http://blog.american-helpdesk.com/2009/09/03/terry-childs-political-techie-prisoner.aspx
As a techie and having gone to school for broadcasting, I have been particularly interested in the San Francisco Network Engineer who has been in jail for allegedly hacking SanFran’s network. From what I have read on the issue, it sounds more like a lack of competent management, following of ITIL rules, idiot reporters, poor HR, political bullying and typical lack of understanding/fear of technology and now a complete disregard of the 6th and 8th Amendments to the Constitution .
To give a brief history, 14 months ago Terry Childs was the lone CCIE working for the City of San Francisco, one of the largest cities in the country. He administered all of their networks, data and voice. Apparently, as the only CCIE (certified cisco internet engineer) he worked long odd hours and typically was not the friendliest of people but from all accounts, a very, very good CCIE with a security minded implementation of the network. He took pride and ownership of that network (perhaps too much ownership).
Due to his unfriendly nature (probably due to the fact he had no backup, ITIL process break number one) he was not liked by his non-technical manager. When asked to give access to non-certified and non-technical team members, HR and politicians and police, to “help” he refused as part of the City policy (http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf). He did give them viewer access so they could cause no harm. Apparently, as the only person on-call and qualified to work/fix the network, he had been burned by previously giving passwords to low level techs who decided to play on the network and had to fix network issues in the middle of the night/day.
There of course was no master password database with the CIO (ITIL process break number two) when the manager fired Mr. Childs. He was hired back after the firing broke union rules. Note: they didn’t ask for the passwords before firing. Once back, from all accounts, nothing broke, nothing changed, but he did act more like a jerk. After more time he was fired again following union rules, then was asked for passwords (ITIL practice break number three). Under no obligation to give passwords, as he was no longer gainfully employed by the City of San Francisco, he declined. At this point his saga began as he was promptly arrested for 4 counts of computer hacking.
Over the next month, the City and its officials put out press releases noting the network was hacked, under attack, they expected retribution from Terry Childs remotely from jail, that he had monitoring devices setup to read their emails, he could take the whole network out at a whim, etc, etc.
Yet, the network never went down.
The city did hire in Cisco to try to break into their own networkwhich they were unsuccessful showing the above noted security conscious and skill as a CCIE he possessed. Yet, the network had no issues. His attorney noted he would give the passwords if he was not prosecuted and the city refused, so he sat on the passwords while the media reported all kinds of crazy unfounded theories that sound scary to the non-technical person.
The media reported of evil network sniffers, and modems waiting for remote command, and IPs set aside that were the only ones allowed to change the network in the configs, and passwords too complex to guess (oh and he had been arrested 20 years ago for theft). In reality, this is a standard secure network, sniffers are used to monitor traffic to adjust as needed and troubleshoot, remote administration is typically locked down and if you can guess a passwordso can a hacker.
After a month the mayor, Gavin Newsom, met in secret with Terry Childs who gave the passwords up and the city finally was able to get back into their networkwhich still hadn’t had an issue nor went down.
Yet 14 months later Terry Childs is
Slashdot Mirror
http://blog.american-helpdesk.com/2009/09/03/terry-childs-political-techie-prisoner.aspx As a techie and having gone to school for broadcasting, I have been particularly interested in the San Francisco Network Engineer who has been in jail for allegedly hacking SanFran’s network. From what I have read on the issue, it sounds more like a lack of competent management, following of ITIL rules, idiot reporters, poor HR, political bullying and typical lack of understanding/fear of technology and now a complete disregard of the 6th and 8th Amendments to the Constitution . To give a brief history, 14 months ago Terry Childs was the lone CCIE working for the City of San Francisco, one of the largest cities in the country. He administered all of their networks, data and voice. Apparently, as the only CCIE (certified cisco internet engineer) he worked long odd hours and typically was not the friendliest of people but from all accounts, a very, very good CCIE with a security minded implementation of the network. He took pride and ownership of that network (perhaps too much ownership). Due to his unfriendly nature (probably due to the fact he had no backup, ITIL process break number one) he was not liked by his non-technical manager. When asked to give access to non-certified and non-technical team members, HR and politicians and police, to “help” he refused as part of the City policy (http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf). He did give them viewer access so they could cause no harm. Apparently, as the only person on-call and qualified to work/fix the network, he had been burned by previously giving passwords to low level techs who decided to play on the network and had to fix network issues in the middle of the night/day. There of course was no master password database with the CIO (ITIL process break number two) when the manager fired Mr. Childs. He was hired back after the firing broke union rules. Note: they didn’t ask for the passwords before firing. Once back, from all accounts, nothing broke, nothing changed, but he did act more like a jerk. After more time he was fired again following union rules, then was asked for passwords (ITIL practice break number three). Under no obligation to give passwords, as he was no longer gainfully employed by the City of San Francisco, he declined. At this point his saga began as he was promptly arrested for 4 counts of computer hacking. Over the next month, the City and its officials put out press releases noting the network was hacked, under attack, they expected retribution from Terry Childs remotely from jail, that he had monitoring devices setup to read their emails, he could take the whole network out at a whim, etc, etc. Yet, the network never went down. The city did hire in Cisco to try to break into their own networkwhich they were unsuccessful showing the above noted security conscious and skill as a CCIE he possessed. Yet, the network had no issues. His attorney noted he would give the passwords if he was not prosecuted and the city refused, so he sat on the passwords while the media reported all kinds of crazy unfounded theories that sound scary to the non-technical person. The media reported of evil network sniffers, and modems waiting for remote command, and IPs set aside that were the only ones allowed to change the network in the configs, and passwords too complex to guess (oh and he had been arrested 20 years ago for theft). In reality, this is a standard secure network, sniffers are used to monitor traffic to adjust as needed and troubleshoot, remote administration is typically locked down and if you can guess a passwordso can a hacker. After a month the mayor, Gavin Newsom, met in secret with Terry Childs who gave the passwords up and the city finally was able to get back into their networkwhich still hadn’t had an issue nor went down. Yet 14 months later Terry Childs is