SF Admin Gives Up Keys To Hijacked City Network

snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."

'the only person he felt he could trust.'

[UnknowingFool]

From my viewpoint, it appears that Mr. Childs wasn't so much a malevolent person as much as he was paranoid and protective. We've all met this admin before. He won't give you any rights that you may need to do your job because you could screw "his computers". I'm not saying what he did was right or legal but he may not be the white cat stroking, maniacally-laughing villain that the initial news reports made him to be.

Re:'the only person he felt he could trust.'

[gehrehmee]

How is not doing your job criminal exactly? Grounds for dismissal, sure, but jail?

Re:'the only person he felt he could trust.'

[pieterh]

Anyone having spent that much effort creating a network - and succeeding - would become paranoid and protective of it. I challenge anyone to invest so much in any project and then happily see it messed up by people who are less competent.

However the situation is still messed up, the City should never have allowed one person to take on so much responsibility, and at the first sign that he was becoming indispensable, they should have moved him to another project.

If someone is essential for a project, replace him as soon as you can...

In fact the whole story is a good case study for outsourcing - a small, competent network firm would have done as good a job, and treated the incompetent managers simply as clients, not bosses.

The blame lies squarely with the City, not Childs.

Re:'the only person he felt he could trust.'

[kesuki]

"Your mental illness is not real."

Mine is very real. I doubt you've ever spent 6 months in a hospital trying to tell people that human beings are being infected by a computer virus. (note: the computer virus was real, and i was the only person who could actually get it off the machines, because it was infecting the BIOS and had 'symptoms' like going to the desktop in the middle of a full screen video game, that other people dismissed as being 'real')

To this date, with medication I still am hazy on if computer viruses can infect human beings, on a bad day, i look for malware in every OS on every computer i have, with every tool available to me, including many useful FOSS tools like dban which allows complete erasure of the drive...

"You are the product of a society that is unable to deal with stress and disappointment."

I'll give you that, but you've never gone 6 days unwilling to eat food or drink tap water because it's poisoned, luckily this symptom has been dealt with with medication.

you've probably never hidden in a basement with aluminum covering you to block the mind control waves either. related to this is using a FM radio from the 1980's and 3 cell phones, wrapped in aluminum foil to see if they really block broadcaster waves. While you're still slightly concerned about the type of high energy particles that can go through entire mountains...

"Have you ever looked at mental illness in other countries. It is tiny compared to the USA."

That may be, in a rural environment, telling people about stuff i was worried about every day and shit my family would likely instead of taking me to a doctor, that they couldn't afford would just humor me, and try to keep me eating foods and drinking water. Also, I would likely die at a much younger age, because of the lack of medical treatment overall. Not being treated by doctors is not the same as 'not having mental illness.'

"You embody the problem with the world today. A lack of conviction and discipline that has spread like wildfire."

Except my mental illness is real, my doctor even increased my medicines last week, because he though i was having too many symptoms with just 1 medication.

"Go on with your drug induced normality. You will not be mourned."

If only the drugs actually caused normality. Mine do not, i still have paranoid thoughts ever single day, they're random and unpredictable, and medication only does so much. I don't hear voices, i don't 'see things' that other people don't see, i don't walk around calling people names that i don't recognize, as if i was in a dream, and i don't wind up in a hospital writing notes about everything that i'm worried about thinking that magically if i write it a system administrator of the universe (it's all just a simulation in a computer after all) would be able to deal with the problems if i simply wrote enough notes...

I have 4 boxes of various paperwork including my 'note' writing phase.

you sir, have never been mentally ill so you know not what it is like. you've never been convinced, with you were in a hospital that another mental patient could read your mind, and control you for not looking at the pictures of their family when they asked you nicely to look at the photos.

Re:'the only person he felt he could trust.'

[kesuki]

well there were times where i questioned things, but there were entire weeks, where i blacked out all memories completely, to top things off i had very little contact with other people, other than via the internet, and at night when my dad was home, on the weekends when mom was home i apparently had a few very weird conversations, that upset her... as for myself, i refused to even go to a evaluation for the job service.... i was very wary of people, especially doctors, even though the thoughts are often classic paranoia, and i knew that the thoughts were so overpowering... I was like 'i have to get the virus off the computer' and all i did was basically nothing useful because i couldn't stay coherent long enough.

i forgot to mention, one day i was convinced by turning the 'power' off at the main breaker, i could stop the virus from infecting things, unless they had battery power....

my mom eventually talked me into going into a hospital, and i spend my 2 weeks at that hospital trying to get out of the hospital, afraid that there were people there infected by the virus... i wound up hopping to a lot of different hospitals, and finally group homes, when medications seemed to be helping, but i was eventually changed to new meds again, when i had a 3-day relapse.

they tried me on a lot of different medications. I saw a lot of different people with different mental illnesses. someone else suggested that stress can cause problems, but not all mental illnesses can be treated just by living a low stress life style. it's true i did have stress, had lost like my 3rd job in 1 year, stress from spending too much time in online RTSes trying to win. but then why didn't the symptoms go away, over 4 months while i wasn't doing any of those things? they didn't go away until i was medicated...

it's nice some people can self treat mild mental illness by not doing stressful work, it's even in the movie office space... for myself, medication was 100% necessary.

