Disgruntled SF City Tech Worker Takes Over City's Computer Network
from the those-disgruntled-workers dept
Every few years or so, we see a story about some disgruntled tech worker who has planted some sort of trojan in a computer network that lets him shut down or destroy the network. The latest just happens to be an employee from the city of San Francisco, and the computer system happens to be its new multi-million dollar system. Even though the guy is now sitting in jail, he’s apparently refused to hand over the administrative password needed to regain control over the system. Right now, it appears that he’s been able to lock other top administrators out of the system, and officials are afraid that he’s actually opened up access to someone else (though that might just be fear mongering). As for what’s on the system? “Officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings” among other things. Just a reminder that while insiders may not be the biggest threat to computer networks, they can still be a threat.
Filed Under: admin password, computer threats, disgruntled, hacking, insiders, san francisco
Comments on “Disgruntled SF City Tech Worker Takes Over City's Computer Network”
lulz
Admin rights bitches!!!
I love it… You know how many times my mouse pointer has been over that check box? I’m smart though, and my job isn’t so bad…
Ok, Rule #1 when terminating for cause:
Secure all system and facility access points BEFORE you hand out the pink slip.
Hey, Bob! Guess what? You’re fired. Why don’t you spend a few hours of unsupervised access to our systems and data while you clean out your desk?
Dumb asses
Re: Re:
Great post! Too bad it had absolutely nothing to do with this case. Dumb asses indeed!
That is pure awesome.
if those other system administrators have physical access to the system and can’t get in without an “unlocked” password, they should be fired too.
Re: Re:
Maybe he set the key board to remap its self every min
No shit Mikey
With the current meltdown of the employment market for IT folks no wonder some of them go postal
Say thanks to your politicians approving increased visa quotas for H1B slaves, your corporate CEOs hiring those poor slaves to live their “american dream” (5 of them in a SF 1-bedroom appt) and to your mass-media (like this shitty blog) crying about shortages of qualified tech folks in this country
There was a shortage at one time indeed – 10 years ago
Boy, was it a good time !
Unfortunately good times never last
Stay away from IT folks
Re: No shit Mikey
wtf are you talking about?
Re: No shit Mikey
I get it now. You just ramble on with nothing to say actually about the subject at hand but rather at whatever nonsense your peabrain can dream up and just toss in some vulgarity and nice jingoistic buzzwords to make people think you sound important and in-the-know. And you’re still the only person I know who will repeatedly and continuously read a blog that you call “shitty”. You sound like some overly obsessive stalker who got turned down for a date by Mike or something. What’s next, hiding in his bushes? Err…nah, it’s too easy.
Now, what was that patent you owned again? I’ll promise not to laugh, again, when you attempt to tell us that we wouldn’t understand it when it’s clear we more than understand you, your internal workings and pretty much anything you could possibly dream up since it’s very obvious that you can’t come up with anything beyond simple vulgarity and trollish behavior.
Re: No shit Mikey
I’m in IT, software development specifically, and things are great. Maybe you should spend some more time succeeding and less time complaining? There is nothing here for you to complain about. This is a news story, which is amusing to IT people. Move along.
Re: Re: No shit Mikey
Oh! That’s what you do for work? I assumed you were a professional Blog/Forum Poster AKA Internet Hero of nonsense.
Your employer must be amazed when they actually get work out of you.
Please provide us with some more of your witty insight, it’s almost dinner time and the nausea I experience from your posts is sure to curb my appetite. Whooo-hooo weight loss and bulimia here I come.
Re: Re: Re: No shit Mikey
um, that wasn’t angry dude you just replied to
Re: Re: Re: No shit Mikey
Um, you do realize that Anonymous Coward isn’t just one person, don’t you?
Re: Re: No shit Mikey
“I’m in IT, software development specifically, and things are great.”
???????????????
And I have a bridge for sale in Brooklyn
Re: Re: No shit Mikey
Yeah, well, you are obviously more cushioned than the rest of the IT in America…
Who have been replaced by idiots who generally cannot understand what I say, or read thier script in understandable English.
secure access
if they have direct access to the system and can not regain admin control, change those admins :))
Dennis Nedry lives!!!
Dennis Nedry – Jurrasic Park? Still no bell? Definately not a geek then
Read this earlier today
While I respect this man out of admiration I can’t condone what he did. At some point in time IT folks need to realize that we control a very important aspect of most businesses these days; to be immature and do something like this just gives a bad reputation to the rest of us.
