Slashdot Mirror
Disgruntled Engineer Hijacks San Francisco's Computer System
ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."
...you disable his account *before* you tell him he's fired.
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
Or they could just unplug it? Lost productivity is better than lost data here, I'll bet.
Idiotic new law in 5...4...3...
"Childs has worked for the city for about five years. One official with knowledge of the case said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him."
How the hell do you "Try to fire" someone .. either you do it or you don't.
(And please .. no Yoda BS. If you go back and look at when Yoda was first introduced as a character he didn't do that cutesy backwards sentence construction. That came later. So I put it in the realm of Jar Jar - obnoxious character development)
I am Slashdot. Are you Slashdot as well?
We all dream about doing this to our ex-employer, but he's the one who's had the balls to do it!
No, not all of us do. Especially those of us who don't do things that get ourselves fired.
This guy's the limit!
Why the hate towards the public sector? I have found the exact same shit going on in private companies, many of them quite successful.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
ok, you're mad at your employer, perhaps there reasons for firing you are invalid
but taking it out on third parties, such as with locking up law enforcement documents that might decide the guilt of hardcore criminals: you're a selfish asshole for setting up that scenario
maybe you didn't deserve to be fired
but now you deserve to rot in jail for how you responded to your firing
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you. Unfortunately this guy screws it up for all of the honest techs who work hard to earn the trust which they need for doing their jobs.
FTFA:
"At a news conference announcing Childs' arrest, District Attorney Kamala Harris was tightlipped about what his motive may have been."
I think there's more going on here than we're being told.
That director over there, he gets a golden handshake as he goes out the door... You want to keep him sweet because he knows where all your dirty secrets are and could cause all sorts of trouble for your operation.
The sysadmin, youre going to kick out the door becuase hes blue colar... Oh, wait a minute... He really does know where all your dirty secrets are and really can bring your operation to its knees. In fact hes far more dangerous going out the door than the exec... pity you didnt think of that.
Execs are heaved out the door all the time for being incompetent, but its done with kid gloves because theyre deemed to be potentially damaging... And they wear a suit.
Word of advice: if youre sacking somebody who can bring your operation to a grinding halt, make sure you you keep them sweet, regardless of the job they do for your organisation. Its simple business.
I don't understand how it's possible to be locked out of a system that you have direct local access to. You should at least be able to pop in a livecd and edit /etc/password from a livecd. If you need to decrypt stuff might as well start cracking the hash.. they certainly have the computing power to do it o_O
A reputation, based on people with a serious ideological axe to grind. Blind faith in the market producing magical efficiency gains is contrary to everything I have seen during my professional life, both in the public and private sector. From my perspective, I have never seen one bit of evidence to show there is any truth to it outside the imaginations of Tory politicians.
Furthermore, people like you who are so besotted with 'market forces' did attempt to introduce them to public services in the UK, and it has been an unmitigated disaster. The inability of internal prices to truly reflect the quality of services has resulted in huge waste, massive bureaucracy and a decline of standards. Now, the ideologues are at it again trying to push for a new round of 'targets' in the NHS. They never learn.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
Assuming it is Windows or Linux. It might run on some other (e.g. special hardware or mainframe) or/and have en encrypted HDD.
Poor soul. All pissy over a job that pays 150K/yr? This guy lacks perspective, huge. If incarceration and bankruptcy don't help him figure things out - perhaps a stint delivering pizza or a cardboard sign at the offramp.
Are you sure it's a UNIX variant? I assumed it was big iron, and I am not sure those have cd-rom drive. What's more, if he choose a REALLY good password, brute force decrypt might take a *long* time...
because
They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents.
Yes - that's the reason.
Not because he showed up their complete incompetence and made them look like fools and now they want retribution. Protecting the public's right to privacy - yes, that's the reason.
Genesis 1:32 And God typed
modern computer systems have a single point of control or power, the superuser. most admins need that access to do their job, but through that account they can do exactly this, disable all other accounts and change the superuser password. It can be circumvented (usually) with physical access, but it sort of comes down to the fact that someone in a position of trust can abuse it and do a lot of damage. I'm not sure how 'checks and balances' would have prevented it except maybe to not hire nutjobs.
