Renegade Sysadmin Gives Up Secret Passwords to SF Mayor
Jul 23, 2008 1:10 PM PT
Usually, it's a mayor who hands out the key to his or her city to residents deserving special recognition. In San Francisco's case, it was Mayor Gavin Newsom who took back the key to his city's computer network from the man who held it hostage for more than a week.
The only positive recognition system administrator Terry Childs is likely to get from his escapade is credit for alerting other cities to take a second look at their information technology security practices.
Childs was jailed July 13 after he changed crucial passwords to the city's wide area network. He was held on US$5 million dollars bond while experts from Cisco Systems attempted to restore access without disabling the entire system.
On Monday, July 21, Childs said through his attorney that he would give up the new passwords, but only to Mayor Newsom. By Tuesday evening, the city was back in control of its own computer network.
How Could This Happen?
Childs may have been driven to enact his cyber-sabotage plan because of what he called "incompetence" at the Department of Telecommunications and Information Services, where he worked for five years, Childs' attorney, Erin Crane, has told reporters. The department had recently seen cutbacks and layoffs, and Childs apparently was worried about potential damage to city networks.
Lean budgets are indeed an issue in the IT world, but cutbacks can also make someone like Childs more valuable.
"The problem with city and state governments is that a lot of times, they don't have a lot in their IT budgets," Paul Ferguson, advanced threat researcher at Trend Micro, told TechNewsWorld.
"We see the same problem all the time -- they hire some third party to set up Web sites or networks, and the consultant collects the money and goes on their way. We have a real hard time finding the right person to clean up the problem," Ferguson said, "because there's no expertise there. It's usually a smalll number of people who have high-level access to the network infrastructure and have the ability to wreak havoc should the opportunity arise."
What Other Cities Should Do
San Francisco's embarrassing IT debacle is a lesson for other municipalities and those who are in charge of their networks.
"They should review their processes," Jamz Yaneza, threat research manager at Trend Micro, told TechNewsWorld.
"It's basically Network 101 to make backups and audit trails of everything," he noted. "Also, you need [to conduct] due diligence of the process and find out who's in charge of what, do background checks. It depends on how much trust you put on the person doing the [system] configuring. Have you done your background checks on this guy? But, on the other hand, have you done your own homework to make sure there are backup processes in place?"
Other cities are likely vulnerable to their own insider threats, according to Ferguson.
"It will happen again," he predicted. "It's happened in the past where some disgruntled employee has planted logic bombs."