Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Disgruntled Engineer Hijacks San Francisco's Computer System

Posted by timothy on Tue Jul 15, 2008 08:51 AM
from the wait-'til-he-turns-off-the-earthquake-preventor dept.
Security United States IT
ceswiedler writes "A disgruntled software engineer has hijacked San Francisco's new multimillion-dollar municipal computer system. When the Department of Technology tried to fire him, he disabled all administrative passwords other than his own. He was taken into custody but has so far refused to provide the password, and the department has yet to regain admin access on their own. They're worried that he or an associate might be able to destroy hundreds of thousands of sensitive documents, including emails, payroll information, and law enforcement documents."
+ -
story

Related Stories

Firehose:Disgruntled engineer hijacks city computer system by ceswiedler (165311)
[+] The Inside Story On the San Francisco Network Hijacking 471 comments
snydeq writes "A source with direct knowledge of San Francisco's IT infrastructure has tipped off Paul Venezia to the real story behind Terry Childs' lockout of San Francisco's network, providing a detailed account of the city's FiberWAN, interdepartmental politics, and Terry Childs himself. Childs pleaded not guilty to charges of tampering yesterday and is being held on $5 million bail. According to the source, Childs' purview was limited to the city's FiberWAN — a network he himself built and, believing no one competent enough to touch the network but himself, guarded religiously, sharing details with no one, including routing configuration and log-in information. Childs was so concerned about the network's security that he refused even to write router and switch configurations to flash. But what may prove difficult for the prosecution in its case against Childs is that his restricted access to the network was widely known and accepted among managers and the city's other network engineers. Venezia, who has been suspicious of the official story from the start, suspects that the Childs case may be that 'of an overprotective admin who believed he was protecting the network — and by extension, the city — from other administrators whom he considered inferior, and perhaps even dangerous.' Further evidence is that fact that the network, from what Venezia understands, has been running smoothly since Childs' arrest."
[+] IT: SF Admin Gives Up Keys To Hijacked City Network 581 comments
snydeq writes "Jailed IT admin Terry Childs relinquished his hold over San Francisco's multimillion-dollar FiberWAN, handing his administrative passwords over to San Francisco Mayor Gavin Newsom, who was 'the only person he felt he could trust.' Childs is still being held on $5 million bail for his lockout of the city's FiberWAN, a case that has been called into question since an insider came forward with details about both the network and Childs himself. The case hinges on No Service Password Recovery commands Childs allegedly configured onto several Cisco devices, as well as dial-up and DSL modems the SFPD has discovered that would allow unauthorized connections to the FiberWAN. Childs intends to 'expose the utter mismanagement, negligence, and corruption at DTIS, which if left unchecked, will in fact place the City of San Francisco in danger,' according to his motion. The Department of Telecom and IS has cut 200 of its 350 IT positions since 2000 — pressure that may have contributed to Childs' actions, according to interviews with current and former DTIS staffers. Newsom secured the passwords without first telling the DTIS that he was meeting with Childs."
[+] Your Rights Online: 3 of 4 Charges Against Terry Childs Dropped 189 comments
phantomfive writes "Terry Childs, who was arrested nearly a year ago for refusing to turn over the passwords to San Francisco's FiberWAN network, has been cleared of three of the four charges against him. The dropped charges referred to the attachment of modems to the network; the remaining charge is for refusing to turn over the password. The prosecutor has vowed to appeal, to have the charges reinstated. We have the original story, and the story where Childs tells his side, for those who want a refresher."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Disgruntled Engineer Hijacks San Francisco's Computer System 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Backups? (Score:5, Funny)

    by anonieuweling (536832) on Tuesday July 15 2008, @08:53AM (#24194381)
    With backups no data will be lost. Oh, those are encrypted?

    • Re:Backups? (Score:5, Insightful)

      by shbazjinkens (776313) on Tuesday July 15 2008, @08:55AM (#24194409)
      Or they could just unplug it? Lost productivity is better than lost data here, I'll bet.

    • Re:Backups? (Score:5, Insightful)

      by Brian Gordon (987471) on Tuesday July 15 2008, @09:11AM (#24194635)
      I don't understand how it's possible to be locked out of a system that you have direct local access to. You should at least be able to pop in a livecd and edit /etc/password from a livecd. If you need to decrypt stuff might as well start cracking the hash.. they certainly have the computing power to do it o_O

        • Re:Backups? (Score:5, Informative)

          by SatanicPuppy (611928) * <Satanicpuppy@@@gmail...com> on Tuesday July 15 2008, @09:20AM (#24194787) Journal

          Pretty much all Unix systems are hackable with local access.

          I'm guessing either the entire file system is encrypted, or the problem is getting into an application that's running under the OS. Most times the OS isn't the final gakekeeper in high security; the application itself may run everything encrypted, and may very well have no easy way to restore access if a password is lost.

  • This is why... (Score:5, Insightful)

    by Gallenod (84385) on Tuesday July 15 2008, @08:53AM (#24194387)

    ...you disable his account *before* you tell him he's fired.

  • Dennis Nedry? (Score:5, Funny)

    by dunelin (111356) on Tuesday July 15 2008, @08:53AM (#24194391)

    Next thing you know, we'll have some dinosaurs on the Presidio.

  • Countdown... (Score:5, Insightful)

    by geminidomino (614729) * on Tuesday July 15 2008, @08:58AM (#24194441) Homepage Journal

    Idiotic new law in 5...4...3...

  • Especially when it makes a crime a Felony. That is one of the four felonies charged to him. The other three are all related to tampering with a computer network.

    While this guy is obviously an idiot for thinking he could blackmail a government entity I am quite pleased the security on the system is sufficient to make it hard to get into when strong security is put into place. In other words, nothing annoys me more than so called secured systems having some means of password decryption, let alone the ones that allow admins to see them plain text.

    what is going to interest me is how many years they will attempt to land on him. Just how offensive to society is this type of crime versus murder or rape. It seems that every new crime invented by the government gets stronger penalties than existing ones; if only to make it appear more valid. After all the penalty wouldn't be so severe if it were not really a crime now would it?

    • Re:Got to love damage assessments (Score:5, Interesting)

      by damburger (981828) on Tuesday July 15 2008, @09:07AM (#24194571)
      he will probably get a sentence more than a rapist but less than a murderer. The state considers screwing with it the highest crime, far more so than the plebs killing each other, but there is a limit to what they can get away with if they want a quiet life.

  • Job Posting (Score:5, Funny)

    by Anonymous Coward on Tuesday July 15 2008, @09:04AM (#24194531)

    Large municipal department of technology seeking software engineer for a multimillion-dollar computer system. At least 5 years of previous experience required. Must be able to gain administrative access to a system where the password is not known. Hiring immediately!

  • I smell a rat (Score:5, Insightful)

    by stinky wizzleteats (552063) on Tuesday July 15 2008, @09:10AM (#24194619) Homepage Journal
    FTFA:
    "At a news conference announcing Childs' arrest, District Attorney Kamala Harris was tightlipped about what his motive may have been."

    I think there's more going on here than we're being told.

  • What no golden handshake... (Score:5, Insightful)

    by Numen (244707) on Tuesday July 15 2008, @09:10AM (#24194623)

    That director over there, he gets a golden handshake as he goes out the door... You want to keep him sweet because he knows where all your dirty secrets are and could cause all sorts of trouble for your operation.

    The sysadmin, youre going to kick out the door becuase hes blue colar... Oh, wait a minute... He really does know where all your dirty secrets are and really can bring your operation to its knees. In fact hes far more dangerous going out the door than the exec... pity you didnt think of that.

    Execs are heaved out the door all the time for being incompetent, but its done with kid gloves because theyre deemed to be potentially damaging... And they wear a suit.

    Word of advice: if youre sacking somebody who can bring your operation to a grinding halt, make sure you you keep them sweet, regardless of the job they do for your organisation. Its simple business.

  • Unpatch windows (Score:5, Funny)

    by Anonymous Coward on Tuesday July 15 2008, @09:11AM (#24194641)

    Thats why you run unpatched windows, it will take only 4 minutes to get access.

  • on any Linux system you can: (Score:5, Informative)

    by FudRucker (866063) on Tuesday July 15 2008, @09:11AM (#24194647)
    log in in init 1 (runlevel 1) and change the root password or;

    in /etc/shadow change this:
    root:$2$3bJ7DS4R$rV45lDlqNsfDRntfO1NCk0:14069:0:::::

    look exactly like this:
    root::14069:0:::::
    this and you can log in to root without any password

    maybe other *nixes are close enough to do the same (BSD or solaris)

    on ubuntu the root shadow is a little differrent since it is disabled with an asterisk:
    root:*:14069:0:::::
    just remove the asterisk

    • Re:I had a dream... (Score:5, Insightful)

      by gEvil (beta) (945888) on Tuesday July 15 2008, @09:01AM (#24194483)
      We all dream about doing this to our ex-employer, but he's the one who's had the balls to do it!

      No, not all of us do. Especially those of us who don't do things that get ourselves fired.

    • I've been in a position to do this (I was still rooted from home in three systems, and though they changed the passwords, they didn't kick active sessions) and all I did was change the MOTD to "When firing a user with root access, make sure to abort existing sessions."

      Professionalism is key if you expect to be trusted with access to big sexy systems.

    • Re:Frankly (Score:5, Insightful)

      by damburger (981828) on Tuesday July 15 2008, @09:02AM (#24194511)
      Why the hate towards the public sector? I have found the exact same shit going on in private companies, many of them quite successful.

        • Re:Frankly (Score:5, Insightful)

          by damburger (981828) on Tuesday July 15 2008, @09:15AM (#24194701)

          A reputation, based on people with a serious ideological axe to grind. Blind faith in the market producing magical efficiency gains is contrary to everything I have seen during my professional life, both in the public and private sector. From my perspective, I have never seen one bit of evidence to show there is any truth to it outside the imaginations of Tory politicians.

          Furthermore, people like you who are so besotted with 'market forces' did attempt to introduce them to public services in the UK, and it has been an unmitigated disaster. The inability of internal prices to truly reflect the quality of services has resulted in huge waste, massive bureaucracy and a decline of standards. Now, the ideologues are at it again trying to push for a new round of 'targets' in the NHS. They never learn.

    • Re:Just hack *his* hack (Score:5, Insightful)

      by Anonymous Coward on Tuesday July 15 2008, @09:06AM (#24194557)

      If you need a recognized code of ethics to tell you that sabotaging your ex-employer's system isn't right, then no code of ethics can help you. Unfortunately this guy screws it up for all of the honest techs who work hard to earn the trust which they need for doing their jobs.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.