IT Admin vs. Police Department

BigRed460

BigRed460

Full Access Member
Joined
Jan 2, 2007
Messages
3,052
Reaction score
17
Location
Texas
Link

A network administrator has locked up a multimillion dollar computer system for San Francisco that handles sensitive data and is refusing to give police the password, the San Francisco Chronicle reported Monday.


The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code, the paper reported.


The new FiberWAN (Wide Area Network) handles city payroll files, jail bookings, law enforcement documents and official e-mail for San Francisco. The network is functioning but administrators have little or no access.


Childs, who remains in custody, is accused of improperly tampering with computer systems and causing a denial of service, said Kamala Harris, San Francisco's district attorney, on Monday afternoon.


"The bail has been set at $5 million, and the exposure in this case if he were convicted on all counts would be seven years in prison," Harris said.


Harris said it's unknown why Childs tampered with the system. The Chronicle, however, reported that Childs was disciplined recently for poor performance. Childs worked in the Department of Technology for San Francisco, making close to US$150,000 a year, the paper reported.


City officials told the paper that Childs may have caused millions in damage while also rigging the network so that other third parties could monitor traffic, posing a huge data security risk. He is also alleged to have installed a tracing system to monitor communications related to his personnel case.


(Robert McMillan in San Francisco contributed to this report.)



LOL Don't piss off the nerd...
 
hahahaha!!!! pwnd by the IT dept.

But, he will pay dearly for that...
 
ntw0rk said:
hahahaha!!!! pwnd by the IT dept.

But, he will pay dearly for that...
Click to expand...

That depends on how bad they want their data back. :D ;) I've said before, and I'll say again..... DATA AND INFORMATION is worth more than all the gold in the world. :eek:
 
Black1 said:
That depends on how bad they want their data back. :D ;) I've said before, and I'll say again..... DATA AND INFORMATION is worth more than all the gold in the world. :eek:
Click to expand...


I see your point, but what I am saying is that his career in IT is shot!
 
If witholding a password is all he's got... he doesn't have much game at all. if he's a network admin he doesn't have access to data just access to the network in which the data is relayed.... provided other network admins have (Physical Access to the routers/switches/firewalls) this is an easy fix..

----------------------------------------------------------------------------------------------------------------------------------------------------------
Throw the book at this guy... he's not a hacker by any stretch of the imagination he's just an engineer with a big chip on his shoulder... he was probably told he was being outsourced and flipped out... <shrug>
 
Last edited:
this is dumb. like he said, any IT person would spend only minutes gaining root or admin access to their systems. even remotely it's not impossible.
 
Seems like there are 2 options to get the info. Get anyone worth a shit to gain root, ar lock him up with bubba and have bubba get the info hehehehe.
 
I know from experience that there are several easy ways to gain access to the system without the possibility of compromising the data. Like bootable CD's that overwrite the admin password....
 
From what I have heard so far the guy locked all admin controlls, then he screwed then prgram that suspose to reset the passwords incase of something like this. And he opened several ports to he could gain remote access, which they can't close till they get controll back...
 
Last edited:
He's a traitor......off with his head. Either one, I don't care. You choose.
 
BigRed460 said:
From what I have heard so far the guy locked all admin controlls, then he screwed then prgram that suspose to reset the passwords incase of something like this. And he opened several ports to he could gain remote access, which they can't close till they get controll back...
Click to expand...

As far as I know, there is no real way to lock down the system so that you can't reset the password. I had a CD that I could use to change any password on the system, even making them blank. There were other things you could do with the CD as well, like opening and closing ports. Not sure how he would lock that stuff out unless he set changed the boot order and set a password on the BIOS. But even that is easy to fix if you know your MoBo.
 
BigRed460 said:
From what I have heard so far the guy locked all admin controlls, then he screwed then prgram that suspose to reset the passwords incase of something like this. And he opened several ports to he could gain remote access, which they can't close till they get controll back...
Click to expand...
Just block those ports are the firewall, should take just about as long to do that as it took me to type this hehe.

I have trouble believing that with a network this big and important that there isn't a pre-production or test network, that they could bring online as the production network until they can get their backups from Iron Mountain or wherever they are storing them off-site. And if they don't have all this in place, then they're getting what they deserve.
 
tidnab said:
probably told he was being outsourced and flipped out... <shrug>
Click to expand...
I sure hope they haven't started outsourcing government jobs. If that's the case we might as well turn out the lights, cause the party is about over.
 
OCBob said:
Just block those ports are the firewall, should take just about as long to do that as it took me to type this hehe.

I have trouble believing that with a network this big and important that there isn't a pre-production or test network, that they could bring online as the production network until they can get their backups from Iron Mountain or wherever they are storing them off-site. And if they don't have all this in place, then they're getting what they deserve.
Click to expand...

Yeah! Most large corporations and Gov't agencies are implementing COOP plans. Sounds like they need to put theirs into action!!

Or they could just hire me and you Bob, I am sure we could fix it!! ;)
 
ntw0rk said:
Yeah! Most large corporations and Gov't agencies are implementing COOP plans. Sounds like they need to put theirs into action!!

Or they could just hire me and you Bob, I am sure we could fix it!! ;)
Click to expand...
Or at least hire us to write a disaster recovery plan, I've written some big ones in the past.
 
1: He's a network engineer so there shouldn't be loss of data only loss of service.
2: even if there is a DR plan if the data was corrupted or deleted it would be replicated as such(whether it be log shipping or an SRDF solution etc.). Speaking of DR plans or business continuity plans doesn't really come into play if your users aren't geographically dispersed (and I'm guessing they're not)
3: As I stated before switches/routers/firewalls which is what this person did... (as a network engineer) password workarounds are easy to resolve. The company should have involved (ATT MCI or whomever owned the circuits) to have them shutdown immediately(until this was resolved) If the circuits are down nothing gets outside
4: cisco, bay networks, etc... all have procedures and workarounds for issues just like this
5: The real problem is we're probably not talking about a few switches, routers, firewalls... he probably propogated rulesets for the hardware which will effect the entire network... If there were high availability environments he most likely had access to load balancers and fibre switches as well (which could impact SAN/Backup among other things)
6: like I said... if he just changed some passwords... it's real simple but I'm guessing there's more... Your typical Systems Engineer or DBA for that matter could have caused as much if not more than this....


Some of you guys are bigger geeks than I realized and to you I say... ps -ef |grep geek :p :argh:
 
OCBob said:
Or at least hire us to write a disaster recovery plan, I've written some big ones in the past.
Click to expand...

Here's a DR plan for you...

SA: hello DNS guy?? I need you to change the ip for myaliasapp.net
NET OP: ok I changed it
SA: tracert myaliasapp.net it's still wrong
NET OP: you noob your dns is cached
SA: oh duh... ipconfig /flushdns my bad
NET OP: noob does it work now?
SA: yes it works now UBER DR at it's best

of course this assumes that the SA was smart enough to have the client applications use an ALIAS and not a SERVER name or IP <even worse> to connect to the application :p... if he wasn't that smart... he should be fired for being a stupid monkey... because somehow you're going to have to tell the client applications no matter HOW they attach to the server... that the path has changed.... alias's sure do come in handy here...

ok enuff g33|< talk let's talk more about how s1l\/3r trukc P4wNZORZ!!!!
 
Last edited:
You must log in or register to reply here.

Latest posts

Support Us

Become A Supporting Member Today!

Click Here For Details

Random Media

DSC 0043
Stock in June 11'
Me and Tito
thor
Back
Top