Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Inside Story On the San Francisco Network Hijacking

Soulskill posted more than 6 years ago | from the connection-reset-by-lack-of-peers dept.

Security 471

snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."

cancel ×

471 comments

Sorry! There are no comments related to the filter you selected.

and in stargate news..... (2, Interesting)

ufpdom (556704) | more than 6 years ago | (#24250365)

The giant flash was just some solar burst.. it wasnt anubis' ship

Re:and in stargate news..... (5, Insightful)

GovCheese (1062648) | more than 6 years ago | (#24250439)

So instead of letting the air out of the car's tires, a car he loved, he simply wouldn't give the keys to dangerous drivers.

Mods on crack (5, Insightful)

A nonymous Coward (7548) | more than 6 years ago | (#24251007)

This analogy is spot on, and whoever modded it off-topic obviously is incapable of understanding the topic and shouldn't have had the keys to the mod-car in the first place.

Running smoothly because no one can touch it (0)

Anonymous Coward | more than 6 years ago | (#24250397)

If no one can get it, no one can mess it up, which might prove he was a capable admin.

Open Source (-1, Offtopic)

sleeping123 (1109587) | more than 6 years ago | (#24250413)

Now, let me grab my OSS soapbox for a minute. EVERYTHING, and I mean EVERYTHING that goes on with governmental computers should be visible to the public. The software should be visible, the editing should be visible because that prevents these travesties! We have this story about one man hijacking an entire freakin' city. One news post down from here, we have more evidence that Diebold has been tampering our elections! How much outrage does the public need in order to demand a little bit of technological transparency?!

Re:Open Source (2, Interesting)

dr_strang (32799) | more than 6 years ago | (#24250443)

You're wrong. Your comparison with Diebold does not even merit cursory contemplation.

Re:Open Source (2, Interesting)

s0litaire (1205168) | more than 6 years ago | (#24250567)

**WAY of Topic** Except when a McCain Ex-Advisor came out to say the Diebold CEO went to 2 Democrat area to "Patch" the Machines in the '02 elections...(those 2 area turned Conservative in that election)... **BACK on topic** But sounds like Childs was a great Admin! The worse thing that can happen to a network is other Admins! You can't have them sticking routers on your network and let them think they know more that you! :D

My Point was. (5, Insightful)

s0litaire (1205168) | more than 6 years ago | (#24250593)

People who fiddle with government machines get let of and win people elections! Those that STOP people fiddling with Machines get locked up on $5 mill bail....:D:D

Re:Open Source (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#24250569)

So based on your statement, passwords, ACLs, social security numbers and other extremely sensitive data should be visible to the public. Could you please post all that information about your own system(s)? Otherwise, STFU.

Re:Open Source (4, Insightful)

brusk (135896) | more than 6 years ago | (#24251071)

Open source does not equal open data.

Re:Open Source (-1, Troll)

Anonymous Coward | more than 6 years ago | (#24250573)

Open source: Snake oil of the computer realm.

Re:Open Source (2, Insightful)

cgenman (325138) | more than 6 years ago | (#24250591)

This makes no sense. A properly secure network should be in complete control of those creating it, simply through password and other authentication. Sure, good documentation is helpful in a worst case scenario, but you really need a hit-by-a-bus contingency team.

Mod down (1)

ArchieBunker (132337) | more than 6 years ago | (#24250621)

How does open source prevent this from happening?

Re:Mod down (2, Funny)

nomadic (141991) | more than 6 years ago | (#24251073)

The magical pixie dust created everytime an OSS program runs.

Relevant statute (0)

unassimilatible (225662) | more than 6 years ago | (#24250437)

California Penal Code 502 [nsi.org]

