Jailed SF Sysadmin Holds Parts of City Net Hostage

Officials have arrested a city of San Francisco IT network administrator for locking up a multimillion-dollar city computer system, according to several reports stemming from a press conference with San Francisco District Attorney Kamala Harris. The employee, Terry Childs, 43, is accused of improperly tampering with computer systems and causing a denial of service, effectively locking out other top city administrators from the critical network.

Police believe Childs, as an employee of the city's Department of Technology, set up his own secret password that grants him exclusive access to the city's new FiberWAN (wide area network), and according to a report in the San Francisco Chronicle, Childs gave police fake pass codes and refused to give up his own -- even while in jail. He is reportedly being held on a US$5 million bail.

The new FiberWAN system provides access to sensitive and confidential data, including officials' e-mail, city payroll files and law enforcement documents. Authorities reportedly expressed concern that Childs may have provided access to a third party or set up some sort of remote ability to tamper with the system.

Locked Out but Still Working

While other San Francisco IT administrators are locked out of parts of the system, apparently the services are still online and are continuing to function properly. The city has been trying to crack Childs' passcodes and regain control.

The department disciplined Childs on the job for poor performance and his supervisors tried to fired him, the Chronicle reported. Either way, Childs appears to have been well-paid, with a reported base salary of $126,000, plus on-call premium pay of $22,534 for 2007.

Uncommon Admin Power?

"While I don't think the situation in San Francisco is common, it does point out some dangers related to managing and maintaining IT," Charles King, principal analyst for Pund-IT, told TechNewsWorld.

"If administrators aren't properly managed or supervised -- as it happens all too often in overworked, overstressed IT environments -- it creates a breeding ground for potential abuse. In addition, as IT systems in both the public and private sectors are being ever-more tightly integrated to facilitate information-sharing between departments and agencies, the potential for disaster becomes ever-larger," King added.

Cause for Concern?

The San Francisco case illustrates the cusp of a worse-case scenario -- while the city is locked out of its own systems, no additional damage may have yet been caused. For example, while it may cost the city hundreds of thousands of dollars to regain control, a worse case would be the destruction or tampering of documents and data -- or new access given to third parties with nefarious intent.

"The need for holistic, long-term planning and strategic processes in IT infrastructure deployment has been well-regarded and understood for years," King said.

"The situation in San Francisco suggests that organizations would be smart to take a similarly careful approach to employing and managing IT administrators," he noted.