Network admin gets jail time — for doing his job?

He’s just doing his job and should be applauded for making sure records were secure. If I were a customer on this guy’s network, I would expect my password to be protected, especially if there were a privacy statement stating such. I don’t even know why this is an issue, seems like common knowledge.

Standard Operation Procedure (SOP) for DOD, FBI and other secure companies is:
1) Division of Roles… different role=different level of access.
2) Seperation of duties
I have 21 years in the industry both private and federal government. You simply do not allow un-supervised access to outside people into your network or area of work. Most places would fire you for allowing non-authorized access. Even management should not get into technical admin areas, usually because they Do Not Know what they are doing!

Were there any technical or network people in the jury?? Or were they all business people?
And finally, they should have gotten management to request supervised access or a court order, so Mr. Childs would then NOT be held accountable for the actions of others.

Seems the management could have easily requested the passwords be given in a private meeting after.
Egg on their face for knee-jerk reaction, which likely contributed to the “disgruntled” spirit of Mr. Childs.

“He refused, on the grounds that some of the folks present weren’t authorized to access the network…” Which implies that some of them were. Had he handed over the password(s) privately to those that were, there would have been no problem, or is he the only admin in the entire S.F. IT department ‘authorized’. Sorry, try again…

Based on my experience as a Network Administrator, as well as the information in the article, I would have to say he was following a strict security practice which is recommended in multiple “Best Practice” documents. I personally would not give up critical information regarding my network to anyone not directly involved within the IT Department or a proper formal request be made by the President of the company. Persons involved in IT are responsible for data integrity, security, and most of all confidentiality. However this shows in the great nation of the United States, the justice system is designed to favor the goverments view. If a Network Administrator were to hand out passwords to anyone that asked for access for fear of a five year prison sentence I’m sure the U.S. judicial system would find a way to in prison that person for the maximum term allowed. With that said if you are looking for employment as a Network Administrator you may want to reconsider looking for work outside the United States as you may be thrown in prison for performing your duties to the best of your abilities.

I think it was a little of both. But security should be a number one priority for any network. He should have created user names and passwords for the persons requesting access and that way the amount and kind of access could be controlled and monitored.

Unfortunately he is not an independent professional whose professional judgement trumps sanity. A clergyman, doctor or a lawyer can claim a higher authority – which is the basis for his qualifications for his position. The rest of us are just hired hands who need to learn that we can not use our professional opinions to excuse us from doing what our supervisor directs us to do. Our union tells us that we need to have written documentation that we were directed to do something, no matter how stupid it may be ( unless it is illegal or clearly a threat to someone’s life or health) and comply with the directive.

Get real – if managment asked him for the passwords and he refused to hand them over, he was in violation of “best practices” I suspect “Best practices” also states don’t hire a felon to protect your network…

We clearly do not have the whole story so it is inappropriate for us to comment on it.

The larger issue, and lesson, is to *never* let a single employee be the sole keeper of critical security tokens. And a good “disaster” plan needs to include methods to regain access to infrastructure if such an employee is injured, fired, or becomes disgruntled.

In any event, Childs was wrong to refuse to disclose passwords to network infrastructure when instructed to do so by his supervisor. If his concern was network security, he should have disclosed them to his supervisor along with a written statement about his concerns. Criminality would depend upon state and local laws, compounded by the fact that he was a government employee.

I’ve also always wondered why, with physical access to the devices, the city was unable to regain access. Almost all network devices have methods to regain access *if* you have physical access. So do most computer security mechanisms…

We don’t have enough information to know if what he did is wrong/illegal. Did they have a written policy that stated the passwords should not be (or only be) shared with certain people? If he was following policies in place, I would say he should not have been found guilty. If he was doing it as a “smart” IT guy doing the “right thing”, and he had said that they needed his manager’s approval before handing out the passwords, I wouldn’t see that as a felony either. If people weren’t able to access data to do their jobs, there is something wrong with that picture. So without knowing more of the story we can’t really say if what he did was right or wrong.

We don’t have enough facts to know the truth, but it is rare for a jury to convict on criminal charges in error.

The key issues are: Did the people at the meeting – the police representative and the HR staffer – have the authority to demand the passwords? If not, then, as a network admin, Childs did the right thing.

But, at the same time, why was the City of San Francisco demanding that he turn over the keys to the network? Had he obtained his job by fraudulently hiding his convictions? Had he done something else illegal or against procedure. If Child’s motives were to serve the city all the way through, why did the meeting happen in the first place? What was the problem?

The situation highlights the power that network administrators have – for good or ill. It is a mistake to underestimate the risks involved. The trust must be granted. Just as cops must carry guns, and security guards have all the keys, so network administrators have the power to lock or open our essential IT systems.

Care is needed. Even trustworthy people do not always remain so. Most fraud occurs when a long-trusted employee falls on hard times.

