SF’s Rogue IT Admin Facing 4 Felonies

Terry Childs, the rogue system administrator for San Francisco who locked officials out of the city’s fiber-optic wide area network (WAN) this year, is facing four felony charges in the case.

San Francisco District Attorney Kamala D. Harris announced Friday that Childs, 43, will be arraigned in San Francisco Superior Court on January 13. He is accused of tampering with the city and county of San Francisco’s network system in such a way as to deny other authorized administrators access to the network, and to set up devices to gain unauthorized access to the system.

The DA’s office said Childs is facing four felony charges for causing losses in excess of $200,000 as a result of the alleged computer network tampering.

Childs continues to be held in custody on $5 million bail, the DA’s office said.

The Terry Childs case came to light earlier this year after a security audit triggered an investigation into who had access to the city’s network. Following a confrontation with colleagues in June, Childs was reassigned. He was arrested in July, after refusing to surrender the passwords and usernames for the network to his managers when asked to do so.

In another development that garnered widespread media coverage, Childs only surrendered the password information after San Francisco Mayor Gavin Newsom visited him personally in jail in
late July.

The fiber-optic WAN Childs was working with connects all of San Francisco’s computers, handles city e-mail, payroll and other functions and also handles some of the systems of the city’s police department.

Childs’ takeover of the network highlights the danger that insiders can pose to IT networks, often more than any risk to
security that outsiders may represent.

San Francisco’s Department of Telecommunications and Information Services (DTIS), which was rocked by the incident, has spent a considerable amount of money to ensure that the network has been cleared of hidden traps left by Childs and is now implementing best practices to prevent a recurrence, Ron Vinson, its chief administrative officer, told InternetNews.com.

It’s mine, all mine

The DA’s intent to charge Childs follows an eight-day preliminary hearing into whether enough evidence existed to take charge Childs.

According to the San Francisco Examiner, Childs’ supervisor, Herb Tong, testified during the hearing that Childs claimed to have copyrighted the network configuration and that he owned the intellectual property rights to what he set up for the city.

The Examiner also reported that another network engineer, Glacier Ybanez, who reported to Childs, testified that he overheard a conference call between Childs, police and city technology workers in July. During that call, Childs, who was then in police custody, was asked for the passwords to
37 network devices, Ybanez said.

Ybanez testified that Childs sounded scared and asked for an ambulance. The report also said Ybanez told the court that a co-worker slipped him a piece of paper containing a password disclosed by Childs. But when he tried that password, only a blank screen came up.

A judge ruled on December 24th that the charges against Childs could move forward.

DTIS’s Vinson confirmed that the department is combing the network for hidden unauthorized devices after it found yet another unauthorized device on the network in August, a month after Childs’ arrest.
“We feel confident that things are clear, but are still going through best practices and working to make sure this won’t happen again,” he said.

News Around the Web