Slashdot Mirror
The Inside Story On the San Francisco Network Hijacking
snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."
So instead of letting the air out of the car's tires, a car he loved, he simply wouldn't give the keys to dangerous drivers.
"He's using a quantum encryption scheme! That'll take hours to break!"
It's hard to believe that management didn't care that a single employee was the only one who knew anything about critical infrastructure, no matter whether the employee arranged things this way because he thought no-one else was good enough or because this was his was of becoming entrenched.
IANAL, but isn't $5 million US for bail a bit excessive for this?
That's my first reaction to the news. Critical infrastructure should have redundancy everywhere, including the support staff.
To give a stupid but obvious example what if Childs was run over by a car? OK, he wouldn't care but all the rest of SF would.
So they should never have put the network online until the information was in several places (the brains of several people if formal electronic/paper records were too inflexible).
Stll, this sounds like political infighting more than ever. Given the situation why were they trying to fire a critical person like Childs? Sounds like some bureaucrat with an ego as big as Childs would be involved to cause this, rather than Childs "going rogue". And he (the bureaucrat) was more skilled in the political game. Of course this person would be covering his tracks, and not be obvious in any way. So Childs and the whole of SF lost. His firing does not make sense otherwise, given his critical position.
Ah, the fun of weaving conspiracy theories :-)
We still don't know all the details. Perhaps all the accusations are trumped. But, if when his performance became a question he started hiding backups, monitoring his managers' email exchanges and is now not cooperating, he's definitely a criminal.
How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
Sure, he's the admin, but does that give him the right to create a situation that basically takes the city's IT infrastructure hostage?
I'm not questioning that his superiors should share the larger part of the blame here. But I can't see how he's not at all at fault.
People who fiddle with government machines get let of and win people elections! Those that STOP people fiddling with Machines get locked up on $5 mill bail....:D:D
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal. Let's not rationalize or glorify him just because he's a geek...shades of the apologists for Reiser come to mind now, though this crime isn't as bad as murder.
>
How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.
If he really did explicitly "hold the network hostage", actually said "I'll trash it if I don't get what I want", then he commited a crime. But what it sounds like so far is "Do your job the way we want, not your way" and he said no and was fired for it, which is generally not a criminal act.
I've known half a dozen people who "knew things" that would ruin their company if they were hit by a bus. None of them would get charged with a crime if they refused to give up that information *after* being fired(although their company might get sued by the shareholders). But none of them are in IT.
As for the email, from the correspondance provided, it doesn't say if he had access to the city's mail servers, but then he isn't being charged with breaking in to them either. Seeing as he ran the network, it'd probably be easy to sniff and read the email "on the wire" without breaking into a computer, since I doubt anyone in the city government used encryption.
Ok, now I'm being a bit nitpicky, sorry:), but how often do we compare email to sending postcards? Other than cellular communications, where else is it illegal to detect something broadcast in the clear?
We're getting the same sort of wagon-circling that we saw when Hans Reiser was charged. No one seems willing to admit that some of us "geeks" are self-important prima donas who border on pathologically criminal behavior. This guy is clearly a criminal. Of course, proper management would have recognized this behavior much earlier, and wouldn't have given him the keys to the kingdom, so it's a combination of a very bad guy and some very incompetent guys. There's no worse a combination.
It's guys like this that bring our IT occupations into ill-repute, by furthering their stereotype of Coke-swilling social retards on power trips. I hope they throw the book at him, and I hope that while he's sitting in prison he has time to ponder the fact that he isn't a god, but merely an employee.
The world's burning. Moped Jesus spotted on I50. Details at 11.
This analogy is spot on, and whoever modded it off-topic obviously is incapable of understanding the topic and shouldn't have had the keys to the mod-car in the first place.
Infuriate left and right
If the article is right, the guy was on perpetual on call duty. Quite frankly, some of the things that are expected of certain IT people (and basically nobody else except the occasional doctor or military personnel) go beyond the realm of "merely" being an employee (and those other vocations are pitched as lifestyles rather than careers, as well). For folks in those positions, if you don't go a bit nuts about your work, you can't do it.
Yes, a lot of IT people are self-important douchebags. A rare few people really do matter that much, though. This guy seems like he might have been one of them.
I'm not defending what he did, but I do think there's a difference between someone like that and the random sysadmin who thinks he's Jesus just because you need him to reset your password. He's a bit crazy, but it seems like the position he was in might have reinforced that.
