Terry Childs: San Francisco's Imprisoned FiberWAN Administrator

By Timothy M. O'Brien
July 18, 2008 | Comments: 34

Is your SysAdmin "maniacal"? Does she or he have an almost religious devotion to security? I've worked with a number of system administrators throughout my career, some were great and some were just awful, but the thing I've learned to expect is that good system administrators are, by definition, somewhat maniacal when it comes to security. This is what you pay a system administrator for, and I wouldn't trust a sysadmin who was nonchalant when it came to security policy.

golden_gate.png

Enter the Terry Childs news story... Childs is the System Admin in San Francisco accused of "hijacking" the City's network. If you were watching local news, this would be the cue for an ominous graphic (see right) and some sinister music followed by this headline:

News at 10: Terry Childs is a Power-hungry, Maladjusted Maniac Bent on Holding San Francisco Hostage

...oh, and BTW, he was convicted of a felony twenty six years ago.

The mainstream media will have you believe that Terry Childs is a power-hungry maniac, a man bent on holding San Francisco hostage. He is something of a modern day saboteur, a terrorist, if you will, determined to disrupt the civil services of San Francisco. He's a "rogue employee" who locked everyone out of the system. Here are just a few of the things written about this man from various news sources: From Times Online (UK):

[Mayor Newsom] said that Mr Childs had been a highly regarded member of staff but was now a "rogue employee that got a bit maniacal". [...] It has emerged that Mr Childs has a criminal record for aggravated burglary, for which he served five years' probation in 1982.

Other news outlets have painted him as a terminated employee bent on revenge. He is a Hacker, and even well-respected technical news outlets have taken time today to remind people about the "threat from within: when employees turn bad". From KNEW San Francisco:

Terry Childs is a computer engineer who has been disciplined, and threatened with job termination. So he locked everyone but himself out of the city's new multi-million dollar fiber wide area network.

Here's Vinson from the Wired coverage of the arraignment:
"We couldn't access it, but it was functioning," Vinson said. "We now have the necessary devices in place that will detect any intrusions."...."He created it so that he had access to the network and blocked other people from having access," Vinson said. "He created his own passwords."
....Vinson said the defendant on Sunday gave police passwords to the system, but they did not work.

From Vinson's remarks, you'd gather that Childs just locked everyone out of "the system" last weekend, and that he's been uncooperative and misleading since his arrest. But, as you'll read below, Childs was the only one with comprehensive knowledge of the system and it had been that way for quite some time. There are other statements made in the press about how Childs "created a system to gain unauthorized access to communications". This also strikes me as somewhat suspicious. Someone with this level of responsibility would likely have access to many different systems.

There are reports that Childs' behavior prompted a supervisor to "lock herself in an office" after he started talking pictures of her during a security audit according to InformationWeek. But, this fact is so disjoint and unelaborated, it doesn't shed light on the story at all. Why was he taking pictures? Was he trying to document something for a future wrongful termination suit? There are too many questions about this to take this at face value as proof that he is somehow "unstable". PC Advisor has some elaboration on this.

Childs is a Capable and Dedicated Network Engineer

Paul Venezia of InfoWorld seems to be the only journalist willing to dig deeper into the story. In "Notes from the San Francisco City IT Department Underground" he relays some information from an email exchanged with an anonymous source inside San Francisco government which paints a different picture. A picture of a stubborn, but capable and dedicated engineer. Venezia's source writes of an engineer dedicated to the craft,

""Terry was very dedicated to his career as an engineer. He is a CCIE (probably the only one in the City government), and spent much of his free time studying and learning more...

His source also mentions that Childs was sole administrator of the FiberWAN for "months, if not years". This seems to contradict the notion that he decided to illegally prevent access last weekend. Venezia's source writes:

""This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry's coworkers, 'If your request has anything to do with the FiberWAN, it'll have to wait for Terry. He's the only one with access to those routers'). His managers knew it."

For more info: Read Venezia's Reporting. It is an interesting read, and, if accurate, makes you wonder what the whole story is. When Vinson mentions that Childs gave "the passwords" to the police before he was arrested "but they did not work." I wonder if Vinson and the City government have anyone qualified on staff to know how to use them. Even if they did, it is often impossible to decipher setup and configuration of a system without help from someone involved in the initial setup.

Dana Hom: Former Chief of Operations

Dana Hom shows up in a comment thread on this Wired story. He leaves some interesting comments that tend to reinforce the sentiments expressed by Venezia's anonymous source. I'm not about to quote comment threads from Wired, but, you should click on the Wired story and search for "Dana Hom", he provides some context to the story as he was one of the people who interviewed and hired Terry Childs for his current position.

An Alternative Theory: Compelling Cooperation with the Judicial System

Assume they were starting the process of setting Childs up for a fall, they were going to terminate him and he decided to "check out". Maybe they pissed him off so much that he turned it off, threw up his hands, and said, "well, then, go ahead, you do it". His politician bosses likely panicked, pushed the issue up the chain of command, until someone decided to use the strong arm of the law to threaten and compel him to cooperate. What could have been a simple discussion has now turned into an international news story about "rogue sysadmins" and saboteurs. If you are no longer an employee, are you under any obligation to share passwords? Let's just say your sysadmin quits tomorrow, do they even need to give you the time of day? Aside from the legal question, what if your sysadmin quit, and when you ask him for the password just shrugs and says, "I forget, sorry." Is that illegal?

I'd suggest that we reserve judgement, he is, after all, innocent until proven guilty. The only logical course of action in the next few days would be for Gavin Newsom to sack the leadership of San Francisco's IT department. If anything Childs' actions demonstrate that the department's management was completely out of touch. If Venezia's source is accurate, Childs was the only one who knew how to operate and maintain this network. Nevermind the situation the City finds itself in today, what if this single point of failure had been hit by a bus? What if the only reason he had sole access was because he was the only one working for the government who was qualified to operate the network?

The point isn't to stand up and defend Childs; the point is to read coverage in the mainstream media with a critical eye. Something doesn't feel right about the way the mainstream media is covering this story. Venezia did some good reporting, but we need to dig deeper still. What's the story?

PHOTO CREDIT: From Flickr user aslakr, for original click here. Licensed under Creative Commons Attribution 2.0 Generic.


You might also be interested in:


34 Comments

Sorry, Dana Hom is a "He" not a "She". Please correct your posting.

Terry is a good guy. It is outrageous how he is being treated. Paul Venezia's article is right on.

:-(

@Anonymous: Gender updated accordingly. :-) - Tim

Thank you for your even balanced artical.
I run a small tech firm in Canada, I have hired and fired many sysadmins, and feel that Terry Childs is getting railroaded here by the upper administration. Having had to fire incompetent, but heavily papered system admins in the past, I can fully understand why Terry would have locked out console access to the routers. The first rule of a computer guy, is never trust another computer guy, until he's proven his worth.

Notice that in the news, the administration is quick to take credit that the network is still running and it is business as usual. If Terry were "rouge" there would not be a network. Did Terry try to profit through the network? Did he offer route or traffic services to third parties? (probably not) He, as far as we can tell, simply locked out the incompetents from making changes which likely could have resulted in downtime for the city. And (just for the record) and real Cisco admin could tell you, it is trivial to reset the password when you have physical access to the router.

Good luck Terry, dealing with morons is the bane of the sysadmin.

..Adam

Having read Paul Venezia's article in Infoworld, I have little sympathy left for Terry Childs. There's no question that he's smart; but there's also no question that he's an unprofessional egomaniac with a serious attitude problem.

From the beginning, he set up the network he designed so that it basically belonged to him. Not only did no one else have access (except as granted by him), he didn't document his work. This is not good security. What if he got hit by a truck? The information required to ensure continuity in the event of his absence should have been sealed and placed in a safe under the control of his employers. If he were truly interested in security, he would have done that, even if his superiors were negligent in not demanding that he do that.

And speaking of his superiors, coworkers, and colleagues, it's now starting to surface that he had been absolutely impossible to work with. Every little request had to be worded just so, and the supplicant had to bow at just the right angle before he would deign to take the request under consideration. And his picture-taking is not a disjointed fact. He was taking pictures of the female supervisor just as she walked by, and he was making sure she knew he was taking pictures. How can that not be creepy, especially when the guy taking the pictures can barely contain his hostile contempt for you every time you ask him something?

There are far too many diva jerks with huge egos in IT as it is. At least the bar is getting higher and higher, and desktop technicians can no longer hold PCs hostage by setting startup passwords. Well, they can, but it takes all of five minutes to disable those passwords. But the Cisco passwords? No, Adam (above) not so easy. Childs was careful enough to disable password recovery, and if anybody is wondering, there are no backdoors on Cisco routers. They wouldn't be secure if there were.

This case is really pretty simple: Childs is refusing to turn control of his employer's equipment over to his employer. He doesn't stand a chance of winning in court. When your employer says, "Gimme the keys to the company car," you have to give him the keys. You can't withhold them in the name of some higher principle, like "nobody takes care of the company car like I do." This case is exactly like that.

Finally, if you fire your sysadmin, and he says he "forgot" the passwords, that itself is not a crime. However, you can sue him in civil court for your damages.

Robert, let me guess, you must be a manager.

I hope the incompetent desk monkeys with whom Childs worked with or worked for, will realize what illiterate computer morons they are and apologize to this guy... and send him off properly with a nice thank you paycheck for all his service. As a network admin myself, I can empathize with Childs' situation. Network admins are completely disrespected by the corporate/upper management/desk workers for whom we serve. The difference between network admins and "pay per hour tech support IT" is that our work is behind-the-scenes and we are proactive about things. Every day that goes by on the network that an employee can access his/her files, email and porn site during lunch, is a successful day for us, yet, no one appreciates it until sh!t hits the fan and we get yelled/nagged at to fix it. And when do, maybe, just maybe a thank you comes our way. There's so much more to this story then meets the eye.

Ugh, "Why is the network slow today"... "My monitor isn't working, is the system down?"...

Thank you for your great artical.

Just like they said, notice that in the news, the administration is quick to take credit that the network is still running and it is business as usual. If Terry were "rouge" there would not be a network. Did Terry try to profit through the network? Did he offer route or traffic services to third parties? (probably not) He, as far as we can tell, simply locked out the incompetents from making changes which likely could have resulted in downtime for the city. And (just for the record) and real Cisco admin could tell you, it is trivial to reset the password when you have physical access to the router.

From the beginning, he set up the network he designed so that it basically belonged to him. Not only did no one else have access (except as granted by him,Some knowledge about the computer, you may have a look at kswchina ), he didn't document his work. This is not good security. What if he got hit by a truck? The information required to ensure continuity in the event of his absence should have been sealed and placed in a safe under the control of his employers. If he were truly interested in security, he would have done that, even if his superiors were negligent in not demanding that he do that.


Your article is spot on. There is no way that the news is portraying this story the way it really was. I have known Terry my whole life, my dad and him were close in the past, and he may have gotten into trouble as a teenager, but he is past that now. That was a learning experience for him. Something else must have been going on for him to just give up on something he has spent years creating and maintaining. He doesn't just throw his hands up and quit when something is tough. He is not a quitter. That company has known for years that Terry was the one maintaining everything. Why now were they questioning his access after so long? There are two questions we should be asking. What made Terry feel the need to do this? and Why has the company waited so long to question his access?

Wait, I'm confused. Don't we want our IT Administrators to have a fanatical devotion to network security? It sounds like this IT Admin has some real concerns about the safety of the network, and ultimately this issue is a management problem in that the situation could have occurred in the first place. From things I've read elsewhere, it sounds like the guy had a few issues, but don't we all.

CEOs and other high-level corporate officers and VPs receive multimillion dollar "golden handshakes" when they leave a company, for reasons very similar to this. Nobody wants their ex-CEO to share all their trade secrets and dirty laundry. The same also applies for high level bureaucrats, who receive appointments to high positions, "bonus" compensation, or generous retirement packages when they leave, even if the termination is against their will.

Unfortunately, for both companies and IT personnel, the same level of respect is not paid towards the technical staff, who often have a higher level of access to data than any other employee.

I guarantee you, if Terry would have been offered such a "golden handshake", he would not have refused to tell his previous employer his password.

Oh yes, and this is San Francisco. A high level official called their friendly neighborhood judge to try and coerce a password out of someone that has no legal or contractual obligation to reveal it. This case, if he gets convicted, will be overturned in appeals with lightning speed.

Wait -- does he have no legal or contractual obligation to reveal it? (I can almost hear managers across the country hurriedly calling their legal departs so they can add another clause to their employment contracts!)

Hey folks, good to see the healthy comment list. After writing this I really started to wonder how one of the largest cities in the country could let itself fall into this situation. The story itself is messy, but the ramifications are crazymaking. In an age of emergency preparedness, San Francisco's IT department was set up in such a way as to depend on a single person.

In this story, Childs' malice has yet to be proven, but the government's incompetence is in full display. Just imagine is something calamitous had happened and this single admin had been incapacitated. To me, that's the real story.

