Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

San Francisco Computer System Hijacker Has Criminal Record

The computer engineer remains in jail, refusing to divulge the password he created to lock up the city government's computer system.

A San Francisco computer engineer arrested for allegedly locking out system administrators from the city's network has a criminal record for aggravated robbery in another state.

In addition, Terry Childs, 43, of Pittsburg, Calif., is still being paid his six-figure salary while he sits in jail, refusing to divulge the password he created to hijack the computer system that stores 60% of all city government data, including e-mails, law enforcement records, and payroll documents, the San Francisco Chronicle reported Wednesday.

Childs was arraigned Tuesday in San Francisco Superior Court on four felony counts of computer tampering. He was being held Wednesday in lieu of $5 million bail.

Childs, who works for the city's technology department, is accused of locking out other system administrators after they started asking questions about a run-in he had with the department's head of security. The suspect has refused to divulge the password that would unlock the system, which remains operational.

"There's nothing to be alarmed about, save the inability to get into the system and tweak the system," San Francisco Mayor Gavin Newsom told the newspaper. "Nothing dramatic has changed in terms of our ability to govern the city."

That, however, could change if there were a major crash of the inaccessible FiberWAN (wide area network) that Childs helped build. The city has brought in experts from Cisco Systems to help break into the system. If that's unsuccessful, then the city may have to rebuild it at an uncertain cost. The process would take up to eight weeks, Newsom said.

In the meantime, Childs remains mum and is being paid his $127,735-a-year salary while sitting in jail. Ron Vinson, chief administrative officer for the technology department, said that's standard procedure until there's a hearing to determine whether Childs should be placed on unpaid leave. That hearing could take place as early as Thursday.

The Chronicle also reported on Wednesday that Childs has a 25-year-old felony criminal record in Kansas, where he was convicted of aggravated robbery and aggravated burglary stemming from charges filed in 1982. Childs was on probation or parole until 1987, according to records uncovered by the newspaper. Childs had disclosed the felony conviction when he applied for the San Francisco job five years ago.

Childs had been highly regarded in the technology department until he became a "rogue employee that got a bit maniacal," Newsom said.

"He was very good at what he did, and sometimes that goes to people's heads," the mayor said. "And we think that's what this is about."

Childs' problems with the department got serious June 20 when he started taking photographs of the agency's new head of security after she began an audit of who had password access to the system, the newspaper said. Childs' frightening behavior prompted the woman to lock herself in an office

His supervisors' concerns grew when they discovered he had given himself exclusive access to the system and had developed a way to spy on his bosses' e-mails related to his conduct. Childs was ordered to leave work July 9 for alleged insubordination.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.
CVE-2019-6659
PUBLISHED: 2019-11-15
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.
CVE-2019-6660
PUBLISHED: 2019-11-15
On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed HTTP requests may consume excessive amounts of systems resources which may lead to a denial of service.
CVE-2019-6661
PUBLISHED: 2019-11-15
When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources.