Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Courts Crime Government Security IT Your Rights Online

Terry Childs Denied Motion For Retrial 223

snydeq writes "The former San Francisco network administrator who refused to hand over passwords for one of the city's networks has been denied a new trial and is expected to be sentenced Aug. 6. Terry Childs had been due for sentencing Friday but the court instead heard two defense motions, one requesting a new trial and the other for arrested judgment — essentially to have his original conviction overturned. The motions were both denied but the court then ran out of time before the sentencing phase could be conducted."
This discussion has been archived. No new comments can be posted.

Terry Childs Denied Motion For Retrial

Comments Filter:
  • by blair1q ( 305137 ) on Monday August 02, 2010 @05:09PM (#33116750) Journal

    Given the byzantine nature of the case, I have little doubt it will be appealed until his lawyers realize he's run out of money.

    • by RobotRunAmok ( 595286 ) on Monday August 02, 2010 @07:29PM (#33118166)

      snydeq, tell your puppetmasters at InfoWorld to just give this a rest, won't you? Childs was the kind of uber-dickhead SysAdmin that even normal, run-of-the-mill garden-variety dickhead SysAdmins are afraid to associate with lest they appear as parodies of the type.

      He didn't have a higher calling. He's not Batman. This ain't no Ayn Rand novel. He was fired and refused to release property that belonged to his former employer. Period, end of story.

      And it *would* be the end of the story if the friggin' Drama Club at InfoWorld would stop flogging it on slashdot..

      • by Sigma 7 ( 266129 )

        He was fired and refused to release property that belonged to his former employer. Period, end of story.

        If you're saying that he refused to release a password for a database, then either hire a consultant to forcefully reset the password, or contact the vendor of the software for a solution.

        The same is already done for OSs like Windows or Linux - there's special Boot CDs that bypass the issue. There's no reason why you can't do the same with more complex databases. If you need to take the system down for this, then do it at night time when the impact is minimized.

        • Not having the passwords for the time it takes to arrest Childs and persuade him to give the passwords to the mayor is less damaging than taking the system down, even briefly, since it still runs without the passwords, provided you don't have a crisis.

        • by paeanblack ( 191171 ) on Tuesday August 03, 2010 @03:30AM (#33120750)

          If you're saying that he refused to release a password for a database, then either hire a consultant to forcefully reset the password, or contact the vendor of the software for a solution.

          Despite being a jackass with no bus-factor plan, he appears to have sufficient technical capacity to build a system that could not readily be broken into using the methods you suggest. Doing so would have wiped the router configurations (they were not committed to flash, no backups were kept)

          The crux of his conviction was based on the fact that he did not grant access to the system when requested by his employer. There are many ways to do that beyond giving up the passwords he used. He could have created new administrative accounts with new passwords. He could have given them access to a console logged in with his credentials.

          He thought he could stonewall them. He now has plenty of time to examine the stone walls he built around himself.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        He was fired and refused to release property that belonged to his former employer. Period, end of story.

        The agreement he had with his (former) employer specifies who he was to release that information to, and under what circumstances. The request did not come from an authorized person, and the circumstances were suspect.

        If you work helpdesk in a corporate environment, you might need to handle passwords. If the rules say you are only allowed to give out a an employees password to the employee, you don't giv

        • tl,dr: He followed the rules, and got screwed for it.

          Oh, so the rules were that he where only to give the passwords to the mayor?
          And that he was to install backdoors into the system for his own use in the first place?

        • by Troed ( 102527 )

          If the rules say you are only allowed to give out a an employees password to the employee

          ... then you fire whomever came up with the rules. No person ever should have access to the passwords of others. It's not needed and should not exist as a policy anywhere.

          (Rationale, of course, is that people reuse passwords and that's something much harder to fix than to stop storing passwords in clear text)

        • The agreement he had with his (former) employer specifies who he was to release that information to, and under what circumstances. The request did not come from an authorized person, and the circumstances were suspect.

          You have a lovely theory.

          Unfortunately, it's not so much true.

          First of all, the people requesting the passwords were the same people that gave him the passwords when he started there. He changed the passwords, which was good practice. However, the "I didn't think they were authorized" argume

  • It's The Law! (Score:4, Insightful)

    by gyrogeerloose ( 849181 ) on Monday August 02, 2010 @05:10PM (#33116762) Journal

    Withhold a password, go to jail.

    Not really sure that justice was served here but the guy really was a first-rate dickhead.

    • You gotta watch what you say on here. I agree, but I've had people go off on me saying it.

      Myself, I kinda like the idea of job security, where I lock down the whole network so no one else can manage it. "Nope, you can't fire me, I'm the only one with the passwords."

      I've had to do cleanups after those a few times though. No one knew the passwords to a bunch of networking equipment in the datacenters, as well as quite a few servers. Nothing makes me warmer and

      • Re:It's The Law! (Score:5, Informative)

        by Anonymous Coward on Monday August 02, 2010 @05:43PM (#33117172)

        Except if you had done that in this particular case you would of been rebuilding the entire network from the ground up. Terry Childs deleted the startup-config on most of the network equipment so that the only copy was in running-config. He kept the configuration of every device in an encrypted drive on his laptop. If a network device was restarted or power cycled, he would log into the device and copy over the running-config.

        • that is the high security mode that is used some times and they did not use this he just turned off the password recovery forcing you to do a full reset to get back in.

        • Re: (Score:3, Insightful)

          by JWSmythe ( 446288 )

          Sometimes you have to do what you have to do, even if that includes getting a few good people to figure out what the design should be. I'm not saying it would be me, even though I have done more than my fair share of figuring out other people's mistakes. A half dozen CCIEs (assuming it's all Cisco equipment) could likely do it in a day, if they had enough information to work with. If there were no network maps, and they only knew the sites where the equipment resided, it could likely take

        • Bad move.

          What if there was a blackout?

          • Ever heard of redundant power? Many Cisco routers have two power supplies, you run one to a UPS, and the other to wall, or another UPS. Routers don't generally take massive amounts of power to run.

            • UPSs don't last forever. Typically they only give you 15 minutes of power. A sufficiently long blackout will take down even the biggest UPSs.

    • Yeah, seems like this should have been a civil case, but I don't know if lives or people's welfare were on the line because of this jerk. If that's the case, then a-slammer he should go!

      • Re: (Score:2, Insightful)

        please explain how this crosses the line into criminal conduct. From his perspective, it would be criminally negligent to turn over the passwords to a bunch of unknowns on a concall.
        • Re: (Score:3, Insightful)

          by ncohafmuta ( 577957 )

          'From his perspective' is the key phrase here.
          Judging the competence of his superiors is outside the scope of his job responsibilities.
          Denying the company access to their legal property, i.e. the passwords, is considered theft.

          • Re: (Score:3, Insightful)

            by JohnFluxx ( 413620 )

            But his /contract/ said that he was not allowed to turn over the passwords without the proper protocols. Which were not followed.

        • by sirwired ( 27582 ) on Monday August 02, 2010 @08:29PM (#33118616)

          He was a front-lines IT grunt. His job was to do whatever his superiors told him to do, barring any requests to do something illegal. If his superiors order him to open the admin interface to the outside world, and change the password to "password"... other than requesting that the demand be put in e-mail to protect his name, he is supposed to do so.

          Exactly what criminal law would not allow him to turn passwords over to his management on request, no matter how unqualified they are? None.

          Holding your employer's equipment hostage pending an audience with the mayor? Yeah, that was, and is, criminal. It's called extortion.

          SirWired

          • No, his contract said clearly that his superiors could not demand the passwords like that. There were clear protocols for transferring the passwords that the state refused to follow.

