Rogue SF sysadmin may cost city over $1m
Print storySend in the consultants!
Posted in Enterprise Security, 10th September 2008 18:39 GMT
Free whitepaper – Extended Validation SSL Certificates
The disgruntled sysadmin accused of locking San Francisco out of its IT network may cost the city more than $1m in upgrades, consultants and repairs to undo the damage, according to the City's Department of Technology.
Terry Childs, a 43-year-old from the Bay Area city of Pittsburg, is accused of creating a super password for San Francisco's new FiberWan network and locking his bosses out of the system's maintenance points. The network provides access to confidential databases including payroll files, jail booking records, and law enforcement documents.
Childs at first refused to divulge the password, even after being arrested with his bail set at a staggering $5m. He was eventually convinced to cough up the correct code, when San Francisco Mayor Gavin Newsom visited his jail cell. Childs currently faces four felony charges of computer tampering.
The city's Department of Technology told the San Francisco Chronicle that it plans to set aside $1m to pay for consultants and upgrades to the network. So far, it has spent about $182,000 for the work and $15,000 in worker overtime as a result of Childs' lockout. The department also plans to ask the San Francisco Board of Supervisors in November for additional funds to cover expenses.
Childs's attorney portrays the rogue admin as a skilled engineer who barred network access in order to protect the system from incompetent managers. She claims Childs's co-workers and supervisors damaged the network in the past, hindered his ability to maintain it, and otherwise showed no interest in maintaining the network themselves.
Prosecutors say before the incident, Childs was the target of disciplinary action over his allegedly poor performance. They claim he rigged the system as an "insurance policy" against getting fired. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive