Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Security The Almighty Buck The Courts

Judge Orders Former San Francisco Admin Terry Childs To Pay $1.5M 488

0WaitState writes "A judge Tuesday ordered a former city worker who locked San Francisco out of its main computer network for 12 days in 2008 to pay nearly $1.5 million in restitution, prosecutors said.' Keep in mind the network never went down and no user services were denied, and given that Terry Childs was the only one who had admin access (for years prior) it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"
This discussion has been archived. No new comments can be posted.

Judge Orders Former San Francisco Admin Terry Childs To Pay $1.5M

Comments Filter:
  • by seeker_1us ( 1203072 ) on Wednesday May 18, 2011 @07:13AM (#36164192)
    We will make an example out of you, who cares about justice?
    • by Moryath ( 553296 ) on Wednesday May 18, 2011 @07:21AM (#36164240)

      It's probably billing him for the temerity to actually take his case to trial.

      You know, exercising his constitutional rights. That's something the "justice" system has to punish at all costs.

      Here's some info for you. [fhsulaw.com]
      Here's more [slate.com].

      Or, to put it in a more sinister way: You get a heavier sentence if you insist on asserting your constitutional rights to a trial, to confront your accusers, to privacy from searches without probable cause, to avoid incriminating yourself, etc.

      • by way2trivial ( 601132 ) on Wednesday May 18, 2011 @07:33AM (#36164334) Homepage Journal

        so I looked myself and found this article
        http://sfappeal.com/news/2011/05/sf-network-engineer-convicted-of-witholding-passwords-ordered-to-pay-15-million-restitution.php [sfappeal.com]
        "No city services were ever affected, but officials said they could have been crippled if power had somehow been shut off.

        A jury convicted Childs in April 2010 of a computer tampering-related charge, and today San Francisco Superior Court Judge Teri Jackson ordered him to pay $1,485,791 in restitution to the Department of Technology,"

        he's paying it to the department of technology, not justice.. so... no...

        • by hesiod ( 111176 ) on Wednesday May 18, 2011 @07:58AM (#36164546)

          he's paying it to the department of technology, not justice

          Just because it's not a court-ordered bribe doesn't mean it's definitely not a punishment verdict.

        • he's paying it to the department of technology, not justice.. so... no...

          Do you have any idea how much money you can burn through in just one day of providing network services to an entire city's government? Wouldn't surprise me in the slightest if the SF Dept of Technology spent that much or more trying to deal with the "rogue admin who absconded with all the data/access". The taxpayers *do* need to be reimbursed for that. This might actually be an example of the system working properly, though I do not kn

      • He caused no damage in the "real world," but he tied up the courts and the city's lawyers, and you know, at $500 per billable hour, 1.5M is only 3000 man hours, or 3 lawyers for 6 months, plus expenses.

        Essentially, the judge has handed him a bankruptcy sentence - something he may not have been far from anyway.

        • by scubamage ( 727538 ) on Wednesday May 18, 2011 @07:49AM (#36164468)
          Not really, just a financial ruin sentence. You can't get out of legal penalties by declaring bankruptcy :(
          • by nomadic ( 141991 )
            Eh, you can't garnish every single penny someone has. He'll have this over his head for the rest of his life but doesn't necessarily mean he'll be homeless.
      • It's probably billing him for the temerity to actually take his case to trial.

        Exactly! It is for letting the public know just how stupid the people working for the gooberment are. Including himself.

      • It's probably billing him for the temerity to actually take his case to trial.

        You know, exercising his constitutional rights. That's something the "justice" system has to punish at all costs.

        Here's some info for you. [fhsulaw.com]
        Here's more [slate.com].

        Or, to put it in a more sinister way: You get a heavier sentence if you insist on asserting your constitutional rights to a trial, to confront your accusers, to privacy from searches without probable cause, to avoid incriminating yourself, etc.

        He had no constitutional right to do what he did. Free speech does not apply in the workplace. Well, it does, you are free to exercise it, but there is nothing that precludes the employer for terminating you for do so. Most employees think they have all of these "rights," but they should quit relying on TV shows. In all states, save Oregon (I think), all employees are at will employees and can be let go for no reason whatsoever. The only "rights" that employees have are those actually outlined by law

    • by Richard_at_work ( 517087 ) on Wednesday May 18, 2011 @07:26AM (#36164278)

      Some of us do and some of us do consider Childs to be guilty. He acted like a prick and suffered for it, but imho he was guilty of what he was found guilty of.

  • by unity100 ( 970058 ) on Wednesday May 18, 2011 @07:15AM (#36164202) Homepage Journal
    ... who had had exposed hundreds of LIVE login/passwords to city administration system as 'proof', endangering the public system and the private information of citizens and even more, will pay ?

    nothing ? i guessed as much. its all ok if you are a moron at the helm of a company or a public office. no really - i am much more polite and eloquent than what wordage you read here, but, i am at a loss to find any word other than moron for publicly exposing hundreds of live login/passwords in a public court. really. morons.

    it appears terry childs was right.
    • by fifedrum ( 611338 ) on Wednesday May 18, 2011 @08:56AM (#36165212) Journal
      It blows my mind that the guy spent any time at all in jail for this, especially after the city lied about the access (they had access several days before he tuned over the passwords). It's worse when the city again lied, time and time again, in fact, in painting his actions and configurations as nefarious when they're all common practice. The sniffer thing, the modem stuff, the paging issue. Those lies the city told should have been a get out of jail free card for him by painting the city as the scumbags they are.

      He did one thing wrong to his bosses, his bosses (via lawyer proxy, I assume) then turn around and lie in court, which is the real crime.
  • by gman003 ( 1693318 ) on Wednesday May 18, 2011 @07:15AM (#36164204)
    That explains why American culture is so obsessed with vigilante justice - the actual judicial system is fucking retarded .
    • Re: (Score:3, Insightful)

      it's run by simpletons just like everything else in the U.S. right now...

    • Re: (Score:3, Insightful)

      by smelch ( 1988698 )
      Well, also sometimes the only way to get real justice is as a vigilante, and nobody wants to admit that they would go too far with it. Americans tend to view things in absolutes. There is true justice, true good and true evil independent of what society says, thinks or does. If somebody rapes your child it would be true justice to remove that guy's balls and feed them to him, but no court would ever allow that to happen.
    • by sco08y ( 615665 ) on Wednesday May 18, 2011 @07:38AM (#36164372)

      Any actual evidence that Americans are "obsessed" with vigilante justice? I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank. Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires.

      • Re: (Score:2, Insightful)

        by gman003 ( 1693318 )
        Sure, Americans are too lazy to actually do anything themselves, but that doesn't mean we're not obsessed with fictional vigilantes. Pretty much every superhero comic/movie/game/whatever. Most Westerns. The entire "loose-cannon cop on the edge" genre (Dirty Harry, etc) differs from vigilante justice only on a technicality. And look at the way (certain) Americans look at foreign policy: "Someone needs to do something about $COUNTRY, so we'll do it, even though we've got no justification and no permission for
      • I'm trying to recall the last time I heard of any notorious vigilante actions, and I'm drawing a blank.

        You've never heard of Batman?!?!
      • "Even when the WBC crowd protested military funerals, the worst anyone did was slash their tires."

        That's because the WBC is full of lawyers that love to sue everyone they can. If the WBC was full of non-legal types, they would probably have all been beaten to a retarded pulp by now.

      • by SQLGuru ( 980662 )

        Just last week. There was the reclaimation of a laptop by a group of vigilantes.....at least that's how it was sensationalized in the headlines.

        The actual story was that a guy found his laptop through tracking software. A group went to the bar where it was and asked for it back. The guy who had it let them take it back.

      • by nomadic ( 141991 )
        What? Someone on SLASHDOT made a completely unsupportable generalization? Impossible.
  • by mseeger ( 40923 ) on Wednesday May 18, 2011 @07:16AM (#36164214)

    Terry Childs did some mistakes. I think the restitution for damages is more justified than the criminal punishment he got.

    CU, Martin

    • Even the restitution is out of hand, what are the chances that he can ever repay that?