Re: Read this earlier today
I must concede it took a certain amount of technical skill to pull something like this off, which makes me wonder how he ended up being reprimanded for ‘poor performance’, as the article claims; I can’t believe that setting this up was less effort than just doing his job to a reasonable standard. I suppose we should be glad this was the worst thing he did, really; reading between the lines of the article, I suspect he may not be entirely right in the head.
Admire this guy? Are you nuts. Thats the same as admiring a disgruntled soldier goign on a shooting spree. What he did was wrong and should not be condoned. Now please. Throw away the Copies of War Games, Sneakers and Hackers and come back to reality. Do not hack the World.
Re: Re:
Wait, what? Since when is locking someone out of their system the same as murdering someone? You need to calm down and think about that for a moment. If anything, this is more like a building manager being fired and taking all the keys with him. At this point, that’s the level of maliciousness.
Re: Re: Re:
Damaging corporate interests is often considered worse than murder and often results in longer prison sentences than murder (unless that murder was of a corporate enforcer, a.k.a. a “cop”, then the penalty is death).
Re: Do not hack the World.
lol
that is the best quote of this whole thread. there should be street signs on every corner with that on it.
I give up. The login is: admin/password 🙂
Im calm my friend. It’s just an anaolgy to somebody abusing the power they have. Its wrong and if you dont think so then your as bad as he is. Did you ever stop to think that that person may be deserving to be fired and from wha he consequently did, they are right. he did deserve to loose his job seeing he has such low moral standards.
foot note. you did not condone the action so i retract that part of my post
Re: Re:
foot note. you did not condone the action so i retract that part of my post
No problem. I think it is highly amusing, but also very wrong on many levels. I would view this more as terrorism then I would murder though.
Re: Re: Re:
“terrorism”? Get real. Stop playing the neo-con name game. That is, unless you like that really thick wool sweater.
Laugh my ass off
San Fran. earned this one. With their liberal back-assward policys.
They probably just took him off of tree watch – and he didn’t want to come down. HA!
HIGH larious
I think it is hilarious. How can you not make sure you have control of the system before you fire someone?
Oh and this quote from the article: “City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.” Really? Some headway? It is either cracked or not. LOL
Either way, I think its pretty cool..
He's a trrurist!
Send him to Guantanamo for trrurism!
Okay, what kind of an administrator gets paid 150K per year? I don’t care what you administer, that seems like gross overpay. But regardless of that, because of the fact that the job pays so high, you had better pull your weight or you’ll be out on your hind end. The guy had been “disciplined” for lack of performance, whatever that might mean, so apparently he was not pulling his own weight. And then he pulls a stunt like this? Sounds like a case of a big, spoiled brat. I’m an IT guy, and if you offered to pay me 150K a year (which is not quite 5 times what I make right now), I’d probably clean my boss’s house for him, scrub down all the toilets at work, whatever it took (within reason; I won’t lower any of my moral standards). If I felt like I could not reasonably perform the job duties that a 150K job required, I would resign the position, not just sit there and expect pay that I didn’t earn.
Re: Re:
about 30K a year ?
You don’t work in the bay area as an IT guy with that pay 😀
Re: One thing wrong
He didnt sell the login credentials on ebay
Re: Re:
If I didn’t make at least 150K, I would get out of tech. I usually average about ~250K.
I don’t see his salary as out of line for a senior techie with 10-15 year experience and living in a major metro area.
Re: Re:
What kind of upper-manager gets paid 150K per year? Lots.
It usually means they wanted to downsize without having to pay unemployment compensation so they needed some pretext for firing him.
Lack of access
For those asking why the ‘direct access’ is denied. My idea is that some people with admin-level access (not the actual “Admin” account) are able to get to the system physically, however their accounts were disabled (along with everyone else’s accounts) by that one pissed off guy. Therefore, being at the computer physically does nothing for them. And I’m also guessing that Mr. Angry changed the password to the account actually called “Admin” (or whatever that system uses.)
And, no, I didn’t bother to read all the replies, if this has already been addressed.
Re: Lack of access
Well, most likely there is the overall domain and then there may be sub-domains with their own set of admins. Local admins on the PC have no bearing on the domain. I would also have to say that anyone that has “The Power of Root” (I guess it would be Administrator in WindowsWorld) can do anything they want, when they want; i.e. password expirations, unable to change password, expiring accounts, etc. No one would normally see that coming…
Waterboard him!
Drown him! He’s a witch! Drown him! DROWN HIM!
Until he talks! And then drown him some more! He’s a witch!