            • Why don't you repeat what he did at your job, see how it works out for you.

              • Well we know how it works out - they lock you away for doing what your contract tells you to.

                Doesn't make it right.

                • Re: (Score:3, Insightful)

                  by roman_mir ( 125474 )

                  contract definitely doesn't tell you to remove all configuration files to all pieces of equipment, keep all copies on your laptop so that you're the only one who can restart anything, then once you're already dismissed to keep the passwords and configurations away from your former boss while he is explicitly telling you to give it up on the phone, no matter how many people are listening.

                  • Re: (Score:3, Informative)

                    by JohnFluxx ( 413620 )

                    > then once you're already dismissed to keep the passwords and configurations away from your former boss while he is explicitly telling you to give it up on the phone

                    Actually, yes, the contract does say that. The boss was not an authorized official for the passwords. If he had given up the passwords then he would have been in breach of his contract and could have been sued for that.

                    • That's just a bunch of bullshit and technicalities. Have you actually SEEN his contract? Have you read it? Who signed the contract? What are the legalities around it?

                      Even if the contract absolutely states that there is only one person at all can get the passwords, if that person is on the phone with other people and telling you to say the password, that's it, it's that person's problem.

                      This guy is just an ass and I wouldn't want anybody like that 1000 miles anywhere close to my systems.

                    • by Tim C ( 15259 )

                      If he had already been dismissed then how could he be sued for being in breach of a contract that neither party was bound by?

                    • So what, the council made up protocols that should just be ignored?

                      You're an ass for being so free in violating your contract just because someone said so.

                    • I am not an ass because I don't steal other people's systems. I don't prevent owners of the systems to use them. I don't make a huge scene out of stupid technicalities because I follow the spirit of the contract, not the letter. Only assholes and lawyers follow the letter and not the spirit.

                    • There is the letter and then there is the spirit of any paper. Anything can be turned and twisted. Would you want to take a contract with an unknown employer on a handshake on an off chance he is a very honest person and will pay you for your work?

                      The point is that it was very clear to Childs what was happening and he did what he did only because he chose to be and asshole about it, that's all, we all know it, he knows it.

                    • Re: (Score:3, Interesting)

                      Technicalities == details that I find inconvenient, right?
    • If being a dickhead is a crime, I'm in serious trouble. Can someone please provide a list of countries that won't extradite to the US? Soonish, please.

      • Re: (Score:3, Insightful)

        by jjohnson ( 62583 )

        Why not just not be a dickhead? Lots of people manage it every day.

        • Why not just not be a dickhead? Lots of people manage it every day.

          You do know where you're posting, right?

      • Can someone please provide a list of countries that won't extradite to the US? Soonish, please.

        Every country has ways of dealing with the dickhead. Some are more permanent and more painful than others, so make your choice wisely.

    • Re: (Score:3, Insightful)

      by _KiTA_ ( 241027 )

      Withhold a password, go to jail.

      Not really sure that justice was served here but the guy really was a first-rate dickhead.

      I like the prescedent.

      Cops: "We confiscated your external HDD, only it's encrypted. Give us your password."

      SuspecT: "No."

      Cops: "Passwords are property and thus you have to, as it's part of the HDD."

      Suspect: "I claim 5th amendment rights."

      Cops: "We have a Warrant for the seizure and search of this HDD, and you're blocking us from doing it. Therefore, you can rot in jail until you give up and give us what we want."

      • What if it's NOT encrypted, and that's just noise left over from stress testing the drive with random read-writes? How exactly would justice be served by holding that guy in jail? Apologies if you were being sarcastic.

        • What if it's NOT encrypted, and that's just noise left over from stress testing the drive with random read-writes?

          Then it's not going to look like it's encrypted. An encrypted hard disk will almost always have some clear identifying mark, like some cleartext code at the beginning which prints out "please enter passphrase:" when you try booting from it, and tries to decrypt the key using the passphrase.

          Of course, you might not know the password. No way to be sure, but the jury doesn't need to be sure. It just needs to be beyond a reasonable doubt, and not even that in civil cases.

      • I like the prescedent.

        Cops: "We confiscated your external HDD, only it's encrypted. Give us your password."

        SuspecT: "No."

        Cops: "Passwords are property and thus you have to, as it's part of the HDD."

        Suspect: "I claim 5th amendment rights."

        Cops: "We have a Warrant for the seizure and search of this HDD, and you're blocking us from doing it. Therefore, you can rot in jail until you give up and give us what we want."

        Um, yeah. IANAL, but this is called "obstruction of justice". If the police have a warrant that permits them to search your hard disk, and you try to prevent them, that's a crime. You can't be compelled to testify against yourself, but you have to permit the police to access your property if they have a legitimate warrant.

    • Re: (Score:3, Interesting)

      by Cyberllama ( 113628 )

      You say that, but do you recall what happened when he did give the passwords to them? They were immediately included in a legal filing against him which was part of the PUBLIC record -- meaning any idiot could see them. They had to shut their network down for days while they changed all the passwords on everything after they realized what an idiotic thing they'd done.

      It sort of made his reasoning of "I'm not giving you the passwords cause you'll do something stupid with them" seem really, really justified.

      • the city of san francisco could have decided to hand out the passwords to homeless people and plaster them on freeway billboards. and? who cares. the point is, the passwords were the property of the city of san francisco's, not terry child's. the story begins and ends there

        that san franciso would poorly manage network security is almost a fact. i would wager good money on their network being compromised. again, who cares: completely besides the point. terry childs had no right to assert himself as an author

        • Comment removed based on user account deletion
          • or more exactly, the security system for THEIR network, which the password was the key to

            terry childs is like the auto mechanic in that seinfeld episode from the nineties, who doesn't think jerry is treating his car well enough, that he slaved so many hours repairing, so he steals his car. funny on tv, not funny in real life

            yes, terry childs and the auto mechanic put a lot of hours and love into their technical efforts. but this in absolutely no way gives them any right to assert any authority

            why the hell c

  • A new kind of security threat? Needs a shrink to solve?

  • by afabbro ( 33948 ) on Monday August 02, 2010 @05:52PM (#33117272) Homepage

    A couple summations:

    Let's see:

    Terry Childs:

    • God complex and delusions of grandeur
    • Anger management
    • Obsessive/possessive
    • Paranoid
    • General creepy behavior

    City of San Fran

    • Poorly managed IT by definition when only one person knows the passwords to your routers
    • Budget cuts reduced IT to impossible support levels

    So I recommend that Terry Childs be put to death just for being a jerk and to make sure non of us ever have to work with him again/interact with him again. Then we fire the City of San Fran CIO and forbid him from ever working in IT again.

    (bangs gavel)

    • by AK Marc ( 707885 )
      Given that they apparently were really out to get him, doesn't that mean he was rational, not paranoid?
  • SysAdminDay (Score:3, Funny)

    by Anonymous Coward on Monday August 02, 2010 @05:57PM (#33117338)

    Was sentencing delayed because Friday was System Administrator Appreciation Day?

  • Not really news (Score:3, Informative)

    by DerekLyons ( 302214 ) <fairwater.gmail@com> on Monday August 02, 2010 @06:54PM (#33117904) Homepage

    These kinds of (defense) motions are pretty much rote - and for that reason rarely granted. Don't make too much of the fact that they weren't granted.

  • My integrity is worth breaking the rules, but I know that if I rebel against the system in power, it's not likely that they'll publicly appreciate it.

    Fight for civil rights or stand up against what you believe to be a corrupt and incompetent system that will only put public information in danger-- either way, you're going to get hurt.

    A good person knows this, does it anyway, and just hopes that history can tell the difference between criminal and person with a good cause.

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Working...