502. (a) It is the intent of the Legislature in enacting this section to expand the degree of protection afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems. The Legislature finds and declares that the proliferation of computer technology has resulted in a concomitant proliferation of computer crime and other forms of unauthorized access to computers, computer systems, and computer data. The Legislature further finds and declares that protection of the integrity of all types and forms of lawfully created computers, computer systems, and computer data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies, and others within this state that lawfully utilize those computers, computer systems, and data. (b) For the purposes of this section, the following terms have the following meanings: (1) "Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network. (2) "Computer network" means any system that provides communications between one or more computer systems and input/output devices including, but not limited to, display terminals and printers connected by telecommunication facilities. (3) "Computer program or software" means a set of instructions or statements, and related data, that when executed in actual or modified form, cause a computer, computer system, or computer network to perform specified functions. (4) "Computer services" includes, but is not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network. (5) "Computer system" means a device or collection of devices, including support devices and excluding calculators that are not programmable and capable of being used in conjunction with external files, one or more of which contain computer programs, electronic instructions, input data, and output data, that performs functions including, but not limited to, logic, arithmetic, data storage and retrieval, communication, and control. (6) "Data" means a representation of information, knowledge, facts, concepts, computer software, computer programs or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer or in transit or presented on a display device. (7) "Supporting documentation" includes, but is not limited to, all information, in any form, pertaining to the design, construction, classification, implementation, use, or modification of a computer, computer system, computer network, computer program, or computer software, which information is not generally available to the public and is necessary for the operation of a computer, computer system, computer network, computer program, or computer software. (8) "Injury" means any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by the access, or the denial of access to legitimate users of a computer system, network, or program. (9) "Victim expenditure" means any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, deleted, damaged, or destroyed by the access. (10) "Computer contaminant" means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, that are self-replicating or self-propagating and are designed to contaminate other computer programs or computer data, consume computer resources, modify, destroy, record, or transmit data, or in some other fashion usurp the normal operation of the computer, computer system, or computer network. (11) "Internet domain name" means a globally unique, hierarchical reference to an Internet host or service, assigned through centralized Internet naming authorities, comprising a series of character strings separated by periods, with the rightmost character string specifying the top of the hierarchy. (c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense: (1) Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data. (2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network. (3) Knowingly and without permission uses or causes to be used computer services. (4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network. (5) Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network. (6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section. (7) Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network. (8) Knowingly introduces any computer contaminant into any computer, computer system, or computer network. (9) Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network. (d) (1) Any person who violates any of the provisions of paragraph (1), (2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (2) Any person who violates paragraph (3) of subdivision (c) is punishable as follows: (A) For the first violation that does not result in injury, and where the value of the computer services used does not exceed four hundred dollars ($400), by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (B) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000) or in an injury, or if the value of the computer services used exceeds four hundred dollars ($400), or for any second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (3) Any person who violates paragraph (6) or (7) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, an infraction punishable by a fine not exceeding one thousand dollars ($1,000). (B) For any violation that results in a victim expenditure in an amount not greater than five thousand dollars ($5,000), or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (C) For any violation that results in a victim expenditure in an amount greater than five thousand dollars ($5,000), by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in the state prison for 16 months, or two or three years, or by both that fine and imprisonment, or by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (4) Any person who violates paragraph (8) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, a misdemeanor punishable by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (B) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding ten thousand dollars ($10,000), or by imprisonment in a county jail not exceeding one year, or in the state prison, or by both that fine and imprisonment. (5) Any person who violates paragraph (9) of subdivision (c) is punishable as follows: (A) For a first violation that does not result in injury, an infraction punishable by a fine not one thousand dollars. (B) For any violation that results in injury, or for a second or subsequent violation, by a fine not exceeding five thousand dollars ($5,000), or by imprisonment in a county jail not exceeding one year, or by both that fine and imprisonment. (e) (1) In addition to any other civil remedy available, the owner or lessee of the computer, computer system, computer network, computer program, or data who suffers damage or loss by reason of a violation of any of the provisions of subdivision (c) may bring a civil action against the violator for compensatory damages and injunctive relief or other equitable relief. Compensatory damages shall include any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, damaged, or deleted by the access. For the purposes of actions authorized by this subdivision, the conduct of an unemancipated minor shall be imputed to the parent or legal guardian having control or custody of the minor, pursuant to the provisions of Section 1714.1 of the Civil Code. (2) In any action brought pursuant to this subdivision the court may award reasonable attorney's fees. (3) A community college, state university, or academic institution accredited in this state is required to include computer-related crimes as a specific violation of college or university student conduct policies and regulations that may subject a student to disciplinary sanctions up to and including dismissal from the academic institution. This paragraph shall not apply to the University of California unless the Board of Regents adopts a resolution to that effect. (4) In any action brought pursuant to this subdivision for a willful violation of the provisions of subdivision (c), where it is proved by clear and convincing evidence that a defendant has been guilty of oppression, fraud, or malice as defined in subdivision (c) of Section 3294 of the Civil Code, the court may additionally award punitive or exemplary damages. (5) No action may be brought pursuant to this subdivision unless it is initiated within three years of the date of the act complained of, or the date of the discovery of the damage, whichever is later. (f) This section shall not be construed to preclude the applicability of any other provision of the criminal law of this state which applies or may apply to any transaction, nor shall it make illegal any employee labor relations activities that are within the scope and protection of state or federal labor laws. (g) Any computer, computer system, computer network, or any software or data, owned by the defendant, that is used during the commission of any public offense described in subdivision (c) or any computer, owned by the defendant, which is used as a repository for the storage of software or data illegally obtained in violation of subdivision (c) shall be subject to forfeiture, as specified in Section 502.01. (h) (1) Subdivision (c) does not apply to punish any acts which are committed by a person within the scope of his or her lawful employment. For purposes of this section, a person acts within the scope of his or her employment when he or she performs acts which are reasonably necessary to the performance of his or her work assignment. (2) Paragraph (3) of subdivision (c) does not apply to penalize any acts committed by a person acting outside of his or her lawful employment, provided that the employee's activities do not cause an injury, as defined in paragraph (8) of subdivision (b), to the employer or another, or provided that the value of supplies or computer services, as defined in paragraph (4) of subdivision (b), which are used does not exceed an accumulated total of one hundred dollars ($100). (i) No activity exempted from prosecution under paragraph (2) of subdivision (h) which incidentally violates paragraph (2), (4), or (7) of subdivision (c) shall be prosecuted under those paragraphs. (j) For purposes of bringing a civil or a criminal action under this section, a person who causes, by any means, the access of a computer, computer system, or computer network in one jurisdiction from another jurisdiction is deemed to have personally accessed the computer, computer system, or computer network in each jurisdiction. (k) In determining the terms and conditions applicable to a person convicted of a violation of this section the court shall consider the following: (1) The court shall consider prohibitions on access to and use of computers. (2) Except as otherwise required by law, the court shall consider alternate sentencing, including community service, if the defendant shows remorse and recognition of the wrongdoing, and an inclination not to repeat the offense.

short version (5, Funny)

ypctx (1324269) | more than 6 years ago | (#24250481)

short version: if you bad to computers, we bad to you!

Re:short version (5, Funny)

smitty_one_each (243267) | more than 6 years ago | (#24250587)

Dude, you're never going to stay in office by communicating the simple truth.

appropriately short response (1)

pxc (938367) | more than 6 years ago | (#24250879)

<3

I'd like to buy a paragraph, Pat (-1, Troll)

Anonymous Coward | more than 6 years ago | (#24250629)

Seriously, have you never heard of paragraphs?
Did you preview that abomination before posting?

Might want to buy a personality, gratitude (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#24250927)

I did use paragraphs in the supposed "plain text" submission. But even with plain text you have to use break tags on this fucked-up Website. And no, I do have time to insert 100 break tags for your satisfaction, your majesty. I also provided a link that did have paragraphs.

You are welcome, asshole, for the info!

Is this really the case? (3, Insightful)

l2718 (514756) | more than 6 years ago | (#24250467)

It's hard to believe that management didn't care that a single employee was the only one who knew anything about critical infrastructure, no matter whether the employee arranged things this way because he thought no-one else was good enough or because this was his was of becoming entrenched.

Re:Is this really the case? (5, Insightful)

russotto (537200) | more than 6 years ago | (#24250483)

It's hard to believe that management didn't care that a single employee was the only one who knew anything about critical infrastructure, no matter whether the employee arranged things this way because he thought no-one else was good enough or because this was his was of becoming entrenched.

I find that easy to believe. Even easier to believe that they didn't know this was the case, or knew but did not understand.

Re:Is this really the case? (3, Insightful)

l2718 (514756) | more than 6 years ago | (#24250551)

Even easier to believe that they didn't know this was the case, or knew but did not understand.

This doesn't sound reasonable. If management behaved like this they would have been fired before this guy was -- the management problems would be greater than the technical ones.

Re:Is this really the case? (5, Insightful)

Xzzy (111297) | more than 6 years ago | (#24250649)

Never worked for the government, have you? ;)

Management is where people who are too incompetent for technical work go. No one gets fired, they get moved to different departments. As a last resort, they get assigned to 'special projects' for about a year in the hopes that everyone will forget what an imbecile they are, and will be safe to move back into the management structure.

Re:Is this really the case? (4, Insightful)

Televiper2000 (1145415) | more than 6 years ago | (#24250755)

Or you write them a glowing recommendation and help them get promoted out.

Incompetence is all around us... (1)

mkcmkc (197982) | more than 6 years ago | (#24251035)

Never worked for the government, have you? ;)

Believe me--it's every bit as bad in the private sector...

Re:Is this really the case? (0)

Anonymous Coward | more than 6 years ago | (#24250683)

I don't imagine you've ever worked a government job...

Re:Is this really the case? (4, Insightful)

Minwee (522556) | more than 6 years ago | (#24250699)

If management behaved like this they would have been fired before this guy was

It's nice to believe that but, to abuse an oft-quoted phrase, quis sacko ipsos pointyhaires?

Before you can fire someone for being a complete idiot, you have to not be totally out to lunch yourself. More importantly you have to possess evidence to back up your decision which is at least strong enough to outweigh the political costs of making it.

If you think this all sounds like a load of crap, then consider yourself lucky that you have never been in the middle of it.

Re:Is this really the case? (2, Insightful)

Dun Malg (230075) | more than 6 years ago | (#24250757)

Even easier to believe that they didn't know this was the case, or knew but did not understand.

This doesn't sound reasonable. If management behaved like this they would have been fired ...

Hah! You clearly have never worked for the government. It may not sound reasonable, but bureaucrats are almost always some combination of ignorant and oblivious. I mean, part of the reason they put this guy in charge is that he's probably the only person who knew how to do anything. And you have to ask yourself, who's going to fire these marginally competent managers? Their marginally competent bosses? People who know what they're doing are unfortunately the exception in government. Most competent folks find work that rewards them on the merits of abilities, rather than their seniority and butt-kissing ability.

Blockbuster (1)

theshowmecanuck (703852) | more than 6 years ago | (#24250985)

Go to Blockbuster and rent 'Brazil' [imdb.com] . It will provide a very good answer for you. Torrent all your porn I don't care, but rent this. Terry Gilliam deserves whatever royalties he gets. And look for the scenes with Robert De Niro in them, his character is crazy and funny as hell... I never even figured out he was in it till about the 4th time I saw it.

Re:Is this really the case? (4, Interesting)

falcon5768 (629591) | more than 6 years ago | (#24250695)

funny I find it VERY easy to believe. Right now only 3 people in my own district now the running of the network, and only 1 by extension of that the complete configuration of the OS X server running the mac portion of the district. I have a emergency recovery manual I wrote myself, but it is under lock and key by me to keep all but 2 people from knowing it because I KNOW the other techs and administrators are incompetent political appointees who will royally screw things up and cause much more damage than they solve if they try to implement it without know what is going on.

Re:Is this really the case? (5, Insightful)

MightyMartian (840721) | more than 6 years ago | (#24250731)

It seems pretty idiotic to me. I still think they should throw this guy in the clink, but at the same time, I think some of his superiors should be told to collect their belongings and then have security escort them through the front door, because there was a colossal breakdown of management here if a single guy was permitted to basically hold the entire network's architecture in his head.

Re:Is this really the case? (2, Insightful)

Detritus (11846) | more than 6 years ago | (#24251043)

You can't do that to the Mayor. The higher the position, the less likely that the person occupying it was hired based on their qualifications for the job.

Re:Is this really the case? (5, Insightful)

theshowmecanuck (703852) | more than 6 years ago | (#24250773)

If the others were so stupid as to not do anything about this waaaaayyyyy before, then maybe, just maaayyyybe he was right. They are too stupid to be let loose on the network. :-D

He's still not justified... (5, Interesting)

numbsafari (139135) | more than 6 years ago | (#24250479)

You can try and defend him and glorify him all you want... but as a professional system administrator he should have known that his singular access and pathological behavior was more dangerous than helpful.

What if, instead of being fired he was the victim of an accident or crime? What if he had a health problem? What if a serious, life threatening issue came up (say, you know, an earthquake) that caused the system to be unstable and, at the same time, prevented him from getting there to fix things?

He's still a criminal. But, he's not alone in his behaviour. Whoever his managers are sound to be guilty of criminal negligence. This never should have been possible in a city government the size of San Francisco. Especially when it comes to critical infrastructure. If I were a citizen of San Fran I'd be asking why heads aren't rolling at the highest levels. Why was this allowed to happen? In San Francisco, where you think they'd have no problem finding competent replacements.

Absolutely mind boggling.

Re:He's still not justified... (4, Interesting)

Zerth (26112) | more than 6 years ago | (#24250529)

If this was a case of "He was the only one with the passwords and knowledge, we stupidly fired him without getting that info, and now we realized we're screwed" then he isn't a criminal. His boss maybe, but not him.

Hell, even if the situation was "tell us the info so we can replace you - no - you're fired", he still isn't a criminal. Other than maybe stretching a denial of service crime to fit, other than he hasn't really denied them a service if it is still running.

Re:He's still not justified... (5, Insightful)

numbsafari (139135) | more than 6 years ago | (#24250579)

We still don't know all the details. Perhaps all the accusations are trumped. But, if when his performance became a question he started hiding backups, monitoring his managers' email exchanges and is now not cooperating, he's definitely a criminal.

How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?

Sure, he's the admin, but does that give him the right to create a situation that basically takes the city's IT infrastructure hostage?

I'm not questioning that his superiors should share the larger part of the blame here. But I can't see how he's not at all at fault.

Re:He's still not justified... (5, Insightful)

rwillard (1323303) | more than 6 years ago | (#24250635)

>

How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?

Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.

Re:He's still not justified... (4, Insightful)

bmo (77928) | more than 6 years ago | (#24251059)

>>How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?

>Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.

The Electronic Communication Privacy Act of 1986 protects administrators if "in the performance of their duty" they read email. Please note the date. If you are unfamiliar with it, you should be even if you're "just a user", no excuses.

He's an administrator. He's shielded.

Y'all should know that by now.

You should also know that if you store your email on company servers/isp servers, they get /less/ protected as time goes on, with most protection going to those "in flight" and least to those being stored for over a year.

If you have anything confidential, encrypt it and remove it from your provider's machines and store elsewhere. If you don't ever want the admin to see the email in flight, then end-to-end encryption. These days it's easier than the mid 1980's.

OB On Topic: I can see where he's coming from. A network administrator, if he's doing his job, gains a bit of paranoia. Sometimes that can become unhealthy, and it appears that he's crossed the line into "unhealthy". Criminal? I don't think so. It appears that he's been severely mismanaged by those who never understood "Mack Truck Syndrome". One guy for an entire city? I'm not sure who's crazier, the management or him.

--
BMO

Re:He's still not justified... (3, Insightful)

Zerth (26112) | more than 6 years ago | (#24250713)

If he really did explicitly "hold the network hostage", actually said "I'll trash it if I don't get what I want", then he commited a crime. But what it sounds like so far is "Do your job the way we want, not your way" and he said no and was fired for it, which is generally not a criminal act.

I've known half a dozen people who "knew things" that would ruin their company if they were hit by a bus. None of them would get charged with a crime if they refused to give up that information *after* being fired(although their company might get sued by the shareholders). But none of them are in IT.

As for the email, from the correspondance provided, it doesn't say if he had access to the city's mail servers, but then he isn't being charged with breaking in to them either. Seeing as he ran the network, it'd probably be easy to sniff and read the email "on the wire" without breaking into a computer, since I doubt anyone in the city government used encryption.

Ok, now I'm being a bit nitpicky, sorry:), but how often do we compare email to sending postcards? Other than cellular communications, where else is it illegal to detect something broadcast in the clear?

Re:He's still not justified... (1)

numbsafari (139135) | more than 6 years ago | (#24251093)

Check your logic, man.

Are you saying that any employee of the telephone company has authorization to listen in to your phone conversations simply because they are the ones who run the cables together?

That's the line of logic you are going down when you are saying he did nothing wrong by snooping traffic to read email.

And generally speaking, if in the course of your job you are privy to critical information about the assets of the company, you most certainly are under a legal obligation to provide that information even after you are terminated.

Re:He's still not justified... (0)

Anonymous Coward | more than 6 years ago | (#24250913)

I don't agree with your logic and I have been in situations where I was the only one with company critical information (the private sector is not immune from this type of idiocy).

While I don't lay the blame entirely on him (though it sounds like cultivated the situation) for being the only one with the information, the information none the less does not belong to him.

So yes I do think he is criminal for not turning the information over when he was terminated. And while not strictly criminal, if the information about him refusing to share the information is true he is a horribly petulant and pathetic employee.

Essentially I don't see this as being much different from firing your facilities manager that had the only copy of the keys to open your doors. Yes the building might keep "operating" perfectly, but no one can get in to perform new tasks or fix anything that may fail.

Re:He's still not justified... (4, Interesting)

Zerth (26112) | more than 6 years ago | (#24251013)

Yah, I agree it he probably is a huge jerk and should've given up any passwords or other info when he was canned, just out of professionalism(and maybe a little "here's the knife, cut your own wrists"). But I think the management is probably blowing this out of proportion to cover their own asses.

A company I shared a parking lot with during the dot bomb laid off their entire programming department a few months after they hit release and hired an outside company to "sanitise" the computers in the building. After the contractors wiped the CVS server, management threatened to sue/charge several of the programmers for "mislabeling" the CVS server deliberately so that would happen(it was labeled "Walgreens", bad pun).

That fell flat eventually, the guy who proposed the 100% layoff got the axe for it, and I heard the story from a couple of the programmers that were contracted back to get things back up to snuff(ie, they "failed" to destroy "illegal" backups and were able to save the company's bacon).

Are you sure he's a criminal? (4, Interesting)

unassimilatible (225662) | more than 6 years ago | (#24250533)

He's certainly guilty of being a bad employee, as well as affirming all of those user-unfriendly IT sterotypes (those are often true, BTW). But criminal?

In America, they have to prove that first. Looking at the statute, it seems it all comes down to the issue of "without permission." The main point the article makes is that he might have had at least understood or standing permission to do most or all of what he did. Just like when you take your parents' car somewhere as a teenager, it isn't theft if it's understood that you are allowed to use it.

The article is one-sided, and his alleged refusal to give up the passwords looks bad (perhaps he is remaining silent until he speaks with counsel), but proving he didn't have permission might be hard. Ergo, no criminal.

Re:Are you sure he's a criminal? (4, Insightful)

dreamchaser (49529) | more than 6 years ago | (#24250595)

He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal. Let's not rationalize or glorify him just because he's a geek...shades of the apologists for Reiser come to mind now, though this crime isn't as bad as murder.

Re:Are you sure he's a criminal? (3, Funny)

Zerth (26112) | more than 6 years ago | (#24250737)

Well, now that you've invoked Reiser, it'll probably be true. It'll be a new rule: "If somebody mentions Reiser, the accused geek is probably guilty."

Re:Are you sure he's a criminal? (4, Insightful)

MightyMartian (840721) | more than 6 years ago | (#24250769)

We're getting the same sort of wagon-circling that we saw when Hans Reiser was charged. No one seems willing to admit that some of us "geeks" are self-important prima donas who border on pathologically criminal behavior. This guy is clearly a criminal. Of course, proper management would have recognized this behavior much earlier, and wouldn't have given him the keys to the kingdom, so it's a combination of a very bad guy and some very incompetent guys. There's no worse a combination.

It's guys like this that bring our IT occupations into ill-repute, by furthering their stereotype of Coke-swilling social retards on power trips. I hope they throw the book at him, and I hope that while he's sitting in prison he has time to ponder the fact that he isn't a god, but merely an employee.

Re:Are you sure he's a criminal? (0)

Anonymous Coward | more than 6 years ago | (#24251001)

Mod this one up. This is the entire thing in a nutshell. Just because you are smart, or smarter, than others, doesn't give you special privilege.

I think we would all do well to recall the story of Socrates. Unquestionably one of the smartest persons whom ever lived, and when the hateful ignorant system of justice of his day came down on him he accepted it as injustice along with the punishment. He died. Think about that. I really believe that story is the key to a tempering a lot of (probably deserved) anger among today's brightest minds who think they are doing society a favor by bending the rules.

Re:Are you sure he's a criminal? (3, Insightful)

Anonymous Coward | more than 6 years ago | (#24251053)

I hope that while he's sitting in prison he has time to ponder the fact that he isn't a god, but merely an employee.

If the article is right, the guy was on perpetual on call duty. Quite frankly, some of the things that are expected of certain IT people (and basically nobody else except the occasional doctor or military personnel) go beyond the realm of "merely" being an employee (and those other vocations are pitched as lifestyles rather than careers, as well). For folks in those positions, if you don't go a bit nuts about your work, you can't do it.

Yes, a lot of IT people are self-important douchebags. A rare few people really do matter that much, though. This guy seems like he might have been one of them.

I'm not defending what he did, but I do think there's a difference between someone like that and the random sysadmin who thinks he's Jesus just because you need him to reset your password. He's a bit crazy, but it seems like the position he was in might have reinforced that.

Geek apoloist? Uh, no. (2, Insightful)

unassimilatible (225662) | more than 6 years ago | (#24250967)

Don't make ad hominem attacks please. I called the article one-sided, and merely presented a legal analysis of his case. I did not "rationalize" or "glorify" him. Truth be told, I actually tend to dislike IT geeks. They tend to be rude and have no personality and think they are smarter than everyone (which is usually not the case) and believe they are God's gift to an organization. Such attitudes should not be tolerated, regardless of how skilled an IT guy is.

With that said, government organizations tend to take a lowest common denominator attitude with IT departments. They don't pay shit, so the cheapest guy gets hired, often resembling a DMV employee. So I can see how a guy could get possessive about his network. He must know what the average city employee is like: Under-trained, bad attitude, and can't be fired due to unions.

Re:Are you sure he's a criminal? (0)

Anonymous Coward | more than 6 years ago | (#24251005)

Whoever modded you up is guilty of criminal negligence IMO. What you are saying is just stupid.

Re:Are you sure he's a criminal? (4, Insightful)

Motherfucking Shit (636021) | more than 6 years ago | (#24251067)

He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal.

I'll be the first to admit that I don't know the entire story here, but since when is disagreeing with your boss a criminal offense?

What he did is inappropriate, but once they asked for access and/or rescinded his 'permission' and he refused to cooperate, he became a candidate for termination and perhaps civil liability. Whether or not he committed any criminal acts is up for debate. I think it's very dangerous to suppose that resisting your employer - even, no, especially if your employer is the government - is illegal.

Re:Are you sure he's a criminal? (1)

numbsafari (139135) | more than 6 years ago | (#24250613)

I highly doubt he had permission to snoop on his superiors' email.

And, regardless, just because you are the admin of a network and it is understood that *it's your job to make router config changes* doesn't mean you are also authorized to make such changes in an effort to lock out others. Just because a bank manager is authorized to take money from the safe doesn't mean he's authorized to take it for his own use.

You are correct, though, that we don't have all the information and he's definitely innocent until proven guilty. But just because he thought he was surrounded by idiots doesn't mean he was at all justified in his behavior. If he felt so strongly he should have raised public awareness of the fact that the network and its management was so insecure.

I realize this story hits close to home and we can all relate (I know I do) to his situation. But you've got to know when to call it quits in a situation like this. Clearly, he crossed the line. Big time.

Re:He's still not justified... (1)

Arguendo (931986) | more than 6 years ago | (#24250723)

He's not justified, but it does paint a more complete picture of how this could have happened. Any decent manager would never have let it get to that point. Sounds like there is more than enough blame to go around and that Childs is a relatively typical, arrogant, super-competent, super-stubborn geek. He'll no doubt be remorseful after he cools off. He probably already is.

But $5 million bail? C'mon. A grown-up needs to step in here and manage the obvious emotional component of this case.

Re:He's still not justified... (4, Informative)

Orion Blastar (457579) | more than 6 years ago | (#24250833)

>In San Francisco, where you think they'd have no
>problem finding competent replacements.

I guess then that you've never been to San Francisco? San Francisco can't balance their budget and had a hiring freeze since 2007 [sanfranciscosentinel.com] and laid off a lot of people, and only had a skeleton crew running things like IT departments. So things like a network freeze were just bound to happen sooner or later.

George W. Bush isn't the only political leader in the USA who can't balance a budget and is also incompetent and has an incompetent staff. Just look at many state and local governments in places like New York and California. They all want Federal hand-outs to help balance their budgets.

Re:He's still not justified... (1)

pembo13 (770295) | more than 6 years ago | (#24250883)

So based on no real evidence that he has maliciously done anything, you are fully prepared to declare him a criminal. Should he have hired an apprentice and taught them everything?

Re:He's still not justified... (1)

numbsafari (139135) | more than 6 years ago | (#24251033)

No. He shouldn't have hired anybody.

He should have done his job and worked with his fellow employees. He should have properly documented his work and ensured that proper knowledge transfer had occurred.

Based on the information we had, he wasn't working completely alone. There were other employees. On a regular basis he decided not to share information and to purposefully cut people off from that information.

Re:He's still not justified... (1)

ShakaUVM (157947) | more than 6 years ago | (#24250989)

>>This never should have been possible in a city government the size of San Francisco

I think it had less to do with being a city the "size of San Francisco" and more to do with the "San Francisco" part. I lived there for three years, and the government was just as nutty as the people living there.

Who says you can't get a representative government?

Seriously, you could stay up all night having a good laugh by reading the various proposals the City of SF has proposed or passed - the homeless hilton, the George W. Bush waste center, the ban on bottled water, the partial ban on plastic bags, banning throwing away recyclables and then arresting people who hunt through the trash for recyclables, etc. etc. etc. ad hilariousum.

>>In San Francisco, where you think they'd have no problem finding competent replacements.

As my buddy who lives in Mountain View (which is where all the techies actually are - it's about 45 minutes to an hour south of the actual city), "Those San Franciscans are weird." And he's lived in the Bay Area all his life. In other words, the technologically minded people live in the south bay, the nuts live in the city.

Just to piss him off, though, I intentionally confuse SF and Mt. View whenever I see him. =)

Re:He's still not justified... (0, Flamebait)

Toll_Free (1295136) | more than 6 years ago | (#24251081)

The problem is, ITS SAN FRANCISCO.... Had ANYONE said anything to him, he could have said he was being persecuted, and probably won.

Welcome to San Francisco work politics / ethics. I have a home there. I pay rent 90 miles south because I can't STAND the fucking city.

--Toll_Free

Oh, I think I know this guy. (3, Funny)

pushing-robot (1037830) | more than 6 years ago | (#24250491)

Simon Travaglia? [wikipedia.org] Is that you?

configs are not written to flash, eh? (4, Interesting)

swschrad (312009) | more than 6 years ago | (#24250495)

so the network is NOT locked up, it's just unrestoreble after "password recovery."

sounds like what they need to do is get some qualified engineers to redesign it, and when it's on paper, pull the plug on everything, and reconfigure from scratch.

because if it isn't saved in flash, it's going away as soon as the power light goes out.

which makes our jailed genius a little less than blazing fast. in fact, about half fast. parts of the system ARE going to go down. it's the nature of the beast. no records, no writes... the first time the janitor plugs in a 18-amp vacuum in a rack, it's gone.

they'll come along and take his Cisco cert away for not saving the configs, if for nothing else.

Re:configs are not written to flash, eh? (2, Interesting)

bagboy (630125) | more than 6 years ago | (#24250643)

Any cisco router/switch can be set to netboot their configuration. You can keep the full config on a secure linux/etc. box and netboot (encrypted) it. More secure that way? Possibly. Limited access to the box it's stored on could keep it more secure and tightly controlled.