Responsibility is part of the sysadmins job. This concerns sensitive data and uptime of services. He failed.
In the scenario you descibre, the streets would become choked with dirty, unsafe buses and traffic would grind to a halt. This, in fact, happens.
Like so many market fundamentalists, you just can't see how easily your ideology falls flat on its face in the real world, or you would've seen the flaw in your own argument.
You are essentially laying all inefficiency at the feet of the 'state' - i.e. any actor that isn't an entrepreneur - and then using that as 'proof' that the entrepreneur is more efficient. This is what people smarter than you refer to as 'circular logic'.
Perhaps, when you've grown up, experienced the real world a bit and stopped reading Ayn Rands bullshit, you might get a clue.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
You're quick to play the fear card, aren't you? Even considered a position in the Bush administration?
You can't use 'what ifs' to try and pin a more serious crime on someone. Its tyrannical, because essentially your 'what ifs' are subjective and thus you are using your own opinions to override the law.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
Why yes, torture is only wrong when its done by some banana republic. Done right its the utmost expression of freedom, the american way of life and free speech.
HTTP/1.1 400
Of course, if we all had wings, we'd fly. Then reality sets in. Can't change the past.
I'm sure he was plenty stable until he became disgruntled, otherwise he wouldn't have ended up with the admin passwords, no?
That gets you into the operating system. Once you are there, what do you do? SQL databases can/should use passwords.
Web servers can/should use passwords.
Payroll systems MUST use passwords, with all data encrypted.
The above (and others) are where the problem lies, and no single user reboot will fix this.
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
Get fucked, asshole. The last thing this country needs is for butthurt pussies to define another ordinary crime as "terrorism" because they think a particular perp should be punished more "as an example" or because they're afraid.
This is not terrorism. It's an act of sabotage by one individual (who should undergo a psych eval) who should be prosecuted to the extent of the law, and to a lesser extent it's a failure of leadership for his bosses.
Hail Eris, full of mischief...
E pluribus sanguinem
Then why do colleges produce innovations? How do colleges get teaching done (my university certainly manages)? Taking longer to do a task isn't necessarily a sign of laziness - it can be a sign of thoroughness. This is why the private sector notoriously fails at big projects such as infrastructure and space travel. Market forces breed the patience of a 5 year old with ADHD. If you can't do something RIGHT NOW they will find someone who can - or at least *claims* they can.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
(windows systems too.. I mean it is a muni we're talking about..)
But yes.. physical access to a device trumps all. It's probably something like they only have -one- guy that knows what he's doing.. and he just went from being fired to Fed-pound-you-Penn
----- The internet has given everyone the ability to have their voice heard equally as loud.. even if they shouldn't be
This guy is the reason the rest of us have to deal with such draconian security measures around the office place. He has made life worse for everyone he works with and everyone whose CEO reads about this in the newspaper.
Check out my lame java blog at www.javachopshop.com
.
or sued. or jailed.
or would rather not spend the remainder of our prime earning years shelving stock at WalMart or flipping burgers for McD.
Back in the 80's I had an analyst working for me that seemed to become more unstable as each day passed.
We had a big project that he was working on and making great progress but then he started feeling like the software he created was his and not the company's.
I talked it over with the regional VP as we did not have any reason to fire this guy but yet feeling more flaky with him all of the time.
Plus replacing him would set the project back months.
So I went in each evening (only lived a mile from the office) and made a backup of the files just in case.
The project was successful and in retrospect making the backups kept me sane and kept the pressure off of him that he would feel if I was nervous or watching him too closely.
It seems we attract those things we fear.
Dealing with brilliant but somewhat unstable (supposedly) individuals is a tricky balance and occasionally the situation can tip in the wrong direction.
Sounds like this case in SF tipped all the way.
And in the end, the love you take is equal to the love you make
For what it's worth, the guy is a network engineer, I'm assuming these are switches and routers. You don't boot them off a CD. Resetting the password on some of these devices is made possible only by resetting the config. If nobody kept proper config backups, you would have a hard time reconfiguring the device from scratch.
Productivity? By a government agency?
This is not about productivity, it is about control.
My temptation was excessively high. I got the shaft for no good reason, and I was told that either I'd resign or they'd sue me for some kind of breach of contract: they didn't want to have to pay my unemployment, so they made this threat...I can't even remember what it was about now, but I do remember that the PHB...
Oh wait, I remember, it was an Arcview application that had never gotten completed because the demographic data was hung up at the state level, and he kept calling it Arcserve. So yea, I'm sitting there listening to this fat idiot with the bad hairpiece threatening me with a breach of contract dealing with a Windows backup program which we didn't even sell.
What a moron.
Anyway the "contract" was a complete handshake agreement, no paper work, no actual project specs, nothing, and the ball was in the clients court anyway, and in my opinion, they had no real interest in it in the first place. Basically he was trying to force me out to isolate one of the partners (my actual boss), and he was a real asshole about it.
So I had a moment, when I realized I had basically unlimited access, where I was tempted. I'm not a fuckup like the guy in San Fran either; I could have set shit in motion that would never have been caught, and I knew the state their backups were in.
But I'm a professional, and while I never would have been caught, I wouldn't have felt like I could be trusted with the big systems, wouldn't have been able to sit in an interview and say that my personal integrity matters more to me than just about anything.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I've patched programs stored in a DB without knowing the DB admin password, just by hexediting the DB files.
Worst. Idea. Ever.
You should be ashamed of yourself, not proud.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Box in the warehouse has a bios boot password. It is clearable, but there's a problem, the hard drives are 'locked' and are only unlocked by a code stored in the bios during later part of boot. And clearing the bios boot password also clears the lock code.
The guy who set it up drove his car through a red light and got his neck broken. He apparently didn't write down this password.
They ended up sending one set of the mirrored drives to a data recovery house.
Fortunately it was not mission critical, merely 'important' data.
So I'm sure it's doable to make the situation untenable 'on purpose'.
You boot from CD, mount the /etc partition, edit the passwd/shadow file, then reboot normally. Or you pop the boot drive out and connect it to another system, mount the /etc and so on.
No, it just means you got lucky. Plenty of bad ideas work, that doesn't mean they're the best idea.
It's official. Most of you are morons.
You are being disingenuous at best. Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?
Need I go on? You are suggesting local, state and federal government do nothing.
Sorry, but I'm not. I read the first part as a joke and the second as the truth (ie, this is not about productivity, it is about control . . .). One persons funny is another persons flaimbait I guess.
The roads where I live have ridiculous potholes - there's still an 8" deep one from when my parents moved into their current house 20-odd years ago. We get our electricity from a private (although admittedly regulated) utility. My neighbor's car was broken into last night, and a nearby town's water is unbreakable because of an E. Coli contamination.
But, I did get some mail yesterday! Is it the government that pre-approves me for all these amazing credit offers...?
DATABASE WOW WOW
"Are your roads in order, is the traffic calm and orderly? Do you have electricity in your home? Are you being raided by armed bandits? what about clean water, can you drink the water coming out of your faucet? What about the mail, is it being delivered?"
I drive very little on the death traps I have for roads as I have a bicycle and a horse. Thanks to gas prices there is very little traffic anyway. As for electricity I generate my own and what little I get from outside I pay for. Armed bandits?? They lost and haven't had problems since. I have a well and water collection system and distill what I drink. The only mail I get is the odd bill and other garbage. I won't get into the waste of paying for other peoples brats to go to school/babysitter.
If you compare the level of taxes paid to the services received you'll find many of us, you know the public, are ripped off. I'm not saying government does nothing, just very damn little that's meaningful versus the money spent. They do plenty if you're talking about going in circles as slowly as possible. Just look our current troubles and you can see how well our tax dollars have been and are being spent.