S.F. net.admin holds city to ransom

It's IT Blogwatch: in which a San Francisco city network administrator locks out his users and "forgets" the new passwords. Not to mention Simon's annoying cat...

Jeremy Kirk sets pencils to Stun: [I wish somebody would beam you up -Ed.]

A network administrator has locked up a multimillion-dollar computer network for San Francisco that handles sensitive data and is refusing to give police the password ... The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code ... The new FiberWAN (wide-area network) handles city payroll files, jail bookings, law enforcement documents and official e-mail for San Francisco. The network is functioning but administrators have little or no access. Childs, who remains in custody, is accused of improperly tampering with computer systems and causing a denial of service ... Childs was disciplined recently for poor performance. Childs worked in the Department of Technology for San Francisco, making close to $150,000 a year. more

Jaxon van Derbeken broke the story:

A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail ... [He] tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored [and] created a password that granted him exclusive access to the system, authorities said ... [He] began tampering with the computer system June 20 ... undoing his denial of access to other system administrators could cost millions of dollars. Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents. more

John Murrell quips:

Must have seemed like a good plan at the time, but the end game needed work ... Maybe the password is “d1sgruntl3d”. more

Mike Masnick has déjà vu:

Every few years or so, we see a story about some disgruntled tech worker who has planted some sort of trojan in a computer network that lets him shut down or destroy the network ... Right now, it appears that he's been able to lock other top administrators out of the system, and officials are afraid that he's actually opened up access to someone else (though that might just be fear mongering) ... Just a reminder that while insiders may not be the biggest threat to computer networks, they can still be a threat. more

Stacey Higginbotham, too:

This situation reminds me of the one that developed between Robotics Parking and the city of Hoboken, N.J. in 2006. The city’s parking authority built a robotic parking garage, but when the provider increased the annual license fees for the software operating the robotic garage by 20 percent, the city refused to pay. So the garage stopped working, trapping the cars of whomever happened to be parked there that day ... The city’s network problem is a nice reminder of how the knowledge of a few key people has the potential to grind a city’s (or any entities’) operations to a halt if not properly managed. And as technology influences more and more aspects of municipal life, government officials might find themselves more often at the mercy of technology purveyors. more

But Gallenod blames the city:

This is why you disable his account before you tell him he's fired. more

Tyler Aviss has news for SF:

For myself, I've got passwords, SSH-keys, and many other access points everywhere in my company. It's not because I want to screw with them, but because they tend to call me at all sorts of different times and I never know if I'll need secure access to the server. So, routing rules from home. Public SSH keys on various border-servers with my USB-drive having the private keys, etc. ... I could see a bad sysadmin using these same tools and more to entrench himself so deeply that you'd almost have to rebuild the entire infrastructure from scratch to find all the back-doors ... How are you going to know that your authentication methods, your binaries, or even your kernels haven't been messed with in some way? MD5 sums only go so far when you have hundreds of systems tied together. more

scuba_steve_1 has a simple answer:

Where are the backup tapes? Pull the tapes from a date prior to his manipulation of the system. Presumably, it should not be that long ago if they were ensuring that at least one other admin had routine access to the system. In such a case, they should have known within 24 hours that he had done something. If, on the other hand, he was a one man show, then I think that they are screwed. more

And finally...

• Simon's annoying cat

Buffer overflow:

• Henry Blodget: Microsoft to Congress: But Google Will Have Outrageous 90% Market Share!
• Tech Trends: Veritas Cuts Through the Tech Jargon
• Tom Dunlap: Who Will Aggregate the Aggregators?
• James Gaskin: Introduction to Virtual Iron
• Coding Horror: Maybe Normalizing Isn't Normal
• Digital Inspiration: Speech Recognition in YouTube Lets You Search for Spoken Content
• 9 to 5 Mac: Microsoft takes on Apple TV in Netflix, Xbox combo

Other Computerworld bloggers:

• Seth Weintraub: iPhone to get A2DP Stereo Bluetooth?
• Mike Elgan: Will Dell give multi-touch a bad name?
• SJVN: Linux can save us
• Martin MC Brown: Arduino for micro-deployment
• Robert L. Mitchell: Politics, money, and health care IT
• Scott McPherson: Xbox, Netflix partnership a huge salvo in HD download wars
• Mark Hall: Destroy hard drives quickly
• Michael R. Farnum: Hacking for a Career
• Shark Tank: Blackout? What blackout?

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 21 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email: blogwatch@richi.co.uk.

Previously in IT Blogwatch:

• Four minutes to pwn?
• Sizable spammer Soloway's sentencing story
• Apple App Store surprises and delights