Re:configs are not written to flash, eh? (2, Informative)

Packet Pusher (231564) | more than 6 years ago | (#24251039)

Not to ruin a +5 interesting with facts but the article said he ended up saving the configs and disabling recovery.

So basically the devices are fine, if they reboot they will come back online.

However the only way to regain access is to factory reset which would wipe the configs.

My expectation is that Cisco or someone else is just going to use a hardware device to read the configs out of nvram bypassing wipe config recovery.

Baring that solution Cisco and a partner will likely just write a set of new configs and replace the devices one by one with new units leaving the original devices intact.

Lots of options when you have the amount of experts and cash that Cisco does and you can bet Cisco is making sure to take care of this customer so people continue to buy the products

Bail (5, Insightful)

Ceiynt (993620) | more than 6 years ago | (#24250499)

IANAL, but isn't $5 million US for bail a bit excessive for this?

Re:Bail (0)

Anonymous Coward | more than 6 years ago | (#24250761)

I thought the same. I guess the judge thinks this guy is a huge flight risk.

Re:Bail (1)

kissaki (1205692) | more than 6 years ago | (#24250853)

This guy has local government property by the balls, so I can't imagine that anyone is going to raise the bail issue in his defense or at least get very far with it.

Re:Bail (3, Insightful)

catmistake (814204) | more than 6 years ago | (#24250899)

I agree, however... high profile case, prosecutor (arguably much more powerful than a judge) wants to win with glory, so keep the suspect incarcerated to make him look guilty, makes an exaggerated case for flight risk, and pulls from his tool bag his only tool, his personal fly-swatter (which is actually an over-sized sledgehammer), and with absolutely zero finesse, smashed that fly with an absurd display of force. This is normal operating proceedure.

Re:Bail (2, Informative)

lpangelrob (714473) | more than 6 years ago | (#24250901)

If you post the standard 10% for release, he could possibly come up with the $500,000. By mortgaging any property he owns, he just might be able to get that.

The bigger deal is that I guess they think he's a flight risk.

Means to an end (2, Insightful)

Anonymous Coward | more than 6 years ago | (#24250509)

Honestly, I am surprised the FBI or some other government branch hasn't stepped in on the matter and taken over. If the fiber/wan deals with E911 and other critical functions of the city, I think the city government needs to allow the higher government branches to intervene.

Either use the higher government interaction or just take him out back and start breaking each finger and toe until he talks.

FiberWAN should not have been deployed then (5, Insightful)

paratiritis (1282164) | more than 6 years ago | (#24250515)

That's my first reaction to the news. Critical infrastructure should have redundancy everywhere, including the support staff.

To give a stupid but obvious example what if Childs was run over by a car? OK, he wouldn't care but all the rest of SF would.

So they should never have put the network online until the information was in several places (the brains of several people if formal electronic/paper records were too inflexible).

Stll, this sounds like political infighting more than ever. Given the situation why were they trying to fire a critical person like Childs? Sounds like some bureaucrat with an ego as big as Childs would be involved to cause this, rather than Childs "going rogue". And he (the bureaucrat) was more skilled in the political game. Of course this person would be covering his tracks, and not be obvious in any way. So Childs and the whole of SF lost. His firing does not make sense otherwise, given his critical position.

Ah, the fun of weaving conspiracy theories :-)

Re:FiberWAN should not have been deployed then (0)

Anonymous Coward | more than 6 years ago | (#24250815)

I agree: I think there is a whole lot more to this, than is being let out - Good for Childs I say, "stick it to the man", by all means, when they are being asswipes... which is far more often than not. Most of these "politicians" are the stupidest morons alive (or, is not the current picture of the USA, a shadow of its former self, not evidence thereof?).

Re:FiberWAN should not have been deployed then (3, Interesting)

Anonymous Coward | more than 6 years ago | (#24250905)

More details here [informationweek.com]

Childs, who works in the city Department of Technology, allegedly created a password that gave him exclusive access to the city's new FiberWAN (wide area network), authorities told the newspaper. He has refused to divulge the password, leaving other system administrators locked out.

Undoing Childs' alleged tampering could cost millions of dollars, city officials said. In the meantime, the system is operating, even though administrators have limited or no access.

Childs, who has worked for the city for about five years, had been disciplined in recent months for poor job performance, and supervisors had tried to fire him, the newspaper reported.

"They weren't able to do it -- this was kind of his insurance policy," an official who spoke on the condition of anonymity told the newspaper. Childs allegedly began tampering with the computer system June 20, building a tracing system to monitor what other administrators were saying or doing about his personnel case.

More details here [informationweek.com]

The Chronicle also reported on Wednesday that Childs has a 25-year-old felony criminal record in Kansas, where he was convicted of aggravated robbery and aggravated burglary stemming from charges filed in 1982. Childs was on probation or parole until 1987, according to records uncovered by the newspaper. Childs had disclosed the felony conviction when he applied for the San Francisco job five years ago.

Childs had been highly regarded in the technology department until he became a "rogue employee that got a bit maniacal," Newsom said.

"He was very good at what he did, and sometimes that goes to people's heads," the mayor said. "And we think that's what this is about."

Childs' problems with the department got serious June 20 when he started taking photographs of the agency's new head of security after she began an audit of who had password access to the system, the newspaper said. Childs' frightening behavior prompted the woman to lock herself in an office

His supervisors' concerns grew when they discovered he had given himself exclusive access to the system and had developed a way to spy on his bosses' e-mails related to his conduct. Childs was ordered to leave work July 9 for alleged insubordination.

Teddy is pretty lucky... (0, Redundant)

Doug52392 (1094585) | more than 6 years ago | (#24250525)

I would have thought the government would have deemed Teddy a TERRORIST EXTREMEST PLOTTING TO BLOW UP THE CITY and shipped him off to Guantanamo Bay by now...

