Slashdot Mirror
Ex-SF Admin Terry Childs Gets 4-Year Sentence
Robert McMillan writes "You remember Terry Childs, right? He was
finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
What I'm going to be more interested in is the appeal. There's no way that he isn't going to try and appeal, and if as much of it has been glossed over or ignored as it seems to be at this time, he may get the conviction and any financial penalties overturned. As it stands now the city wants to bill him $900k for it.
Especially when you read the story of one of the jurors who has a CCIE (http://www.networkworld.com/news/2010/042910-terry-childs-juror-explains-why.html). This wasn't a case of some PHB demanding access to something he shouldn't have. This was a case of an egomaniac sysadmin trying to make himself irreplaceable by locking everyone else out. When called on this he refused, bluffed, and finally lied.
For me, the lying part is where it clearly went to criminal levels. I suppose some of the other things he did (like store the WAN config only in memory, not saved to flash and keep the only backup on his laptop) could possibly be justified as just being paranoid and poorly educated in actual security practice. However when he gave his supervisors false passwords, lied to them, to me that showed clearly that he knew he was in the wrong. He knew he was supposed to give up the passwords but wouldn't.
Hopefully it'll be a lesson to other sysadmins to consider that at work, the computers are not yours. They don't belong to you. They belong to the organization you work for. Part of that means the origination gets to decide who has access. You can (and should) have input in to that, and should make sure it is all documented, but ultimately the systems belong to them and you need to do as they say.
As IT workers, our job to is provide service, not prevent it. We need to do what we can to ensure people can get what they need. It is a service industry, like it or no.
I know I just just skip past this comment, but I do wonder why so many people on here seem to think being raped is funny. You might think the guy did wrong; you might also think that justice has really been served, and hey that's your right, we're all allowed an opinion. But he's not some big-in-the-game criminal that destoryed people's lives, so I really fail to see why joking that he should keep his arse to the wall is at all funnny.
cat:
Agreed. America is supposed to be a civilized country. Why would anyone believe that it is appropriate to allow prisoners to be raped by other prisoners?
People joke about this and even seem to hope that it happens. This is disgusting and wrong. We have Enlightened articles about cruel and unusual punishments. Prison is supposed to be a loss of freedom, not a loss of basic human rights.
Hoist Number One and Number Six.
People joke about what they are scared of.
You are entitled to your own opinions, not your own facts.
Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.
You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.
Now ideally this is in the form of someone else having access, or there being a central password store. Read in to the Childs case and indeed there was a place where passwords were supposed to be stored and he didn't do it. However even if that's not the case, you have to relinquish the passwords when you leave. If you are the only one with the root password, you have to hand it over (or change it for them or whatever). Same shit as your keys, when you leave employment, you have to turn in your keys.
You don't have to help them figure anything out, but you are not allowed to lock them out of their own systems. If you cannot see the difference, you are being deliberately blind.
You and I may see the difference, but can your luddite boss and his luddite lawyer? You might think that laws and court rulings are based on responsible understandings of the facts, but then you would be wrong.
Hoist Number One and Number Six.
Making jokes the way Americans do about "pound me in the ass prison" indirectly condones the fact that such a prison system exists. Heck, how many tv shows have a cop quickly whispering into the ear of the just arrested (and hence not convicted eg innocent) perp about what's going to happen to him in jail?
People replying to my sig annoy me. That's why I change it all the time.
I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.
Wouldn't that create the situation where professional communities could just decide for themselves what the law was?
BP's CEO has broken pollution laws? Not according to a jury of oil company CEOs!
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
It isn't about PASSWORDS it is about ACCESS. He had sole access to some systems, including some very critical ones. He wouldn't turn over access. In some cases, this would have meant creating accounts for other people. In other cases, this would have meant handing over the password. Remember that some things like root or enable have only one password.
So the issue wasn't that he wouldn't give up his own personal password, the issue was that he was denying the rightful owners of the systems (the city) access to those systems.
Also please note this all started way before he got canned.
They still ruined a mans life.. over a password.
No, they ruined his life over criminal interference. Read the court records.
did he steal or destroy anything of value? was anyones life put in danger? did he HARM anything at all but the ego of some of his asshole bosses?
His action directly resulted in over $200,000 in lost money. That money was spent cleaning up the problems he caused through purposeful effort on his part. Do you think that money has no value? If he'd done $200,000 dollars of damage by attacking the server room with a crowbar, would that have made it different? It doesn't matter that he didn't endanger anyone's life. Someone who forges a check and steals your bank account doesn't threaten your health.