>>How can you possibly argue otherwise? Sure, he's the network admin, but does that authorize him to read people's email without authorization?
>Not at all. But then charge him with that, not some pseudo-terrorist computer tampering charge.
The Electronic Communication Privacy Act of 1986 protects administrators if "in the performance of their duty" they read email. Please note the date. If you are unfamiliar with it, you should be even if you're "just a user", no excuses.
He's an administrator. He's shielded.
Y'all should know that by now.
You should also know that if you store your email on company servers/isp servers, they get /less/ protected as time goes on, with most protection going to those "in flight" and least to those being stored for over a year.
If you have anything confidential, encrypt it and remove it from your provider's machines and store elsewhere. If you don't ever want the admin to see the email in flight, then end-to-end encryption. These days it's easier than the mid 1980's.
OB On Topic: I can see where he's coming from. A network administrator, if he's doing his job, gains a bit of paranoia. Sometimes that can become unhealthy, and it appears that he's crossed the line into "unhealthy". Criminal? I don't think so. It appears that he's been severely mismanaged by those who never understood "Mack Truck Syndrome". One guy for an entire city? I'm not sure who's crazier, the management or him.
--
BMO
He was in their employ. Once they asked for access and/or recinded his 'permission' and he refused to cooperate he became a criminal.
I'll be the first to admit that I don't know the entire story here, but since when is disagreeing with your boss a criminal offense?
What he did is inappropriate, but once they asked for access and/or rescinded his 'permission' and he refused to cooperate, he became a candidate for termination and perhaps civil liability. Whether or not he committed any criminal acts is up for debate. I think it's very dangerous to suppose that resisting your employer - even, no, especially if your employer is the government - is illegal.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Open source does not equal open data.
.sig withheld by request
In my experience, it's a rare company indeed whose managers can fathom the implications of a situation like this. In general, I'm unable to get management to even understand Rule Zero of system administration. Which is: Do everything you need to do to be drop dead certain that you always have a reasonable backup of your important systems. This doesn't sound too difficult, but in practice it's difficult to convince managers that an event that could happen with probability == 0.01 could ever happen...
"Not an actor, but he plays one on TV."
You seem willing to.
I'm waiting to hear the whole story.
.
modded +3, Informative.
but this attitude sets off alarms.
exposing a geek who despises his supervisors and is used to thinking of the server rooms as his personal playground.
how often do we compare email to sending postcards?
On the Cypherpunks mailing list, all the time. On Slashdot, I don't think I've ever seen anyone bring it up. Email is just that - a postcard. If you care about the privacy of your mail, encrypt it.
all networks once configured properly, run smoothly until they don't.
when they don't, there's one man who can fix it.
I can fully understand setting up a complex system and getting it working perfectly and then some other admin or consultant coming in and fucking it up.
when they fuck it up, you have to fix it. And you don't get bonus pay for that.
not only that, but network/system administrators have to worry a lot about whether management wants to can them simply because things are running so smoothly that they have nothing to do. Which is bullshit because half of the job is keeping up with current tech trends, learning new technologies, and protecting your network on a daily basis. I don't blame the man for guarding his creation jealously. When you start handing over the keys, you are no longer necessary. You get paid too much and this kid who just quit his job of six months from bimblebomble.com seems to know how to do what you do. And we can pay him a lot less and potentially cut out benefits.
They're using their grammar skills there.
It's guys like this that bring our IT occupations into ill-repute, by furthering their stereotype of Coke-swilling social retards on power trips.
On the other hand, the more people like this there are, the more employment I get. I may not be as technically capable as folks like Child seems to be, but I am able to work with large groups of people AND the work gets done and documented. I can turn a pretty penny because of how "Customer Service Oriented" I am and how well I document my work.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
The city has a huge issue here.
This guy will have a hard time getting a job in the future, and a guy with his credentials commands a lot more than he is making right now.
If it turns out that the facts of this case are far from the original story, and nobody from the city is stepping in to correct it, then SF is in the same situation as the US when Ashcroft pointed the finger at the Anthrax guy (who recently won a big chunk of change for the false accusation).
Something tells me that the wheels of government turn slowly enough that even if they wanted to correct themselves at this point, they won't until well after the publicity is over.
Engineers take the work so *personally*. "No one can touch that code but me... " blah... blah.
