Subject: Bwahahaha!!! San Francisco Sysadmin Holds Parts of City Net Hostage Tue Jul 15, 2008 8:54 pm
A disgruntled city of San Francisco IT worker who exacted revenge on his fellow employees has landed himself in jail. Officials arrested Terry Childs, an IT network administrator, for tampering with city computer systems and locking out some top administrators from the network.
Officials have arrested a city of San Francisco IT network administrator for locking up a multimillion-dollar city computer system, according to several reports stemming from a press conference with San Francisco District Attorney Kamala Harris. The employee, Terry Childs, 43, is accused of improperly tampering with computer systems and causing a denial of service, effectively locking out other top city administrators from the critical network.
Police believe Childs, as an employee of the city's Department of Technology, set up his own secret password that grants him exclusive access to the city's new FiberWAN (wide area network), and according to a report in the San Francisco Chronicle, Childs gave police fake pass codes and refused to give up his own -- even while in jail. He is reportedly being held on a US$5 million bail.
The new FiberWAN system provides access to sensitive and confidential data, including officials' e-mail E-Mail Marketing Software - Free Trial. Click Here., city payroll files and law enforcement documents. Authorities reportedly expressed concern that Childs may have provided access to a third party or set up some sort of remote ability to tamper with the system. Locked Out but Still Working
While other San Francisco IT administrators are locked out of parts of the system, apparently the services are still online and are continuing to function properly. The city has been trying to crack Childs' passcodes and regain control.
The department disciplined Childs on the job for poor performance and his supervisors tried to fired him, the Chronicle reported. Either way, Childs appears to have been well-paid, with a reported base salary of $126,000, plus on-call premium pay of $22,534 for 2007. Uncommon Admin Power?
"While I don't think the situation in San Francisco is common, it does point out some dangers related to managing and maintaining IT," Charles King, principal analyst for Pund-IT, told TechNewsWorld.
"If administrators aren't properly managed or supervised -- as it happens all too often in overworked, overstressed IT environments -- it creates a breeding ground for potential abuse. In addition, as IT systems in both the public and private sectors are being ever-more tightly integrated to facilitate information-sharing between departments and agencies, the potential for disaster becomes ever-larger," King added. Cause for Concern?
The San Francisco case illustrates the cusp of a worse-case scenario -- while the city is locked out of its own systems, no additional damage may have yet been caused. For example, while it may cost the city hundreds of thousands of dollars to regain control, a worse case would be the destruction or tampering of documents and data -- or new access given to third parties with nefarious intent.
"The need for holistic, long-term planning and strategic processes in IT infrastructure deployment has been well-regarded and understood for years," King said.
"The situation in San Francisco suggests that organizations would be smart to take a similarly careful approach to employing and managing IT administrators," he noted.
Subject: San Francisco Held Cyber-Hostage? Disgruntled Techies Have Wreaked Worse Havoc Wed Jul 16, 2008 11:18 pm
San Francisco Held Cyber-Hostage? Disgruntled Techies Have Wreaked Worse Havoc
The purported takeover of the San Francisco government's new fiber optic network by an employee who locked out all the other administrators sounds extreme, but disgruntled or fired employees have always used computers to get a dose of revenge.
The city is still scrambling to regain control of the municipal network that handles everything from the mayor's e-mail to San Francisco's electronic court records, according to Ron Vinson, the deputy director of San Francisco's telecommunications and information services department.
Terry Childs, a city tech employee, allegedly modified the system so that only he had top level permissions. Childs was arrested Sunday and is being held on $5 million bail, after allegedly refusing to hand over the passwords.
"This is a great example of how powerful insiders can be," assuming the allegations are true, says security expert Adam Shostack, the author of the New School of Information Security. "Insiders do have a tremendous amount of power."
At the same time, such shenanigans are still rare, at least compared to how many network administrators are fired, or quit, without burning the system behind them, says Shostack. One thing's for certain: with no actual damage reported, the San Francisco incident pales next to other reported cyber-sabotage efforts.
* In 2008, Danielle Duann, a former employee of the Life Gift Organ Donation Center in Houston, Texas, was indicted for computer hacking. Duann allegedly deleted database records used to match organs to needy patients after she was fired in November, 2005. The feds say the deletions caused more than $70,000 in damages, and had the potential to affect medical treatment.
* In 2007, Lonnie Denison pleaded guilty to intentionally sabotaging a data control center in the California Independent System Operator Corporation, which the Feds described as an effort to bring down the Golden State's power grid. Denison, a contractor working at the CAL ISO, broke into a high security computer room and pushed an emergency electrical shut-off button for the computer room crashed computers that communicate with California's deregulated power market.
* In October 2003, Andrew Garcia, a former employee of monitor maker Viewsonic, was sentenced to a year in prison for deleting critical server files that were necessary for Viewsonic's Taiwan office to do work.
* In 2002, a former American Eagle Outfitters employee posted passwords and logins for the company's network on a hacker mailing list on Yahoo. He also included instructions on how to get into American Eagle's wide-area network. He put those instructions into use himself after Thanksgiving 2002, hoping to disrupt the company during the busy holiday season. For his trouble, Kenneth Patterson was sentenced to 18 months in prison.
* A former network administrator for the Inglewood, California-based Airline Coach Service and Sky Limo Company attacked his former employee's network, deleting files and changing passwords. The hack crashed the company's dispatch system, causing thousands in losses. When his house was raided by the feds, they discovered a file folder labeled "retaliation." In 2003, Alan Giang Tran plead guilty to one count of hacking.
* A disgruntled Australian engineer used a laptop and radio control equipment to dump hundreds of thousands of gallons of sewage into rivers and parks in Australia in 2000. The engineer was angry at being rejected for a job from the Maroochy Shire in Queensland, which contracted the company he worked for to make the sewage system.
* Roger Duronio, a disgruntled former UBS PaineWebber employee was sentenced to 97 months in jail for planting a time-bomb program that destroyed files on thousands of computers inside the financial giant's computer network. Duronio planted the code before his February 22, 2002 resignation, which followed repeated complaints by Duronio about his salary and bonuses. The timer for the code went off on March 4, and Duronio shorted UBS's stock on the day of the time bomb, hoping to make a profit by having the rogue code drive down the company's stock price.
* In 1996, a network administrator planted computer code that deleted the sophisticated production software of a high-tech measurement and control instruments company called Omega Engineering, causing $10 million in damages. Timothy Allen Lloyd designed the company's network, but was fired after 11 years on July 10, 1996. The time bomb went off 20 days later. After being convicted in 2000, Lloyd was eventually sentenced to 41 months imprisonment.
Despite the horror stories, at least one can be thankful that when someone in the IT department goes postal, they tend to take down the mail server, not pick up an assault rifle.
Subject: Bwahahaha!!! Sysadmin still refuses to give up the real password Fri Jul 18, 2008 7:13 am
Bwahahaha!!! Sysadmin still refuses to give up the real password
The sysadmin accused of locking the San Francisco city council out of its computer network was back in jail yesterday after pleading not guilty to four counts of computer tampering.
Terry Childs was locked up in lieu of $5m bail last weekend, after the city accused him of creating a super password for its new FiberWan network, and locking out other users. Childs had been suspended after a run-in with one of his superiors.
Childs, a 42-year-old from Pittsburg, California, initially coughed up a password to investigators but this proved to be bogus. He has since refused to give up the real password, according to reports.
The silent sysadmin’s lawyer, speaking after his arraignment, insisted Childs was willing to help the city get back into the network, and had been willing to handover the password since Tuesday, the San Francisco Chronicle reports.
She said he was “willing to cooperate. We have negotiations ongoing.”
She also said the $5m bail was ridiculous and that Childs was “not the bad actor” in the case.
The City’s tech dept though said they were unaware of any negotiations, and for now, while the network is running, it seems the city authorities are still unable to get in to service the network.
Earlier in the week SF mayor Gavin Newsom said "He was very good at what he did, and sometimes that goes to people's heads and we think that's what this is about."
Childs’ lawyer characterised the case as a misunderstanding that had been blown out of proportion by the media. Certtainly the case has gained worldwide coverage, and will no doubt prompt many organisations to look again at who’s got access to their networks.
Childs seems to have gained Robin Hood-type notoriety amongst some sysadmins. Some have raised the absurdity of someone accused of a data crime which has yet to hurt anyone being held on more bail than someone accused of serious violence, while others have questioned what kind of oversight the San Francisco government exercised if it let someone effectively annexe its entire network.
Subject: SF mayor gets codes to hijacked city network Wed Jul 23, 2008 3:38 am
SF mayor gets codes to hijacked city network
The computer network hostage crisis in San Francisco is over, thanks to the city's mayor. Terry Childs, a network administrator for the city of San Francisco, has been in custody since July 13 on four felony charges of taking control of the city's computer network and locking administrators out. The move blocked access to much of the city's information, including law enforcement, payroll and jail booking records. Childs had reportedly refused to surrender the codes to his supervisors, but apparently after a little more than a week as a guest of the city he had a change of heart and invited Mayor Gavin Newsom to meet with him, according to a report on the San Francisco Chronicle Web site Monday night. A secret meeting was arranged at the city jail Monday afternoon, where Childs gave Newsom the codes to the network. The meeting reportedly was so secret that the police department and district attorney were not informed of the meeting ahead of time. The codes given to Newsom didn't initially provide access to the system, but a call to Childs' attorney got the city back in the system. But just because the city has its network back doesn't mean all is forgiven. Erin Crane, Childs' defense attorney, is expected to cite his cooperation during a court hearing Wednesday in a bid to have his $5 million bail reduced. Crane has argued that Childs was merely protecting the network from incompetent city officials who were trying to force him out of his job. "Mr. Childs had good reason to be protective of the password," Crane told the newspaper. "His co-workers and supervisors had in the past maliciously damaged the system themselves, hindered his ability to maintain it...and shown complete indifference to maintaining it themselves. "He was the only person in that department capable of running that system," Crane said.
Subject: Bwahahaha!!! San Francisco Sysadmin Holds Parts of City Net Hostage 
Tue Jul 15, 2008 8:54 pm