Way to go americia. Just as bad as any 3rd world shithole dictatorship. But with a better PR department and a mcdonalds on every corner. And we don't kill you directly. We just ruin your life and put you with people who will kill you.
Oh, boo hoo. Maybe if he'd avoided breaking the law and doing nearly a quarter million dollars in damage he'd have avoided going to jail. The court records plainly show that he did this in an effort to keep everyone else, including his bosses, out of the systems, and that's not his place any more than he had the right to install locks on the doors and not let anyone into the building. If he didn't do it on purpose to make himself irreplaceable, then he'd have to be astonishingly bad at his job.
Makes me glad, Yet again. I got the fuck out of IT. When things work right you get no rewards. When things go wrong you get all the blame.
I have to say, based on this comment, that I'm glad you got out of IT as well.
Virg
On the other hand, I rather doubt that refraining from making the jokes would lead to imminent abolition or reform of those institutions.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
America may be civilized in the broadest sense of the term, but it is anything but civil. When you have a "civilization" where keeping people imprisoned is a $40 billion a year industry, and prison wardens allowing criminal activity inside their institutions as a cost-effective means of self-policing, you're going to have people getting raped and your going to have people coming out of prison much worse off than when they went in.
"Turned Out" is an interesting and disturbing documentary about the dynamic of prison sex and rape http://www.youtube.com/watch?v=M4_uvvcaDqw
You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.
His actions ended up costing his employer a big pile of money. This wasn't a prank, it was a purposeful lockout to make himself indispensable.
I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such.
There was a network admin with a CCIE on the jury. He got exactly what you wanted for him.
Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.
It makes for a nice conspiracy, but the reason stated for holding him in jail (well, for applying for a very high bail so he'd have to stay in jail) is because he was a flight risk. He had already tried to flee the jurisdiction and at the time, he was suspected of having backdoor access points into the network. They were afraid that if he got out, he'd split and then attack the system remotely. Based on the case information (and the first attempt to flee) I'd say they were reasonably justified in holding him.
Virg
This.
The people who really ought to be having a miserable time in prison get a free pass to carry on tormenting and hurting other people for their own amusement. Other people who have nowhere to escape and nobody to turn to for help.
No sig today...
The process of "being fired" does not end your responsabilities with you stopping to work and going out of the building. It ends only when you :
1) gave back all physical object the firm loaned to you within the execution of your work (laptop, cars, etc...)
2) gave back all access key in your possession (be it physical, RSA keys, or electronics)
3) gave back all financial access you had to (firm credit card for example), and I may pass a few others.
If you do not think so, you are a "terry child in waiting", as in, risk prison if you think you can skimp on your responsability. being fired don't mean you can keep stuff from the firm, be it unique key knowledge (like passwords), or physical items.
It actually pretty dumb to think so. About as dumb as somebody keeping a laptop at home after being fired.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
The point of a jury isn't to selectively apply laws. It is to determine whether the evidence indicates that the law was broken, with intent, and without any mitigating circumstances.
Childs locked down systems without documenting the changes. He did not take any steps to ensure continuous service in his absence. He put extra effort towards implementing systems that others couldn't access. He broke the law.
He refused to turn over passwords when leaving. When asked, he lied. That strongly indicates intent.
There has been no mention of blackmail or extortion. Nothing has indicated a legally-relevant level of insanity. He was not tragically injured just moments before handing over the passwords. There were no mitigating circumstances.
Childs is pretty clearly guilty. The fact that he's in IT is irrelevant.
You do not have a moral or legal right to do absolutely anything you want.
I am very critical of Terry Childs actions and think, that those can at least be interpreted as criminal act. But 4 years for such a bagatelle case? What do you do with a real criminal? There was a lot of incompetence on the city side walking around which enabled such a situation. I think he was afraid of loosing his job and overstepped his legal options. But what do you do who does this to steal money or with the intent to cause damage? Shoot him?
People who drive under the influence of alcohol and kill someone get away with less.
I think the punishment is out of proportion.
CU, Martin
Prisoners rape each other, commit assault against one another and occasionally murder each other. Extortion is even more prevalent than rape in US prisons, because it is also present in minimum and medium security prisons. You can scream and shout about how all of this violates human rights you want. And claim that we are turning a blind eye to a problem. But it is simple really, we do not have the capacity to imprison and monitor so many people. We've overloaded our prisons and understaffed them. We've lost control over our prison population and at this stage we're just trying to keep them from escaping or murdering each other too often, with only limited success.
If you have go to an American prison you'll just have to get used to violence, and tolerate things like rape to survive (although it is quite rare in a minimum security prison). Pretend you're taking a vacation to some lawless country.
“Common sense is not so common.” — Voltaire