Tuesday, July 15, 2008

Internal Threats: the Disgruntled Employee

The strong passwords and other security measure will not keep out the most danger threat to network security will not keep out the most dangerous threat: disgruntled employees.

SFGate, the web home of the San Francisco Chronicle has the scary story of how a disgruntled city computer consultant has taking over San Francisco's new multimillion-dollar computer network by changing the admin passwords and refusing to had over the new passwords.
(07-14) 19:23 PDT SAN FRANCISCO -- A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.

Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.

He was taken into custody Sunday. City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.

I though it was interesting that the guy actually lives in Pittsburgh. I'm sure that make this incident, as bad as it already is, a federal crime as well. Oops wrong Pittsburg, as pointed out in the comments, "Pittsburg (no "h") is a town about 40 miles east-northeast of San Francisco."


Anonymous Anonymous said...

Pittsburg (no "h") is a town about 40 miles east-northeast of San Francisco.

10:51 AM  
Anonymous Valencia said...

Nowadays computer crimes are really widespread. People commit this crimes for many reasons. I think we should consider computer crimes not only as an intrusion in someone’s intellectual property, but also as an intrusion in the total security of today’s society. Just think: if there is suddenly any system failure in the computer network of any technological process – we may face absolutely disastrous effects.

9:08 AM  
Anonymous Anonymous said...

There may still be a federal crime here, although committed by the City itself, not by Terry Childs. San Francisco operates city health clinics and as such it is a "health care provider" subject to federal HIPAA regulations which mandate securing the network over which health care information passes. Several articles such as http://www.washingtonpost.com/wp-dyn/content/article/2008/08/10/AR2008081001802.html have reported that health services departments rely on the City's critical fiber WAN network.

HIPAA requires policies to be implemented and adhered to for network security. The City does have a security policy - which states that only the director of the DTIS department (Chris Vein) may authorize any employee of the department to divulge a password. When Deputy Director Rich Robinson demanded the password of Terry, under threat of arrest, he was in violation of the City's password policy. As was the Assistant District Attorney in publicly disclosing 150 usernames and passwords for the City's network.

2:42 PM  

Post a Comment

<< Home