Network Admin Charged for Hacking City Network

[exfileme]

A jury found a San Francisco network administrator guilty of denying the city computer services.

Network Admin Charged for Hacking City Network : Read more

 

[babybeluga]

This guy either had a score to settle and some major balls ...

...or he was crazy...

 

[grillz9909]

So let me get this straight. The guy is going to get 5 years in prison and had a bail of $25 million for leaving for 12 days? I know they kind of needed access to the system, but it's not like he killed someone.

 

[AsianJetlag]

This would be such a cool story if the network admin didn't end up in jail X_X

 

[calmstateofmind]

i guess they've never heard of a plan B...

boss: WHATS THE PASSWORD TERRY?!?!
terry: I'LL NEVER TELL!!!! NEVER!!!
boss: okay, fine. eric, what's yours?
eric: 1234
boss: thanks. terry, you're fired.

crisis averted!

 

[segio526]

I think the punishment is a bit on the harsh side. If I were to do this in my company (and I can if I want), I'd probably get fired. This guy pretty much shut down an entire city for a couple of weeks. He definitly needs to be punished, but I'd think some huge number of hours of community service would be in order, not 5 years in jail.

 

[zoemayne]

sloppy to give one person such authority

 

[MrF430]

[citation][nom]calmstateofmind[/nom]i guess they've never heard of a plan B...boss: WHATS THE PASSWORD TERRY?!?!terry: I'LL NEVER TELL!!!! NEVER!!!boss: okay, fine. eric, what's yours? eric: 1234boss: thanks. terry, you're fired. crisis averted![/citation]

hehehe, that made me lol!

 

[waylander]

As this is the first case of its kind I've ever heard of, it sounds like the court wanted to make an example of him so that it doesn't happen again.

The city was unable to retrieve emails, access the payroll, police records, search for information on jailed inmates, or perform other city network tasks.

I sure would not want 1 person to have control over the above, especially the bolded.

 

[captjack5169]

This article is incorrect. I have been reading about the Terry Childs story since it happend in 2008. You can find the whole story at:

http/www.infoworld.com/t/security/terry-childs-admin-gone-rogue-708?source=fssr

To make a long story short Terry refused to give the passwords to the SF fiberWAN network to his boss and several other people include unnamed people on a speaker phone listening to the location. At no time and I stress this...At no time was access denied to email, servers, criminal files...etc. There was never any restriction of access to media for the SF employess nor did the network go down, but what did happen, was no one could manage the network or make changes to the network. Meaning you couldn't deny access to anyone or change ip addresses or manage VLANs. They tried to convict Terry on multiple charges of things that Network Admins do on a regular basis. The trial was required reading while I was studying for my ccna. Terry Childs is a CCIE which is the top certification for Cisco techs. He has repealed the conviction. I don't know if he'll get off of the charge or not. It was a real eye opener for me as to how uneducated the general public is about how a network is built and maintained. Still, he should have just handed the passwords over. Probably wasn't worth whats its cost him or the city of San Fransico.

 

[calmstateofmind]

[citation][nom]MrF430[/nom]hehehe, that made me lol![/citation]


hahah im glad to know i made at least one person smile today =D

 

[Guest]

Me thinks there are some missing details to this stand off. I also think 5 years is abit extreme for such ordeal. They say it cost the city 900K to resolve the "mess".... Perhaps they should chalk that up to a lesson learned in redundancy!

 

[kennyforgames]

wow... that is something really stupid for the city network system. how could they let that happen without any backdoor password cause something happen when the network administrator is absent.

 

[nekatreven]

[citation][nom]grillz9909[/nom]So let me get this straight. The guy is going to get 5 years in prison and had a bail of $25 million for leaving for 12 days? I know they kind of needed access to the system, but it's not like he killed someone.[/citation]

Hmm. No his bail was 5 million, like the article said. Also he wasn't 'absent' for 12 days. He got into a fight with his managers and (allegedly) held parts of the city network hostage for 12 days. I don't remember if they were already trying to fire him when this happened or if he got fired for it...but either way that is a BIG difference from just disappearing for a few weeks.

 

[sublifer]

Was he still employed when asked for the password? If he locked it and left, holding it hostage, that's one thing. BUT if he was working and the COO(who might know enough to break things) asked for a password and was told no to prevent things getting broken, then that's another story entirely. Do you give executives the power to break things that you'll likely take the blame when it does break??? That's a no-win situation right there. Get canned for insubordination or let the exec break things and then get canned to be the fall-guy for his actions? Either option is career suicide, future jobs as well as current.

 

[hellwig]

The court charged 45-year-old Terry Childs with one felony count of denying computer services,

So let me get this straight, in California, if some moron walks up to you and demands that you show them where the "any key" is, it's illegal to just laugh at them and walk away, thus denying them computer services?

As for what this guy did, no one ever gives higher-ups their password. If that higher-up needs access, they would already have it. No, some VP didn't like being told No, and turned this into a big fiasco. Of course, the IT could could have been less of a dick about it (all IT guys are dicks, so I'm assuming this guy was one too).

Anyway, it definitely wasn't worth it. Give the guy the password then quit (when the shit hits the fan, be no where near it). Don't deny him the password and then quit, that's the wrong way to go about it.

 

[thephilly]

nekatreven 04/28/2010 11:45 PM
Hide
-0+

grillz9909 :
So let me get this straight. The guy is going to get 5 years in prison and had a bail of $25 million for leaving for 12 days? I know they kind of needed access to the system, but it's not like he killed someone.



Hmm. No his bail was 5 million, like the article said. Also he wasn't 'absent' for 12 days. He got into a fight with his managers and (allegedly) held parts of the city network hostage for 12 days. I don't remember if they were already trying to fire him when this happened or if he got fired for it...but either way that is a BIG difference from just disappearing for a few weeks.

 

[ukgooey]

[citation][nom]kennyforgames[/nom]wow... that is something really stupid for the city network system. how could they let that happen without any backdoor password cause something happen when the network administrator is absent.[/citation]
or dead...

 

[Guest]

That really is bad network policy.

Big city in America is so badly run that if ONE network admin was to DIE that they would be locked out of massive parts of the network is bad network policy.
Instead of him going to jail it should be his boss for being stupid enough to allow such policies to exist.

 

[Lynxs59]

This whole thing is screwed up, I'm a network administrator, I would never actually give up my password either but its not like I am the only one with the password to our domain or networking equipment, we have a radius server that provides authentication to our networking equipment and is authenticated via AD groups which would allow more then 1 user access. If we create a service account at least 2 of us know the passwords. This reeks of poor IT management and backup plans. You can't always plan on someone being there, what if he gets into an accident/vacation/fired? I have to say though we have changed passwords in order to stop certain people to change things which they continually messed up however, but we let the other people that need to know what it is.