Political Tech Prisoner (Score 1)

http://blog.american-helpdesk.com/2009/09/03/terry-childs-political-techie-prisoner.aspx As a techie and having gone to school for broadcasting, I have been particularly interested in the San Francisco Network Engineer who has been in jail for allegedly hacking SanFran’s network. From what I have read on the issue, it sounds more like a lack of competent management, following of ITIL rules, idiot reporters, poor HR, political bullying and typical lack of understanding/fear of technology and now a complete disregard of the 6th and 8th Amendments to the Constitution . To give a brief history, 14 months ago Terry Childs was the lone CCIE working for the City of San Francisco, one of the largest cities in the country. He administered all of their networks, data and voice. Apparently, as the only CCIE (certified cisco internet engineer) he worked long odd hours and typically was not the friendliest of people but from all accounts, a very, very good CCIE with a security minded implementation of the network. He took pride and ownership of that network (perhaps too much ownership). Due to his unfriendly nature (probably due to the fact he had no backup, ITIL process break number one) he was not liked by his non-technical manager. When asked to give access to non-certified and non-technical team members, HR and politicians and police, to “help” he refused as part of the City policy (http://www.sfgov.org/site/uploadedfiles/dtis/coit/Policies_Forms/CCISDA_security.pdf). He did give them viewer access so they could cause no harm. Apparently, as the only person on-call and qualified to work/fix the network, he had been burned by previously giving passwords to low level techs who decided to play on the network and had to fix network issues in the middle of the night/day. There of course was no master password database with the CIO (ITIL process break number two) when the manager fired Mr. Childs. He was hired back after the firing broke union rules. Note: they didn’t ask for the passwords before firing. Once back, from all accounts, nothing broke, nothing changed, but he did act more like a jerk. After more time he was fired again following union rules, then was asked for passwords (ITIL practice break number three). Under no obligation to give passwords, as he was no longer gainfully employed by the City of San Francisco, he declined. At this point his saga began as he was promptly arrested for 4 counts of computer hacking. Over the next month, the City and its officials put out press releases noting the network was hacked, under attack, they expected retribution from Terry Childs remotely from jail, that he had monitoring devices setup to read their emails, he could take the whole network out at a whim, etc, etc. Yet, the network never went down. The city did hire in Cisco to try to break into their own networkwhich they were unsuccessful showing the above noted security conscious and skill as a CCIE he possessed. Yet, the network had no issues. His attorney noted he would give the passwords if he was not prosecuted and the city refused, so he sat on the passwords while the media reported all kinds of crazy unfounded theories that sound scary to the non-technical person. The media reported of evil network sniffers, and modems waiting for remote command, and IPs set aside that were the only ones allowed to change the network in the configs, and passwords too complex to guess (oh and he had been arrested 20 years ago for theft). In reality, this is a standard secure network, sniffers are used to monitor traffic to adjust as needed and troubleshoot, remote administration is typically locked down and if you can guess a passwordso can a hacker. After a month the mayor, Gavin Newsom, met in secret with Terry Childs who gave the passwords up and the city finally was able to get back into their networkwhich still hadn’t had an issue nor went down. Yet 14 months later Terry Childs is still in jail, 3 of 4 charges have been dropped and the fourth: The fourth charge — that Childs violated a California statute regarding illegal denial of service for the San Francisco FiberWAN — has been called into question (slashdot). His bail of $5 Million dollars is higher than if he raped, or killed a person, and he has basically been denied a speedy trial by DA delays and 2 judges (hence ignoring the 6th and 8th Amendments). And their reason? If they let him out he could hack their networkagainwhich he never did. Again, this is longer imprisonment than the charge would bring if convicted! Frankly, I have read statements by people who worked in the obviously dysfunctional IT department and they all said he was overworked, yet did a great job. Most overworked IT people can and/or are gruff. The biggest problem here is no one following ITIL rules, maintaining a password database, having redundant skilled people to share the load and spreading access responsibility. While I can understand that Mr. Childs didn’t want to divulge anything after being firedhis 14 months in jail serve as a reminder to all of us in IT that technically and legally you don’t have to give up passwords after being fired but you will never have a jury of your peers (or a DA or judge of your peers). Also, as we will soon see the city will pay a lot more than the cost of incarcerating Mr. Childs as they are about to pay a huge false arrest and imprisonment charge to himbut he won’t ever get those 14 months back. The politicians, managers and bureaucrats who are technically inept should have never taken the provocative steps that escalated this either. This is a case of incompetent non-technical managers frankly overworking a guy and incompetent non-technical media over blowing a guy that took his job serious enough to go to jail for. I recently took over a contract and have fought the previous guy for 2 months to get all the passwordsno one went to jail, and no network went down. All Admins should be aware, and frankly worry about this case especially if you work for the government. Google Terry Childs and read up. http://blog.american-helpdesk.com/2009/09/03/terry-childs-political-techie-prisoner.aspx