Yes, that' the problem. We are going to lose Terry, but do we have anyone who is as competent, or anyone who is willing to work for the City to fill his shoes? Also, what is the story of SFPD (and whoever involved) jumping into arresting Terry in such a way that would put the entire City's network in jeopardy (now in the hand of imcompetent mgmt & inferior sysadmin)? We don't go to war when diplomacy is available, especially when this war is totally not justifiable. Terry is not a villain, he is a hero. A very lonely one.

If the security manager cared anything about security he would not be talking about possible security holes in the network to the media. What if a hacker found these supposed holes. Would they blame Terry? This is very common in the network world from what I have seen. If they convict Terry this will set a standard for network admins. I have been following the story since it broke. I just cannot believe it has went this far. The bond is unreal. I agree Terry is a hero.

Free Terry Childs!!!

Only in San Francisco! They locked up a hero and gave the person who has a track record of messing things up a promotion to becoming the new Security Manager! The IT Department Spokeman Vinson's comments are embarrassing to read. He is more convincing if I tell you he is a stand-up comedian. If you don't believe me, go ask him something slightly technical, he will crack a joke and then run for his life. While on his way out, he probably murmurs something like "Got to go, the Mayor wants me now." Did I hear it correctly that Terry's arrest was because James Ramsey from SFPD found a problem? As far as I know Ramsey is a police officer in the MIS unit. I didn't know he becomes a certified Cisco Engineer that is qualified to check the work of a CCIE. More outrageous twist from the news today, the media announced new fact that Terry had a gun at the time of his arrest. This so-called fact came out so late, and there is no firearm-related charges filed by the DA; it worries me that they are determined to "hang" Terry, and to fool the public with unfounded allegations. Terry was arrested on Sunday, around 21:00. I don't know about the town where he lives, but if someone knocks at my door at that hour, I have my gun handy too. Oh hell! AN INNOCENT MAN IS IN JAIL - For doing his job, the guardian of the City's computer network. We paid him to do that! Apparently DTIS, SFPD, DA, the Judge, and the Mayor do not hear these facts. Please! Would someone get the truth to them, please? I repeat:

AN INNOCENT MAN IS IN JAIL!

Any stable sysadmin would've turned passwords over to his employers on FIRST request.

He was paid by his employers to secure HIS EMPLOYERS' network. Not HIS.

For him to have let things escalate to the point of relating false login data TO POLICE to whom his EMPLOYERS had remanded him.......!!FROM A JAIL CELL!!....is evidence this man is a certifiable moron.

No stable person takes his job so seriously he forgets who he works for.

This seems like yet another example of stupid people making decisions regarding internet technology... $5 million bail? Nothing was stolen, nothing was broken... that *judge* should be sitting in jail for such a stupid-ass decision! I wonder if they make *all* of their decisions with such a disregard for facts and general knowledge of the issue at hand.

The people of San Francisco better stand up for this guy. Granted, he may have deserved to lose his job. But the charges, bail, and the fact that he's rotting in some cell until September is bullshit!

"to the point of relating false login data"

And you know this how? Nothing I've read says he gave false login info to anyone. All I've seen is he gave them passwords and they couldn't log in with them. What if the person trying to log in was just an idiot and screwed it up? What if they had tried repeatedly with incorrect passwords and locked themselves out?

Judging people on the basis of sound-bites from the popular media is stupidity incarnate.

Unless you're in the room and see what happens you have no clue, so back off.

Dear "Annoyed", If a simple passing-the-passwords will do the job, Terry Childs would not have been so paranoid in giving out the info to his co-workers or managers. It is not the wrong passwords, it is that it needs to have a certain protocol/execution sequence in place. "If you don't succeed, try try again". Good grief! Terry Childs is absolutely right in blocking out morons like the one that gave this suggestions.

I knew this guy. He was competent, thorough, and dedicated. The city politics would drive anyone to desperate measures and not sharing a password is NOT a crime. He has not robbed anything, killed anyone. He built the network and simply set out to protect it. Shame on those people for making a scapegoat out of an excellent engineer

This whole story is so sickening and will likely put many Government politicians in panic mode about their IT departments. Was the guy uncooperative? Very likely but like any IT position it sounds like he was put into a position to keep the world running, did everything he could, and maybe a bit too much, to make sure that happened and will be the fall guy since it is obvious the police and administration have no clue what it is all about.

IT Administrators take note! We will all be getting a visit by our non-technical supervisors as soon as they hear about this one.

> He built the network and simply set out to protect it.