Clear communication free of bureaucratic hassle is needed as well. In this case, was it really right for an HR staffer to be at the meeting, instead of a senior HR executive? I would suggest that the situation wasn’t taken seriously enough – no matter what the reality was. The best way to manage this would be a senior city (or corporate) official personally takes charge of the situation to protect the city (or company) and also manage the HR situation.

GMAB, if dude’s boss asks him for the passwords he should immediately provide them. End of story.

If the demand comes from a legitimate administrative superior, I simply give them the passwords. If they are interested, I will even show them or their designate how to use the passwords. They own their system. They have the right to run it or ruin it as they see fit. If I feel it is necessary, I always have the right to walk away to protect my reputation.

I demand this right for myself as well as granting it to others. I do not grant alarm or telephone installers the right to keep the master passwords their secret if I bought the system. I expect this right for every device in every case from automobiles to cell phones. If I own it I have a right to total control contingent upon my accepting total responsibility.

This same judgment should provide the passwords to every locked cell phone in this country so that the owner of the cell phone may unlock it and use it with whatever carrier he so desires.

Terry Childs’s game was all about holding the city hostage. If he was concerned about the audience then he could have stated that and ask for an envelope to put the passwords into and sealed it. On his first day in jail he could have stated that he would only give it to a qualified co-worker. But no, he had to wait 5 days and then would only give it to the Mayor of San Francisco. Mayor Newsom is a great guy but I suspect he is not qualified to run the city’s network infrastructure.

The “best practices” is a load of dung. Is it a best practice not to give anyone else the passwords to you network infrastructure? What if you got hit by a beer truck? Is it a best practice to not store some basic router configuration in the router’s non-volatile memory? Something thing would allow critical traffic to continue flowing? Is it a best practice to hide from all other employees the server used to download the current router configurations from? Remember it was not just the bosses he kept the information from, but *all* other employees. San Francisco would have been in a world of trouble if he had suddenly keeled over dead. If you are going to try the “best practices” argument then you have to follow a majority of them, not just the ones that you liked.

I find the industry coming to his defense disgusting. He broke the law. He put the City of San Francisco’s network infrastructure in peril. He then grandstanded for over a week (a month maybe?) before he would release the password to a person that had no real relationship to the network other than being the mayor.

I say throw the book at him.

He was requested, by his supervisor, to provide the passwords. He did not.
I don’t care about the rest. It was insubordination.

A simple daily T/FTP of the running and startup configs from each device could be collected and he could monitor any changes, and if necessary, undo the damage. If they lock you out, then you get to go back to the supervisor and have a valid complaint, and a reason for resetting the rest of the passwords.

Story stated that he blocked access to certain parts of the network. If this was as a result of a documented procedure for routine password changes, then he was following best practices, otherwise there appears to be intent to block data knowing that users would be unable to access it. When he as asked for the passwords, the question becomes who asked for them? Someone over his head… manager? It also becomes what passwords did they ask for? If, as a user, an admin changed my password I would expect them to provide me with my new password as soon as reasonably possible. So, if the people asking for the passwords were entitled to have them then he should have provided them, in a secure fashion, as soon as he could. However, without all the facts, what we have been told sounds like this was an intentional attempt to keep users out of the system which seems to fit the definition of hostage, (blackmail, etc.) so I’d be leaning strongly towards guilty. Somewhere along the chain of command he had to have a supervisor and if this person asked for this information and was also not provided it, then definitely guilty.

Net Admin? The guy was a CCIE.
Secure Network? Cisco couldn’t get in when they were asked.
Terry Gave the passwords to the mayor get them in (after stewing in jail for a while).

There is a whole lot more to the story. Terry wasn’t very well liked, the perception was that he was a jerk, and worked for non-techies. An enviornment just waiting for a tabloid story like this. Who knows what all of the facts are? With a little digging I found these three nuggets.

Need more data…

There may very well be more to this story than whats stated on the surface. I would say that he was doing one of the tasks that his position calls for, and that is to protect the network. Let’s consider the suroundings. He is called into a room full of people, there is a conference call to who knows who, and he recognizes people at the meeting that don’t have the proper clearance for the information that he is requested to give. The initial thought that would come to my mind would be “what is this all about?, “who else is on this conference call”, “why are people here without the proper clearance for this information?”, etc.

If he had released the passwords at that time, within a short period of time the entire system would have most likely required a complete rebuild, as you would have people accessing sensitive information that wouldn’t have any connection to the system.

I believe that the proper thing to do would be for the person that he reports to to call him in the office for that information. Then let the responsibility of releasing that information fall on their head.

I find it amazing how quick people are to judging.

Remember the riddle, man walks into bar, bartender holds a gun to his head and the man thanks the bartender and leaves. In this riddle the whole idea that the man had hiccups is left out and for you to figure out, but in a story like this there is no-one to fill in the untold segments of the story.

The man was arrested, as dumb as the legal system is sometimes, I’m sure they had some just cause to convict him. We are told he withheld passwords, well in my profession I withhold pass-codes as well and people get really upset about it… but when it comes to the pass-codes I withhold, there has to be a payment arrangement made before I give access. Can they arrest me?… I’d like to see them try.

Just try and call your internet supplier and ask them for your password… good luck… they can change them for you, but usually can not give them to you. And to even get to ask them you need to answer a list of personal questions. And in many instances they can only email the old or new password to the email address it is linked to.

So did this man do something wrong, well obviously because he was convicted, was it for withholding a password?.. probably not completely. We can assume there was fraud involved, but we are not told. So lets just call the question bogus as we need more info.

Maybe a second person should have also known the passwords. If the network admin had been killed in a car accident, how would the city of San Francisco have gotten them?

I believe that Childs was simply a large stick of butter in a frying pan. If you turn up the heat high enough you simply get hot butter, but if you first churn it in a large butter churning device then you will get hot butter milk. Childs is hot butter milk that has been churned in a large butter churning thing! He should sue the city of San Francisco and the American Dairy Association. Of course he could be a communist in which case the chance of even having butter is nominal.

*sigh* There is so much missing information here it is not funny.

Did Terry Childs screw up by the numbers? Yes – no doubt about it. Terry did not cover his butt NEARLY enough. But is it worth jail time? I REALLY doubt it.

Doing a little more digging, and a LOT more reading – there are three major factors that all led up to this, and several apparent errors in the reporting above.

Factor 1: Terry Childs was a very talented and somewhat overworked Network Engineer.
For five years – he had worked, tweaked, and modified systems to make the VERY complex Fibre/WAN backbone of the network hum like a top. He knew the systems like the back of his hand. Unfortunately – he was also pretty much solely responsible 24/7/365 for supporting the systems. Even more – he (and others) thought what he was doing worked out almost to be a technological work of art. (he had applied for patent or copyright on portions of the design).

All professionals know there is a point where adjusting complex systems moves from simple knowledge to art. The smallest – apparently “harmless” -change can bring a delicately balanced system crashing to its knees. The “art” is knowing what “harmless” changes truly are “harmless” – and what the interactions are of the small things that make up the complex system.

Factor 2: People rarely like true geeks – they tend to rub people the wrong way.
In this case – Terry was considered to act a bit superior by some coworkers. Shortly before the password crisis, another tech said unsavory things about him. (Unsubstantiated accusations flew of inappropriate pictures, etc. Note that no charges were filed regarding these accusations) Unfortunately – this set up an atmosphere of distrust – which was exacerbated when Terry found out that the person making the accusations was also theoretically auditing or checking his network – without his knowledge (and – as far as HE could tell – insufficient experience or knowledge to properly check his work).

Factor 3: HUGE HUGE HUGE Problems in policy and procedure – on BOTH sides of the fence.
One – the policy as Terry claimed he knew – was the the master passwords were ONLY to be given to specfic individuals. The people who requested the password were NOT on the list. If that is correct – then Terry was indeed correct in refusing to divulge the passwords.

Other policy and procedure issues pretty much spill from documentation – or lack thereof. Theoretically – the entire network should be documented, backups of key configuration files made, passwords stored sealed in a locked fireproof safe, etc – so that if something happened to Terry – his replacement could theoretically work things out. That is basic “disaster recovery 101″ type stuff – and it is obvious that Terry didn’t DO that.

Am I claiming Terry was innocent? Heck no.

He really, really, REALLY should have known better than to do what he did. And the lack of documentation and backup are totally his responsibility. But I will say that there is a LOT of the way this case was presented to the public and to the courts that is looking more like a smear campaign against Terry than anything else. A lot of basic network common prctices were presented to look malicious. (Oh NO! He has Modems that can connect to the routers! Well duh! How else will he be able to connect in to fix a problem when someone calls him up at 3am on a Sunday morning)

The major error in the article above: as far as I can find – at no time did any employee “lose access” to anything. No systems went down while the passwords in NOT in the city’s possession. In fact – the only outages related with this case occurred AFTER he provided the passwords – when the city had to reset the various VPN passwords after they were revealed publically in court. So in a sense – he was right. Bad things DID happen after he gave them the passwords…

Nor did he have access to any secured data he didn’t have a right and duty to know: he had passwords to the routers – but not the servers themselves. While passwords are “secured data” – as WAN administrator – he has to know the ones required to do his job.

As a note: I am a System Administrator. Written policy for my office is that there is exactly one other person who I am ALLOWED to give any sort of administrative passwords to without a written request detailing who and why, signed by the office VP and the HR manager.

Greg: Except that no government infrastructure was sabotaged.

You have to choose: Do you want a world where people are expected to obey orders without question? or do you want a world where people use their brains and sometimes make mistakes?

From a legal standpoint, the issue is one of property. The City of San Francisco owned the network, not Terry Childs. By denying the City access to their property, Terry was liable at both a civil and criminal level. Simple as that. Any reason which lead Terry not to comply was merely a mental safari into the absurd. Thus the maxim, “mess with the bull, get the horns!”.