July 17th, 2008
Dreams come true: network guy holds city hostage
A few well chosen words from the technically knowledgeable Jaxon Van Derbeken, a staff writer for the San Francisco Chronicle as published on July 15/08:
(07-14) 19:23 PDT SAN FRANCISCO — A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city’s new FiberWAN (Wide Area Network), where records such as officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn’t work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.
…
Authorities say Childs began tampering with the computer system June 20. The damage is still being assessed, but authorities say undoing his denial of access to other system administrators could cost millions of dollars.
Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents.
Authorities have searched Childs’ home and car for a device that could be used in such an attack, but so far no such evidence has been found.
…
Childs, according to payroll records, earned $126,735 in base pay in 2007 and additional premium pay of $22,534, for a total of $149,269. Vinson said the extra money was apparently compensation for being on-call as a trouble-shooter.
Besides the shiny new definition of optical storage, I think the reporter here missed Wikipedia’s photo of the “device” the police were looking for in the back seat of the guy’s car.
All joking aside, lots of bosses worry about situations like this - and I’ve known rather a lot more than one (comes from being a consultant) IT guy who dreamt of doing something like this, but I’ve never seen anyone actually pull it off.
So I want to know two things: $149,269 for a network guy?! ; and, how?
I mean, really, how? the system is said to be running normally so he didn’t mass encrypt the databases - and what that leaves is BIOS changes if the servers are Windows and password control changes if the lockouts are based on router/switch controls. Either way, however, it’s a scriptable fix requiring, at worst, local connection to each device and a reboot/interrupt with a fully scriptable delete and reconfig - figure ten to fifteen minutes per device for a pretty finite number of devices.
So - somebody tell me: how could this kind of thing be done?
Paul Murphy (a pseudonym) is an IT consultant specializing in Unix and related technologies. See his full profile and disclosure of his industry affiliations.
Subscribe to Managing L'unix via Email alerts or RSS.
| 07/17/08