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        How is it out of hand? It's been reported that the spent $900,000 [computerworld.com] trying to regain control of the network. The amount that he is being asked to pay is not particularly excessive. Would you prefer that $900,000 gets billed to taxpayers?

        • No, I'd rather the $900,000 be billed to the person who approved the expense. Personally. This was a power play, pure and simple. Witness the original article: "If the power had failed, we would have lost the network." BULLSHIT. That's what flash memory in Cisco equipment is for. The network would have come back up, and worked perfectly, if Mr. Childs did the job that a CCIE is expected to do, if Mr. Childs had backup of all configuration information so that flash failures could be fixed quickly (ass

      • by mseeger ( 40923 )

        None, but this is not the issue of the court. The court has to determine the damage caused and award restitution accordingly.

  • by L4t3r4lu5 ( 1216702 ) on Wednesday May 18, 2011 @07:17AM (#36164216)
    I forget a lot of what he said, but one of the points which stuck out for me was that Terry kept the keys / passwords out of the key management system, which was against policy. He kept the Keys to the Kingdom in his head, which is just bad IT policy. He also cleaned the backup configs on switches so that any reboots would essentially wipe them clean.

    Like I said, a /. poster was on the jury. He'll chip in with better information than anyone else. As for the fine... Well, if he doesn't have that money, he'll default like everyone else would and live off welfare. Shows the system works, eh?
    • by Syberz ( 1170343 ) on Wednesday May 18, 2011 @07:49AM (#36164472)

      Although I do agree that Terry was in the wrong, so was the City for its bad procedures. I just don't think that the wrongness he did is worth 1.5 million dollars.

      Guy locks out everyone from the City network after losing his job due to his perceived moral implications: gets a 1.5 million dollar fine.

      Guys cause Worldwide economical downturn, massive job loss, massive wealth reduction to the middle and lower classes: get multi-million dollar government jobs.

      Wait, what?

      • by Americano ( 920576 ) on Wednesday May 18, 2011 @10:50AM (#36166848)

        Although I do agree that Terry was in the wrong, so was the City for its bad procedures.

        Mr. Childs was in a position to implement better procedures, and in fact, had a professional obligation to improve the bad procedures which you point out. He did not do this. At a bare minimum, he could have simply done this: "Hey boss, since I'm a single point of failure, if I'm ever hit by a bus, here's a sealed envelope with passwords and critical access information for all of the systems I work with. I'll update this once a month, and make sure you receive a new copy. I'll also do the same with $some_guy_who_covers_for_me_when_im_on_vacation, and if you like, a third manager who you deem appropriate." This is cheap and easy to implement, and requires absolutely no "new policies" or politicking. He's simply setting up a failsafe in case he's incapacitated or turfed out - the sort of failsafe any sysadmin should implement ASAP in any new job where they find that they're the only person who knows the appropriate access passwords to critical systems.

        He failed to do anything like this, and elected to keep everything in his head. We can only conclude from this that he was just as incompetent as the rest of the people implementing "bad procedures" on behalf of the city, or he was deliberately trying to set up a chokehold on city infrastructure. Either way, I have very little sympathy with him for obstructing access to the systems under the guise of "caring so deeply" about them. If he cared so deeply about the systems, he never would have set himself up as a single point of failure.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      He also cleaned the backup configs on switches so that any reboots would essentially wipe them clean.

      When I was fresh out of school, the first man who hired me turned into a total nightmare of an asshat after about 3 months (not just to me, essentially to all his new hires who were proving themselves to be more capable than himself - apparently, until this point in his life, he had always been the boy genius...) So, being barely 20 years old (read: immature) my response was to encrypt all my backups and create a wipe script for the work I had done, such that a 2 letter command would erase all my work for

      • by DrgnDancer ( 137700 ) on Wednesday May 18, 2011 @08:43AM (#36165018) Homepage

        The problem often comes in determining at what point "marginal and mistreated" ends and "sociopathic desire to hurt anyone who slights me" begins. For every anecdote like yours, there's another about a geek who was simply paranoid or antisocial enough to *feel* victimized by the normal churn of the day. A guy (or girl) who wrote your kill script, or something worse, with the full intention of using it. It's not even hard to imagine such a person (your old boss seems the type). Which is more common? Really hard to say, ask employees and they'll probably say your situation, ask managers, they'll probably say the opposite. Most people can't point to more than a handful of examples of either situation though.

