Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:56 PM
Connect Directly

San Francisco Password-Hijacker Found Guilty

Terry Childs faces five-year prison sentence for locking out city bosses from network

In a bizarre case that put the spotlight on the perils of unmonitored IT administrative rights, former City of San Francisco network engineer Terry Childs was found guilty yesterday of felony computer-tampering charges after locking out city administrators from the network by controlling the passwords.

Childs, 45, faces a five-year sentence in state prison, according to reports, in part due to the $200,000 price tag the jury concluded he cost the city for refusing to give up the passwords. But he is reportedly expected to get credit for time served, which is nearly two years since his July 2008 arrest. Childs will be sentenced on June 14.

About a week after his arrest, Childs finally gave up his passwords after changing all of the city's network passwords so only he could access the network -- which contains email, payroll, law enforcement, and inmate booking files, apps, and data. He did so after learning he was going to be laid off from his job of 10 years with the city.

Prosecutors in the case said Childs took the unusual action of locking out his supervisors from the network because he was upset about their questioning his security clearance after learning he had a previous robbery conviction on his record.

Childs' attorney says his client wouldn't surrender the passwords initially because his bosses asked for them over an unsecured phone line. "All they had to do was ask him (for the passwords) in a secure and professional way, consistent with policy and standards," the defense attorney told the jury, according to an SFGate.com report.

Experts say both Childs and the city made mistakes. "Whether you view Terry Childs as an IT folk hero, egomaniac, disgruntled employee, or all of the above, we're forced to ask whether the crime fits the punishment. I have little sympathy for any of the players in this drama, but it would be a mistake to view Childs as a cybercriminal," says Michael Maloof, CTO for TriGeo Network Security.

While Childs' insubordination was grounds for his termination, he didn't demand a ransom or interrupt city services, Maloof notes. "It was not an act of domestic terrorism or grand theft, but the lack of self-interest doesn't absolve him of responsibility. He may ultimately be applauded as the city's lone network infrastructure defender, or pitied as paranoid and delusional, and the truth is probably somewhere in the middle," he says.

Richi Jennings, an independent security analyst, says the City of San Francisco's management failed in allowing one employee to "own the keys to the kingdom" and for not understanding the technology to begin with. "Childs is widely seen as a hero for doing more with less, but that becomes part of the problem because he sees it as his baby and gets protective," Jennings says.

The prosecutor said in the trial that Childs had basically sabotaged some network equipment: "So that if they were rebooted, they'd lose their configuration," Jennings says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...