Like This is Shocking (4, Interesting)

Black-Man (198831) | more than 6 years ago | (#24250527)

Every software company I have worked for... if one or two people were hit by a bus... the company would be out-of-business. Management knew this... fellow developers knew it. Its a commonplace thing. Engineers take the work so *personally*. "No one can touch that code but me... " blah... blah. Ånd the stupid management goes along w/ these primadonna's. Of course... if they demanded more money... they'd be gone in a NY minute.

there's zealously protecting your turf (1, Insightful)

circletimessquare (444983) | more than 6 years ago | (#24250537)

then there is sitting in a holding cell, still protecting your turf... from the guys you are supposed to be protecting it for

the guy is over the deep end, he is criminally culpable for denying access to the people he built the network for

at best, he can probably use an insanity defense, like paranoid schizophrenia, because his actions are on the extreme paranoid end if this latest revelation about his motives and actions ring true

he's certainly mentally fragile. he shouldn't have that much exclusive control over such an important government network, that's for sure

Re:there's zealously protecting your turf (1)

Jah-Wren Ryel (80510) | more than 6 years ago | (#24250955)

then there is sitting in a holding cell, still protecting your turf... from the guys you are supposed to be protecting it for

the guy is over the deep end, he is criminally culpable for denying access to the people he built the network for

What if he is right? What if all the other network admins are incompetent buffoons? He's in jail, they aren't. Everything is operating just fine as is. So he hands over the keys to the kingdom and the buffoons buffalax it up like he knows they will. Where do you think blame is going to be placed for that? The guy in jail who must have booby-trapped the network, or the team-players who did the best they could to avert certain disaster caused by this domestic computer terrorist?

wait (3, Funny)

circletimessquare (444983) | more than 6 years ago | (#24250981)

i'm not sure if i am being trolled

are you lampooning how a paranoid schizophrenic thinks or are you actually also a paranoid schizophrenic?

Re:wait (1)

Jah-Wren Ryel (80510) | more than 6 years ago | (#24251055)

are you lampooning how a paranoid schizophrenic thinks or are you actually also a paranoid schizophrenic?

What part of "what if he's right" do you fail to understand? Are you so binary that you are unable to comprehend a third option?

Accidents happen, too. (4, Interesting)

Dzimas (547818) | more than 6 years ago | (#24250545)

Every time I see a situation like this, I have to wonder what would happen if an "indispensable" person got hit by a bus. It strikes me that Childs was using his absolute control of the network as a way to put the fear of god in others within the department while attaining more prestige and autonomy than he deserved. The fact that Childs locked everyone out of the system after apparently receiving a poor job assessment backs that up. Sooner or later, the IT department had to take action to strip his stranglehold of the network, especially if he was on the verge of burnout or increasingly difficult to deal with.

I suspect that no one had the interpersonal wherewithal to figure out how to approach him in a non-confrontational manner. The best approach would have been to find someone who Childs respected who could share the load and provide backup and support while the organization attempted to deal with an overly possessive employee who is behaving irrationally.

Re:Accidents happen, too. (1)

pembo13 (770295) | more than 6 years ago | (#24250813)

You can wonder that all you want. But it is a very common situation. Consider the fact that the people most conscious of the dangers of these are often the ones who are "indispensable".

Hit by a bus (5, Funny)

PIPBoy3000 (619296) | more than 6 years ago | (#24250873)

I get a little tired with the "hit by a bus" example. My coworkers use it all the time as an excuse to make me document everything to the Nth degree.

Maybe they could suggest "crushed in an orgy" or "broke lightspeed and turned to photons". Getting hit by a bus is such a boring way to go.

Re:Hit by a bus (1)

xenophrak (457095) | more than 6 years ago | (#24250947)

In SF, it really isn't a big stretch to get hit by Muni:

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/01/18/BAGDUH578.DTL&tsp=1 [sfgate.com]

http://www.muniaccidentlawyers.com/ [muniaccidentlawyers.com]

"There are an average of nine injuries every day on the San Francisco Municipal Railway."

Nice

Death contingency (0)

Anonymous Coward | more than 6 years ago | (#24250547)

If he's so smart he must have had a death contingency in place. The city might just have to use it, without killing him of course.

Complete bunk... (5, Interesting)

Anonymous Coward | more than 6 years ago | (#24250597)

I know someone who worked on the cisco side with this guy. This had been going on for a while. The dude was threatening co-workers doing all kinds of odd stuff. The idea that he was somehow just a little protective is an off the charts miss-representation.

Classic Organizational and Management failure (1)

vk2 (753291) | more than 6 years ago | (#24250623)

This incident effective highlights the organizational and management failure of the whole IT system at San Francisco public department. Its insanely incompetent and gross neglect of duties on everyone's part who made this guy the Lord of the network. There needs to be effective administration, documentation and oversight of things like these. I hope the people of SF wake up and demand some structured organization and competent people to manage these systems.

A tale of 3 losers (3, Funny)

Mr. Lwanga (872401) | more than 6 years ago | (#24250679)

1. Terry: you selfish bastard, if your network cannot be maintained without you, you have failed as an admin 2. The city of SF: common sense - try it out some time 3. The tax payers: what did you do to deserve this?

primitive technology on display (0)

cinnamon colbert (732724) | more than 6 years ago | (#24250741)

whenever you read stuff like this, about how hard it was for childs to setup the fiberwan network, and the complexity of the router details etc etc...
all you can, poorly designed equipment/software
in this day and age, why on earth can't you just plug the routers into the wall and they configure ?
the obvious answer is that the people who buy them [like childs] have a vested interest - they would loose their well paid jobs if it became simple, so they never buy simple stuff...

Re:primitive technology on display (1)

MightyMartian (840721) | more than 6 years ago | (#24250943)

Yes, we should have software that can just automagically sort out very complex network architectures, join together various internal networks, create reliable secure connections between them, all by just plugging something into a wall.

Sheesh

Re:primitive technology on display (1)

pxc (938367) | more than 6 years ago | (#24250961)

my post #10543621 "most arrogant ever on /."

Oh? Because this one's pretty damn close. Judging by your statements, you've probably never dealt with deploying or managing equipment or software at all. Let's start with your crazy conspiracy theory example of why networking equipment can be difficult to set up.

in this day and age, why on earth can't you just plug the routers into the wall and they configure ?

Maybe because not all companies, organizations, departments of either, or any particular group want to use their networks the same way, to do the exact same thing?

Do you even know what a router does? A router connects two different networks. I suppose if you wanted to plug one router in between two such networks and just completely connect it that would be a functional "just configured" situation... except that if one of those networks for the internet, for example, you'd be inviting the internet onto your network.

Are you suggesting that router come with no default configurations, or that they do nothing at all until you shout mysterious phrases in made-up languages under a full Martian moon so that other people can make money "configuring" them like that?

And, just for the record, configuring a router or switch was probably the least of the pains Childs went to in hoarding the San Francisco city network.

Re:primitive technology on display (1)

Fulcrum of Evil (560260) | more than 6 years ago | (#24250979)

You just don't understand network gear. Theres no way for network gear to try and grok what it is you're trying, and the top layer networking (BGP) is so much black magic - there is no theoretical basis for it to work, it just sort of does, mostly. The simple stuff lives in the leaf nodes and does stuff like switch traffic for a single segment on a lan.

Re:primitive technology on display (1)

David_Hart (1184661) | more than 6 years ago | (#24251065)

How did the previous comment score any points whatsoever? Obviously the poster has no concept of the complexity of an Enterprise network.

Enterprise network equipment is difficult to configure and maintain, period. Why? Because it needs to be flexible enough to handle almost any configuration scenario thrown at it. Greater flexibility breeds complexity. Most enterprise networks have at least 3-4 virtual networks (Internet, Wifi, LAN, Management LAN, server LAN, DMZ, etc) all of which require unique security settings. In addition, the network equipment has to play nice with networkable equipment from multiple vendors, including things such as UPS systems, door security systems, cooling systems, etc. None of this lends itself to an automatic configuration scenario. Only home networks, the simplest of networks, would fall into this category.

Don't get me wrong, I'm a network engineer and I would love to have self-configuring network gear. I could then spend all of my time designing, monitoring, and tuning. I just don't see it happening any time soon.

David

Childs is socially irresponsible (1, Insightful)

Anonymous Coward | more than 6 years ago | (#24250817)

If Childs really was so damned concerned about the lack of skills within his own team, he should have been going out of his way to document his work, train the other staff and lift the standards. A person of that level of ability has a responsibility to raise the bar and his management should have known better.

Its obvious that his superiors are the ones largely to blame for letting this go one as long as possible but really, a person of Childs' skills/caliber could have done so much to turn the situation around its not funny.

Stories like this are a tragedy on multiple levels. Sad fact is though, this happens all the time in IT....

Re:Childs is socially irresponsible (1)

masdog (794316) | more than 6 years ago | (#24251031)

Agreed. Cisco books are between $30 and $100 a piece, and he could have easily built a small lending library for his team while giving them OTJ training and a nice set of documentation in a wiki (and a hard copy). Within a year, he could have had a decently-trained staff to administer "his network."

redundancy (1)

TheSHAD0W (258774) | more than 6 years ago | (#24250909)

I'm wondering whether, in the days since the guy was arrested, any of the hardware is having trouble? Yes, they're reporting the network is running smoothly, but is that because nothing has broken or because there's enough redundancy in the system to keep things going? I'd think, in a setup as large as SF must need, SOMETHING would have malfed in the last few days.

I'm curious because it'd be interesting to know if the guy's network-fu is as good as everyone's been saying.

Regaining control of the router is easy (0)

Anonymous Coward | more than 6 years ago | (#24250919)

It only requires physical access to the router and a few minutes. Thousands of dollars of time for all the routers, but not more. What am I missing here?

But, if Terry Childs really wanted to avoid this, he could have just put the password(s) in a safe. Something happens to him, the safe gets drilled open, and everyone is happy. If Childs is simply refusing to give the passwords, then bill him for drilling the safe, and fire him. If I was that distrusting, it's what I would have done, because it would save me from jail and make them prove just how badly they needed the passwords. I'm not that distrusting. I would have a safe, yes, but only give out the combo to my supervisor. Then both of us would have that warm, fuzzy feeling.

What was Childs' job? (2, Insightful)

Captain Sarcastic (109765) | more than 6 years ago | (#24250925)

Let's leave out the legal ramifications here, and let's not go to the hysteria of "he's being thrown to the wolves to protect management" or "he's an evil hacker who shut down the city government networks."

When it comes down to it, one has to ask what Childs' job was. He was supposed to manage the network for the San Francisco city government.

As a result, he was supposed to implement policy as communicated to him by his bosses... but he also had the latitude to take actions to support the spirit of those policies where the right action was unclear. And yes, this is a Pollyanna-esque (is that a word?) view of the situation, but it leaves out the concept of malice as the driving force for either side - because it didn't start out as a plan to shut down the city.

Somehow it morphed into him becoming the sole support for the network routers, be it through arrogance ("I can't believe anyone else would do this right!") or being the only one available ("There's nobody else who works here who even understands the need!"), and at that point this became an incident waiting to happen.

So, either he refused to do his job (at which point he would have deserved to be fired), or his job was such that he was prevented from doing it (at which point professional ethics would have suggested his resignation - or at least, that's what engineering associations would have recommended in similar scenarios).

Instead, he stayed on and we have the current state of affairs.

How many of you... (1)

Monkey_Genius (669908) | more than 6 years ago | (#24250975)

1. Know anyone that was hit by a bus?
2. Know anyone that was hit by a train?
3. Know anyone that was hit by a car?
4. Know anyone that was hit by lightning?
The odds are greater that he is six degrees of separation from Saddam Hussein than any of the above.
That still does not justify what he has done. Granted he is very dedicated and detail oriented, like most of us.
However, from the standpoint of personal responsibility -and integrity- he should have provided a means to allow some trusted individual the means to access these systems -or to provide the means- in the event that he might have been vaporised in a NEO asteroid impact.
Obviously, there is some other dynamic that controls what is occurring in this instance. More than likely there is one or more PHBs that have absolutely no clue as to what this guy does everyday and have elected to *choose a method* that would eliminate or reduce his position. What should be done is to eliminate the PHBs who have no clue and move this guy into management with a team that he can direct.

Not Impressed.... (0)

Anonymous Coward | more than 6 years ago | (#24250983)

I just love America's current paranoic political correctness. Com'n folks, just spit it out. Never mind the "what if her got hit by a bus" crap -- what you mean is "what if he was dead?" And, why mention poor oversight or poor management -- how about " everybody responsible for overseeing what this guy did in his work completely fucked up and should beheld equally responsible for whatever it's going to cost the city to fix the problem".

This is not about the network's security (1, Insightful)

Anonymous Coward | more than 6 years ago | (#24251021)

This is about power.

Reading the story, I get the feeling that this guy didn't want to protect "his" network. Instead he wanted to avoid getting obsolete or being replaceable. His main concern was staying in power and have the last word against his superiours he couldn't get along with.

It's that kind of guy who makes things overcomplicated and puts his hands on everything redundantly just to make others dependent on him. Remember that sentence about not writing configs to flash? That's exactly what he needed: Nothing works without him. (And I'm sure he was willingly risking that his oh-so-well-protected network could fail because he is not in place)

So this is not the type of guy I would want to administer my network. Neither is it what I would call an "expert sysadmin". It's just someone with lots of sysadmin knowledge. But he obviously isn't able to act like a professional.

Simple test (3, Informative)

sthomas (132075) | more than 6 years ago | (#24251069)

Power cycle the network equipment. If it comes back up, pay him for the rest of the year as severance and let him go his own way. If it doesn't come back up, put him away for 10-15 years for public endangerment, and fine him whatever the cost is to the city to recreate the network and for any loss of productivity in the meantime. Either way he is a terrible admin - no one single person should be a single point of failure. What if he got hit by Muni at lunch one day?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>