        Businesses and governments clearly need to watch out for and prepare for either situation. Ironically, your anecdote shows that at least in the first of your two cases, your company was doing exactly that. Someone did notice your boss' bad behavior and did something about it. Management isn't *always* incompetent or out to get you. In this case their actions both protected the marginalized and mistreated workers, and hopefully avoided a future Terry Childs situation on the form of your obviously immature and potentially dangerous boss.

        In the case of Child's himself, there's a significant disconnect as to whether he was a marginalized victim, or a childish asshat lashing out at perceived injustice. To hear him talk sometimes, he was the former. Other times, he seems a lot more like the latter (obviously management thought he was the latter). I'm inclined to believe that, while he probably doesn't deserve the level of punishment he's gotten, his actions were blameworthy.

    • You mean this interview [networkworld.com]? Yeah, it has some interesting points. Such as:
      • If Terry Childs didn't think his boss's boss wasn't an authorized user, why did he CC him in emails containing user IDs and passwords for the same network?
      • If his job is to maintain the network, and he's told he is being reassigned, why would he hand over the network with no way for the city to maintain it?

      It seems that Terry Childs made some mistakes, thought he was being fired, and dug himself into a hole.\

      IDG News: Going back, what was the one step he could have done to avoid prison? Chilton: If he would have simply said, "I will create you an account and you can go in and you can remove my access if you want." If he had created access for someone else, I think that would have resolved it. If he had not decided to leave and go to Nevada a few days later and withdraw US$10,000 in cash, [Childs did this the day before his arrest, while under police surveillance] I think the police may have let it continue on as an employment issue and not a criminal matter. IDGNS: Do you think Terry Childs deserves another chance? Chilton: Yes I do. He has a lot of knowledge and he has the ability to learn this stuff on his own. I think with what's happened, he's probably not going to get himself hired by an AT&T or a Bank of America, but he could probably do stuff on his own. Because he definitely has the knowledge. IDGNS: Do you think he's a trustworthy person? Chilton: I think for the most part, yes. If he's given clearly defined rules, he could be. I think he's also very stubborn and a little egotistical.

  • Repay city? (Score:3, Informative)

    by rackeer ( 1607869 ) on Wednesday May 18, 2011 @07:18AM (#36164228) Homepage
    I just RTFA. It says the money is to
    repay the city for its efforts in trying to regain control over the FiberWAN network and later test it for vulnerabilities. City officials had been worried that Childs, who helped set up the network but clashed with his supervisors, might try to sabotage it.
    Mind, he already spent 2 years in custody and was convicted to 4 years of jail.
    • by Moryath ( 553296 )

      If they weren't already testing for vulnerabilities, they're bigger idiots than we thought.

      Someone explain why he should, merely for having the temerity to assert his right to a trial, have to pay for something they should already have been doing?

      • by bws111 ( 1216812 )

        Gee, I wonder whose job it would have been to test for vulnerabilities? The guy had root access and has already demonstrated he couldn't be trusted, therefore EVERYTHING he touched must be considered suspect. For example, how did they know he didn't install any rootkits which would make normal vulnerability testing invalid?

  • by imamac ( 1083405 ) on Wednesday May 18, 2011 @07:21AM (#36164238)
    "it is difficult to understand how they came up in $1.5 million in costs" If you read the article..."Prosecutors had sought the money from Terry Childs, a former Department of Technology network engineer, to repay The City for its efforts in trying to regain control over the FiberWAN network and later test it for vulnerabilities."
    • by cdrudge ( 68377 )

      Shouldn't "testing it for vulnerabilities" be part of their normal operating costs anyways? If my company gets hit by a virus, is part of the economic damages the cost to install antivirus on all the computers?

      • I think they meant testing for any vulnerabilities (eg. backdoors, time bombs) left by Terry Childs. Being system admin, Terry Childs could have left exploits behind that would not be detectable in log files, etc. You'd pretty much would have to manually inspect each configuration, since you couldn't trust the audit software since the checksums being compared could be checksums of configuration files that were already compromised in the previous audit.
    • That is part of a job for a sys admin. If they were happy with one admin and no backup, the damage is at most a part of his salary for the amount of time that it would normally have cost him.
  • by whois ( 27479 ) on Wednesday May 18, 2011 @07:23AM (#36164258) Homepage

    At first I thought the citizens were going to have to pay for the cleanup and fixing of all the problems, along with the trial and all that. Now that I know this criminal with no job prospects will be paying the $1.5M I can sleep better at night.

    My personal ideas about job integrity end at or a little before the threat of getting arrested so I could argue I don't think what he did was wise (I would've made the guy wanting the passwords put it in writing and then quietly laughed when they broke things), but I don't think the punishment fits the crime at all. Why is there never a middle ground in the justice system between ruining someones life and letting them go free?

    And why can't the city just let this one go? They won a long time ago.. back when he was fired, jailed, etc and he surrendered the passwords without the network ever going down.

    • And why can't the city just let this one go? They won a long time ago..

      It's not the city's fault that the justice systems moves slowly. Everybody has to wait for their day in court.

      You could have easily said "Why didn't the city just force him to pay $1.5 million dollars after his arrest?" Who needs courts?

    • Re:Oh thank god.. (Score:4, Informative)

      by Myopic ( 18616 ) on Wednesday May 18, 2011 @09:29AM (#36165656)

      Why is there never a middle ground in the justice system between ruining someones life and letting them go free?

      Just to be clear, there is a middle ground, and the middle ground is used in the vast majority of prosecutions. It's called a plea bargain. Most people charged with crimes are guilty, and most guilt can be demonstrated at trial. So, everyone can save a lot of trouble with a guilty plea, and a negotiated punishment. That's the middle ground.

      Some people are guilty and yet won't bargain. In this case, prosecutors will generally take a big sigh and go to trial, demonstrate guilt, and try to get the maximum punishment. That's NOT the middle ground, because the middle ground was already passed by.

      There is plenty of room for legitimate criticism of the system, but there are sliding scales in the different dimensions of justice.

      • Re:Oh thank god.. (Score:4, Insightful)

        by Anonymous Coward on Wednesday May 18, 2011 @11:52AM (#36167730)

        Which is why so many people who are innocent of crimes plead guilty. Often the thought of the "maximum" sentence and the fear that your defense will not pay out are enough to make someone choose guilty. This is generally true for those who can't afford a defense. Prosecutors don't care about innocence or guilt, they will work to scare you into a bargain so they get an easy win. Public defenders don't care much either, a bargain is less work and doesn't look as bad as a loss.

      • by jedidiah ( 1196 )

        You're joking.

        A plea bargain is no "middle ground".

        A plea bargain is simply some poor schmuck trying to play the prisoner's dilemma because he knows there's no real justice.

  • by jimicus ( 737525 ) on Wednesday May 18, 2011 @07:27AM (#36164290)

    From TFS:

    "it is difficult to understand how they came up in $1.5 million in costs, unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"

    Come on, we shouldn't be defending this guy otherwise we're no better than the corrupt politicians that occasionally crop up on /. stories.

    We all know he was in charge of much of the city's network infrastructure and that ultimately the city dealt with him and his role rather badly - that's not particularly unusual in the public sector anywhere in the world. What's important is how he reacted to it. From what I've heard, his reaction was to say "Fine, if that's going to be your attitude I'll take the passwords to my network and go home!" like a petulant child. But it wasn't his network to take - and I don't believe the arguments that to hand over access to someone unqualified would have put him in greater trouble than refusal to. Faced with an enemy with so much more resources, the sensible thing to do would be to negotiate a way out of any possible repercussions instead of throwing a tantrum.

    • by SJHillman ( 1966756 ) on Wednesday May 18, 2011 @07:37AM (#36164354)
      The problem isn't that we're defending him. Most people on Slashdot think he's an idiot and a criminal. The problem is the $1.5 million fine. That's around 20 years of his salary (at a comfortable $75k/yr). It's not a matter of whether or not he's guilty or deserves punishment, it's a matter of letting the punishment fit the crime. That pesky eighth amendment that mentions no excessive fines.
  • by Anonymous Coward

    Certainly the management of San Francisco has some responsibility for what happened.

