by the media. Childs' appearance yesterday was his arraignment where his bail, all $5 million USD of it, was upheld. Crane called the bail “ridiculously high” as her pleas fell on the deaf ears of the court. The attorney's argument was that bail should be lowered for her client because the network is still running.
Another interesting tidbit that came from the trial is that Childs has been willing to hand over the password he is charged with withholding since Tuesday. This is news to his ex-colleagues in the DTIS, according to the Chronicle.
However, even with all of the new information, Childs is still in control. Childs is accused of tampering with the city’s FiberWAN network system and killing off access to other authorized users. The network is still working, but no one has administration access rights. Apparently Childs started mucking around with the network on June 20, when he became obsessed with a performance review that rated his job performance as poor.
Childs worked for the city for about five years, but maybe there is a bigger problem than his imposed network restrictions. According to a report on TechRepublic, he crossed in to mild-stalking too.
"Apparently the city hired a new head of security some months ago. She began auditing who had password access to the system. Childs seemed to not handle this well and began photographing her," writes Tricia Liebert. "His behavior became increasingly possessive of the system but he continued to have access to it. In addition, he had access to his boss’s emails regarding his conduct. At least until he was taken into custody on July 13. But why did it take so long?"
Why indeed? Childs had a criminal past -- which is not relevant in this issue -- but, at the same time, when you look at what he has done, the past charges of robbery and burglary in the '80s is eerie. After all, he did technically steal the FiberWAN network. No one can access it to perform administrations tasks, and he is reported to have done this as a method of job security.
Some have asked why it took so long to limit Childs’ access if he was rated with poor performance; Liebert's article poses just one such question. The answer is simple, it’s a city government, and there are processes and red tape to move through. If this were a company, the CIO or CISO would have removed Childs' admin access before the performance review, and likely terminated his job on the spot. IT is not a job market where abuse of trust or poor job performance is tolerated kindly. When you run a city, or help run a city’s network, then trust and performance are even more important factors.
How will the city recover? Cisco has apparently been called in to help with the issue. There are rumors and fears that Childs may have opened the network up to the outside. The odds that he has are slim; this is pure ego and control on his part. His goal was to screw his employer, and he did so.
Does he really have these passwords? Was there some sort of negotiation no one knew about? Only Childs himself knows the answer. Despite the claim by a former co-worker that “I don't believe it's in Terry's character to do such a thing,” the fact is, he did.
Was there too much hype given to this case in the press? Yes and no. Yes, because there was a lot of hype and FUD. He revoked admin rights, and locked out other managers. He wasn’t selling secrets, or planting Malware, nor is there any proof he installed third-party software to allow remote access. And no, because Childs violated his position's trust. He made himself god of the network, and essentially took his toys and went home when called on poor performance.
Tech news will focus on this because of two things. One is that insider threat is a very real and serious worry for businesses, and this is a prime example of insider threat. The other focal point is that Childs is an IT admin who oversees, or at the least helped oversee, an expansive and critical infrastructure. When he revoked admin rights, the tech press took notice. Again, this is simply something that isn’t done in IT. When it happens, it’s rare.
What does this say about the trust process inside a network hierarchy? When one person can control everything, and they abuse that trust, then others are left high and dry.
Chime in on the comments section, how would you manage trust in your IT staff? Does your company have a policy for this in place? Are IT employees screened before they are hired? Should they be?
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story