Forgot your password?
typodupeerror
Crime Security The Almighty Buck The Courts

Judge Orders Former San Francisco Admin Terry Childs To Pay $1.5M 488

Posted by timothy
from the rough-justice dept.
0WaitState writes "A judge Tuesday ordered a former city worker who locked San Francisco out of its main computer network for 12 days in 2008 to pay nearly $1.5 million in restitution, prosecutors said.' Keep in mind the network never went down and no user services were denied, and given that Terry Childs was the only one who had admin access (for years prior) it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"
This discussion has been archived. No new comments can be posted.

Judge Orders Former San Francisco Admin Terry Childs To Pay $1.5M

Comments Filter:
  • by seeker_1us (1203072) on Wednesday May 18, 2011 @08:13AM (#36164192)
    We will make an example out of you, who cares about justice?
  • by unity100 (970058) on Wednesday May 18, 2011 @08:15AM (#36164202) Homepage Journal
    ... who had had exposed hundreds of LIVE login/passwords to city administration system as 'proof', endangering the public system and the private information of citizens and even more, will pay ?

    nothing ? i guessed as much. its all ok if you are a moron at the helm of a company or a public office. no really - i am much more polite and eloquent than what wordage you read here, but, i am at a loss to find any word other than moron for publicly exposing hundreds of live login/passwords in a public court. really. morons.

    it appears terry childs was right.
  • by gman003 (1693318) on Wednesday May 18, 2011 @08:15AM (#36164204)
    That explains why American culture is so obsessed with vigilante justice - the actual judicial system is fucking retarded .
  • by mseeger (40923) on Wednesday May 18, 2011 @08:16AM (#36164214)

    Terry Childs did some mistakes. I think the restitution for damages is more justified than the criminal punishment he got.

    CU, Martin

  • by MickyTheIdiot (1032226) on Wednesday May 18, 2011 @08:26AM (#36164276) Homepage Journal

    it's run by simpletons just like everything else in the U.S. right now...

  • by Richard_at_work (517087) <richardprice&gmail,com> on Wednesday May 18, 2011 @08:26AM (#36164278)

    Some of us do and some of us do consider Childs to be guilty. He acted like a prick and suffered for it, but imho he was guilty of what he was found guilty of.

  • by jimicus (737525) on Wednesday May 18, 2011 @08:27AM (#36164290)

    From TFS:

    "it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"

    Come on, we shouldn't be defending this guy otherwise we're no better than the corrupt politicians that occasionally crop up on /. stories.

    We all know he was in charge of much of the city's network infrastructure and that ultimately the city dealt with him and his role rather badly - that's not particularly unusual in the public sector anywhere in the world. What's important is how he reacted to it. From what I've heard, his reaction was to say "Fine, if that's going to be your attitude I'll take the passwords to my network and go home!" like a petulant child. But it wasn't his network to take - and I don't believe the arguments that to hand over access to someone unqualified would have put him in greater trouble than refusal to. Faced with an enemy with so much more resources, the sensible thing to do would be to negotiate a way out of any possible repercussions instead of throwing a tantrum.

  • Re:Cost (Score:5, Insightful)

    by erroneus (253617) on Wednesday May 18, 2011 @08:30AM (#36164314) Homepage

    He did not care about security other than his own job security. He was one of 'those' types of IT people. You know the ones I mean -- they think "job security" means keeping all the secrets locked away so that only he can fix things when they are broken. Furthermore, they tend to behave as if they own the networks and servers they maintain and they tend to hide their limitations of knowledge and experience from others as well as being unwilling to share what little knowledge they actually have. There might have been a time when that was common enough to be acceptable, but today's business and government leaders see through this.

    Good riddance to bad rubbish. "Vendor lock-in" is evil regardless of who practices it.

  • by smelch (1988698) on Wednesday May 18, 2011 @08:35AM (#36164342)
    Well, also sometimes the only way to get real justice is as a vigilante, and nobody wants to admit that they would go too far with it. Americans tend to view things in absolutes. There is true justice, true good and true evil independent of what society says, thinks or does. If somebody rapes your child it would be true justice to remove that guy's balls and feed them to him, but no court would ever allow that to happen.
  • by SJHillman (1966756) on Wednesday May 18, 2011 @08:37AM (#36164354)
    The problem isn't that we're defending him. Most people on Slashdot think he's an idiot and a criminal. The problem is the $1.5 million fine. That's around 20 years of his salary (at a comfortable $75k/yr). It's not a matter of whether or not he's guilty or deserves punishment, it's a matter of letting the punishment fit the crime. That pesky eighth amendment that mentions no excessive fines.
  • by sco08y (615665) on Wednesday May 18, 2011 @08:38AM (#36164372)

    Any actual evidence that Americans are "obsessed" with vigilante justice? I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank. Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires.

  • by nedlohs (1335013) on Wednesday May 18, 2011 @08:42AM (#36164398)

    That scratching sound is onda technology getting added to the "don't use" list all around the world.

  • by Syberz (1170343) on Wednesday May 18, 2011 @08:49AM (#36164472) Homepage

    Although I do agree that Terry was in the wrong, so was the City for its bad procedures. I just don't think that the wrongness he did is worth 1.5 million dollars.

    Guy locks out everyone from the City network after losing his job due to his perceived moral implications: gets a 1.5 million dollar fine.

    Guys cause Worldwide economical downturn, massive job loss, massive wealth reduction to the middle and lower classes: get multi-million dollar government jobs.

    Wait, what?

  • by gman003 (1693318) on Wednesday May 18, 2011 @08:50AM (#36164478)
    Sure, Americans are too lazy to actually do anything themselves, but that doesn't mean we're not obsessed with fictional vigilantes. Pretty much every superhero comic/movie/game/whatever. Most Westerns. The entire "loose-cannon cop on the edge" genre (Dirty Harry, etc) differs from vigilante justice only on a technicality. And look at the way (certain) Americans look at foreign policy: "Someone needs to do something about $COUNTRY, so we'll do it, even though we've got no justification and no permission for intervening." America just wants to be Batman in country form.
  • by goldspider (445116) <ardrake79.gmail@com> on Wednesday May 18, 2011 @08:53AM (#36164504) Homepage

    "...unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"

    What exactly is being insinuated here? That it's the City's fault that Childs decided to commit a crime?

    Sorry, pal, it doesn't work that way. Yes, the city has a lot of work to do to clean up its IT policies, but that has no bearing whatsoever on Childs' decision to commit a criminal act.

  • Re:Perhaps.... (Score:3, Insightful)

    by conspirator57 (1123519) on Wednesday May 18, 2011 @09:23AM (#36164792)

    An IT guy on a power trip acted like a prick and that resulted in serious consequences. Let's see what the slashdot community thinks. ;)

    This might as well be a story about getting arrested for living in mom's basement.

    he's paying the price for embarrassing the powerful?

  • Re:Cost (Score:3, Insightful)

    by satch89450 (186046) on Wednesday May 18, 2011 @09:29AM (#36164866) Homepage

    I'd be curious how may CCIE (Cisco Certified Internetwork Engineers) you know. Now, my company helps network engineers around the world win their certifications, so I've had to deal with a lot of both CCIEs and wanna-bes. Also, the CCIE community was very, Very, VERY interested in this whole affair, because -- of the ones I talked with -- they thought that Mr. Childs did the right thing by keeping the keys to the network close to the vest. You may be right, erroneus, that Mr. Childs acted out of selfish motivations. From the views expressed by others more knowledgable than myself, though, by keeping everything tight he avoid any untoward and destabalizing meddling.

    Could he have done better? Sure he could. For example, if he properly backed up all configuration files from the routers and Etherswitches in a separate computer, he could have given the security auditor those configs and the other guy could have worked from those. You don't need direct access to the vast majority of the equipment to perform a security audit. Mr. Childs could also have provided logs, logs he should have been keeping anyway, for the auditor to examine. From that review, the auditor could then suggest improvements, and Mr. Childs could have made those improvements.

    No, it wasn't because there was a "problem"...other than a problem with a control freak who valued personal power over what was good for the City of San Francisco. Unfortunately, that attitude is rampant with our alledged "public servents", which is why things escalated the way they did.

    Put more bluntly, mistakes were made on both sides of the argument. Terry Childs has to pay not only for his mistakes, but the mistakes of others. Mistakes that were worse than those made by Mr. Childs. And more costly.

  • by moronoxyd (1000371) on Wednesday May 18, 2011 @09:46AM (#36165054)

    Using you're logic, that's something they would be forced to do every time there is admin turnover.

    Quite the opposite: They (may have) had to do it because Childs behaved the way he did.
    The way he was acting, they had to make sure there are no more backdoors for him.

    If an admin leaves on good terms, gives his superior all the relevant information, keys et. al., then it's most probably not necessary to check the network.

    Childs, on the other hand, made sure that he was the only one who could keep the network running and nobody else could take over for him.
    That's paranoid at the best and malicious at the worst.

  • by jaymz666 (34050) on Wednesday May 18, 2011 @09:54AM (#36165172)

    If he had been hit by a bus and killed the city would have been even more screwed, so yes, the city is partially to blame for not having a backup plan to begin with.

  • Re:Perhaps.... (Score:3, Insightful)

    by stanlyb (1839382) on Wednesday May 18, 2011 @10:05AM (#36165312)
    You are missing the point, next time, he, or any other sysadmin, when he faces the termination letter, he/she will follow the law to the letter. Which could mean that he could "forget" to inform you about some tricky passwords, terminals, systems, etc., and when YOUR system crashes, you could blame only YOURSELF, not the already terminated sysadmin that gave you "all the passwords", and who did not try to protect the public. You understand me? The difference between protecting yourself and the public? If not, go find this article about the hacked PSN hundreds of millions of stolen accounts.
  • Re:Perhaps.... (Score:4, Insightful)

    by tnk1 (899206) on Wednesday May 18, 2011 @10:27AM (#36165628)

    The solution to that is to:

    a) have more than one admin with access to passwords
    b) not to act like a jerk to the admins you currently have
    c) put a firm stop to people who try and take complete control of a system "for its own good"

    Make no mistake, the City of SF is responsible for their own issues.

    Still, Childs was just plain stupid. He should have:

    a) not admitted to having passwords, since he could have easily said that he forgot them since he no longer works there
    b) failing that, immediately given any and all passwords up
    c) written a letter to the city or a newspaper, if he wanted to complain about the city, like any other citizen, instead of trying to be a martyr.

    $1.5m is a little steep, I was leaning more towards a month or two in jail for being a dumbass, which would be time served. It annoys me when certain admins feel that they are freedom fighters when operating their boxes, makes them incredibly annoying to work with.

  • Re:Perhaps.... (Score:5, Insightful)

    by Americano (920576) on Wednesday May 18, 2011 @11:12AM (#36166280)

    he was surrounded by incompetence

    Oh bullshit. He was part of the incompetence . At what point do we admit that Mr. Childs was just as irresponsible for neglecting to create an appropriate backup and contingency plan for outages, disaster recovery, etc. that allowed for someone else to get access to the passwords?

    Where I'm sitting, any sysadmin with half a brain knows that a single point of failure is a no-no. Let's not pretend he was some white knight, if there were no adequate plans for password access in place, then he's just as incompetent as his managers were. Only difference is, he was incompetent, and broke the law in the process, by refusing to turn over the password to his management chain when he was reassigned and holding the network he was "protecting" hostage.

  • by Americano (920576) on Wednesday May 18, 2011 @11:50AM (#36166848)

    Although I do agree that Terry was in the wrong, so was the City for its bad procedures.

    Mr. Childs was in a position to implement better procedures, and in fact, had a professional obligation to improve the bad procedures which you point out. He did not do this. At a bare minimum, he could have simply done this: "Hey boss, since I'm a single point of failure, if I'm ever hit by a bus, here's a sealed envelope with passwords and critical access information for all of the systems I work with. I'll update this once a month, and make sure you receive a new copy. I'll also do the same with $some_guy_who_covers_for_me_when_im_on_vacation, and if you like, a third manager who you deem appropriate." This is cheap and easy to implement, and requires absolutely no "new policies" or politicking. He's simply setting up a failsafe in case he's incapacitated or turfed out - the sort of failsafe any sysadmin should implement ASAP in any new job where they find that they're the only person who knows the appropriate access passwords to critical systems.

    He failed to do anything like this, and elected to keep everything in his head. We can only conclude from this that he was just as incompetent as the rest of the people implementing "bad procedures" on behalf of the city, or he was deliberately trying to set up a chokehold on city infrastructure. Either way, I have very little sympathy with him for obstructing access to the systems under the guise of "caring so deeply" about them. If he cared so deeply about the systems, he never would have set himself up as a single point of failure.

  • Re:Oh thank god.. (Score:1, Insightful)

    by PoopJuggler (688445) on Wednesday May 18, 2011 @12:22PM (#36167340)
    And why can't the city just let this one go?

    Because people are punitive vindictive little trolls for the most part, especially when it comes to someone challenging their authority. It's the same reason why cops beat speeders, same reason why parents spank their kids. "How dare you challenge me?" is what their brain says. People think that doling out harsh punishments will somehow free them of their anger inside. Anger derived from a sense of loss-of-power, because their identity is based on power. To me, that's not true power at all. True power would be to rise above all that and act compassionately. You're powerful because you can inflict harm on another person? Nope, you're powerful if you can overcome yourself....
  • Re:Oh thank god.. (Score:4, Insightful)

    by Anonymous Coward on Wednesday May 18, 2011 @12:52PM (#36167730)

    Which is why so many people who are innocent of crimes plead guilty. Often the thought of the "maximum" sentence and the fear that your defense will not pay out are enough to make someone choose guilty. This is generally true for those who can't afford a defense. Prosecutors don't care about innocence or guilt, they will work to scare you into a bargain so they get an easy win. Public defenders don't care much either, a bargain is less work and doesn't look as bad as a loss.

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...