Why San Francisco deserved to lose control of its network
Terry Childs is the San Francisco government systems administrator who, threatened with losing his job, took over the network. Childs finally gave in from his jail cell and handed mayor Gavin Newsom the passwords he'd changed, along with a liturgy of hate for his pointy-haired bosses. San Francisco bureaucrats make Childs out to be another Kevin Mitnick, capable of breaking into confidential data. Truth is, he's a grunt router admin who got sick of being on call 365 days a year. Here's a rundown of the exaggerated claims San Francisco officials are heaping onto Childs:
- Childs is said to have access to email, 311 service, and law-enforcement applications. He only had the power to block network access to these apps, not to log into them.
- Childs had a list of 150 VPN groupnames and passwords. These were part of his job, not something he'd stolen. Ironically, these passwords were entered into court documents, making them publicly-accessible information.
- When Childs was arrested, he had documentation of the city network, including configurations, maps, and diagrams of the FiberWAN and possibly other networks in his possession. Again, knowing this info is part of his job.
- He had configured some number of routers to disable password recovery, but did not write the device configurations to flash memory on some number of routers. This would cause them to fail if power-cycled. City officials claim this was a "booby trap" designed to disable their data center at One Market Street during a forthcoming planned power outage. I think they're giving him too much credit for plan-within-plan cleverness here. Disabling password recovery is a standard security procedure for routers. More likely Childs just forgot to save to flash.
You can read a longer, wonkier takedown of the city's claims at IT World. The most damning charge, technically speaking, is that Childs had several modems hooked up to computers in his workspace. It appears that he used these modems to access the network remotely without leaving an audit trail back to himself. What an amateur. The Childs case backs up a point I've been making to clients for years. City officials have admitted — in public! — that "not only was Childs the only admin, he was always on call, 24 hours a day, 7 days a week, 365 days a year. As the only admin with the knowledge and access to the FiberWAN, he had no help. During the past few years, the DTIS staff has been significantly reduced due to budget cuts, keeping the city dependent on a sole admin for its core network." Overwork your techs and bad stuff will happen. Maybe Childs is happy to be in jail. He can get some sleep there. (Photo by Robert McMillan)