Why San Francisco's network admin went rogue

Why San Francisco's network admin went rogue

An inside source reveals details of missteps and misunderstandings in the curious case of Terry Childs, network kidnapper

"I don't know much about his actions in the last few weeks. It's been a couple of months, at least, since I've even spoken to him, and even then it was probably only in reference to some specific request or ticket. But I can imagine that being the subject of disciplinary action by his supervisors for "performance" issues would be absolutely infuriating to him. I can imagine that his response would be, "How can you say my performance is poor when I've been doing what no one else here was willing or able enough to do?"

If Childs was pressured to give up the keys to the network that he had built and cared for so long, would he go so far as to explicitly prevent anyone else from tinkering with his charge?

"I can imagine that [Childs'] response to a demand to open up authentication to the FiberWAN would be, "Why? So you can screw it up and bring the Citynetwork crashing to a halt?" I can even imagine that, under so much pressure, he'd take steps (deleting or hiding config backups, for instance) to make sure he was the only one in control."

These tales offer significant insight into what may have occurred between Childs and the FiberWAN network hostage situation. Rather than a case of a rogue administrator attempting to cause damage to the network by locking out other administrators, this may be a case of an overprotective admin who believed he was protecting the network -- and by extension, the city -- from other administrators whom he considered inferior, and perhaps even dangerous. One important fact seems to be in Childs' favor, if reports that the network has continued to run smoothly since his arrest are true.. My source corroborates this.

"As for the impact of [Childs'] actions to the rest of the City, the mayor's statement basically has it right. The network is completely up and running. No servers that I'm aware of are affected. No one has had any downtime (yet). But until they get back into those routers, they can't make any changes. I don't know yet if Terry's lockout applies only to the FiberWAN or also to the other routers, firewalls, switches, etc. in the City network."

Laying the blame

My source doesn't appear to harbor any ill will towards Childs for this situation, and even believes that the city may be worse off with Childs out of the picture, and that some of the blame should be shouldered by Childs' superiors.

"It's a real shame. The city is losing a good network engineer -- probably the best, technically, that they've ever had. Ultimately he has no one to blame but himself, but it's too bad his superiors weren't better about establishing and enforcing policies about authentication, backups, auditing, cross-training, and separation/rotation of duties.

"You'll note the papers have referred to the new information security manager. It's only been a month or so since the City even had an information security policy, and even that is a bare, unmodified template from CCISDA that's awaiting discussion and alteration by a committee that hasn't been formed yet. (When I asked Terry if we could get a copy of the City's network security policy some months ago, he told me, "I've been trying to get them to approve one for years. I've written ones up and submitted them, but they don't want to do it, because they don't want to be held to it.")"

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about CiscoIPSSanctumSnifferVIA

Show Comments