Ego-driven administrator takes city network hostage (Update)

by Steve Ragan - Jul 18 2008, 11:34

Yesterday, during his appearance in court, Terry Childs (43) pled not-guilty, but remains in jail on $5 million USD bail. Childs was the administrator for San Francisco’s Department of Telecommunications and Information Services. According to the San Francisco Chronicle, Childs is acting childish and holding the city’s administrator accounts hostage.

Childs claims he is not-guilty on all four counts. His bail is upheld. (IMG:J.Anderson)

Update:During his appearance in court yesterday, Childs pleaded not-guilty on all four counts of computer tampering. The Chronicle reports that his lawyer, Erin Crane, called the case a big misunderstanding and claims it has been blown out of proportion by the media. Childs' appearance yesterday was his arraignment where his bail, all $5 million USD of it, was upheld. Crane called the bail “ridiculously high” as her pleas fell on the deaf ears of the court. The attorney's argument was that bail should be lowered for her client because the network is still running.Another interesting tidbit that came from the trial is that Childs has been willing to hand over the password he is charged with withholding since Tuesday. This is news to his ex-colleagues in the DTIS, according to the Chronicle.However, even with all of the new information, Childs is still in control. Childs is accused of tampering with the city’s FiberWAN network system and killing off access to other authorized users. The network is still working, but no one has administration access rights. Apparently Childs started mucking around with the network on June 20, when he became obsessed with a performance review that rated his job performance as poor.Childs worked for the city for about five years, but maybe there is a bigger problem than his imposed network restrictions. According to a report on TechRepublic, he crossed in to mild-stalking too. "Apparently the city hired a new head of security some months ago. She began auditing who had password access to the system. Childs seemed to not handle this well and began photographing her," writes Tricia Liebert. "His behavior became increasingly possessive of the system but he continued to have access to it. In addition, he had access to his boss’s emails regarding his conduct. At least until he was taken into custody on July 13. But why did it take so long?"Why indeed? Childs had a criminal past -- which is not relevant in this issue -- but, at the same time, when you look at what he has done, the past charges of robbery and burglary in the '80s is eerie. After all, he did technically steal the FiberWAN network. No one can access it to perform administrations tasks, and he is reported to have done this as a method of job security.Some have asked why it took so long to limit Childs’ access if he was rated with poor performance; Liebert's article poses just one such question. The answer is simple, it’s a city government, and there are processes and red tape to move through. If this were a company, the CIO or CISO would have removed Childs' admin access before the performance review, and likely terminated his job on the spot. IT is not a job market where abuse of trust or poor job performance is tolerated kindly. When you run a city, or help run a city’s network, then trust and performance are even more important factors.How will the city recover? Cisco has apparently been called in to help with the issue. There are rumors and fears that Childs may have opened the network up to the outside. The odds that he has are slim; this is pure ego and control on his part. His goal was to screw his employer, and he did so.Does he really have these passwords? Was there some sort of negotiation no one knew about? Only Childs himself knows the answer. Despite the claim by a former co-worker that “I don't believe it's in Terry's character to do such a thing,” the fact is, he did.Was there too much hype given to this case in the press? Yes and no. Yes, because there was a lot of hype and FUD. He revoked admin rights, and locked out other managers. He wasn’t selling secrets, or planting Malware, nor is there any proof he installed third-party software to allow remote access. And no, because Childs violated his position's trust. He made himself god of the network, and essentially took his toys and went home when called on poor performance.Tech news will focus on this because of two things. One is that insider threat is a very real and serious worry for businesses, and this is a prime example of insider threat. The other focal point is that Childs is an IT admin who oversees, or at the least helped oversee, an expansive and critical infrastructure. When he revoked admin rights, the tech press took notice. Again, this is simply something that isn’t done in IT. When it happens, it’s rare.What does this say about the trust process inside a network hierarchy? When one person can control everything, and they abuse that trust, then others are left high and dry. Chime in on the comments section, how would you manage trust in your IT staff? Does your company have a policy for this in place? Are IT employees screened before they are hired? Should they be?

View blog reactions

If you liked this story please support TTH and Buzz the site on Yahoo.

Talkback

Add your comment (no registration required)

page: 1 2

Matthew FlaschenJul 18th, 2008 - 12:08:43

'Despite the claim by a former co-worker that “I don't believe it's in Terry's character to do such a thing,” the fact is, he did.'

How about a little innocent until proven guilty? Everything in moderation, right?

Report this comment

GnarlodiousJul 18th, 2008 - 12:09:42

This is why a team should be at the top. Much harder to get 5 people agree to hijack the system.

Report this comment

IT TechieJul 18th, 2008 - 12:31:09

As far as I'm concerned this man has committed a terrorist attack on a vital piece of infrastructure it is no different than if it was a bridge, building or power plant he has control of. IF this system goes down, millions of users and Billions in commerce are at stake.

turn him over to homeland security, they have some pretty interesting techniques for getting information out of people.

Report this comment

jc - NYCJul 18th, 2008 - 12:35:58

Why is the author attacking Techies? Perhaps in general, IT gurus up in the heirachy tend to be a bit snobby..? Isn't that the case with heirachies in general? Don't doctors abuse their powers? Don't presidents abuse their powers? How are they monitored? I don't agree with what Child did, but perhaps the punishment should be lighter than what it is.

Report this comment

SteveJul 18th, 2008 - 12:40:48

One thing is for certain, this guy's career in Information Technology is over. Who'd hire him?

Report this comment

aNoNJul 18th, 2008 - 13:33:18

This article is very biased. You are taking judgment instead of writing the facts. Stick to the actual story.

I am giving Childs the benefit of the doubt.

Since it was the city he worked for and not some IT company then I would guess the poor review was based on people skills or something stupid like that and not about his job performance. IT people are usually not the best with people skills and frankly its not their job to be.

And isn't this exactly the kind of thing they wanted to happen. They didn't want everyone to have access to the system and now they are mad that is what happened. Essentially he just made the auditing of who had password access to the system useless. Why do an audit when you know the answer? He could have given them a fresh start on who has control and they just took it the wrong way.

If giving the password would have circumvented the arrest or job termination he probably would have given it. But after being arrested or terminated the password is his only bargaining chip and you don't just give them away.

Report this comment

IT AuditorJul 18th, 2008 - 14:22:31

I do not agree with what he did or what he seems to have done. I will give him the benefit of the doubt. This is just one of the reasons why we recommend that there should no one user that can access all parts of the system and that there be more than one administrator.

Report this comment

fugdabugJul 18th, 2008 - 14:29:59

First off, someone who doesn't really understand server tech, shouldn't write articles such as this. Secondly, if the man has such a criminal past it should reflect in this case, this is not someone who would be considered for such a high value position. Thirdly: It is not that hard to recover the information from the servers with a mere password lock-out. The lock can be over-ridden in a matter of minutes (you may have to do each server separately however it takes a few minutes for each machine in the network). I am very surprised that the City of San Francisco cannot come up with people to undo this sham! Because that is what it is, a sham! Nothing more. Now get some serious tech admins in there (people who are 'Hackers'- which is a technical term for folks that know security of computer systems) and it will be resolved in short order. As for Mr. Childs, let him be prosectued according to the law for his crime. (And 'no', he doesn't need some medieval mentality working him over with fascistic methodologies!)
Respectfully submitted,
'fugdabug'

Report this comment

Human Resources and the ITJul 18th, 2008 - 16:41:59

Human Resources and new management made the wrong moves in handling this employee.

“Apparently the city hired a new head of security some months ago. She began auditing who had password access to the system. Childs seemed to not handle this well and began photographing her. His behavior became increasingly possessive of the system but he continued to have access to it. In addition, he had access to his boss’s emails regarding his conduct. At least until he was taken into custody on July 13. But why did it take so long?” Tricia Liebert wrote.'\

IT admins have always had the reputation of acting a bit superior than their bosses probably because of recurring simple daily troubleshoots like print spooling that their 'tech-illiterate' bosses can never learn to use. A 126,000 dollar IT is not the top of the food chain. But clearly as a 43 year old IT admin he probably comes from the old school--- ITs who have more hand on experience than degrees. These type of IT guys learned the trade on their own and fail to see why others can't do the same.

In other words, 'ego-driven' ITs have been around since windows 95 so you would think a good human resource manager would understand the personality of an IT admin.

That being said. It's never a good policy for a 'new boss' to negative review a long-term employee within the first 90-180 days. 3-6 months is not enough time to assess a negative review. Human resources and this new chief security made the fatal mistake of coming in as an interloper.

One of the rules of a good manager is 'new' boss (with the help of human resources) should establish a good rapport with his employees before handing down poor reviews. Especially in the case of IT admins who have access to private emails.

The man has been employed by the city for over five years so his performance was at least satisfactory. This new boss seems to lack the skills of management and the general knowledge of IT administration that she plans to manage.

Come on, as head of security, she should have known of his access and could have employed a less threatening tactics to achieve her manegerial goals.

Report this comment

Ron AustinJul 19th, 2008 - 07:55:28

Hey Ragan, I'd love to see someone throw your judgemental ass in jail for proveably baseless allegations. OOOH, he took a picture of a co-worker. That makes him a 'stalker'.... You are a total idiot. I bet you don't even have a degree in journalism. Have you ever heard of the word 'allegedly'? If you want to write this crap, you'd better start adding things like ...

, 'according to co-workers'
, 'as stated in the indictment'
, 'as set forth in public records'.... etc.

Otherwise, you and your lousy publication that I'd would never have even heard off might just get your asses sued for defamation and slander. In fact, if this guy is cleared as I expect him to be, I am going to see to it that he sues you. No.. really. You can't print crap like this and expect to get away with it. The DA and attorneys can... it's called the litigation privilege. Look it up.

Report this comment

page: 1 2

Add your comment (no registration required)

Security

Ego-driven administrator takes city network hostage (Update)

If you liked this story please support TTH and Buzz the site on Yahoo.

Talkback

Latest

In The Tech Herald

Site

The Fine Print