Disgruntled SF City Tech Worker Takes Over City's Computer Network

from the those-disgruntled-workers dept

Every few years or so, we see a story about some disgruntled tech worker who has planted some sort of trojan in a computer network that lets him shut down or destroy the network. The latest just happens to be an employee from the city of San Francisco, and the computer system happens to be its new multi-million dollar system. Even though the guy is now sitting in jail, he’s apparently refused to hand over the administrative password needed to regain control over the system. Right now, it appears that he’s been able to lock other top administrators out of the system, and officials are afraid that he’s actually opened up access to someone else (though that might just be fear mongering). As for what’s on the system? “Officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings” among other things. Just a reminder that while insiders may not be the biggest threat to computer networks, they can still be a threat.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Disgruntled SF City Tech Worker Takes Over City's Computer Network”

Subscribe: RSS Leave a comment
69 Comments
angry dude says:

No shit Mikey

With the current meltdown of the employment market for IT folks no wonder some of them go postal

Say thanks to your politicians approving increased visa quotas for H1B slaves, your corporate CEOs hiring those poor slaves to live their “american dream” (5 of them in a SF 1-bedroom appt) and to your mass-media (like this shitty blog) crying about shortages of qualified tech folks in this country

There was a shortage at one time indeed – 10 years ago
Boy, was it a good time !
Unfortunately good times never last
Stay away from IT folks

ehrichweiss says:

Re: No shit Mikey

I get it now. You just ramble on with nothing to say actually about the subject at hand but rather at whatever nonsense your peabrain can dream up and just toss in some vulgarity and nice jingoistic buzzwords to make people think you sound important and in-the-know. And you’re still the only person I know who will repeatedly and continuously read a blog that you call “shitty”. You sound like some overly obsessive stalker who got turned down for a date by Mike or something. What’s next, hiding in his bushes? Err…nah, it’s too easy.

Now, what was that patent you owned again? I’ll promise not to laugh, again, when you attempt to tell us that we wouldn’t understand it when it’s clear we more than understand you, your internal workings and pretty much anything you could possibly dream up since it’s very obvious that you can’t come up with anything beyond simple vulgarity and trollish behavior.

Anonymous Coward says:

Re: No shit Mikey

With the current meltdown of the employment market for IT folks no wonder some of them go postal

Say thanks to your politicians approving increased visa quotas for H1B slaves, your corporate CEOs hiring those poor slaves to live their “american dream” (5 of them in a SF 1-bedroom appt) and to your mass-media (like this shitty blog) crying about shortages of qualified tech folks in this country

There was a shortage at one time indeed – 10 years ago
Boy, was it a good time !
Unfortunately good times never last
Stay away from IT folks

I’m in IT, software development specifically, and things are great. Maybe you should spend some more time succeeding and less time complaining? There is nothing here for you to complain about. This is a news story, which is amusing to IT people. Move along.

Any Cow says:

Re: Re: No shit Mikey

Oh! That’s what you do for work? I assumed you were a professional Blog/Forum Poster AKA Internet Hero of nonsense.

Your employer must be amazed when they actually get work out of you.

Please provide us with some more of your witty insight, it’s almost dinner time and the nausea I experience from your posts is sure to curb my appetite. Whooo-hooo weight loss and bulimia here I come.

Jake says:

Re: Read this earlier today

I must concede it took a certain amount of technical skill to pull something like this off, which makes me wonder how he ended up being reprimanded for ‘poor performance’, as the article claims; I can’t believe that setting this up was less effort than just doing his job to a reasonable standard. I suppose we should be glad this was the worst thing he did, really; reading between the lines of the article, I suspect he may not be entirely right in the head.

Anonymous Coward says:

Re: Re:

Admire this guy? Are you nuts. Thats the same as admiring a disgruntled soldier goign on a shooting spree. What he did was wrong and should not be condoned. Now please. Throw away the Copies of War Games, Sneakers and Hackers and come back to reality. Do not hack the World.

Wait, what? Since when is locking someone out of their system the same as murdering someone? You need to calm down and think about that for a moment. If anything, this is more like a building manager being fired and taking all the keys with him. At this point, that’s the level of maliciousness.

Anonymous Coward says:

Re: Re: Re:

Wait, what? Since when is locking someone out of their system the same as murdering someone?

Damaging corporate interests is often considered worse than murder and often results in longer prison sentences than murder (unless that murder was of a corporate enforcer, a.k.a. a “cop”, then the penalty is death).

Seatec says:

Im calm my friend. It’s just an anaolgy to somebody abusing the power they have. Its wrong and if you dont think so then your as bad as he is. Did you ever stop to think that that person may be deserving to be fired and from wha he consequently did, they are right. he did deserve to loose his job seeing he has such low moral standards.

Anonymous Coward says:

Okay, what kind of an administrator gets paid 150K per year? I don’t care what you administer, that seems like gross overpay. But regardless of that, because of the fact that the job pays so high, you had better pull your weight or you’ll be out on your hind end. The guy had been “disciplined” for lack of performance, whatever that might mean, so apparently he was not pulling his own weight. And then he pulls a stunt like this? Sounds like a case of a big, spoiled brat. I’m an IT guy, and if you offered to pay me 150K a year (which is not quite 5 times what I make right now), I’d probably clean my boss’s house for him, scrub down all the toilets at work, whatever it took (within reason; I won’t lower any of my moral standards). If I felt like I could not reasonably perform the job duties that a 150K job required, I would resign the position, not just sit there and expect pay that I didn’t earn.

Anonymous Coward says:

Re: Re:

Okay, what kind of an administrator gets paid 150K per year?

What kind of upper-manager gets paid 150K per year? Lots.

The guy had been “disciplined” for lack of performance, whatever that might mean…

It usually means they wanted to downsize without having to pay unemployment compensation so they needed some pretext for firing him.

Nerd says:

Lack of access

For those asking why the ‘direct access’ is denied. My idea is that some people with admin-level access (not the actual “Admin” account) are able to get to the system physically, however their accounts were disabled (along with everyone else’s accounts) by that one pissed off guy. Therefore, being at the computer physically does nothing for them. And I’m also guessing that Mr. Angry changed the password to the account actually called “Admin” (or whatever that system uses.)

And, no, I didn’t bother to read all the replies, if this has already been addressed.

DekeTheGeek says:

Re: Lack of access

Well, most likely there is the overall domain and then there may be sub-domains with their own set of admins. Local admins on the PC have no bearing on the domain. I would also have to say that anyone that has “The Power of Root” (I guess it would be Administrator in WindowsWorld) can do anything they want, when they want; i.e. password expirations, unable to change password, expiring accounts, etc. No one would normally see that coming…

Wayne from BC says:

wow can't believe what i'm reading

Politicians and police abuse their power on a daily basis, so maybe you guys should complain about something real and substantial. I’ve done IT admin and i agree they can’t get access they should be fired. But to the rest maybe you all should treat your IT people nicer. It’s a job that is important but no one wants to admit it. We’re just supposed to make your stuff work and you don’t care how. I’m glad i had engineering as a back up career.

Tony (user link) says:

proof...

…that cities (and other government bureaucracies) tend to hire the incompetent.

Not the guy who did this, but the other admins who, with physical access to the machines, can’t get in.

So root access is disabled – these machines only have one drive? No reset on the network?

Any halfway competent admin could get into a machine in less than 10 minutes, given physical access.

Anonymous Coward says:

Re: Re: Re:3 Re:

Actually, a Fibre/Wan administrator works with the routers, the systems are irrelevant.

No, FiberWans have their own embedded systems which are very relevant. In this case the routers are Cisco systems running Cisco IOS operating systems and Cisco switches, among others. Only a retard would thing that such equipment is running Windows and using NTFS.

itchyfish says:

RE: Lack of access

If they have physical access to the servers, this is a no kidding 10 minute fix. You don’t need ‘admin’ or ‘root’ privileges to fix it. I cannot believe for one minute that the other admins don’t know this. If they don’t, then, seriously, they have no business being admins.

I think all the other admins have banded together to make the city sweat for a while. A couple of days from now, they’ll come up with an “unconventional solution” and look like heroes. Then they’ll be asking for their own raises without getting arrested ๐Ÿ™‚

Actually the more I think about it, I think it’s a conspiracy, they probably set this guy up ๐Ÿ˜‰

DekeTheGeek says:

Re: Seriously??? I mean...REALLY?!?!?!

Actually, access to a local admin account (which is what a bootable disk will give you) will not give you access to the AD domain tools. You would be considered an uncredentialed guest using a local account on a PC. And, as far as I have seen, you can’t “blank” a domain password easily, if at all.

John says:

Not the best choice for the tech worker

Honestly, does anyone think he’s getting away with something? His ass is going to languish in federal prison for 10-20 for his prank as soons as the SF people realize they can label him a “terrorist”.

In fantasyland, where the consequences for gridlocking a major metropolitan area’s system are getting your account deleted, what he did is funny. IN the real world, where his life is essentially over (since nobody will ever hire him for tech ever again and the next time he sees daylight will be 2028) what he did is stupid.

anymouse government worker says:

'poor performance' in Government Real Life

I work in the functional side of IT in a large government organization (a state funded college), and chances are his review result of ‘poor performance’ had nothing to do with his actual job performance, but about someone he upset (or some perceived ‘wrong’ that he did to someone). If he is competent enough to lock out an entire city’s IT department, he obviously knows what he is doing as a system admin.

He probably spent 30 minutes a day doing what was required to perform his actual job and the other 7.5 hours browsing the internet or playing games, some ‘manager’ who actually has to sit around doing nothing for his full 8 hours got upset and decided that he couldn’t possibly be doing his job if he had so much ‘free’ time.

Or, the manager’s nephew/son/relative just graduated from College with a bachelors in Computer Science and the manager decided that they would be a better System Admin than this individual. Since it is almost impossible to fire a civil servant without documentation showing that they are not performing adequately in their position, the first step in getting rid of people is handing out performance reviews showing ‘poor performance’, even it it’s not true (truth doesn’t matter to government, only the fact that it’s documented) they can then document additional minor issues related to the ‘poor performance’ and eventually build up enough paperwork to actually fire the individual (if the individual doesn’t leave as soon as they are given their review of ‘poor performance’, since they know it is a load of carp and can usually see where things are going).

Yeah I’m a cynical SOB, but I’ve seen enough to know that government doesn’t work like the ‘real world’.

Adam says:

Re: 'poor performance' in Government Real Life

This is almost the first intelligent post I’ve seen here today. As you are probably aware, your systems get their addressing from further up the food chain. Your ability to connect to the routers is managed normally by the NOC in your localization. Above your NOC, is a Central NOC. That central location is probably where Terry spent most of his time. He wasn’t just a local sysadmin, he was a Fibre/Wan administrator, thus probably never even saw most of the local servers. This is why regular lay people should NOT be reporting on Technical stories, as their assumptions help feed the disinformation.

You correct about the inter-policial workings of Government though. Just being protective can be construed as being difficult. Bruise an ego, make an enemy, that’s government.
..a

Gerard Readett (user link) says:

Reality stranger than fiction

Strange that he hasn’t yet made any demands. Like let me go and I’ll hand over a working password. Or sooner or later somethings going to go down and you’ll be unable to repair it unless you pay me $$$$$.
If a city is in effect managed from a central location and there are insufficient access controls in place, how easy is it to hijack a whole city? Pretty simple in reality.
Fortunately San Fransisco is not Brussels as portrayed in my fiction novel. Roadworks starts with a similar premise but the IT infrastructure controls all transportation and the city is soon brought to a complete standstill while terrorist have the leasure of demanding whatever they want, in the case of Roadworks it’s humanitarian aid to Africa.

Adam says:

re: Terry Childs

Ok guys it’s obvious most of the posters here have absolutely no idea what a Fibre/Wan administrator does.

The report that he “forgot” the passwords is completely erroneous. The passwords have been reported to have been provided to the police, but the police were unable to login. Any Cisco admin could tell you why the police could not login, but thats another story.

I have read no where except here, that Terry Childs was disgruntled. I have read that he was arrogant, defensive and protective of the network, but this comes as no surprise to network admins that have had to deal with the incompetence of both managers and peers.

Without a doubt, Terry is being railroaded by the city administration for providing a network that even today the city touts is business as usual.

Now, a Fibre/Wan administrator, does NOT run the mail servers, or data servers. They route the network traffic that these systems use. This is very different because it is in a network layer beyond the normal tcp/udp layer of traffic. These are the actual routes the network uses and are configured at the routers.
I have read nowhere that Terry actually locked out a mail server, or data server. I read that he locked out others from tampering with the network.

Some of these comments are blatantly written by people with a lot of opinion, but no real clue. There are NO backup tapes on routers. Terry Childs was the core network admin for at least the last 5 years, and all of the peer departments were aware that certain configuration changes required him to complete personally. Often there are NO personalized usernames on routers. So he wouldn’t have an account you could lock out. Please read a cisco manual before you make such idiotic statements.

I believe this is going to be an uphill battle for Terry to help the judge understand the difference between someones local server, a remote linux box and what a real Fibre/Wan administrator does. Just reading these comments here shows me that all too often people will jump to the wrong conclusion based on bad information rather than doing just a little research themselves. (There was no single system he locked the city administrators out of ..its the core network routers which CAN be reset with trivial ease if you have physical access to them)

Sigh..Adam

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...