    However, I disagree with the assessment that Terry Childs is without blame, as is implied in the article summary. If I hold hostages and demand ransom but later release the hostages, does that mean I did nothing wrong? While Childs didn't literally take hostages, figuratively that's exactly what he did.

    The justification for making Childs pay restitution is that the city of San Francisco attempted other means of gaining contr

    • by hesiod ( 111176 )

      He had to know that if he fought those in power, they would find a way to take him down.

      So, "stop struggling, and take it up the ass like a good little victim" is your approach to government oppression?

      (Note that I'm not saying he IS a victim, but that your reasoning there is morally offensive)

    • by Skapare ( 16644 )

      Mr. Childs demanded no ransom. He demanded the network be kept solidly secure. Management (not sure which parts in particular) has ALL of the responsibility for this. But just like any political aspiring person, they will never, ever, admit to it. And I bet you are one of those types.

      There was nothing wrong with the network. Mr. Childs planted no bombs in it. I didn't create any backdoors that were there for any purpose besides proper management. It is entirely unjustified to assume he did anything b

  • by digitaldc ( 879047 ) * on Wednesday May 18, 2011 @07:44AM (#36164414)
    Lesson learned?

    A better punishment would have been to make him perform community service where he has to work for free for a certain number of hours fixing people's networks and eliminating THEIR downtime. That might have been a better solution.
  • by Xacid ( 560407 ) on Wednesday May 18, 2011 @07:47AM (#36164452) Journal

    "it is difficult to understand how they came up in $1.5 million in costs"

    Asshole tax?

  • by goldspider ( 445116 ) on Wednesday May 18, 2011 @07:53AM (#36164504) Homepage

    "...unless they're billing Terry Childs for the City's own failure to set up division of responsibility and standby emergency access procedures?"

    What exactly is being insinuated here? That it's the City's fault that Childs decided to commit a crime?

    Sorry, pal, it doesn't work that way. Yes, the city has a lot of work to do to clean up its IT policies, but that has no bearing whatsoever on Childs' decision to commit a criminal act.

  • by seniorcoder ( 586717 ) on Wednesday May 18, 2011 @07:53AM (#36164508)
    Terry Childs was clearly on an excessive one-man power trip. I don't think too many on /. think that deserves jail time though. A firing for unprofessional conduct: sure. A $1.5M fine? This just adds to the farce. I'm sure the head of the IMF will get a fair trial. He has already been convicted (by the media) and is in jail. ... now all we need to do is to get most of Wall Street in jail. They have been tried in the media but not put in jail.
  • by doperative ( 1958782 ) on Wednesday May 18, 2011 @07:53AM (#36164512)

    Mr. Childs clashed with the new Security Manager [shortinfosec.net] on the subject of authentication and control, which led to poor formal review.

    Sorting out fact from fiction in the Terry Childs case [yahoo.com]

  • He's already been crucified.

    They're just casting lots for his robes.

  • I can't figure out how this guy got convicted. He was an asshole and lacked common sense but 4 years in jail?, 1.5M? talk about "cruel or unusual punishment", 8th amendment anyone?

    Are they appealing this case?, why is the EFF not involved?, this is the kind of case they should be looking at. This case sets the scary precedent that admins are criminally liable for the network they maintain.

  • Disclaimer: I'm a systems engineer who spent many years as an admin. I don't do as much daily firefighting as I used to, but I sure have tons of experience in that department.

    How many of you (good natured) IT folk looked at the Terry Childs case and said, "Hey, that sounds like X, the total jerk I used to work with!" I know I did... We had a guy like this who (a) did the passive-aggressive thing when asked to take care of something, (b) kept all the secrets in his head so that it would be hard for anyone to

  • I'm sure they'll have a real easy time finding a talented individual to replace him. There's nothing like the threat of imprisonment, humiliation and millions in fines to attract IT staff.
  • by account_deleted ( 4530225 ) on Wednesday May 18, 2011 @08:32AM (#36164908)
    Comment removed based on user account deletion

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...