- How to use electrical outlets and cheap lasers to steal data
- The botnet world is booming
- NTIA seeks volunteers to review broadband applications
- The 10 dumbest mistakes network managers make
- What's driving this university to IPv6? Going green
With costs related to a rogue network administrator's hijacking of the city's network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network.
The device, referred to as a "terminal server" in court documents, appears to be a router that was installed to provide remote access to the city's Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven't been able to log in to the device, however, because they do not have the username and password. In fact, the city's Department of Telecommunications and Information Services (DTIS) isn't even certain where the device is located, court filings state.
The router was discovered on Aug. 28. When investigators attempted to log in to the device, they were greeted with what appears to be a router login prompt and a warning message saying "This system is the personal property of Terry S. Childs," according to a screenshot of the prompt filed by the prosecution.
The disclosure is the latest turn in a bizarre story that has made headlines in San Francisco for the past two months. Childs, a network administrator with DTIS, was arrested July 12 on charges of network tampering after he refused to provide his superiors with administrative access to the city of San Francisco's network, which he had managed for the past five years.
Initially Childs refused to hand over administrative passwords to the city's routers, which had been configured to wipe out all configuration information if they were reset.
After a dramatic jailhouse meeting with San Francisco's mayor one week after his arrest, Childs handed over the data, but DTIS Chief Administrative Officer Ron Vinson said Wednesday that the city now expects to spend more than $1 million to clean up the mess. To date, DTIS has paid out $182,000 to Cisco contractors and $15,000 in overtime costs, he said in an e-mail interview.
The city has also set aside a further $800,000 to address the problem. Vinson did not specify what the additional money was expected to cover, but if the city has to hire network consultants to remap, reconfigure and lock down its network, this would not be an unreasonable estimate. The city has also retained a security consulting firm called Secure DNA to conduct a vulnerability assessment of its network.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (49)
a plant?By unclesmrgol on September 15, 2008, 3:36 pmWe know there are prople running the current IT infrastructure that do not like Mr. Childs. When the device Mr. Childs purportedly installed is finally "located",...
Reply | Read entire comment
What? No DR procedures?By Anonymous on September 15, 2008, 1:06 pmOk, I am not necessarily condoning the work of the "rogue" administrator. However, with San Fran being one of the most notorious earthquake regions in the world,...
Reply | Read entire comment
Yes, it is!By tuomoks on September 15, 2008, 5:34 amIT is in sorry state, no question about that! What happened? Or is it that just incompetent are reading and answering? Where are the rest? Maybe too busy enhancing...
Reply | Read entire comment
The state of security and institutions, corporations, ..By tuomoks on September 15, 2008, 1:09 amFirst, this is not a technical problem, it never is! Yes, you can hide "a device" in network so it is very difficult to see - I have done it many times when catching...
Reply | Read entire comment
There is no ScriptBy Anon on September 15, 2008, 12:12 amHe didn't install a script, it just says he configured the routers to delete the config if reset manually. Common enough. So what is the crime?
Reply | Read entire comment
View all comments