Forgot your password?
typodupeerror
Security The Courts Government

Ex-SF Admin Terry Childs Gets 4-Year Sentence 432

Posted by timothy
from the if-only-he-knew-the-password-to-jail dept.
Robert McMillan writes "You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law."
This discussion has been archived. No new comments can be posted.

Ex-SF Admin Terry Childs Gets 4-Year Sentence

Comments Filter:
  • So... (Score:2, Interesting)

    by valeo.de (1853046) on Saturday August 07, 2010 @07:16AM (#33172678) Homepage
    Now that he's been sentenced, does this mean that more accirate details about the case will finally come to light? A lot of what I've read seemed to be mostly hearsay with hard facts hard to come by...
  • by Manip (656104) on Saturday August 07, 2010 @07:39AM (#33172778)
    This just goes to show how asinine most "anti-hacking" laws are. Most were written in the 1980s during a big moral panic about "hackers" bringing down the telephone network, corporate networks, and western civilisation as we know it. You can very easily get more time in jail for, what most would consider a prank, than for rape or other violent crimes.

    It is interesting that in this case Terry Childs did very little actual damage but got 4 years. In fact more damage was done when the prosecutor decided to publish a list of working passwords for the cities computer network. Just goes to show the kind of technophobic old people working in the city offices and in law.

    I know this sounds very arrogant, but I would love to see trials change so you're actually judged by your peers instead of members of the public, so for example doctors by doctors, network admin by other network admin, and such. That way you can get a bunch of people who know how far this person has stepped out of line.

    Just for clarity, what Terry Childs did was wrong - but he certainly didn't deserve jail. Even if he did deserve jail he already spent a year inside before the trial (for some ungodly reason) and that was more than enough time served for this. The only reason they kept pushing this is to avoid the huge lawsuit if they failed to get a sentence longer than the time he already spent inside.
  • by Sycraft-fu (314770) on Saturday August 07, 2010 @08:15AM (#33172906)

    Well I'm just not sure how to respond to such obstinance. There is plenty of information out there as to why the jury voted as they did and what law was broken and so on. If you are unwilling to read and understand that, I can't help you. Some people just want to be paranoid, I guess.

    Also this "Luddite boss" thing really reeks of ego mania. Far too many sysadmins think they are the Smartest Motherfuckers in the Universe and that there is no way their boss could possibly understand any of this because he's not as good at tech. Turns out that's often not the case, a manager may understand technology and more important the limits of their own knowledge about technology just fine. They may well be an intelligent individual, just with some different skills than yourself.

    I'm not saying some aren't dumbassess, but then so are some sysadmins. I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

  • by JakiChan (141719) on Saturday August 07, 2010 @09:05AM (#33173216)

    So when they had had to shut down the city VPN for days because of the morons that put all the passwords in court documents...that was a "denial of service" as well. Why haven't those people been arrested?

  • by Dwonis (52652) * on Saturday August 07, 2010 @09:10AM (#33173234)

    I'm just saying this attitude of "Only tech people can possibly understand," is extremely arrogant.

    It's also bad engineering. If the system is so fragile that you're the only one who can work on it, then you're doing a bad job. What if you get hit by a bus? What if you decide to quit so you can accept your dream job? Whatever you build should be (at least mostly) maintainable by any other average practitioner with similar credentials.

  • Have you had to deal with many PHBs? Corporations are full of them, and most I wouldn't trust to install XP without fucking it up. True story- I used to have lunch and do hired gun work for an old Linux sysadmin named Glenn. Classic gruff sysadmin that really knew his foo. He told me about how he had to miss our lunches the week before because he had to deal with the PHB put in charge, ended up being drug all the way to regional headquarters and threatened with firing, and for what? And I quote "You have NO RIGHT to block my emails from Melissa! Who I speak with is NONE OF YOUR BUSINESS!" That's right, he was nearly fired for refusing to let the Melissa worm loose on the network. lucky for Glenn the regional guy wasn't a retard and had actually kept up on what was then current events, so he turned to Glenn and said "Is he talking about the worm? You're kidding, right? You told him it was a worm, right? I got drug out of a meeting...for this?" and then proceeded to give the PHB a real bitching and gave Glenn and his wife a steak dinner on the company.

    So I've learned NEVER underestimate the stupidity of a PHB. I've dealt with PHBs that would sticky note passwords all over the damned place, but God fricking forbid they don't have access to a password because that's YOUR ass. That is why I gave up dealing with corporate and instead run my little shop. The pay isn't nearly as good but I don't feel like bashing my head against a wall several times a day either. While I agree that he should have handed over the passwords I too worry about where exactly does a job officially end legally with this precedent. What if you hand over the passwords and your setup is too complex for the moron the PHB hires? Can YOU basically be forced to come in and train the moron or be blamed with network "tampering"? If it is one thing we have seen with the courts, common sense rarely plays a part. Also 4 years is total bullshit, I've known guys that have damned near beat someone to death in a fight that got less.

  • by Anonymous Coward on Saturday August 07, 2010 @11:11AM (#33174038)

    Network security, procedures and technicalities aside, the crime and punishment side of this could be debated till times end. There is now a more important issue at stake, however.

    Has San Francisco changed any policies or personnel that allowed this situation to fester in the first place? In my eyes, they've only solved 1 part of the problem: a rogue ecotistical network engineer.

    And if they haven't made any changes, there are probably several people in City Management that should probably be in jail right along side Childs.

  • by obi (118631) on Saturday August 07, 2010 @11:22AM (#33174120)
    Do I think this should be a firing offense? Sure. It's simply bad stewardship to make the network crash with you.

    Do I think this is a criminal offense? Nope, not really. I'd give him the benefit of the doubt that this wasn't about extortion (for money or career opportunities), and more about there being no proper protocols in place for transferring control - something his superiors should have worked out long before this happened.

    Any other person in any other position would simply have been given the sack. If it was critical they have the passwords (ie. rebuilding the network would cause enormous disruption) his superiors should have foreseen this. What if he got hit by a bus? What if he simply forgets (dementia, amnesia, whatever).

    This trial always seemed to me as a clash of personalities, than about actual harm done (or even intent to harm).

    And sentencing in the US is just completely bonkers.

"Out of register space (ugh)" -- vi

Working...