I dunno. There's a fundamental difference between someone being naturally protective over their work and someone who volunteers to be on call 24/7 because he doesn't trust his coworkers with the passwords.
I've been in both positions. Shitty political situations where I hand over documentation and walk out the door with my head held up. And as the guy who comes in to inherit the mess when the "indispensable guru" quit.
Neither situation is really all that life-threatening. Nobody is really indispensable.
I don't believe for a second that the guy was irreplaceable except for the passwords that he intentionally withheld. The city could easily make a call and have an even bigger Cisco genius on site within a week. (After all the Bay Area is where Cisco is HQed.) A legend in his own mind.
Business. Numbers. Money. People. Computer World.
Yes, he may very well have bordered on "pathological criminal behaviour", but that is what is expected of employees. It is necessary to exhibit exactly that behaviour if you wish to successfully rise through the ranks.
I dislike that, and believe it is one incredibly unhealthy attitude - tied utterly to America's Puritan "Work Ethic". However, that is neither here nor there. The guy is a product of such attitudes. If he is a monster, then Herr Frankenstein bears the greater responsibility.
That does not make him blameless. It means that he is culpable only to some degree below 100%. Punish him for that percentage he is culpable. Fine. But it means there is also a non-zero component of responsibility elsewhere, which should not go unpunished, and that there is a non-zero element of illness the guy has developed as a result, for which he should be treated.
In any such system, blaming one person is extremely easy but utterly futile. It doesn't fix the underlying problems which made the failure possible, and the ultimate problem is invariably the mental illness prevalent in modern management methods.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
That law is there to make it possible for administrators to do their work. If you are working with emails, and you happen to see a few, you don't go to jail for it.
But monitoring his bosses' email so you can tell what they are saying specifically about him is highly unlikely to be in his job description, and thus he is not protected when he does that. Nor should he be.
http://lkml.org/lkml/2005/8/20/95
It seems that both his co-workers and his management recognized his considerable expertise. So, if he thought that he was working with incompetent freeloaders, then he probably was right. This has nothing to do with primadonna status. The problem here is workload and responsibility.
I support several hundred servers and two of my backups are telecommuting from the west coast. Their Unix expertise is limited to creating user accounts, pushing power buttons, and sending me emails with stupid questions. I don't go so far as to lock them out of "my" servers, but I do my best to keep these two characters busy in their sandbox.
This has nothing to do with my (admittedly very considerable) ego, but has everything to do with me being able to enjoy weekends without being called to fix various problems. When something breaks, the ops calls me and not the two clowns in California. Any problem - big or small - they will find me, wake me up, drag me into a telecon, where I would have to fix the problem while simultaneously explaining to them how I did it and answering "are we there yet" questions from various random managers who couldn't sleep at night.
I would love to have a colleague whom I can trust to do upgrades and architectural changes, so I can spend more time fishing. The way things are right now, I am forced to keep other sysadmins at an arm's length just so I don't have to work even more hours (for which I am not being paid) to clean up their messes.
"Sure, the odds are 1000:1 against that I'll be hit by a bus, but there are a lot of ways disaster can strike, and they add up. You willing to ignore 5:1 odds? How about 10:1, or 15:1?"
This is why technical people need to strive to learn to have relationships with supervisors of a non-technical bent. From reading the article, it seems that Childs' demeanor meant that he could easily be dismissed as the brilliant-but-whacked-out-network-curmudgeon. Fair or not, that means that all of his concerns could be waved off as paranoia (for instance, him trying to get an information security policy in place). Unfortunately, the wisdom of our caution only becomes evident when a disaster occurs or is narrowly averted (e.g. "Thank God we backed that data up!").
On the other hand, non-technical managers should learn to not instantly dismiss the concerns of technical people as unlikely or unrealistic.
As a system administrator - oh I assure you, they ~can~.
Now whether they can use anything they found in there to assist police in their prosecution of someone, or whether they can even publicly or privately even admit that I did it is another story - but admins can look, and some do (I don't, out of personal conviction.)
Trust me on that. And they remember what they see.
Glonoinha the MebiByte Slayer
"I know someone who worked on the cisco side with this guy .. The dude was threatening co-workers"
What was the name of this someone, who did Terry Childs threaten, what was the nature of these threats?
davecb5620@gmail.com
Consider mentoring. The God complex management style rarely works out well in the end.