How is building the network in such a way that it loses its configuration if the power is cut "protecting it"? Either the guy was incompetent or malicious - he's no "hero".

One thing that has been mentioned elsewhere is that the IT department has been dismantled. He may have been the only qualified one left. Not a ego maniac but simply the last person hanging on. As to
"And speaking of his superiors, coworkers, and colleagues, it's now starting to surface that he had been absolutely impossible to work with. Every little request had to be worded just so, and the supplicant had to bow at just the right angle before he would deign to take the request under consideration."
I could see this attitude coming from spurious and vague complaints that were more appropriate at a helpdesk than an admin's plus over-work.Even the negative articles I have read all said his coworkers were generally supportive and sympathetic.

The guy is a sys admin he should have been following policy. If he wasn't following policy he should have been checked on it, therefore his supervisor was at fault. If there wasn't any policy then management is at fault.
Whatever way you carve it, for this situation to occur you need some serious failures at a management level. As for the way they are handling the situation they’ve created, I can only assume that these guys must be complete buffoons.

I don't normally write into these comment sections. But, I have to make an exception in this case. I have known Terry for many years. I was the person who opened the IT doors for him and gave him a start. I did it, because Terry was a confident, go-getter person. I helped him obtain some of his Cisco certifications, because he willing to study and go the extra step required to master the IT and WAN infrastructures. This guy is NOT a maniacal, wacked out individual. He is a fun person to be around, he is very devoted in what he does and yes, he has a sense of ownership that any career minded IT person should have. I don't understand why the City is doing this to him, or how they can justify a $5 million dollar bond! This sounds more like Terry Childs uncovered something on a politician. And, now the politician is attempting to cover it up at Terry's expense....

Thank you, I completely agree that there was something much deeper in this story than a "rogue employee". I read the original articles and knew that it wasn't the whole story. What Venezia and you have discovered sounds much more likely than the mainstream media's account.

Lesson learned in the case of City of San Francisco vs. Terry Childs:

I am a CISSP, a CISA, and a Califorina Licensed Investigator (PI). I have investigated a dozen similar cases, and in every case of this sort, it has been the inadequacy of management controls - not malice on the part of the administrator - that has been the root cause. Sometimes it's hard to get paid once you point that out, but of all of my professional accomplishments, I'm most proud of the innocent people I have exonerated.

The incident regarding Mr. Childs and the City are a classic example of management's failure to provide adequate Segregation of Duties and Dual Control. In short, there should always be a minimum of two persons involved in administration of critical information systems, and few systems are more critical to an information system than the networking infrastructure. That requirement has been clearly articulated for years in industry best practices and specifically in ISO27002, section, 10.1.3, Segregation of duties: "Duties and areas of responsibility should be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets."

In this specific case, segregation of duties requires that resources be allocated, and from what I can glean, the City failed to allocate that resource. That failure can be interpreted as constituting a lack of due diligence and due care on the part of the City, and if a civil suit emerges from this case, I suspect that will be the argument that Mr. Childs' attorney follows.

The accounting profession has invested significantly in separation of duties because of the understood risks accumulated over hundreds of years of accounting practice. However, those working in the IT field often treat the need for separation of duties as if it were an artificial and superfluous requirement imposed by bean-counting auditors. What these IT staff overlook is that those controls protect them as much as they protect the network's owner. In this specific incident, separation/segregation of duties would have protected not only the owner of the network (the City), but also the administrator of the information systems (Mr. Childs) by providing peer review of changes and system configurations. Mr. Child's problem now stems from the lack of any other party from within Mr. Childs' workgroup who has the necessary situational knowledge to corroborate Mr. Childs' actions. The dilemma with which Mr. Childs is now faced is a direct result of the City failing to exercise due diligence and due care by providing resources that are prescribed by both industry best practices and international standards.

Some of the allegations against Mr. Childs are obviously spurious, and the result of non-technical (legal and law enforcement) people being thrust into a highly technical issue. For example, it is alleged that Mr. Childs set up 1,000 modems to allow him offsite access, when it is clear that Mr. Childs would not have been able to afford the hundreds of thousands of dollars that those modems would have cost, plus the tens of thousands of dollars of monthly telephone line costs. His accusers have mistaken a legitimate modem pool for a surreptitious "back door." This illustrates how bad things can get when trust breaks down and malicious intent is ascribed to an administrator's every move.

If I were to try to explain the problem arising from this incident to a non-technical person, I would use this analogy: If only one person were put in charge of receiving cash for a large business, counting the cash, inventorying the sold and unsold items for which the cash was received, and depositing the cash in the bank; that person would be put in a very precarious position. If any mistake were made, that person would automatically be suspect due to the absence of checks and balances. If after that person loudly objected to being put in such a vulnerable position and pleaded for allocation of another person to assist them -- should they be jailed when a mistake is discovered?

The following actions should always be separated so that they are never performed by the same person:

1) Identification of a requirement (or change request). Best performed by a business person.

2) Authorization and approval. Best performed by an IT governance board or manager.

3) Design and development. Best performed by a developer.

4) Review, inspection and approval. Best performed by another developer or architect.

5) Handoff of developmental processes and applications into an operational environment. Best performed by an operations manager or supervisor.

6) Implementation in production. Best performed by a system administrator.

7) Review of logs and other audit trails. Best performed by an IT auditor or information security professional.

I have only anecdotal information about this case. But from what I can determine by reading between the lines, Mr. Childs may have made some technical errors, or taken inappropriate steps to make himself indispensable ("job security"), that are now being misrepresented as being purely malicious acts. He may also have become hypervigilant when his activities came under the scrutiny of a newly-hired information security practitioner. I have seen those behaviors myself as a information security consultant, and I've learned that an once of empathy goes a long way when dealing with technical specialists. The consequences aren't the result of malice, but instead the natural result of having one person perform all of the seven roles listed above. And the lack of documentation and backed up configurations is a natural consequence of having the same person both design and operate a complex system, along with apparent "economy of effort" that caused this person to fail to document his own activities in a working environment where he was clearly overworked due to staff reductions.

Skilled people often make mistakes. That is why we put two pilots in charge of airliners. Without that dual control and cross-checking of human decisions, the likelihood of a catastrophic failure resulting from an error increases dramatically. The City's failure to provide the necessary resources to peer review Mr. Childs' work is the real error that has occurred here and the conundrum now is: the very resource that the City should have provided in the first place to peer review Mr. Childs' work is now unavailable to provide exculpatory evidence in Mr. Childs' defense.

The real question before the court should be: where is the evidence of mens rea: where is the criminal intent? And the lesson to sys admins everywhere should be: if you find that you have no one to peer review and corroborate your work, RUN! You are setting yourself up for a fall, and your innocence or guilt may ultimately be decided by a panel of 12 unemployed and annoyed generalists who have no clue what you are talking about.

just dropping in here, NPR's All Things Considered did a story on Childs this afternoon, and let's just say that they didn't exactly break any new ground with the official version of this story. A SF Chronicle reporter, Jaxon Van Derbeken, was quoted extensively in it.

There seems to be some inept managing going on in the background.
I was searching for other documents concerning some of the other "principal parties" in this whole affair and I stumbled on the this....
http://ci.sf.ca.us/site/dtis_page.asp?id=82542

These people don't even proof their own html,I had to switch to "text only" to be able to read this Department generated public access document.
Sorry I use IE from bad habit,firefox at least fixes the issue to view all text in this html/asp.
IMO,Mr.Robinson is looking to redesign the network to an "Enterprise Level",I think he has been reading too much MS literature.
Mr.Robinson:
"chown -R us ./base"

just my $.02

Good summary, Patrick.

Even shorter summary: if you're the only person who keeps a network -- or any other complex system -- working, then you're well-positioned to be the only person blamed when things go wrong, even if the problems are caused by bad management.

Be afraid.

"I have only anecdotal information about this case. But from what I can determine by reading between the lines, Mr. Childs may have made some technical errors, or taken inappropriate steps to make himself indispensable ("job security"), that are now being misrepresented as being purely malicious acts. "

Apparently Terry Childs posted his resume to Craigs List online on July 4th, 2008. Craigslist has since expired the post but it has been reposted here:
http://weblog.infoworld.com/venezia/archives/017979.html

It does not appear that he intended to have "job security" at his then current position at all...

Quote Robert: "and if anybody is wondering, there are no backdoors on Cisco routers. They wouldn't be secure if there were."

Are you serious? Let's all go buy Ciscos to get rid of hackers!

Leave my mic alone.

Res Ipsa Loquitur.

Φ

Foe real.


Follow the Leader: Eric B. and Rakim.

:)

Almost a year since this story first published. Any updates on the outcome of the trial or what became of Terry?

Popular Topics

Archives

Or, visit our complete archives.

Recommended for You

Got a Question?