Wednesday, July 23, 2008

SF Admin Coughs Up Passcodes in Secret Jailhouse Meeting With Mayor

Via Wired.com -

The city of San Francisco has regained control of its network after a "rogue" city employee hijacked the system and then coughed up the passwords nine days later to Mayor Gavin Newsom in a secret jailhouse interview, a city official told Threat Level late Tuesday.

"We were able to regain complete control of the network Tuesday," said Ron Vinson, the deputy director of the city's Department of Technology Information Services.

Admin Terry Childs, 43, is accused of locking out the city from its FiberWAN network containing city e-mails, payroll, police records, information on jail inmates and other data. He was arrested last week and jailed on $5 million bail after refusing to hand over passwords to the Wide Area Network system he built and is accused of taking control of illegally.

Childs' bail was set five times higher than most murder defendants' because the authorities feared that, if released, he might permanently lock the system and erase records. His attorney, Erin Crane, is expected to ask a local judge for his release or a reduced bail as early as Wednesday.

"The mayor showed up unexpectedly at the data center and provided the engineers and forensic experts on the case on site with the passcodes that Mr. Childs had provided the mayor," Vinson said.

San Francisco District Attorney Kamala Harris did not know Monday's jailhouse meeting was taking place between Harris and Childs. It was arranged by Childs' attorney, Erin Crane.

Vinson said the passcodes the mayor handed over did not work initially, but after clearing some confusion with the defendant's attorney, they did.

"Either the mayor got it wrong, or there was something else he had to mention that he was unaware of," Vinson said. "We're now looking into the remediation stage and we're going into the necessary vulnerability analysis and doing a complete look at our network architecture."

[...]

Childs has worked as a computer technician with the city for five years. He earned $126,000 in base pay last year, in addition to another $22,500 for being on-call to assist with network malfunctions. The city's data system has been functioning without error since it was discovered last week that the city had lost control of the bulk of its network.

"Mr. Childs obviously had a misinterpretation of actually who owns the network. It is the taxpayers of the city and county of San Francisco, not him," Vinson said.

-----------------------

He still sounds pretty "rogue" to me.

Sure, it isn't highly unlikely that a single person might be the only one to know some passwords. It isn't good practice, but it happens. Perhaps better internal security control systems could have offset that issue.

I just know, that if it were me..and my bail was set five times higher partly because I haven't given up my passwords, then I would be screaming them at the top of my lungs...

No comments:

Post a Comment