backtop

Print E-mail del.icio.us 58 comment(s) - last by afkrotch.. on Jul 17 at 11:27 PM
IT Administrator is in jail on $5 million bond

According to PC World, a network administrator for the city of San Francisco, Terry Childs, was arrested over the weekend and has been charged with four counts tampering with a computer network. The allegations claim Childs set up devices to gain unauthorized access to the system.

San Francisco’s network is a Fibre WAN that connects buildings across the city and is said to carry 60% of the city’s networking traffic. The network runs critical city services including its email, web site, and 311 call centers as well as its telecommunications network.

As of now, city officials say that the network is fully functional, but city employees no longer have administrative access to the network. Ron Vinson, chief administrative officer with the San Francisco Department of Telecommunication Information Services said, “It was a little unnerving to discover that this person had created this fiefdom of access to our network.”

Childs had become increasingly erratic in his behavior and became hostile toward his colleagues in the days before his arrest. After his arrest, Childs gave police false passwords and then refused to give the real passwords.

The compromised network was discovered after a new security chief was hired to oversee the security of the network. After assessing the network, tampering was discovered and the case was escalated to the police department and its forensics team.

The city is said to be working with Cisco to regain administrative access to the network. If repair is not possible, the final solution is to replace the Cisco routers on the network at a cost to the city of $250,000.

Childs is currently being held on a $5 million bond and could face up to 7-years in prison if convicted.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Rouige?
By karielash on 7/16/2008 2:16:52 PM , Rating: 5

You mean Rogue by any chance???? Or did he really wear make up while doing it....




RE: Rouige?
By Pythias on 7/16/2008 2:18:16 PM , Rating: 2
I'll give the author benefit of the doubt. These days, you never know.


RE: Rouige?
By karielash on 7/16/2008 2:20:04 PM , Rating: 1

Yeah, might help if I could spell rouge as well..... but it is San Fran... so who knows.


RE: Rouige?
By napalmjack on 7/16/2008 2:19:24 PM , Rating: 4
It is San Fransico...


RE: Rouige?
By JohnnyCNote on 7/17/2008 4:20:28 PM , Rating: 3
quote:
It is San Fransico...


Last time I checked it was San Francisco . . .


RE: Rouige?
By goku on 7/16/2008 2:19:30 PM , Rating: 5
No, he was a red, meaning that he works for china/russia.


RE: Rouige?
By DASQ on 7/16/2008 2:21:05 PM , Rating: 2
And I assume the title should be $5 million bond (as stated in the article) vs. $45 million.


RE: Rouige?
By Complex Pants on 7/16/2008 2:21:30 PM , Rating: 1
Terry could be a woman's name...or it could just be San Francisco, the city does have a stereotype.


RE: Rouige?
By Clauzii on 7/17/2008 12:58:55 AM , Rating: 2
So is this in any way connected to the Cisco incident, written about on DT some time ago??


RE: Rouige?
By Brandon Hill (blog) on 7/16/2008 2:30:44 PM , Rating: 2
When did the story ever say "Rouige"? I just looked through all the logs and it has said "Rouge" all along.

We may be called out on spelling, but I don't think you can put that one on us ;)


RE: Rouige?
By karielash on 7/16/2008 3:13:10 PM , Rating: 3

Yeah, I corrected myself earlier..... if journalists can make mistakes I see no reason why I can't as well.


RE: Rouige?
By ajdavis on 7/16/2008 11:57:48 PM , Rating: 2
And by journalist you mean blogger.


RE: Rouige?
By Fracture on 7/16/2008 2:40:30 PM , Rating: 2
RE: Rouige?
By Samus on 7/17/2008 1:23:02 AM , Rating: 2
reminds me of that IT crowd episode where Roy shows up to work wearing lipstick...what ever happened to that show?


RE: Rouige?
By abscoder on 7/17/2008 5:01:09 AM , Rating: 2
The creator has stated there will be a 3rd season on Channel 4. Now if only they could do more than 6 episodes a season like the first two, I'd be happy.


Why have to replace the router?
By mkruer on 7/16/2008 2:33:09 PM , Rating: 5
You know it is possible to reset all the routers? sure you will loose the config info, but thats them being dumb for not making backups of the config in the first place. My guess is the IT is looking for an excuse to replace the equipment with something "new" more then something physically stopping them.




RE: Why have to replace the router?
By m1ldslide1 on 7/16/2008 2:41:17 PM , Rating: 2
Yeah that doesn't make any sense. That's typical of news articles about networks however.


By NullSubroutine on 7/17/2008 6:41:16 AM , Rating: 2
Yeah, the CCNA I had a few years back you learn how to recover Cisco routers that passwords have been lost or chagned. It just requires you physically have access to the router.


RE: Why have to replace the router?
By zaxxon on 7/16/2008 2:46:10 PM , Rating: 2
do a google on 'cisco password recovery' and you'll see that it's neither necessary to replace all the routers (although old mother cisco would gladly sell them some new ones) nor to lose the config, as the router just reboots without config and you can get in, but the startup-config ist still on the flash.

those are n


RE: Why have to replace the router?
By Yawgm0th on 7/16/2008 3:04:21 PM , Rating: 2
If the running-config and startup-config are the same and the password is encrypted (as it is, no doubt), then you must either brute force the password, replace the router, or replace the flash. There's no cheap or easy way to do this. If they can't get him to divulge the password, it will not be easy to get out of this. They can certainly copy over config settings, but depending on the specifics of the situation the downtime caused by having to do that could be quite expensive.


RE: Why have to replace the router?
By zaxxon on 7/16/2008 3:11:50 PM , Rating: 3
when you do password recovery, the router ALWAYS boots without ANY config, so the running is empty and the startup is not touched.

enable
copy start run
conf t
enable secret bla

problem solved.

no flash to be replaced, no router do be replaced. no money to be made by over-eager salesmen!

sorry, dude


RE: Why have to replace the router?
By zaxxon on 7/16/2008 3:14:42 PM , Rating: 2
ok, the running is not empty, but just the defaults. so empty of any user-entered-commands (as an enable password...)


RE: Why have to replace the router?
By RobberBaron on 7/16/2008 3:12:12 PM , Rating: 3
From the console you can gain access through a little work. Cisco has stand recovery procedures for lost passwords.

Here is a sample:
http://www.cisco.com/en/US/products/hw/routers/ps2...


By tschwimer on 7/16/2008 9:29:41 PM , Rating: 2
You cannot recover an enable secret password, but you can replace it. It does require some downtime as a reboot of the device is necessary and some work needs to be done in ROMMON.
Other then that it's a simple process requiring only physical access to the device.
RTFM ladies!!


By omnicronx on 7/16/2008 3:39:50 PM , Rating: 2
From the Cisco website:
quote:
You can recover a lost enable password, but an enable secret password is encrypted and is not recoverable.
Maybe the writer of the original article confused the fact that they will have to replace all of the passwords as the password itself is not recoverable (as in they can not recover and use the original password, not that they would want too), but it is definitely replaceable (i.e reboot and overwrite the current config)by following a few simple steps as previous posters have described.


RE: Why have to replace the router?
By Grast on 7/16/2008 4:42:05 PM , Rating: 2
It is called password recovery. They should get on the internet and look it up. Even if the guy changed all of the local passwords and locked out their TACACS or RADIUS authentication system, it would take no more than 10 mins per device to reset the password.

Typical government workers... They have no idea how their technology works...

Later..


RE: Why have to replace the router?
By HrilL on 7/16/2008 8:02:39 PM , Rating: 2
While I do agree it wouldn't be that hard to fix this. I don't think they can handle any network downtime. If the configs are not saved it could take them a few hours to reconfigure the router/switch before it is working again. But really it common to save your configs on your tftp server but then again it is government so they might not be that smart. If anything you rent a replacement router/switch set it up and change the network to use that before reconfiguring the old one. and that would have downtime of only a few minutes and I'm sure they have backup or redundant links and if that is the case you could take one down and get it working on the temp router and then do the other and you would have no down time.


Who has a giant paperclip?
By DM0407 on 7/16/2008 2:35:26 PM , Rating: 2
This really is starting to sound like a South Park episode. Have they tried to communicate with it digitally?




RE: Who has a giant paperclip?
By theslug on 7/16/2008 2:37:10 PM , Rating: 5
They should just head out west. I heard there's still some internet out there.


RE: Who has a giant paperclip?
By FITCamaro on 7/16/2008 2:40:22 PM , Rating: 2
Watch out for those ectoplasmic ghosts though.


RE: Who has a giant paperclip?
By DM0407 on 7/16/2008 2:41:41 PM , Rating: 5
Crap! Viacom just sued me...


RE: Who has a giant paperclip?
By RjBass on 7/16/2008 3:37:42 PM , Rating: 2
LOL, that deserves a 6.


RE: Who has a giant paperclip?
By das mod on 7/16/2008 4:21:49 PM , Rating: 2
i second this


RE: Who has a giant paperclip?
By HrilL on 7/16/2008 8:04:08 PM , Rating: 2
I'll jump on the bandwagon too. I third this!


RE: Who has a giant paperclip?
By Pythias on 7/16/2008 3:29:17 PM , Rating: 2
If San Francisco headed out west, they'd get all wrinkly and un-fabulous. It'll never happen.


RE: Who has a giant paperclip?
By FITCamaro on 7/16/2008 2:39:38 PM , Rating: 2
Attempts to communicate with it via different sound and light combinations have failed.

But its not that the network isn't working. They just don't know the admin password anymore should they need to change anything.


7 years?!?
By Denithor on 7/16/2008 2:45:38 PM , Rating: 5
C'mon, murders & child molesters get out sooner than that.

Gotta love our legal system here. Priorities, right?




