Jul 16 2008

Why no one person should control it all

Published by at 4:56 am under Government,Hacking

A systems administrator is in jail after trying to take sole control over the San Francisco FiberWAN network. According to the story, he was trying to gain control over the network so that the city couldn’t fire him after a poor review.

There aren’t a lot of details yet, but Mr. Childs does appear to have the City of SF by the short hairs, with control over most of the network. Next time your boss comes looking for answers about why we have to have separation of duty, this incident should be his suggested reading.

What was it about the city’s network that allowed this to happen? What sort of authentication schema are they working with that he locked it down so hard that security experts with physical access can’t break it? Are they just waiting to take some downtime to replace or reset equipment? Why aren’t they letting the system crash and restoring from backup? I guess the average reader wouldn’t care about those details, but I am curious why this ends up being such a big deal, resetting the password in most systems should be a fairly task.

Another aspect I’m curious about is the concern over a possible backdoor data bomb; is this something that ‘officials’ are concerned with, did Childs make a threat or did the idea come from someplace else? If they didn’t find a remote contol device in his home, chances are there’s nothing, since most people who commit this sort of crime don’t hide it that well. He might always be the exception though. Again, why can’t the city let the bomb hit and restore from backup?

I don’t think this is having quite the outcome Mr. Childs predicted. He’s going to end up out of a job and in jail for a while. I hope he cooperates soon and minimizes his own pain, not to mention the city’s.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “Why no one person should control it all”

  1. Scott Morrisonon 17 Jul 2008 at 10:04 am

    While I wouldn’t want to speculate on whether or not Childs has implemented a data bomb, I question the utility of a physical remote control device, not to mention any sort of remote control that would be obvious to police or security teams searching his apartment.

    A databomb is more likely to be on a watchdog timer, a logical deadman’s switch, or triggered via network access or other predetermined network conditions. If they don’t have access to the involved systems, they’re not likely to find such a bomb, or determine the triggering method.

    There’s an issue with the “let ’em nuke it and restore from backup” option, too. If there is a databomb, how long ago did our dear antagonist place it? How long ago was the latest clean backup? Restoring from a backup set that’s recent enough to have useful data might simply be restoring the logic bomb, too.

    The whole thing has been compromised, and needs a top down review by security professionals, along with clean rebuilds and data-only restores.

  2. Don Cliftonon 17 Jul 2008 at 1:46 pm

    Scott:

    I would say more to a point of taking drive images and having a forensics expert looking into it and hopefully mapping his actions to when these issues started. Very strange story though.

  3. Rob Lewison 28 Jul 2008 at 6:32 am

    As Andrew Jacquith says in his book, Security Metrics: “Trust is good. Control is better”.

    Dual key controls go along way to preventing this kind of thing. So does tamper-proof audit trails based on user roles. This is not the first time an individual has held an enterpise hostage. Is it really a safe option not to assume the possibility of evil administratrors?

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: