Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

San Francisco Computer System Hijacker Has Criminal Record

The computer engineer remains in jail, refusing to divulge the password he created to lock up the city government's computer system.

A San Francisco computer engineer arrested for allegedly locking out system administrators from the city's network has a criminal record for aggravated robbery in another state.

In addition, Terry Childs, 43, of Pittsburg, Calif., is still being paid his six-figure salary while he sits in jail, refusing to divulge the password he created to hijack the computer system that stores 60% of all city government data, including e-mails, law enforcement records, and payroll documents, the San Francisco Chronicle reported Wednesday.

Childs was arraigned Tuesday in San Francisco Superior Court on four felony counts of computer tampering. He was being held Wednesday in lieu of $5 million bail.

Childs, who works for the city's technology department, is accused of locking out other system administrators after they started asking questions about a run-in he had with the department's head of security. The suspect has refused to divulge the password that would unlock the system, which remains operational.

"There's nothing to be alarmed about, save the inability to get into the system and tweak the system," San Francisco Mayor Gavin Newsom told the newspaper. "Nothing dramatic has changed in terms of our ability to govern the city."

That, however, could change if there were a major crash of the inaccessible FiberWAN (wide area network) that Childs helped build. The city has brought in experts from Cisco Systems to help break into the system. If that's unsuccessful, then the city may have to rebuild it at an uncertain cost. The process would take up to eight weeks, Newsom said.

In the meantime, Childs remains mum and is being paid his $127,735-a-year salary while sitting in jail. Ron Vinson, chief administrative officer for the technology department, said that's standard procedure until there's a hearing to determine whether Childs should be placed on unpaid leave. That hearing could take place as early as Thursday.

The Chronicle also reported on Wednesday that Childs has a 25-year-old felony criminal record in Kansas, where he was convicted of aggravated robbery and aggravated burglary stemming from charges filed in 1982. Childs was on probation or parole until 1987, according to records uncovered by the newspaper. Childs had disclosed the felony conviction when he applied for the San Francisco job five years ago.

Childs had been highly regarded in the technology department until he became a "rogue employee that got a bit maniacal," Newsom said.

"He was very good at what he did, and sometimes that goes to people's heads," the mayor said. "And we think that's what this is about."

Childs' problems with the department got serious June 20 when he started taking photographs of the agency's new head of security after she began an audit of who had password access to the system, the newspaper said. Childs' frightening behavior prompted the woman to lock herself in an office

His supervisors' concerns grew when they discovered he had given himself exclusive access to the system and had developed a way to spy on his bosses' e-mails related to his conduct. Childs was ordered to leave work July 9 for alleged insubordination.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15570
PUBLISHED: 2020-07-06
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVE-2020-15569
PUBLISHED: 2020-07-06
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-7690
PUBLISHED: 2020-07-06
It's possible to inject JavaScript code via the html method.
CVE-2020-7691
PUBLISHED: 2020-07-06
It's possible to use <<script>script> in order to go over the filtering regex.
CVE-2020-15562
PUBLISHED: 2020-07-06
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.