RE: 7 years?!?
By FITCamaro on 7/16/2008 3:41:02 PM , Rating: 5
The former should be life, the latter should be shot. Neither should have any chance at breeding though.


RE: 7 years?!?
By threepac3 on 7/16/2008 4:32:57 PM , Rating: 3
Is it still not possible to breed with other men?


RE: 7 years?!?
By daar on 7/17/2008 8:58:35 AM , Rating: 2
Why should child molesters be shot while the actual people who kill get shot? Should be the same either way, unless the child getting molested is a dude, cause at worst that just makes a funny story to be told after a few beers later in life. Hell, in Japan boys get finger poked (kancho) in the anus all (this is not an exaggeration) the time and they end up somewhat normal. Or at least great at making cars...


RE: 7 years?!?
By bodar on 7/17/2008 3:58:58 PM , Rating: 2
I think I speak for everyone in this thread when I say: Wait, what?


RE: 7 years?!?
By afkrotch on 7/17/2008 11:27:40 PM , Rating: 2
Why not let the former, shoot the latter and each other. I'm thinking The Running Man style.


Clear things up for me...
By iiiceaser on 7/16/2008 2:44:52 PM , Rating: 2
So I'm sure these enterprise routers are way different than typical commercial routers. And I'm sure there are a lot of them. But if you're going to replace them all anyway for ($250,000), wouldn't there be another way instead to bring the network down for a specified period of time and physically/manually reset the passwords on these things? Clear the CMOS as it were?

I'm guessing this would take about as long as bringing the network down to switch the old ones out for new ones. Or would the downtime required to physically reset them take longer and/or cost them more than the $250,000 price to just replace them?




RE: Clear things up for me...
By omnicronx on 7/16/2008 3:44:38 PM , Rating: 3
The original reporter is an idiot, all that is needed is for someone to connect directly to each router by serial, and to reset the routers with new passwords and copy over the configs.


RE: Clear things up for me...
By Grast on 7/16/2008 4:46:55 PM , Rating: 2
Omni,

you are right the report is a moron. The bigger morons are the San Francisco's technology department. They had to call Cisco for a locked out password. This is what happens when civil service rules overide regular business hiring practices.

You get morons that are not qualified to operate or design anything. Worst yet....these people are incrediability difficult to fire.

Let be straight here. The only reason the network guy was fired is due to physical hostile behavior. If he had passively just sit their and did nothing except browse the Internet, he would still be an employee.

Later...


RE: Clear things up for me...
By Dephcon on 7/16/2008 10:54:26 PM , Rating: 2
Cisco 101:
no service password-recovery
Once this is set, if you cant access priv mode your not recovering any passwords...ever, moron.


RE: Clear things up for me...
By kake on 7/16/2008 4:49:49 PM , Rating: 3
The article said that they're 'working with Cisco'. That means two things:

1. The new IT head is unsure of himself.

2. Cisco is making money.

Therefore, San Francisco gets new routers, dammit! Everybody wins!


Love the photo BTW
By Pythias on 7/16/2008 2:30:51 PM , Rating: 5
I...I...I would like to have my...my...my red stapler please.




RE: Love the photo BTW
By v3rt1g0 on 7/16/2008 2:42:31 PM , Rating: 5
... set the routers on fire.


It could be worse
By bubba551 on 7/16/2008 4:43:11 PM , Rating: 2
Maybe he used a white.rabbit command to take control of the system. In that case it will be necessary to shut down the entire system, reset the breakers, and then reboot.

(Just don't be the one to volunteer to go outside and reset the breakers.)




RE: It could be worse
By grath on 7/16/2008 8:24:09 PM , Rating: 2
There are better places to steal DNA from than San Francisco...


RE: It could be worse
By bubba551 on 7/16/2008 11:04:59 PM , Rating: 2
Good point.

In fact as an IT systems administrator in the San Francisco lockup, he is probably collecting more DNA samples than he can handle.


RE: It could be worse
By desplanes987 on 7/17/2008 12:24:15 PM , Rating: 2
So, what you're telling me is that some guy named Terry inserted something into San Francisco's network and he won't pull it out ?


Did you get that memo?
By Indianapolis on 7/16/2008 2:34:40 PM , Rating: 2
Maybe he just got tired of filling out TPS reports.




RE: Did you get that memo?
By Pythias on 7/16/2008 2:48:04 PM , Rating: 2
Whats a TPS report? Kidding! *ducks*


Label him a terrorist
By hr824 on 7/16/2008 3:52:04 PM , Rating: 2
And water-board his ass problem solved.




By Clauzii on 7/17/2008 12:31:53 AM , Rating: 2
"... but city employees no longer have administrative access to the network"??

A network has "administrators" to service the "users".

"Sorry, I just tried to..." - and the whole tax-department went down :(




pic
By BF04 on 7/17/2008 7:53:25 AM , Rating: 2
This is interesting and everything but you have to admit. That picture is freaking hilarious!!

hehe




"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments







botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki