Is your SysAdmin "maniacal"? Does she or he have an almost religious devotion to security? I've worked with a number of system administrators throughout my career, some were great and some were just awful, but the thing I've learned to expect is that good system administrators are, by definition, somewhat maniacal when it comes to security. This is what you pay a system administrator for, and I wouldn't trust a sysadmin who was nonchalant when it came to security policy.
Enter the Terry Childs news story... Childs is the System Admin in San Francisco accused of "hijacking" the City's network. If you were watching local news, this would be the cue for an ominous graphic (see right) and some sinister music followed by this headline:
News at 10: Terry Childs is a Power-hungry, Maladjusted Maniac Bent on Holding San Francisco Hostage...oh, and BTW, he was convicted of a felony twenty six years ago.
The mainstream media will have you believe that Terry Childs is a power-hungry maniac, a man bent on holding San Francisco hostage. He is something of a modern day saboteur, a terrorist, if you will, determined to disrupt the civil services of San Francisco. He's a "rogue employee" who locked everyone out of the system. Here are just a few of the things written about this man from various news sources: From Times Online (UK):
[Mayor Newsom] said that Mr Childs had been a highly regarded member of staff but was now a "rogue employee that got a bit maniacal". [...] It has emerged that Mr Childs has a criminal record for aggravated burglary, for which he served five years' probation in 1982.
Other news outlets have painted him as a terminated employee bent on revenge. He is a Hacker, and even well-respected technical news outlets have taken time today to remind people about the "threat from within: when employees turn bad". From KNEW San Francisco:
Terry Childs is a computer engineer who has been disciplined, and threatened with job termination. So he locked everyone but himself out of the city's new multi-million dollar fiber wide area network.
Here's Vinson from the Wired coverage of the arraignment:
"We couldn't access it, but it was functioning," Vinson said. "We now have the necessary devices in place that will detect any intrusions."...."He created it so that he had access to the network and blocked other people from having access," Vinson said. "He created his own passwords."
....Vinson said the defendant on Sunday gave police passwords to the system, but they did not work.
From Vinson's remarks, you'd gather that Childs just locked everyone out of "the system" last weekend, and that he's been uncooperative and misleading since his arrest. But, as you'll read below, Childs was the only one with comprehensive knowledge of the system and it had been that way for quite some time. There are other statements made in the press about how Childs "created a system to gain unauthorized access to communications". This also strikes me as somewhat suspicious. Someone with this level of responsibility would likely have access to many different systems.
There are reports that Childs' behavior prompted a supervisor to "lock herself in an office" after he started talking pictures of her during a security audit according to InformationWeek. But, this fact is so disjoint and unelaborated, it doesn't shed light on the story at all. Why was he taking pictures? Was he trying to document something for a future wrongful termination suit? There are too many questions about this to take this at face value as proof that he is somehow "unstable". PC Advisor has some elaboration on this.
Childs is a Capable and Dedicated Network Engineer
Paul Venezia of InfoWorld seems to be the only journalist willing to dig deeper into the story. In "Notes from the San Francisco City IT Department Underground" he relays some information from an email exchanged with an anonymous source inside San Francisco government which paints a different picture. A picture of a stubborn, but capable and dedicated engineer. Venezia's source writes of an engineer dedicated to the craft,
""Terry was very dedicated to his career as an engineer. He is a CCIE (probably the only one in the City government), and spent much of his free time studying and learning more...
His source also mentions that Childs was sole administrator of the FiberWAN for "months, if not years". This seems to contradict the notion that he decided to illegally prevent access last weekend. Venezia's source writes:
""This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry's coworkers, 'If your request has anything to do with the FiberWAN, it'll have to wait for Terry. He's the only one with access to those routers'). His managers knew it."
For more info: Read Venezia's Reporting. It is an interesting read, and, if accurate, makes you wonder what the whole story is. When Vinson mentions that Childs gave "the passwords" to the police before he was arrested "but they did not work." I wonder if Vinson and the City government have anyone qualified on staff to know how to use them. Even if they did, it is often impossible to decipher setup and configuration of a system without help from someone involved in the initial setup.
Dana Hom: Former Chief of Operations
Dana Hom shows up in a comment thread on this Wired story. He leaves some interesting comments that tend to reinforce the sentiments expressed by Venezia's anonymous source. I'm not about to quote comment threads from Wired, but, you should click on the Wired story and search for "Dana Hom", he provides some context to the story as he was one of the people who interviewed and hired Terry Childs for his current position.
An Alternative Theory: Compelling Cooperation with the Judicial System
Assume they were starting the process of setting Childs up for a fall, they were going to terminate him and he decided to "check out". Maybe they pissed him off so much that he turned it off, threw up his hands, and said, "well, then, go ahead, you do it". His politician bosses likely panicked, pushed the issue up the chain of command, until someone decided to use the strong arm of the law to threaten and compel him to cooperate. What could have been a simple discussion has now turned into an international news story about "rogue sysadmins" and saboteurs. If you are no longer an employee, are you under any obligation to share passwords? Let's just say your sysadmin quits tomorrow, do they even need to give you the time of day? Aside from the legal question, what if your sysadmin quit, and when you ask him for the password just shrugs and says, "I forget, sorry." Is that illegal?
I'd suggest that we reserve judgement, he is, after all, innocent until proven guilty. The only logical course of action in the next few days would be for Gavin Newsom to sack the leadership of San Francisco's IT department. If anything Childs' actions demonstrate that the department's management was completely out of touch. If Venezia's source is accurate, Childs was the only one who knew how to operate and maintain this network. Nevermind the situation the City finds itself in today, what if this single point of failure had been hit by a bus? What if the only reason he had sole access was because he was the only one working for the government who was qualified to operate the network?
The point isn't to stand up and defend Childs; the point is to read coverage in the mainstream media with a critical eye. Something doesn't feel right about the way the mainstream media is covering this story. Venezia did some good reporting, but we need to dig deeper still. What's the story?