Slashdot Mirror
SF Admin Gives Up Keys To Hijacked City Network
snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."
being in prison, and in San Francisco.
Do you even lift?
These aren't the 'roids you're looking for.
This guy clearly has stability issues. What a nutjob.
From my viewpoint, it appears that Mr. Childs wasn't so much a malevolent person as much as he was paranoid and protective. We've all met this admin before. He won't give you any rights that you may need to do your job because you could screw "his computers". I'm not saying what he did was right or legal but he may not be the white cat stroking, maniacally-laughing villain that the initial news reports made him to be.
Well, there's spam egg sausage and spam, that's not got much spam in it.
This story has a real obvious 'bad guy' in Childs.
Arrogant, supposedly unstable, egotistical.
But there are odd, contrary, little pieces of this tale that intrigue me.
I'd like to see some comprehensive treatment of this tragicomedy written a year from now, when the dust has settled, and Childs' side of the story can be heard as well.
You can't talk about Wikipedia's flaws on Wikipedia
Did anyone else wonder why a SourceForge administrator had the keys to a city's network.
I will not mourn that which I never had to lose. - Unknown
He was just too embarrassed by the password - ibonkedmymom.
Help a man when he is in trouble and he will remember you when he is in trouble again.
"Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion."
The fact that one employee had complete control over the network should be enough of a sign. Of course this is management, so they're all likely still confused on what's going on and need to have another meeting.
What was the point of holding back for so long now. Now he just lost the last hope for his negotiation.
So Childs pursues the one course of action that is guaranteed to lead to his never being allowed to look after so much as a toaster, never mind his beloved network. Not very smart.
The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN.
Mr. Paranoid Admin with a God complex had big freakin' huge vulnerabilities on his precious network?
"When information is power, privacy is freedom" - Jah-Wren Ryel
At least, the guy didn't go to work on his last day of work with a gun, shoot the people and kill himself... He does have some stability issues, but he still has some morale.
Have their mom3nts
I just love the way people judge others they will never meet from tabloid tidbits.
I'm not saying I agree with his methods but we have no idea what really went on here
and if we're talking about 200 IT jobs lost in the last eight years and security
being a joke this guy might end up a hero...and for any of you young goofballs out there
with ass cherry jokes, your pot smoking will more likely get you there...this guy will
be playing tennis and knitting at the very worse...
I just wish we could have proof of age on the Net so we didn't have to tolerate
the "anonymous effect".
Cheers.
End of Line.
Childs in this case acted like most network admins act: just being paranoid and not allowing other people to replace them. It is completly fair that he goes to jail.
If a paranoid monomaniacal prima donna sysadmin holding the network hostage won't do that...
Best Slashdot Co
So...I certainly don't know if this guy is crazy or not, but there are a few things that I am surprised the /. crowd really hasn't bothered with.
1. The problems between IT and Management are so bad across the board that there is a famous cartoon relating these problems. This famous cartoon spawned the "PHB" reference. So...to listen to an IT guy complain of incompetent management shouldn't be a surprise at all. Please everyone, raise your hand if you have been handed complete and utter bullshit requirements or policies that some "PHB" without a technical clue has demanded that you implement. Now...raise your hand if you were stupid enough to EVER give them administrative rights over ANYTHING.
2. The media has a fucking field day with "evil hackers". This is so bad that the world "hacker" now means criminal and hordes of geeks wimpering and moaning about how the media stole the word. So...the media reporting on yet another "evil hacker holding city hostage" should be taken with a grain of salt. Sensationalist crap reported by people that have less than 0 IT understanding to the masses who also have less than 0 IT understanding. Million to one odds says that if they actually reported the more technical facts of this case the ratings would be near 0 and this story would have never gotten to be so high profile.
3. He did give the password to the person at the top of the chain of responsibility for this. Which to me sounds like the most appropriate thing to do. If you are so concerned that everyone is an incompetent fool then your only option is to go straight to the top. Imagine how much trouble this guy would be in if he gave out these passwords to a bunch of corrupt and incompetent folks who did bring the city down? At least this way everything continued functioning.
Finally...and most concerning to me is a quote from the article.
But without access to either Childs' passwords or the backup configuration files, administrators would have to essentially re-configure their entire network, an error-prone and time-consuming possibility, Chase said. "It's basically like playing 3D chess," he said. "In that situation, you're stuck interviewing everybody at every site getting anecdotal stories of who's connected to what. And then you're guaranteed to miss something."
Really...so basically these people didn't document ANYTHING. Because config files or not, rebulding your network if you bothered to document things isn't all that hard, it's just time consuming. But straight from their man there they would be stuck interviewing people for anecdotal stories becaues they were too incompetent to bother documenting the network. Nevermind that they seem to have cut their IT staff from 350 to 100 over the last few years. So it sounds like their IT staff was just the favored bucket to take money from, which is hardly new thinking these days. It amuses me to no end when companies/governments treat their IT staff like overpaid housekeeping, largely unneccessary drains on budgets, and an unimportant support function and then scream bloody murder when the shit hits the fan.
The only change I can believe in is what I find in my couch cushions.
Dont they know the password is "GOD" or "Sex"
Reading a lot of comments about him being a nut job. My question is - what if he isn't? Is it possible that as a administrator of a SAN/Network, he saw some significant security issues, and when he presented them to his supervisors was slammed for reporting the problem -- including being fired? I know from experience the feeling: Management does not like to know that they've screwed up, and will fight kicking and screaming rather that admit that they've done something wrong. For me -- most recently this includes bogus Business Requirements, and critical Business Requirements that are not being met. I've found significant security holes in the where I currently work. Presented the problems to management. The response - don't call use, we'll call you.
What was the password?
I would love to learn the word(s) that held SF hostage.
It'd be interesting to know the length and characters involved in the passwords. And if it would have been possible to brute force them (within reasonable time)or use rainbow tables. I'm guessing maybe not.
"Save the network. Save the world."
...Couldn't the guy have just MARRIED the computer system, then claimed that it couldn't testify against him under Spousal Privilege?
Any technology distinguishable from magic is insufficiently advanced.
Adter all, "ILoveGoATSex100Times@nighT"... well... what can he say?
I am very small, utmostly microscopic.
There appears to be a very fine line between a ransoming malcontent and a fanatical whistleblower. I wonder with which brush he will be painted with when all the dust has settled.
You take an extremely intelligent(genius level eccentric?) and over work them. Their work ethic is an issue in and of itself as they take ownership and pride to a fault. You combine that with maybe some social skill deficit and a bad temper. What you get is a time-bomb in any respect. You add in that his management created a catalyst with the lack of competent support to bleed off some of the stress and BOOM ! I think the city should take some of the blame. Their audit and procedures were also to blame for this breach of continuity. There are a lot of situations in government where the entire chain of command would be canned, especially in the military.
The more I read about this story, the more it reminds me of "The Fountainhead". This lone, brilliant man fighting the mediocrity of committees and less achieved managers. The government is NO place for a person like this. He'd be much better off running his own company with no bosses.
-- these are only opinions and they might not be mine.
If he's going to go to prison anyway (which is a sure thing after what he did) then why not be able to sit there with a little grin on your face knowing that you really screwed them over.
now he's going to prison and he didn't even get much out of it.
thank God the internet isn't a human right.
you really can't claim the his knowledge of the password as property of the city and access to the network was never blocked (only to changing his configurations). City could have rebooted an used a new configuration at any time.
lets face it there really is no precedent for charging someone for not giving up a password.
I hope he rots in jail for a good long time. Not because I bear him any particular ill will, but so that he can be an object lesson to the legions of system/network/database admins out there (and right here, on this site) who think that just because they've been hired to maintain and protect an organization's systems/networks/databases, that they somehow own those resources.
They don't; you don't. Your employer does. If management is screwing up, you document their screw ups and document your objections to them. Then you do what they told you to do, anyway. When it blows up (and it will), you go back to your documentation and show anyone who will listen that you warned them. You absolutely do not refuse to turn over passwords when told to do so.
And for the management types who are reading this, start rotating your admins among different projects, at least annually. Take the Linux expert and put him in charge of Active Directory; take the Windows expert and put him in charge of the SAN; take the SAN guy and put him in charge of the Cisco and Foundry routers. Shake things up, force people to work outside of their comfort zones. Not only will it encourage your staff to constantly learn (which is a good thing with geeks, we like learning), it will make sure your documentation is top notch since everyone knows they're going to depend on that documentation to do their jobs. It'll also avoid single points of failure in your staff, like this guy became. Not doing this because it's "hard" is an excuse, not a reason; nothing worth doing is easy, that doesn't make it any less worthwhile.
As for poor Mr. Childs, I feel for the guy, I really do. But he has no one to blame for his situation but himself, and unless he has reams and reams of documentation of the many times he warned management not to do what he thought was so horrible (and unless the network does blow up, as predicted), he'll never work in IT again.
All of you young admins out there: learn from his mistakes, and don't repeat them.
God invented whiskey so the Irish would not rule the world.
That's my guess.
Afer all until 5 minutes ago, it served me well on Slashdot for >10 years (or hgowever long I have had this account).
I am very small, utmostly microscopic.
One of his precious illegal aliens that he gives sanctuary to just murdered a man and his two sons because their car was in his way. Fuck Newsom. Fuck him to hell.
You reading this by any chance Gavin? Fuck you. Their blood is on your hands, you cocksucking shithead motherfucker.
will in fact place the City of San Francisco in danger
Well, there's already enough danger thanks to Mayor Gavin Newsom's policies.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/21/BA5C11SK2S.DTL&type=printable
It never occurred to this brain dead megabozo that when you say "Come one come all to our sanctuary. We'll hide you!" that there will be bad people to take advantage of that? A complete and utter tool.
An anonymous source is worthless without independent, named source verification.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
As if we don't already know the city of SF is horribly mismanaged and grossly out of touch with the rest of the planet.
I swear I didn't know it was loaded...
So he gave the key to the city to the mayor.
Epic lulz
in b4 rickroll
"Although Childs was not the head architect for the city's FiberWAN network, he is the one."
"Kill 'em all and let Root sort 'em out"
They fired 200 IT staff?
And I bet they expected everything to keep on running just the same.
He did the right thing. He gave the passwords to the guy at the top. The one who has the least chance of being a dimwitted middle-management mediocrity whose only purpose in life is to keep his job and cover his or her rear end.
If the recipient of said passwords has any sense, he'll look past the nuttiness of this guy and get an independent assessment of the IT department, with particular emphasis on who made these decisions and why.
Cheers!
Why does Childs remind me of Mordac: Denier of IT Services from the Dilbert cartoon?
I suppose it took that much time to bring some specialist from Russia ;)
If only the City had watched this movie, they would know how dangerous it is to ignore someone's complaints about lack of security, then firing them and not doing anything about the lack of security your former security expert brought to your attention (the former security expert you fired, who knows all about your security vulnerabilities and how to exploit them, and who now has lots of free time, since, you know, you fired them).
I'm not saying this guy was justified in attacking the city. I'm just saying you have to protect yourself, because making something illegal doesn't protect you from it, it just means the person who does it will be held responsible after the fact. Doesn't bring back your car stereo or un-murder your loved one, and it shouldn't have brought-back the passwords.
Eggs
Milk
Bread
Cat Litter
Soda
this may be like Stephen Heller the Diebold Whistle blower where they charged him with a felony for being a Whistle blower.
This may be like that the IT guy finds out about some thing the PHB find out and try to can him and then when they do that tell him to work for free to give up the network passwords and config.
Let's try this one instead:
You're responsible for maintaining a nuclear reactor. Your manager, who has no idea how to actually runs the reactor comes in and demands to be given all of the necessary keys and passwords to the reactor. The reactor is currently working flawlessly, and there is no obvious reason for your manager to need access to the system.
Do you:
A. realize that this could be very bad for the company, and protect the company by refusing to turn over access to an unqualified person?
B. turn over access to the access to an unqualified person, and just hope that they don't do anything which results in anyone's death, or your working 16hr shifts for the next 3 months straight.
I would argue that choosing "B" could be criminally negligent, and that A is the better choice, however, he should also immediately go to HR and explain why he's violating the order.
In this particular case, he might've saved the city of San Francisco millions of dollars in lost productivity from someone getting access who had no clue what they were doing.
Build it, and they will come^Hplain.
1....2....3....4....5.
Knowing how many government IT departments act (blame EVERY failure on the guy that was just fired or left) - his actions could be considered a protective act, of not just the network, but his reputation. As odd as it sounds, he just guaranteed his exit interview was with the mayor, not some HR peeon that has no clue what means when the network fails. In doing so he has protected his network (which ran flawlessly without other folks getting in), his reputation will have to wait until his day in court. The city of SF may wish to avoid that . . .
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
To have someone ELSE give the "key to the city" to the mayor?
First off, the "case called into question since an insider came forward" bit is bunk. I read the insider's article - there was NOTHING in there that justified what Childs did. Hell, quotes from the article include "Ultimately he has no one to blame but himself" and "As for Terry's character, I can imagine this happening. He takes great personal and professional pride in his work -- to a fault. He can be very defensive if someone suggests there's something wrong with the way his network is set up, and that's been a problem for us (as his customer) a couple of times. Terry has a bad temper."
Second, this man is in no way justified in what he did. Threatening the infrastructure of a city (especially one as large as SF) is inexcusable. If you have problems with the management, you go to a newspaper. If you think the management is criminal, you call the local prosecutor's office. You don't hold up critical government functions. Yes, the management should have taken steps before now to ensure Childs wasn't the only one with access to the network. Childs' response was that of a spoiled, immature brat who doesn't comprehend that administration != ownership. He deserves jailtime - and if you don't think so, ask any SF government employee who might not have gotten a paycheck, or any courthouse that might have had to postpone hearings.
Man this story is getting interesting. This guy could potentially be spun into a hero; last of a dying breed; a lone man against the corrupt machine. Someone secure the movie rights. It could be like Office Space meets Serpico.
This sounds like a project that Michael Bay could sufficiently butcher (much like he did to Transformers). I say hire him and ride on his coattails so that it has a $50 Million budget and releases to 2,000 screens nationwide in 2010.
Support the 30 Hour Work Week!!!
Your rememberance reminds me of another scene, but from "Atlas Shrugged". When John Galt is being tortured with shocks from an electronic device, and it breaks down. Galt is the only one capable of fixing it, and calmly proceeds to explain (to those torturing him) how to fix it.
Did anyone ever stop to think that maybe the computer became self aware? And because of this it started think and reason. Then it started try to take over and all this poor guy did was try to play Tic-Tack-Toe? I mean, that could happen, right?
--
My parents went to Slashdot and all I got was this lousy sig.
I *am* the boss, you ignorant clod! ;-)
Are you insane? Don't you know that most nigger hos have chlamydia?
The very problem this psycho was railing against, he was a cause and symptom. Ironic.
Bearded Dragon
Another chapter in a very cautionary tale regarding workplace politics. This is how playing a good political game from the bottom always ends badly. Very, very badly.
SFPD .... that would allow unauthorized connections to the FiberWAN ...
This factoid, bereft of any detail whatsoever permanently casts the Admin as the Black Hat. He manages a WAN so of course there will be undocumented, but approved (by someone somewhere) devices accessing the WAN. But the admin has no method of getting his case heard by the court of public opinion. None.
It fact has yet to be established that the WAN was being held ransom or otherwise. The admin has yet to be heard from!
I'm not arguing for this Admin, because it seems like he committed quite a few wrongs along the way. But this is how fragile one's system admin career actually is.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I agree with many others that point out the gaps in the headlines. The so called "rest" of the story. This circumstance didn't just develop in a week. This case is a classic story of I/T service immaturity - which could be caused by dastardly BOFH's or equally by incompetent management failing to initiate/fund a proper plan. Or both.
Once you strip away the glorius certifications and acronyms that give you credibility, all that's left is your integrity. Terry Childs has gone to jail to keep his intact. So he's either really stupid or really right.
Within the linked article is a link to the original InfoWorld "scoop" that contains copy from a confidential source. That copy contains statements that back Childs as having proposed and promoted an I/T security policy, which would be a first step toward process maturity (having a process in the first place).
My guess is when the dust settles, the story will be as follows:
He should have written up his side of the story and handed it over to the local papers.
Then, offer to hand the admin passwords over to the city as a position code based upon the text of his story as printed.
Have gnu, will travel.
Hello!!!
This guy is a criminal. Straight up. He is a hostage taking criminal. This is a person who cannot separate "job" from "life". As has been alluded to, I would not be surprised at all if he does have mental health issues. A sane person would have just switched jobs and moved on.
This is a municipal network owned by a government organization, it is not his private property. And while he may have a sense of pride and ownership in his work product, he misses the point entirely - he is an EMPLOYEE. He is compensated for work product by someone who owns and has the rights to the complete and sum total of his work output. This is *not* his network. Repeat - this is not his network. Period.
I am glad they got the keys from him, he will either be going to jail or a mental hospital, but no business in their right mind should ever hire this person to do anything that requires trust.
He should, and I predict he will do jail time for this.
He'll still have problems taking his job back from jail. While they may have wrongfully terminated him, his actions post termination are criminal. So a civil court (or the HR department) might determine he needs to be given his job back, but he'll be too busy in a jail cell to be able to get it.
Regardless of anything else, you don't have a right to lock your employer out of their systems. Goes double when you work in the public sector and you are ultimately screwing over the whole public. You aren't obligated to help them in any way after you leave, but you can't lock the computers down and refuse to give them the password.
Same sort of deal with keys to the building, or the like. When you leave your employment you are under no obligation to tell your employer what keys go to what doors, where things are stored or the like (though it's a good idea if you want any kind of reference from them). However you are not welcome to refuse to hand over the keys, especially if they are the only set.
More or less you don't have to help your employer, but you can't do something to try and harm them and yes, locking down computers and not handing over the password is harming them. Remember the systems belong to them, not you.
then again, i couldn't believe the posts defending hans reiser either
and i couldn't believe those who defended oj simpson
in oj's case, it was bias due to race
in reiser's case, and now the case of this paranoid schizophrenic "no one can be trusted with the passwords but me!" wackjob, it is bias due to techie subculture
for all those who defended reiser and now defend this password hording twit: if you want to know how foolish you look, go search on youtube and find a clip of someone defending oj simpson's innocence
that is what you look like and sound like to anyone sane and without prejudice
if you defend mr. password twit, you're prejudiced, blind, and incoherent
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Second, this man is in no way justified in what he did. Threatening the infrastructure of a city (especially one as large as SF) is inexcusable.
You're missing an important word here. It's not "this man is in no way justified in what he did", it's "this man would be in no way justified in what he is alleged to have done". There are two completely different stories being promulgated here. In one story, Childs set up boobytraps and backdoors in the system and threatened the infrastructure of the city. In the other story, Childs made an error in judgement in the configuration of the routers, and refused to give the password to people he was not sure were authorized to have it.
Where the truth is between these extremes, I don't know, but at this point he is only alleged to have threatened the infrastructure of the city... and after what happened in Intel vs. Randal Schwartz I think it's important to keep that word in mind.
You can't be a dragonslayer (a hero) if there are no dragons to slay.
1) Make your city a 'sanctuary city' for criminals
2) Release a violent gang member (here illegally) so he can shoot a dad and two sons
3) ???
4) Swoop in like Batman, retrieve the codes, Hero!!!!
Now we know what step 3 is, to demonize some competant IT employee.
Lock Terry Childs up, charge him with 4 fellony counts, and a 5 million dollar bail!!!
What is the threat here, that he'll roam the streets and garot children with the white cord from his iPod???
Hero indeed.
"Cemeteries are filled with people who thought they were indispensable."
That's one of my favorite quotes from the Nine Princes of Amber series.
I often recall it when I see certain types of techies.
"I challenge anyone to invest so much in any project and then happily see it messed up by people who are less competent."
Come on, this is just silly. Lawyers invest untold hours of time in deals that blow up. Doctors perform near-miraculous surgeries on patients who immediately revert to the damaging behaviors that created the need for surgery in the first place. Teachers bang their heads against the wall trying to teach students who don't care a whit about learning . . .
Maybe the guy needs psychological help badly. If that's the case, I hope he gets it--even though the psychologist's work on him may all turn out to be in vain . . .. If he's half-normal, though, he should start acting like a professional and not like a baby.
The system works, so he didn't break it.
While they can certainly fire him for insubordination, I'm not exactly sure what he could really be charged with.
.
This has the flavor of a Geek defense.
Too clever by half, I suspect.
I am not sure exactly sure where it all goes wrong. I am pretty sure that it does go all wrong.
Because clearly not divulging the admin password to a network that continues to operate normally is exactly equivalent to premeditated murder. How blind of us not to see that.
i definitely don't agree with criminal charges against Childs. and I think some of the negative commenters against Childs still don't get the real story. He didn't hijack anything, or cause anyone to be locked out from using their resources, in fact he made steps to ensure the reliablity of that resource to his customers, which in fact is the residents of the city of san francisco. Since critical systems were using his network, lives in fact could be lost by network down time by any mistakes of other engineers. 911 systems police communications and other critical city services were utilizing this network structure. This is not exactly comparable to a corporate environment. So yes i could agree with his choice not to allow access even at managers request, until the necessary policies and trained personnel were in place. The situation as a whole is just as much his managers fault as his, and it seems like he made some efforts with management to get policies put into place which were rebuffed. Its almost like a police officer getting arrested for pulling over the mayor of his city for drunk driving.
From what I get, this network is not your d-link to a bunch of PCs.
He knew it was VERY complex, VERY critical, it worked and was secure; and would be unmanageble or worse for others unskilled to access without good oversight (which from the article, seems to be no one but him). So he did what he could do. Lock it down.
I don't know if he tried to get assistance... I'm feeling either there was a personality conflict with management or they kept playing the no/low budget card when he asked.
Either way I think he was feeling kind of trapped, and would get the blame when something was messed up by someone else, by giving the 'keys' to the mayor (and probably stating his position) at least he knows he is OK now if anyone starts pointing fingers when/if they mess it up.
Stottlemeyer called Monk in and he solved the case.
Did anyone else think this when they read the article?
reboot the router
press break during boot
confreg 2142
put in new password or nuke the startup
confreg 2102
reload router
What am I missing? It's easy to root a Cisco router if you have physical access to it.
... and the super secret password was "password".
He should have kept them out forever. As for trusting Newsom, thats hilarious. If you read th enews you would know that Newsom is one of the few people you should absolutely not trust.
Trying to make yourself "indispensable" does NOT increase your job security... now get out there and document your cryptic code!
Stop using bad analogies. No one running any nuclear reactor in the US could be applied to your analogy.
It is only another mental grain of salt on the anti-nuclear ignorance pile; which is big enough, thank you very much.
The Kruger Dunning explains most post on
Alright who forgot to cavity search the guy? Oh you think because he's a geek he doesn't pose a physical threat right? Well that's profiling and it's wrong! Sure it was an iPhone this time but it could just as easily have been a gun! You damn well better check all the crevices, holes, folds and facial hair on the next geek that goes to prison!
"When information is power, privacy is freedom" - Jah-Wren Ryel
I'm not a guy-who's-paid-to-figure-these-things-out, but I think that if two nuke capable nations started a conflict today it's doubtful anyone would launch an all-out retaliation that would result in mutually assured destruction. That would just be silly.
I'm wondering about your sig. What exactly is your problem with people electing their senators directly as opposed to the state legislature doing so? Now if you were talking about the 16th Ammendment, I would probably be all for it.
I've always encouraged my people to remind themselves that it's not THEIR network, it's THE COMPANY'S network. When you start losing sight of this, you also lose sight of your larger goal (serving the company, not your own ego).
Not long ago, I encountered an engineer from another company who kept referring to "my network" when he talked about his company's network. He was a pain in the ass to work with and most employees at his company hated him (because he had become so protective of something he regarded as his baby). His protectiveness got in the way of his company's much larger goals and needs. I would have never tolerated someone like him on my team. But apparently his boss was too weak or afraid to come down on him.
SJW: Someone who has run out of real oppression, and has to fake it.
jfp51: "You must be too young to rememember when Reagan fired all the striking ATC's in the late 80's. Too bad no one doesn't have the balls to stick it to the unions like he did these days..."
So Unions are ebil and corporations are good blah blah blah, fill_in_the_right_wing_bullsh*t_reference.
In truth Reagan should have let the ATC's go on strike. All that bullsh*t about the economy was just that, bullsh*t. The same goes for police and firefighters and teachers and anything else. Everyone can go on strike, yippee! Of course there is the danger of being replaced...
For being a "free-marketeer" Reagan interfered in the market quite a bit. I mean, what's the market worth if employer and employee cannot each use the leverage they have to bargain against each other? Reagan replacing all of the ATC's due to the threatened strike took away the one BIG card they had to bargain with: "We don't think this is fair and we'd rather not work, and not be paid, than work for what you're offering."
All the free-marketeers I've ever met, aren't very free market when it's the workers using their power against the corporation. They bemoan the ebil gubbermint interFEARence, unless it's benefiting them. When it benefits them, all of a sudden government is "being responsible", et al.
This guy was fired right? Perchance was the city have been dumb enough to fire him BEFORE getting the passwords? Should that be the case, he should be under no LEGAL obligation to turn them over. THEY fired him. His job ended when they terminated him, and all responsibilities to it ended as well.
Of course he's still a nut, but I won't condemn him without the whole story. I seriously doubt we're getting the whole story.
People say the road to hell is paved with good intentions. Why? Is there any shortage of bad ones?
Look at the comments from Dana Hom (former COO of DTIS) on this Wired story. http://blog.wired.com/27bstroke6/2008/07/former-san-fran.html He adds some insight into how the SF government operates and convinces me that this guy is getting railroaded. It reminds me of a fired sysadmin that we had to investigate for "hacking" when all he was doing was changing permissions on his folder structure. Suddenly the PHB didn't have access to other users folders on the network and assumed there was something malicious going on.
High level employees don't withold vital information from their bosses. I would fire this guy in a second. Who cares if he's awesome at his job? He certainly doesn't deserve a long jail sentence or the ridiculous $5 million bail, but get real everyone who is defending him. This guy locked everyone out of a system that doesn't even belong to him. IT'S NOT HIS PROPERTY. HE DOES NOT HAVE THE RIGHT TO DO THAT.
Reapman: You can't just say "no flying" and expect the world to move on even remotely close to normal.
Seems like a good chunk of leverage for the employee to use. Market forces at work and all that. Oh wait, unless it's a corporation generating it, it's not a market force. Nope when it's a union it's "blackmail."
People say the road to hell is paved with good intentions. Why? Is there any shortage of bad ones?
The password was "password".
How new is the FiberWAN? how many people have current knowledge on how to administer it? its easy to admin a system thats been running for years, or create a new system based on old(er) tech. But another thing entirely to create and admin a newer system, where there isnt alot of information floating on the net if you run into problems.
also, am i the only one who thinks its a GOOD thing the cisco techs were unable to crack the network? that is what IT security is for, right?
"...a white cat-stroking schemer bent on world domination"
Brain, is that you?
-Pinky
"National Security is the chief cause of national insecurity." - Celine's First Law
I've often been told that if I had enough money that I was just one white cat of a James Bond super villain
--
Supporting World Peace Through Nuclear Pacification
I work in a real-live DOD lab with Classified stuff. I keep telling people that the barriers to communication between the Classified and the Unclassified are not where they are supposed to be. Significant numbers of people who should care don't and I have had to have the "I am not telling you this" conversation with the information security people so that they can understand.
I havn't had to pull the big red emergency handle (metaphor) because I know that no actual information is as yet flowing into bad places, but it is imminent, In My Humble Opinion.
So we are morally okay, but technically in violation, and there are just criminal and civil penalties involved.
So yea, you can be in a position where you sound paranoid just because you are the only one who has decided to look behind the curtain. It happens all the time.
As a thought experiment suspend belief for a few minutes if necessary and consider the following,
Given the amount of comments in this and many other threads about IT staff feeling extremely frustrated with incompetency of business practices or, more to the point, their management what SHOULD one do when faced with a situation where they actually are right and they're outnumbered by incompetency which is what happens when you have several levels of incompetency hiring, managing and validating other incompetent people?
For the sake of this thought experiment let's assume that the network going down actually can harm human life (ie: 911), assume that the individual has done everything in their power to handle this professionally and has done their best to try and work within the flawed system to try and (pointlessly) train their incompetent co-workers who, through no fault of their own, the incompetent management hired. Assume they, very professionally, tried to alert the business starting at their management and then worked their way all the way to the head of HR trying to get the issues resolved with their doable, simple solutions where even the head of HR agrees with them but is also mired in idiocy so sadly proclaims that although the admin is right it's the company's decision to make mistakes if they choose (assume it's a large publicly traded company so supposedly in the business of making money). Let's also assume this admin has been around for a long, long time and actually used to look forward to coming to work until slowly but surely more and more managers were added (if something's wrong just hire another manager, that'll fix it right?) and things got even worse. Let's assume they're not mentally deranged, their co-workers share their pain but have decided on apathy (which management misinterprets as validation) versus the risk of losing a paycheque. Assume that the company is in such a growth phase due to new services and a willing customer base that the incompetency won't be noticed fully by leaders and finance because reporting is slightly skewed due to the limited timeframe and/or a misinterpretation of the basics of economy ("Hey we're doing great, look at our stock" ... "Actually that just appears great because it's a new service and our customer base doesn't really have any choice yet so you're not properly forecasting"). All in all assume that while it looks like a god complex it's actually not...the admin just appears to be a paranoid maniac as he is the guy running around interrupting dinner on the Titanic trying to tell them it's sinking.
Now what? Should these valuable employees be consistently chased away from their beloved careers which, in the longrun, causes pain not only for the company but for the employee? Should the employee just walk away and maybe watch all their hard work be crushed by unnecessary incompetence which not only hurts their sensibilities but also hurts future employment since prior experience is usually a factor in hiring - "Oh you're the guy that ran THAT network, that network is an abomination and ended up in the press for security breaches" .... "But but, it was incompetent management, I tried to tell them" .... "Hmm, not only a shitty admin but now you're blaming it on other people eh, screw you I'm not hiring you". Should the employee goto the public as a whistleblower and possibly give themselves a blackball for life? Should the employee just become apathetic and press the buttons they KNOW are wrong just because someone with title X says so and hope that the explosion is viewable by someone who can actually grasp what's occurring and can actually change things? Should they risk their savings and financial security to start their own business in a market that likely doesn't foster such entrepreneurs? Should they wholesale leave their beloved career they worked so hard on and risk financial security by starting all over in another field? Should they bury their resentment of incompetency and swallo
You've stolen my sunny outlook, my joie de vivre, my je ne sais quoi, and my groove. I am filing charges against you for Grand Theft Funk.
This all would have been firmly tongue-in-cheek ten years ago, but today, watching someone get thrown in the slammer until they return something that never existed seems a very real possibility. Kafka would be smug.
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
A little point to consider.
He was fired.
At that point in time, all deals are off.
You fire me, effective immediately, I am not telling you shit.
Why? Because I no longer have contractual obligations to you.
Why? Because you are no longer paying me.
What do people expect ?
You wear the uniform and stay loyal, *until* you are gone.
From that moment onwards, there is nothing to bind or hold you.
You leave and look ahead to the next one.
That seems to be what he did.
He felt he should no longer have to supply them with ANY information,
post employment.
And I think him right.
In an American, Red Blooded Capitalist way.
No Services without Payment.
To suggest otherwise is to create a new sub-class of citizen,
with limited rights, who can be arrested for NO LEGAL REASON.
Who can be 'ordered' by a court to fix someone's problems,
without compensation or consideration.
Just a Techie.
Consider Childs. Held on what charge? For 5M BAIL? Fuck off!
Of course he should have been asked for the password long before.
And documentation.
And mentoring of the "PFY" assistant which they seem not to have given him.
But the Management involved here have already shown their complete "fantasy"
cost reduction mindset.
How?
Because they had a single guy, was on his OWN, running an entire
cities network. And they were too incompetent to create effective
controls or to maintain a business relationship with him.
In short, tough shit to the probably politically appointed chumps
who treated their own people so badly.
Fuckem.
(R)ule in Hell or (S)erve in Heaven [R]?
Quick Followup:
"Childs is being held on $5 million bail, as the authorities fear he could unleash a wave of attacks on the FiberWAN system Childs built. It controls the city's e-mails, payroll, law enforcement records and other data."
"Could Unleash"
In America, people are being held in preventative custody for actions
they could "potentially" perform.
Without evidence.
You get the government you deserve.
(R)ule in Hell or (S)erve in Heaven [R]?
If someone is essential for a project, replace him as soon as you can.
Replace them? No. Distribute their responsibilities and knowledge? Yes. You still want the brainchild around to give input and support; it's just that you need backup in case ...
Replacing them is considered better management (unless his indispensability was involuntary - imposed by administrative foulups or externalities such as an inability to hire additional experts or candidates for training).
The reasoning is: If he has worked his way into becoming indispensable now, he will work his way into becoming MORE indispensable later. The longer you keep him, the greater the hit when he finally burns out, dies, or leaves. So take the hit while it's small.
(I have spent most of my career trying to stay replaceable so I could stay upwardly mobile. And one of the downsides to my current situation is that I have for the last couple years become a rare expert in a niche that is keeping me stuck in an "indispensible" role for a critical (but boring to me) class of issues when both I and my management would like me to move on to other, potentially more valuable and innovative, work.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I think I have to retract any negative comments I might have made about him-- if this is true that he had NOT attacked nor held hostage the network over job security...
I too loathe giving out my passwords. WhenEVER any admins need/want to work on my computer in my absence, I log out and have them do their thing in admin role. My password operates under MY fingers, and in my presence. Granted, there are users who can't get some "thingy" (bookmarks, contacts, etc...) to work right and simply have to turn the machine over to an IT or admin type in the name of quicker ticket resolution.... But...
Besides, whenever I'm to be away from my desk more than a few minutes (we're a small office, and hardly anyone goes onto another machine under another user's profile) I lock my desktop. Why? There could be an emergency or i might be away for lunch, etc. The fewer chances any visitor or or any unauthorized user gets onto MY machine, the less likely that i will be associated to anything weird.
An employer of mine in the late 90s had the same policy, since fire drills, emergency evacuation and so forth (including the problem of tailgaters...) introduced opportunities for unauthorized use. Not even firefighters nor police had any real reason to be on our machines outside the scope of a legal investigation. So, we were to lock the desktop when going away from the desk out of sight of the computer, or away from our cluster of cubicles.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
First of all I will ignore your pathetic comment about hoping he will rot in jail. But really, how large an organisation do you run? I've worked in tech companies of up to 1,500 people and nowhere have we ever rotated skills in the manner you've suggested. In fact it would be insane. People are hired on exorbitant salaries based on the skill they have so rotating them to skills they know nothing about would be throwing obscene amounts of money down the dustbin. In fact the more I read this post the more I find it is one of the worst I have ever read. Sure... all you young admins out there taking expensive certification exams at your own expense... don't bother as they will be worthless. Why pay for certification as we expect your to learn from the "X for Dummies" series of books. Please ignore the above post, it is complete nonsense from start to finish.
Phillip.
Property for sale in Nice, France
Maybe Newsome will issue a retraining order for... Ummm RESTRAINING order AGAINST him, too?
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2007/02/27/MNGP8OBRL41.DTL
http://www.examiner.com/a-606664~Man_boasts_he_had_sex_with_mayor.html
When bad press like this happens.... you read about stuff like this:
"Prior to the incident at the mayor's building, Shin -- who has written several books on spirituality -- attended a town hall meeting Newsom held in the Bayview neighborhood on Feb. 10. Shin sat in the front row and appeared to be taking pictures of the lower half of the mayor's body, according to a declaration by Franco Fleming, a police officer assigned to the mayor's security detail.
At one point, Newsom's jacket fell off a chair and Shin picked it up, wiped it off in a caressing manner and then held it on his lap, according to Fleming's declaration. He proceeded to attempt to get Newsom's attention in a flirtatious manner. Afterward, he grabbed the mayor and prevented him from closing his car door till a police officer intervened.
Two days later, at an event commemorating the same-sex marriages at City Hall, Shin stood just feet from the mayor, taking pictures as he spoke. At one point, he grabbed the mayor's arm, wearing a purple latex glove."
THIS is the stuff which makes San FranCISCO San FranSIDESHOW...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
T'would appear that there are a lot of people who presume that he SHOULD have given passwords to anyone else that authenticate HIM, and are confused about the difference between authentication and authorization. A new "Director of Information Security" asking for his passwords SHOULD be a responsibility test. If the request was refused, it is a test he passed. Not all the world is a simple *N?X box with one root password, nor a windows box on the bedside table with a single admin login. Inadequate established policies is a good reason to not implement centralized controls.
If that high-end of a communication system cannot be properly configured for discrete authentication and authorization, there are a LOT of people who should be fired, and perhaps also be sitting in jail. If that is the case, the entire system was under-engineered for security, perhaps for the sake of "managerial expediency", or because somebody "bought a solution" without even understanding minimal proper requirements.
At least one report indicates that the equipment in question is vulnerable to physical access attacks, when the configuration and authorizations are committed to flash -- not at all a surprise. The subverting of some of the sensitive systems mentioned, such as a packet tee insertion, would be perhaps worse than a given node going dark -- certainly harder to detect. A reasonable judgement call, if reports are as accurate as they seem in that regard.
If there was no backup access policy implemented (and audited) in case Terry was hit by a bus, some heads should roll, but probably not his, for such an aggregious lack of responsible management.
As more information comes out, the descriptions of incompetence alleged by Terry in his own defense, (or by his lawyer, depending upon the account you read) look more and more factual, rather than bigoted and paranoid. There is an old adage: just because you are paranoid doesn't mean nobody is after you. When dealing with a system that supports a large city infrastructure, including emergency services, probably alarm systems, and police, that may be true in spades!
what an a-hole. he just ruined it for the rest of us who act with integrity with respect to our gratuitous amount of network authority.
i can just see prying eyes all over people who have anything > lame-an rights on the network and strategies upon strategies to prevent against the ubiquitous network hostage crisis.
eff him and eff stupid newsome too. if he runs for mayor i'm going to move to canada.
i don't use punctuation or grammar properly because computers cant help me correct that
i make one line statements to make me look insightful
i suck a lot of cock to get there i am circletimessquare
my posts are flame bait it's because its easier to just post than think
i will make some long comment in the middle of my post "laced with insults so that i appear to be a lot smarter" than i actually am because anger is so much better than reason and i like to blather on
see another one line comment with no full stop
shift key whats that
if you don't agree with me you are obviously stupid
I Haven't Finished Making A Low Budget Horror Film In NYC
I for one welcome our new bastard operator from hell... uhh, SF.
$> cd
$> more beer
... I felt when i read the title as "SourceForge admin gives up keys to hijacked city network".
Of course there's dial-up and/or DSL connections.. it's called "out of band management". I would be worried if a network of that size didn't have some form of OOB!
This whole thing was just a test to see if he was doing his job. I've been asked to give passwords to people other than the business owner before and I did not do it. Of course he gave them to the mayor. That's what he was supposed to do. He was not supposed to give them to anyone else... NO MATTER WHAT THEY TOLD HIM. OK the test is over now. You can let me go now.... Ok guys really.. this was a test right ??
Every BOFH should have his/her own PFY.
My exception safety is -fno-exceptions.
Still, Hi-jacking something like that's gotta be a few points on the 'ol e-penis.
Jail and criminal charges just don't seem appropriate here. Everything he's done suggests a psychological problem rather than criminal intent. Jail and criminal charges are probably the least constructive possible move here (short of just having him killed that is).
At the very least, he was Waaaaaay too emotionally invested in the network.
I can well understand how he felt about others having the password, but not the magnitude of his reaction. I have on multiple occasions felt the same way about others having key passwords, but turned them over with the understanding that I accept no responsibility for the likely screw-ups to follow. I made certain that I had the request for the passwords AND my protest in writing, but I did turn them over. (and yes, the predicted problems did come up).
Have any of San Francisco's residents been notified that their personal information which was crossing the city's FiberWAN network has been accessed by unauthorized persons?
CIVIL CODE SECTION 1798.25-1798.29
1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
http://caselaw.lp.findlaw.com/cacodes/civ/1798.25-1798.29.html