Re:'the only person he felt he could trust.'

[kesuki]

while i agree this guy might not have lost complete control, from my own experience, yes someone with paranoid schizophrenia CAN lose complete control over their actions. it's a very rare symptom, that only occurs with the very worst people, who stop taking their meds, or have gone untreated, or perhaps have 'self' medicated with alcohol. (alcohol as a depressant, can in some small way mitigate some of the symptoms of psychosis, just as some anti-depressants can Cause symptoms of psychosis)

there was one particular day, where i have absolutely no memories of what i did, but apparently i kept saying 'i'm so hungy, i'm starving' i was in a AFH not a group home so they actually gave me more food than they should have, that night when they finally realized i was having hospital bad symptoms (despite medication) i threw up on the way to the hospital, i had over eaten to the point of vomiting...

complete lack of self control, it is a possible symptom of a mental illness that can effect as many a 1% of people. now, if the guy really had a complete lack of self control, he's probably not going to be able to get himself an attorney that would be able to use witness testimony to save his butt... anyways it's a rare symptom of a rare mental illness, and psychosis can result from stress as well, and this guy was under a lot of stress. if it was the stress that made his symptoms, then he should seriously consider a different line of work, when he gets out of prison. and considering he's white collar, and the jail systems are over crowded anyways, he probably won't even be in jail for more than a year or two anyways.

Re:Self-defeating

[Red+Flayer]

So Childs pursues the one course of action that is guaranteed to lead to his never being allowed to look after so much as a toaster, never mind his beloved network. Not very smart.

He's probably hoping for whistleblower protection, and intends to show that he was being terminated wrongfully for threatening to blow the whistle.

It may be a desperation move, but until the facts come out, we don't know. If it turns out that he was being terminated wrongfully, it's possible that the city of SF could be forced to keep him on their payroll... on the other hand, I'd speculate that he's grasping at straws.

I've read some about the "situation", and all I think all we know for certain is that we don't know anything for certain yet.

Re:The more I read the less I know...

[salveque]

I agree completely.

There seems to be a lot more going on here than what we see.

The conspiracy side of me thinks that there's something fishy going on in the department. He found out and got fired because of it. Except he acted fast and hijacked the network. Hence why he only gave the password to the mayor...

Just out of curiosity... what if he isn't?

[Bomarc]

Reading a lot of comments about him being a nut job. My question is - what if he isn't? Is it possible that as a administrator of a SAN/Network, he saw some significant security issues, and when he presented them to his supervisors was slammed for reporting the problem -- including being fired? I know from experience the feeling: Management does not like to know that they've screwed up, and will fight kicking and screaming rather that admit that they've done something wrong. For me -- most recently this includes bogus Business Requirements, and critical Business Requirements that are not being met. I've found significant security holes in the where I currently work. Presented the problems to management. The response - don't call use, we'll call you.

Re:End of the days

[legutierr]

What was the point of holding back for so long now. Now he just lost the last hope for his negotiation.

Or, he wasn't holding back in order to negotiate, but because he wanted to get the opportunity to tell all of his grievances to the one person who he thought might have the power and wherewithal to "fix" the situation. From reading about the motions that his lawyers have filed in court, it seems that Childs is willing to risk going to jail just to be able to publicize the hard time he's been having at work for the past couple of years. In fact, he might have willingly accepted or even pursued the prospect of prosecution because he knew that he would then have a public forum to air his views, and possibly embarrass his bosses (which, despite their best efforts, he has).

Re:Do I understand this correctly?

[jimicus]

The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN.

Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?

It sounds to me like Mr. Paranoid Admin was so paranoid that people had started to do what they tend to do when Mr. Paranoid Admin is so paranoid they can't get anything they need done.

They'd started to work around him.

Net result: All sorts of little unauthorised connections popping up.

In being too paranoid, you wind up creating exactly the situation you fear the most: a network with lots of uncontrolled, unknown systems appearing creating security holes where none previously existed. Doesn't matter how many fancy "no unauthorised access" features your infrastructure has, sooner or later someone's going to succeed in working around them. The last thing you need to do is give them an incentive.

The Fountainhead

[slashkitty]

The more I read about this story, the more it reminds me of "The Fountainhead". This lone, brilliant man fighting the mediocrity of committees and less achieved managers. The government is NO place for a person like this. He'd be much better off running his own company with no bosses.

What a bad analogy.

[oneiros27]

Let's try this one instead:

You're responsible for maintaining a nuclear reactor. Your manager, who has no idea how to actually runs the reactor comes in and demands to be given all of the necessary keys and passwords to the reactor. The reactor is currently working flawlessly, and there is no obvious reason for your manager to need access to the system.

Do you:

A. realize that this could be very bad for the company, and protect the company by refusing to turn over access to an unqualified person?
B. turn over access to the access to an unqualified person, and just hope that they don't do anything which results in anyone's death, or your working 16hr shifts for the next 3 months straight.

I would argue that choosing "B" could be criminally negligent, and that A is the better choice, however, he should also immediately go to HR and explain why he's violating the order.
In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing.

Re:What a bad analogy.

[rickb928]

"In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing."

I've worked with this type before. Damn, I've *BEEN* this type before.

Maybe, maybe not. Sounds like this admin was convinced that the rest of the crew were dangerous idiots. Maybe he's unusually paranoid. I vote for paranoid. Just as dangerous as being right, for different reasons. Imagine serious problems occurring while he is in jail. His propable response might be "See? You need to let me out of here so I can fix this and prevent disaster". Suuuuure... I imagine the authorities will swing the door open and let him out to 'fix' things.

If for no other reason, this poor admin is incompetent in a novel, or NOT novel way. He has no competent backup. A kidney stone, myocardial infarct, or even a knee replacement would leave him out of commission, and SF exposed to loss of network. Sheesh. You back up data, you should back up staff as well, wherever possible, and this is clearly in the realm of 'possible'. Even 'essential'.

Of course, the funniest part of this to me is where he claims he can only trust Gavin Newsome. That's F-U-N-N-Y!

Re:Falling Down

[sfjoe]

How many laws have you violated when it suited your purpose? I'd be willing to bet you do it a lot more often than a public person like a Mayor.

Re:meaning no disrespect to the guy...

[smoker2]

Don't think much of yourself, do you ?
If I was working on designing and building a network, and I had it all up and running perfectly, should I destroy it because my boss tells me he has a better way ? What if I was a db admin who had already implemented a whole organisations internet requirements using (my|postgre)sql when a retarded buzzword compliant boss decided I should use access instead ? Should I delete everything and re-implement using access, or should I keep what I've done and start again separately with the access, so that when it all falls to shit I haven't lost anything ?
It's hard to implement two network designs concurrently, so it becomes one or the other. Why suffer the complete waste of time involved by starting again for the sake of a damn fool manager ? Better to hold out for as long as you can, so that there is a chance of getting the correct solution adopted. If they want to sack you for NOT doing something detrimental to the system, then that's their own stupid fault. If you do it their way and get fired anyway (because their way doesn't work), what have you gained ?
This guy wasn't holding anybody to ransom, making extortionate demands of his employers, or killing fluffy kittens. All he has done is refuse to give the keys to someone else's Ferrari (which he is ultimately responsible for) to a 14 year old crackhead joyrider.
This seems to me to highlight the difference between good employees and time wasters. A good employee will always have the interests of the employer at heart, and will assume ownership of problems using those interests as a basis for operation. A time waster turns up every day, does their "job" to the letter, no more, but frequently less. They don't care about the end product or the delivery of such. They just do the hours and take the money.
I know which camp I fall into, as I am used to being an employer and an employee. If I give someone a job, I would prefer they did it intelligently to achieve the best result as outlined in the requirements, not just do what I tell them, because if I have to tell you what is required for every little nuance, then I may as well have done the job myself.
Would you really just hand over the keys to a system that you spent years building, to someone who outranks you but has no idea of the power contained in having access to those keys ? For all you know they might leave the passwords on a post-it note on their monitor.
Final point - the civilian sector is NOT the army. You don't HAVE to comply with idiots above you, grow a pair and stand up for what's right. If you ARE right, then nothing too bad will happen. If you bend over for anybody with a title then you might get a title in the future, but at the cost of having any respect, self or otherwise. While it is only a movie, Crimson Tide demonstrates the principle quite well.

Re:Falling Down

[ericspinder]

Are you suggesting that people who are pro-gun are automatically anti-gay?

Seems to work that way. However the reality is that a large number of you'all, seem willing to write off other people's freedoms (both those that are and those that should be) just to be able to protect yourself if the government decides to start treating you the way that you allow it to treat others.