Risk
4/28/2010
01:58 PM
50%
50%

Ex-IT Admin Convicted In San Francisco

The felony conviction could put former San Francisco network engineer Terry Childs in prison for up to five years for withholding passwords to the city's computer network.

A former San Francisco network engineer who refused to hand over computer passwords to the city network after he locked administrators out of it was convicted of a felony Tuesday.

A jury in the San Francisco Superior Court convicted Terry Childs, 45, of felony computer tampering, a crime for which he could face a two-to-five-year prison penalty, according to numerous public reports.

Childs has been in jail since 2008 after the city brought criminal charges against him for withholding passwords to San Francisco's main computer network.

System administrators were unable to access the network, even though city operations continued more or less as usual. After a tense 12-day standoff, Childs finally handed over the passwords to San Francisco Mayor Gavin Newsom from his jail cell.

Supporters characterized the case as a workplace dispute gone wrong, while prosecutors painted Childs as a super-user gone rogue who maliciously aimed to wreak havoc on the city networks. A super user is a colloquial term for network administrators that have the highest security clearing to access to even a company's most secure networks.

In a public interview last year, Childs defended his actions and said they were in line with standard network security practices.

The jury in the case deliberated for three days before handing down the guilty verdict.

One database security expert said the case and Childs' conviction is a wake-up call for companies and organizations that don't properly monitor the activity of super users.

"The issue is that if you are trusted with that type of power, there have to be checks and balances in place -- the concept of 'trust but verify,'" said Phil Neray, vice president of security strategy at Guardium, an IBM Company. Guardium specializes in database security.

He said in this case, Childs was able to change passwords and lock other administrators out of the network before they even knew he was doing it. This would not have happened if the city was monitoring the activity of its system administrators, Neray said.

"They would have created an alert and the security team would have gone in and asked, 'Why did you do this?'" he said.

State, local and the federal governments especially don't have this type of monitoring in place because of budgetary limitations, Neray added.

The federal government is slow to adopt the latest security technologies as well, which also makes them more susceptible to this type of activity, he added.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.