Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

San Francisco Computer System Hijacker Has Criminal Record

The computer engineer remains in jail, refusing to divulge the password he created to lock up the city government's computer system.

A San Francisco computer engineer arrested for allegedly locking out system administrators from the city's network has a criminal record for aggravated robbery in another state.

In addition, Terry Childs, 43, of Pittsburg, Calif., is still being paid his six-figure salary while he sits in jail, refusing to divulge the password he created to hijack the computer system that stores 60% of all city government data, including e-mails, law enforcement records, and payroll documents, the San Francisco Chronicle reported Wednesday.

Childs was arraigned Tuesday in San Francisco Superior Court on four felony counts of computer tampering. He was being held Wednesday in lieu of $5 million bail.

Childs, who works for the city's technology department, is accused of locking out other system administrators after they started asking questions about a run-in he had with the department's head of security. The suspect has refused to divulge the password that would unlock the system, which remains operational.

"There's nothing to be alarmed about, save the inability to get into the system and tweak the system," San Francisco Mayor Gavin Newsom told the newspaper. "Nothing dramatic has changed in terms of our ability to govern the city."

That, however, could change if there were a major crash of the inaccessible FiberWAN (wide area network) that Childs helped build. The city has brought in experts from Cisco Systems to help break into the system. If that's unsuccessful, then the city may have to rebuild it at an uncertain cost. The process would take up to eight weeks, Newsom said.

In the meantime, Childs remains mum and is being paid his $127,735-a-year salary while sitting in jail. Ron Vinson, chief administrative officer for the technology department, said that's standard procedure until there's a hearing to determine whether Childs should be placed on unpaid leave. That hearing could take place as early as Thursday.

The Chronicle also reported on Wednesday that Childs has a 25-year-old felony criminal record in Kansas, where he was convicted of aggravated robbery and aggravated burglary stemming from charges filed in 1982. Childs was on probation or parole until 1987, according to records uncovered by the newspaper. Childs had disclosed the felony conviction when he applied for the San Francisco job five years ago.

Childs had been highly regarded in the technology department until he became a "rogue employee that got a bit maniacal," Newsom said.

"He was very good at what he did, and sometimes that goes to people's heads," the mayor said. "And we think that's what this is about."

Childs' problems with the department got serious June 20 when he started taking photographs of the agency's new head of security after she began an audit of who had password access to the system, the newspaper said. Childs' frightening behavior prompted the woman to lock herself in an office

His supervisors' concerns grew when they discovered he had given himself exclusive access to the system and had developed a way to spy on his bosses' e-mails related to his conduct. Childs was ordered to leave work July 9 for alleged insubordination.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12848
PUBLISHED: 2020-06-05
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and ...
CVE-2020-12849
PUBLISHED: 2020-06-05
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.
CVE-2020-13842
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
CVE-2020-13843
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
CVE-2020-13839
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).