CIO Symmetry

Jul 16 2008   1:55PM GMT

San Francisco IT hack story looks a bit too much like Chinatown

Glen Weaver Profile: The Weave


What the hell is going on in San Francisco? It’s like a freaking detective novel out there all of a sudden.

One of the city’s top IT guys has been accused of locking other administrators out of the city’s new fiber wide area network (WAN).

Now he won’t give up the new password. He’s been arrested and in court. He is being held on a whopping $5 million bail and his lawyer says the accused – one Terry Childs – “loves kittens.”

Meanwhile, outside the halls of justice city officials run damage control. No, they say, no data has been compromised. But yes, they are not able to access the network. The mayor’s office and an IT official chime in that everyone is safe, nothing to see here. Mayor Gavin Newsom told the San Francisco Chronicle that Childs “got a bit maniacal.”

And all of a sudden Deep Throat appears, an anonymous city official telling the Chronicle that Childs is one hell of a bad seed. His bosses have wanted him out for ages now, the source breathes from an underground parking garage. His performance (a cigarette is dropped to the ground and screwed into the asphalt by a dress shoe-clad foot) was undoubtedly poor.

But is this the mother of all cover-ups? Childs’ lawyer, tireless public defender Mark Jacobs, thinks it might be.

“There’s someone out there that’s really scared of something, and I don’t know what it is,” Jacobs told a local TV station.

Childs was arrested Sunday. He was in court Monday but sans lawyer, pushing his arraignment to Tuesday. In comes Jacobs, fresh enough to the case to convince Superior Court Judge Paul Alvarado to postpone the whole thing until Thursday. That will give Jacobs time to chat with Childs and posit some arguments for why Childs should be set free while awaiting trial.

But it wasn’t enough to stop the $5 million bail. Prosecutors are arguing that Childs poses a major threat to public safety. Why?

Because he, and apparently only he, can access the city’s brand-spanking-new WAN network. It is the holding ground of emails, law enforcement records and payroll documents, as well as God knows what else, according to the Chronicle.

Childs, prosecutors say, has been having his way with the network for a few weeks now. His superiors caught on but not in time to find they had been shut out. Now the city has hired Cisco Systems to break back in.

The running story, as reported this morning by the Chronicle is that Childs was key in setting up the new WAN network. But, bizarrely, he began taking photographs of the IT department’s female head of security while she worked on a password audit for the system, authorities told the paper. Terrified, the woman locked herself in her office.

So Childs was arrested. Prosecutors say Childs wouldn’t give police the password, then gave them fake passwords. It doesn’t take much to imagine a slick, angry San Francisco detective (Nash Bridges?) banging his hands on an interrogation table and screaming “Give us the password!”

But no, Childs holds firm. Why?

According to DA Kamala Harris, possibly for no good reason at all.

“Motive is not necessarily an element of a crime,” Harris told reporters. Which is technically true, but it’s a little like saying music doesn’t require instruments. In all reasonable cases, we expect to hear some noise. And who the hell listens to a capella anyway?

But give Harris some leeway. She probably hasn’t gotten a complete grip on this mess yet. And who’s to say everything the city tells her is true? Apparently her and the mayor aren’t on the best of terms right now.

Here’s what we know about Terry Childs, 43, of Pittsburg, Calif.:

Childs’ official job title was network administrator in the City and County of San Francisco’s Department of Technology. His base pay, the Chronicle reports, is $126,735. Another $22,534 was tacked on last year because Childs is on call for emergency situations.

He was also arrested in Kansas in 1982 for aggravated robbery and aggravated burglary, according to the report. He received probation or parole until 1987 and disclosed the arrest to his bosses when hired in San Francisco five years ago.

He is now charged with four felony counts of network computer tampering and faces up to seven years in jail if convicted.

Childs is accused of locking a major American city out of its own network, which could make him a criminal. But it makes his bosses look like they should be the ones finding new jobs.

Oh, and he loves kittens.

4  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Sotarr
    Had someone forgotten the FIRST rule of security: NEVER let just one person have all the high-level passwords ??? For that matter: Backups ? Break-glass-in-case-of-emergency root-level passwords sealed in envelopes in a safe ? And more importantly, limit the abilities and access of any one individual. Other versions of this story say that Childs was MONITORING emails and memos about him and a personnel action. Whoever was managing this guy also needs to be let go, with predjudice: one should NEVER allow this many basic security rules to be broken, no matter how talented the admin is. . .
    0 pointsBadges:
  • Jbiscobi
    "Someone out there is really scared of something, and I don't know what that is." OK, I get that he's defending his client and trying to throw out some reasonable doubt or whatever about Childs' intentions, but: Seriously? Does Jacobs really think Childs is the victim of some sort of shadowy conspiracy? That people wouldn't be worried about one man playing keepaway with payroll and other records? Did I just fall into a publicity stunt for the upcoming The X-Files" movie? And what's a guy who made $126,735 + $22,534 a year doing with a public defender?
    10 pointsBadges:
  • Ryster23
    If were one of the stakeholders,(now radically thinking) --I'll immediately compose or hire a team to crack the password. Then I'll run an employee check-up, making sure that my employees will not repeat what just happened, and the department will prevent having again employees like Childs. on the next time... --A comprehensive network security policy, having multiple trustworthy supervisors who will have the high level passwords.
    0 pointsBadges:
  • PenTestMan
    Hmmm, sounds a bit strange... If you dont know the password, chances are it can be broken in 3 days regardless of content; or you could fail over to back up severs, change the hard drives... I find it very hard to see that a whole citys network is down due to one password; doesnt work like that in the UK.
    190 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: