Jul 16 2008
A systems administrator is in jail after trying to take sole control over the San Francisco FiberWAN network. According to the story, he was trying to gain control over the network so that the city couldn’t fire him after a poor review.
There aren’t a lot of details yet, but Mr. Childs does appear to have the City of SF by the short hairs, with control over most of the network. Next time your boss comes looking for answers about why we have to have separation of duty, this incident should be his suggested reading.
What was it about the city’s network that allowed this to happen? What sort of authentication schema are they working with that he locked it down so hard that security experts with physical access can’t break it? Are they just waiting to take some downtime to replace or reset equipment? Why aren’t they letting the system crash and restoring from backup? I guess the average reader wouldn’t care about those details, but I am curious why this ends up being such a big deal, resetting the password in most systems should be a fairly task.
Another aspect I’m curious about is the concern over a possible backdoor data bomb; is this something that ‘officials’ are concerned with, did Childs make a threat or did the idea come from someplace else? If they didn’t find a remote contol device in his home, chances are there’s nothing, since most people who commit this sort of crime don’t hide it that well. He might always be the exception though. Again, why can’t the city let the bomb hit and restore from backup?
I don’t think this is having quite the outcome Mr. Childs predicted. He’s going to end up out of a job and in jail for a while. I hope he cooperates soon and minimizes his own pain, not to mention the city’s.