Judge Orders Former San Francisco Admin Terry Childs To Pay $1.5M 488
0WaitState writes "A judge Tuesday ordered a former city worker who locked San Francisco out of its main computer network for 12 days in 2008 to pay nearly $1.5 million in restitution, prosecutors said.' Keep in mind the network never went down and no user services were denied, and given that Terry Childs was the only one who had admin access (for years prior) it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"
Take that Terry Childs (Score:5, Insightful)
How much will the morons in administration (Score:4, Insightful)
nothing ? i guessed as much. its all ok if you are a moron at the helm of a company or a public office. no really - i am much more polite and eloquent than what wordage you read here, but, i am at a loss to find any word other than moron for publicly exposing hundreds of live login/passwords in a public court. really. morons.
it appears terry childs was right.
That explains it... (Score:4, Insightful)
Restitution more fair than the jail time... (Score:5, Insightful)
Terry Childs did some mistakes. I think the restitution for damages is more justified than the criminal punishment he got.
CU, Martin
Re:That explains it... (Score:3, Insightful)
it's run by simpletons just like everything else in the U.S. right now...
Re:Take that Terry Childs (Score:5, Insightful)
Some of us do and some of us do consider Childs to be guilty. He acted like a prick and suffered for it, but imho he was guilty of what he was found guilty of.
Inflammatory summary, anyone? (Score:3, Insightful)
From TFS:
"it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"
Come on, we shouldn't be defending this guy otherwise we're no better than the corrupt politicians that occasionally crop up on /. stories.
We all know he was in charge of much of the city's network infrastructure and that ultimately the city dealt with him and his role rather badly - that's not particularly unusual in the public sector anywhere in the world. What's important is how he reacted to it. From what I've heard, his reaction was to say "Fine, if that's going to be your attitude I'll take the passwords to my network and go home!" like a petulant child. But it wasn't his network to take - and I don't believe the arguments that to hand over access to someone unqualified would have put him in greater trouble than refusal to. Faced with an enemy with so much more resources, the sensible thing to do would be to negotiate a way out of any possible repercussions instead of throwing a tantrum.
Re:Cost (Score:5, Insightful)
He did not care about security other than his own job security. He was one of 'those' types of IT people. You know the ones I mean -- they think "job security" means keeping all the secrets locked away so that only he can fix things when they are broken. Furthermore, they tend to behave as if they own the networks and servers they maintain and they tend to hide their limitations of knowledge and experience from others as well as being unwilling to share what little knowledge they actually have. There might have been a time when that was common enough to be acceptable, but today's business and government leaders see through this.
Good riddance to bad rubbish. "Vendor lock-in" is evil regardless of who practices it.
Re:That explains it... (Score:3, Insightful)
Re:Inflammatory summary, anyone? (Score:5, Insightful)
Re:That explains it... (Score:5, Insightful)
Any actual evidence that Americans are "obsessed" with vigilante justice? I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank. Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires.
Re:Let the guy come here... (Score:4, Insightful)
That scratching sound is onda technology getting added to the "don't use" list all around the world.
Re:Queue the dude who was on the jury (Score:4, Insightful)
Although I do agree that Terry was in the wrong, so was the City for its bad procedures. I just don't think that the wrongness he did is worth 1.5 million dollars.
Guy locks out everyone from the City network after losing his job due to his perceived moral implications: gets a 1.5 million dollar fine.
Guys cause Worldwide economical downturn, massive job loss, massive wealth reduction to the middle and lower classes: get multi-million dollar government jobs.
Wait, what?
Re:That explains it... (Score:2, Insightful)
Two entirely separate issues (Score:5, Insightful)
"...unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"
What exactly is being insinuated here? That it's the City's fault that Childs decided to commit a crime?
Sorry, pal, it doesn't work that way. Yes, the city has a lot of work to do to clean up its IT policies, but that has no bearing whatsoever on Childs' decision to commit a criminal act.
Re:Perhaps.... (Score:3, Insightful)
An IT guy on a power trip acted like a prick and that resulted in serious consequences. Let's see what the slashdot community thinks. ;)
This might as well be a story about getting arrested for living in mom's basement.
he's paying the price for embarrassing the powerful?
Re:Cost (Score:3, Insightful)
I'd be curious how may CCIE (Cisco Certified Internetwork Engineers) you know. Now, my company helps network engineers around the world win their certifications, so I've had to deal with a lot of both CCIEs and wanna-bes. Also, the CCIE community was very, Very, VERY interested in this whole affair, because -- of the ones I talked with -- they thought that Mr. Childs did the right thing by keeping the keys to the network close to the vest. You may be right, erroneus, that Mr. Childs acted out of selfish motivations. From the views expressed by others more knowledgable than myself, though, by keeping everything tight he avoid any untoward and destabalizing meddling.
Could he have done better? Sure he could. For example, if he properly backed up all configuration files from the routers and Etherswitches in a separate computer, he could have given the security auditor those configs and the other guy could have worked from those. You don't need direct access to the vast majority of the equipment to perform a security audit. Mr. Childs could also have provided logs, logs he should have been keeping anyway, for the auditor to examine. From that review, the auditor could then suggest improvements, and Mr. Childs could have made those improvements.
No, it wasn't because there was a "problem"...other than a problem with a control freak who valued personal power over what was good for the City of San Francisco. Unfortunately, that attitude is rampant with our alledged "public servents", which is why things escalated the way they did.
Put more bluntly, mistakes were made on both sides of the argument. Terry Childs has to pay not only for his mistakes, but the mistakes of others. Mistakes that were worse than those made by Mr. Childs. And more costly.
Re:Take that Terry Childs (Score:3, Insightful)
Using you're logic, that's something they would be forced to do every time there is admin turnover.
Quite the opposite: They (may have) had to do it because Childs behaved the way he did.
The way he was acting, they had to make sure there are no more backdoors for him.
If an admin leaves on good terms, gives his superior all the relevant information, keys et. al., then it's most probably not necessary to check the network.
Childs, on the other hand, made sure that he was the only one who could keep the network running and nobody else could take over for him.
That's paranoid at the best and malicious at the worst.
Re:Two entirely separate issues (Score:4, Insightful)
If he had been hit by a bus and killed the city would have been even more screwed, so yes, the city is partially to blame for not having a backup plan to begin with.
Re:Perhaps.... (Score:3, Insightful)
Re:Perhaps.... (Score:4, Insightful)
The solution to that is to:
a) have more than one admin with access to passwords
b) not to act like a jerk to the admins you currently have
c) put a firm stop to people who try and take complete control of a system "for its own good"
Make no mistake, the City of SF is responsible for their own issues.
Still, Childs was just plain stupid. He should have:
a) not admitted to having passwords, since he could have easily said that he forgot them since he no longer works there
b) failing that, immediately given any and all passwords up
c) written a letter to the city or a newspaper, if he wanted to complain about the city, like any other citizen, instead of trying to be a martyr.
$1.5m is a little steep, I was leaning more towards a month or two in jail for being a dumbass, which would be time served. It annoys me when certain admins feel that they are freedom fighters when operating their boxes, makes them incredibly annoying to work with.
Re:Perhaps.... (Score:5, Insightful)
Oh bullshit. He was part of the incompetence . At what point do we admit that Mr. Childs was just as irresponsible for neglecting to create an appropriate backup and contingency plan for outages, disaster recovery, etc. that allowed for someone else to get access to the passwords?
Where I'm sitting, any sysadmin with half a brain knows that a single point of failure is a no-no. Let's not pretend he was some white knight, if there were no adequate plans for password access in place, then he's just as incompetent as his managers were. Only difference is, he was incompetent, and broke the law in the process, by refusing to turn over the password to his management chain when he was reassigned and holding the network he was "protecting" hostage.
Re:Queue the dude who was on the jury (Score:4, Insightful)
Mr. Childs was in a position to implement better procedures, and in fact, had a professional obligation to improve the bad procedures which you point out. He did not do this. At a bare minimum, he could have simply done this: "Hey boss, since I'm a single point of failure, if I'm ever hit by a bus, here's a sealed envelope with passwords and critical access information for all of the systems I work with. I'll update this once a month, and make sure you receive a new copy. I'll also do the same with $some_guy_who_covers_for_me_when_im_on_vacation, and if you like, a third manager who you deem appropriate." This is cheap and easy to implement, and requires absolutely no "new policies" or politicking. He's simply setting up a failsafe in case he's incapacitated or turfed out - the sort of failsafe any sysadmin should implement ASAP in any new job where they find that they're the only person who knows the appropriate access passwords to critical systems.
He failed to do anything like this, and elected to keep everything in his head. We can only conclude from this that he was just as incompetent as the rest of the people implementing "bad procedures" on behalf of the city, or he was deliberately trying to set up a chokehold on city infrastructure. Either way, I have very little sympathy with him for obstructing access to the systems under the guise of "caring so deeply" about them. If he cared so deeply about the systems, he never would have set himself up as a single point of failure.
Re:Oh thank god.. (Score:1, Insightful)
Because people are punitive vindictive little trolls for the most part, especially when it comes to someone challenging their authority. It's the same reason why cops beat speeders, same reason why parents spank their kids. "How dare you challenge me?" is what their brain says. People think that doling out harsh punishments will somehow free them of their anger inside. Anger derived from a sense of loss-of-power, because their identity is based on power. To me, that's not true power at all. True power would be to rise above all that and act compassionately. You're powerful because you can inflict harm on another person? Nope, you're powerful if you can overcome yourself....
Re:Oh thank god.. (Score:4, Insightful)
Which is why so many people who are innocent of crimes plead guilty. Often the thought of the "maximum" sentence and the fear that your defense will not pay out are enough to make someone choose guilty. This is generally true for those who can't afford a defense. Prosecutors don't care about innocence or guilt, they will work to scare you into a bargain so they get an easy win. Public defenders don't care much either, a bargain is less work and doesn't look as bad as a loss.