A man described as "maniacal" has locked everyone out of San Francisco's city data system, leaving himself as the only person with the power to alter the city's records.
The 43-year-old (we're guessing 'loner' and 'WoW fanatic') has, allegedly, created a MASTER PASSWORD that only he knows (pet name?) and has locked everyone out of their emails, the payroll data and, ironically given his current sleeping place, the town jail records.
Terry Childs, the $126,000 network administrator, is currently in jail while some poor bloke at City Hall tries to unlock the network and return access. Childs was apparently disciplined recently then caught spying on what other system administrators were saying. This may have triggered his maniacal power trip.
(Via The Times)
Related posts: PlayStation site DANGER | N95 hacking madness
Into fitness and health gadgets? Check out our new site, Connected Health ,
Check out the best iPhone 4 accessories here
--Terry was the administrator of network routers on the city's Wide Area Network (essentially connecting local networks within different buildings to one another.)
--The password / access in question is to the network router configurations, not to any database. He may have had some ability to modify city records (I would hope so, given that he was a city employee) but that isn't the issue here and he wasn't the administrator of servers or databases containing city records.
--As the sole person employed by the city to install, configure, maintain and secure the routers, he had had permission and authority to do so... for years.
--It is standard security practice for an administrator to routinely change passwords.
--Terry is not actually charged with changing the password or creating a password (he can't be because it was his job to do so.)
--He is charged with not divulging the password.
--Terry had filed several informal and one formal complaint against a supervisor in the DTIS department (Herb Tong) in early June.
--Terry was suspended from work on July 9th and then arrested three days later.
--On the 9th he was called to a meeting with DTIS management persons Rich Robinson and Jeana Pieralde. Also present was a police inspector (James Ramsey) who told Terry that he would be arrested if he failed to answer questions.
--We do not know specifically what question was asked of Terry. We do know that he responded and was allowed to leave.
--DTIS officials later claimed that they had been unable to test the password during the meeting and that later when they did try it, it didn't work.
--After Terry was arrested and held in jail, he had his attorney call the mayor's office and volunteer the password.
--The mayor got the password, gave it to Cisco Engineers and they could not get it to work.
--After further communication with Terry, instructions on how to use the password were passed to the Cisco Engineers and the city soon announced that the password had worked and that they had regained full control of the network.
This man is innocent until proven guilty.
It is possible that the password he gave to the mayor (which was proven to work) is the same one he provided to DTIS managers on July 9th and that DTIS managers simply could not figure out how to use it.
It is also possible that DTIS managers asked him the wrong question i.e. "What's your password to the server?" instead of "What's your password to the network routers?"
Given the evidence shown so far, the prosecution has a very, very long way to go to prove beyond reasonable doubt that this man intentionally committed any crime at all.
The password wasn't important. Every Cisco router can be reset which restores the original default password set by Cisco and also restores a default configuration for the router. Then the router can be reconfigured for use on the network but apparently without Terry Childs, the city had no one who knew how to configure the router. So essentially the city is claiming that Terry Childs is a criminal because the city did not know how to reconfigure their own routers. Ridiculous.