He’s a witch! Drown him!
wow can't believe what i'm reading
Politicians and police abuse their power on a daily basis, so maybe you guys should complain about something real and substantial. I’ve done IT admin and i agree they can’t get access they should be fired. But to the rest maybe you all should treat your IT people nicer. It’s a job that is important but no one wants to admit it. We’re just supposed to make your stuff work and you don’t care how. I’m glad i had engineering as a back up career.
proof...
…that cities (and other government bureaucracies) tend to hire the incompetent.
Not the guy who did this, but the other admins who, with physical access to the machines, can’t get in.
So root access is disabled – these machines only have one drive? No reset on the network?
Any halfway competent admin could get into a machine in less than 10 minutes, given physical access.
Re: proof...
CHances are none of the other admins want to give away their own personal back doors into the system, either that or this other guy closed them off
There’s a Linux distro which can map NTFS drives and reset the admin password to blank. Why is this not being used here, or am I off-base?
Re: Re:
What makes you think NTFS is even involved? You know, PC’s running Windows are not the only kind of computers in the world.
Re: Re: Re:
The City of San Fran is very likely using Windoze PCs and servers…
Re: Re: Re: Re:
The City of San Francisco very likely also owns other types of computers.
Re: Re: Re:2 Re:
Actually, a Fibre/Wan administrator works with the routers, the systems are irrelevant. But you are correct, in that only a retarded city would rely on Microsoft servers.
Re: Re: Re:3 Re:
No, FiberWans have their own embedded systems which are very relevant. In this case the routers are Cisco systems running Cisco IOS operating systems and Cisco switches, among others. Only a retard would thing that such equipment is running Windows and using NTFS.
Hmmmm?
The other “admins” must be windows guys:)
RE: Lack of access
If they have physical access to the servers, this is a no kidding 10 minute fix. You don’t need ‘admin’ or ‘root’ privileges to fix it. I cannot believe for one minute that the other admins don’t know this. If they don’t, then, seriously, they have no business being admins.
I think all the other admins have banded together to make the city sweat for a while. A couple of days from now, they’ll come up with an “unconventional solution” and look like heroes. Then they’ll be asking for their own raises without getting arrested 🙂
Actually the more I think about it, I think it’s a conspiracy, they probably set this guy up 😉
Re: RE: Lack of access
Nope on the 10 minute fix (unless YOU have a domain admin password)…
Re: Re: RE: Lack of access
Actually it would be less than 5 min, unless the system in question is a real slow boot. See comment regarding linux bootable cd which can easily hack the SAM on a windows PDC resetting the administrator password.
Seriously??? I mean...REALLY?!?!?!
OMG! They cant use a boot disk and blank the freakin password? I have one. I’ll sell it to them. 😀
Yeah…Either the other admins are playing dumb…or they just plain ARE DUMB.
Hey San Francisco…Pay me…I’ll fix this for you. 🙂
Re: Seriously??? I mean...REALLY?!?!?!
Actually, access to a local admin account (which is what a bootable disk will give you) will not give you access to the AD domain tools. You would be considered an uncredentialed guest using a local account on a PC. And, as far as I have seen, you can’t “blank” a domain password easily, if at all.
Re: Re: Seriously??? I mean...REALLY?!?!?!
You can with physical access to the DC.
Hey San Fran Pay me!!
Re: Re: Seriously??? I mean...REALLY?!?!?!
Actually, you can. There is a linux boot cd that will allow you to hack the SAM on a windows server and reset the administrator account providing you do this on the PDC. If this were relevant at all to the facts of this case.
..A
All Your Shit Is Belong To Us!
Muhahhahahhhaa.. Maybe they should call Micro$oft Technical Support..
San Francisco = pwn3d
Not the best choice for the tech worker
Honestly, does anyone think he’s getting away with something? His ass is going to languish in federal prison for 10-20 for his prank as soons as the SF people realize they can label him a “terrorist”.
In fantasyland, where the consequences for gridlocking a major metropolitan area’s system are getting your account deleted, what he did is funny. IN the real world, where his life is essentially over (since nobody will ever hire him for tech ever again and the next time he sees daylight will be 2028) what he did is stupid.
Re: Not the best choice for the tech worker
Maybe he didn’t do it. So far he’s only been accused but you’ve gone ahead and tried, convicted and sentenced him.
Re: Re: Not the best choice for the tech worker
You guys are obviously not network layer techs. Terry did his JOB. Protect the network, keep the incompetents out. Please google Fibre/Wan administrator and you will understand this isn’t about servers or computers.
'poor performance' in Government Real Life
I work in the functional side of IT in a large government organization (a state funded college), and chances are his review result of ‘poor performance’ had nothing to do with his actual job performance, but about someone he upset (or some perceived ‘wrong’ that he did to someone). If he is competent enough to lock out an entire city’s IT department, he obviously knows what he is doing as a system admin.
He probably spent 30 minutes a day doing what was required to perform his actual job and the other 7.5 hours browsing the internet or playing games, some ‘manager’ who actually has to sit around doing nothing for his full 8 hours got upset and decided that he couldn’t possibly be doing his job if he had so much ‘free’ time.
Or, the manager’s nephew/son/relative just graduated from College with a bachelors in Computer Science and the manager decided that they would be a better System Admin than this individual. Since it is almost impossible to fire a civil servant without documentation showing that they are not performing adequately in their position, the first step in getting rid of people is handing out performance reviews showing ‘poor performance’, even it it’s not true (truth doesn’t matter to government, only the fact that it’s documented) they can then document additional minor issues related to the ‘poor performance’ and eventually build up enough paperwork to actually fire the individual (if the individual doesn’t leave as soon as they are given their review of ‘poor performance’, since they know it is a load of carp and can usually see where things are going).
Yeah I’m a cynical SOB, but I’ve seen enough to know that government doesn’t work like the ‘real world’.
Re: 'poor performance' in Government Real Life
This is almost the first intelligent post I’ve seen here today. As you are probably aware, your systems get their addressing from further up the food chain. Your ability to connect to the routers is managed normally by the NOC in your localization. Above your NOC, is a Central NOC. That central location is probably where Terry spent most of his time. He wasn’t just a local sysadmin, he was a Fibre/Wan administrator, thus probably never even saw most of the local servers. This is why regular lay people should NOT be reporting on Technical stories, as their assumptions help feed the disinformation.
You correct about the inter-policial workings of Government though. Just being protective can be construed as being difficult. Bruise an ego, make an enemy, that’s government.
..a
The Next World Dictator ..
HAAA, HA, HA, HA!!!
The next world dictator will be a Network Administrator!
Bill Wilkins
Melted Metal Web Radio
http://www.meltedmetal.com
Reality stranger than fiction
Strange that he hasn’t yet made any demands. Like let me go and I’ll hand over a working password. Or sooner or later somethings going to go down and you’ll be unable to repair it unless you pay me $$$$$.
If a city is in effect managed from a central location and there are insufficient access controls in place, how easy is it to hijack a whole city? Pretty simple in reality.
Fortunately San Fransisco is not Brussels as portrayed in my fiction novel. Roadworks starts with a similar premise but the IT infrastructure controls all transportation and the city is soon brought to a complete standstill while terrorist have the leasure of demanding whatever they want, in the case of Roadworks it’s humanitarian aid to Africa.
re: Terry Childs
Ok guys it’s obvious most of the posters here have absolutely no idea what a Fibre/Wan administrator does.
The report that he “forgot” the passwords is completely erroneous. The passwords have been reported to have been provided to the police, but the police were unable to login. Any Cisco admin could tell you why the police could not login, but thats another story.
I have read no where except here, that Terry Childs was disgruntled. I have read that he was arrogant, defensive and protective of the network, but this comes as no surprise to network admins that have had to deal with the incompetence of both managers and peers.
Without a doubt, Terry is being railroaded by the city administration for providing a network that even today the city touts is business as usual.
Now, a Fibre/Wan administrator, does NOT run the mail servers, or data servers. They route the network traffic that these systems use. This is very different because it is in a network layer beyond the normal tcp/udp layer of traffic. These are the actual routes the network uses and are configured at the routers.
I have read nowhere that Terry actually locked out a mail server, or data server. I read that he locked out others from tampering with the network.
Some of these comments are blatantly written by people with a lot of opinion, but no real clue. There are NO backup tapes on routers. Terry Childs was the core network admin for at least the last 5 years, and all of the peer departments were aware that certain configuration changes required him to complete personally. Often there are NO personalized usernames on routers. So he wouldn’t have an account you could lock out. Please read a cisco manual before you make such idiotic statements.
I believe this is going to be an uphill battle for Terry to help the judge understand the difference between someones local server, a remote linux box and what a real Fibre/Wan administrator does. Just reading these comments here shows me that all too often people will jump to the wrong conclusion based on bad information rather than doing just a little research themselves. (There was no single system he locked the city administrators out of ..its the core network routers which CAN be reset with trivial ease if you have physical access to them)
Sigh..Adam
Re: re: Terry Childs
We’re just “good citizens” who believe whatever story the “officials” tell us.