Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Inside Story On the San Francisco Network Hijacking

Posted by Soulskill on from the connection-reset-by-lack-of-peers dept.

snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."

3 of 471 comments (clear)

  1. Re:He's still not justified... by Orion+Blastar · · Score: 4, Informative

    >In San Francisco, where you think they'd have no
    >problem finding competent replacements.

    I guess then that you've never been to San Francisco? San Francisco can't balance their budget and had a hiring freeze since 2007 and laid off a lot of people, and only had a skeleton crew running things like IT departments. So things like a network freeze were just bound to happen sooner or later.

    George W. Bush isn't the only political leader in the USA who can't balance a budget and is also incompetent and has an incompetent staff. Just look at many state and local governments in places like New York and California. They all want Federal hand-outs to help balance their budgets.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
  2. Re:He's still not justified... by bmo · · Score: 4, Informative

    "There is a big difference between "in the performance of their duty" and "because are able to do so, they felt like doing so and so they went ahead and did so.""

    The thing is you have to prove it that an admin did it for BOFH style "shits and giggles" or some other motivation other than official use - beyond a reasonable doubt. That's a pretty big hurdle for a prosecution. Some would call it an impossible hurdle.

    That's for when the email is in-flight. Once it hits storage, an admin basically has free reign. As email gets older and older, it gets less protected. Beyond 180 days it's unprotected - the gubmint can even do a search without a warrant.

    Email isn't as protected as paper documents, as the last time this came up before the 6'th circuit, it was refused review on procedural grounds.

    Don't ask me, go read the law yourself. ECPA of 1986.

    If you think that the legal privacy of email is pretty weak because of the ECPA, this was an *improvement* on privacy back in 1986 because prior to that, email was basically equivalent to shouting out the window (and sometimes still is). Once the ECPA passed, BBS operators like myself became paranoid so we decided to put up disclaimers announcing that users should not expect privacy. Such disclaimers during login and registration notified the users and thus shielded the admin from privacy lawsuits and such. Some people think that this gets rid of plausible deniability, because once you say your users have no privacy, the guys in the FBI PartyVan parked in your driveway might suspect that you know what your users are doing, or so the theory goes. But a section of the CDA of 1996 supposedly shields the admins from the actions of a service's users. It gets really complicated if you research even a little bit of this stuff.

    --
    BMO

  3. Re:He's still not justified... by bmo · · Score: 4, Informative

    "The burden of proof is on you to back up your bullshit, and I'm a calling you on it. Quote some laws here, if you can."

    I'll do you one better:

    I'll point you at a book on the matter:

    http://www.amazon.com/Netlaw-Your-Rights-Online-World/dp/0078820774

    And I'll quote from here:

    http://www.rbs2.com/email.htm

    The executive summary of what I've been talking about and what you've been talking out your ass about:

    "Reading e-mail that is stored on a computer is not an "interception" under 18 U.S.C. 2510, et seq., because an interception must be contemporaneous with the transmission of the message between different locations. Steve Jackson Games v. U.S. Secret Service, 816 F.Supp. 432, 442 (W.D.Tex. 1993), aff'd, 36 F.3d 457, 460 (5thCir. 1994). This holding has been accepted in several subsequent cases, including Wesley College v. Pitts, 974 F.Supp. 375, 384-390 (D.Del. 1997); U.S. v. Moriarty, 962 F.Supp. 217, 221 (D.Mass. 1997); Bohach v. City of Reno, 932 F.Supp. 1232, 1235-36 (D.Nev. 1996)."

    --
    BMO - Not a lawyer, but dammit I can read for myself.