SF IT System Lockout Continues

By Chris Preimesberger  |  Posted 2008-07-17 Print this article Print

Administrators still cannot access San Francisco's main IT system, thanks to a now jailed employee who changed all the passwords and won't give them to authorities.

An IT employee who is charged with gumming up the works at the City and County of San Francisco's main data center by changing access passwords for administrators could have been stopped short of crippling access to the system if IT management had had the right security software in place.

Terry Childs, 43, of Pittsburg, Calif., pleaded not guilty in court July 17 at his arraignment on four felony counts of computer tampering. Childs remains in custody in lieu of $5 million bail. Childs, who makes $127,000 per year and has worked for the city for five years, has a bail hearing set for July 23.

Childs, a network administrator for the Department of Technology, is charged with tampering with the system's FiberWAN (Fibre Channel-connected wide-area network), which contains San Francisco's sensitive Human Resources, payroll and other personal data. He created an administrative password that provided him superior access to the network.

Childs, who was arrested July 13, refuses to divulge to authorities the new secret password he concocted-even four days after his arrest.

Childs is accused of "tampering with the City and County of San Francisco's FiberWAN network system in such a way as to deny other authorized administrators access to the network and to set up devices to gain unauthorized access to the system," according to a statement from District Attorney Kamala Harris' office.

The city system-which handles most of the city's digital records, including confidential law enforcement documents, inmates' bookings, payroll records and departmental e-mail-apparently has no back-door access, even for highly authorized administrators. City officials were still trying to figure out how to get back into the FiberWAN Thursday afternoon.

City and County of San Francisco technology department manager Ron Vinson declined to return numerous messages left on his office phone by eWEEK. Mayor Gavin Newsom has had little or nothing to say publicly about the case thus far. Law enforcement officials have been tight-lipped with the media.

Security companies that sell into this market are beginning to come forward with  their expertise to discuss the incident. EMC's RSA Security-which also uses a relatively new security approach called dynamic security-Hewlett-Packard, Sun StorageTek, IBM and NetApp are the larger IT companies that sell centralized key management.

Cyber-Ark, an identity management specialist based in Newton, Mass., said that the network lockout could have been avoided if managers had operated a higher-security approach to master passwords.

"This is yet another example of the power privileged identities, such as administrative passwords, have and the havoc they can cause in the wrong hands," said Cyber-Ark Vice President Adam Bosnian.

"Hackers, or rogue employees such as this case, are savvier on how to create the most damage with the least effort, and the use of admin passwords does just that. Unfortunately, the San Francisco department left themselves wide open by not taking their privileged identity management seriously."

A city spokesperson estimated that this internal breakdown will cost millions of dollars in repairs. Though the network is running, there is still no way for IT administrators to access it at this time.

"It is critical to take a more proactive approach to secure company back doors," Bosnian said. "Companies install complex systems for personal passwords and overlook the more numerous privileged passwords and identities that provide even more system access. These security breakdowns will continue to occur until these keys to the kingdom are securely centralized and managed."

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on Salesforce.com and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel