I was reading the Computerworld story of today regarding the "not guilty" plea of one Terry Childs, age 43. I am sure you have read or heard about it by now: Childs allegedly changed all the passwords and logins of his employer, the City of San Francisco's Department of Telecommunication Information Services. His alleged actions have jeopardized the entire San Francisco Fibre WAN municipal network, probably because he realized he could. The story says:
Childs allegedly reset administrative passwords to its switches and routers, and refused to divulge them to authorities.
He is charged with four counts of computer tampering and is being held in lieu of $5 million bond.
Good. This is not just some simple corporate network this guy has FUBARed. This is a city network that runs, according to the Computerworld story,
"San Francisco's e-mail system, Web site, 311 customer service call center and the telecommunications infrastructure."
"Computer tampering" is far too kind a charge to deliver to him. If these charges are true, then the man is a terrorist and should be tried and treated as one. He should also, in my opinion, be given the same treatment as one of those slugs at Gitmo. Waterboard him until he divulges the IDs and passwords. Damnit, where is Jack Bauer when you need him?
And also deal decisively with Childs' immediate superiors, who apparently had zero idea that this guy was doing the things he was doing. Someone had to notice he was coming unhinged, and no one apparently spoke up. As a result, and until Cisco and the City can jointly figure out how to put Humpty Dumpty back together again, the City's network is vulnerable to all sorts of shenanigans.
The City should be and is almost certainly asking: What if this guy has accomplises? What if he has buddies who are under orders to throw a few software switches and really make things interesting?
Again, from the Computerworld story:
He had became erratic and then hostile with colleagues after a recent security audit uncovered his activities on the network, according to a source familiar with the situation.
The city is now working with Cisco Systems Inc. to regain access to its network system. If the routers and switches that have been tampered with have to be replaced, the city could easily face a $250,000 bill to replace them.
Some free advice to SF: Pay the money, replace the compromised appliances, and move on. Make full restitution one of the items this slug (I'm sorry, "alleged slug") has to reimburse the City for.
And If there ever was justification for annual computer security audits, this is the cautionary tale to learn from.
Above all: Make an example of him. Throw the book at him and make him serve hard time. Playing with this stuff isn't fun any more, nor is it cute. It can be life-and-death, and at the very least, a huge inconvenience for the residents of the city. For that reason alone, let this alleged dirtbag serve hard time in a hard place.
I recall a former employee -- an arrogant you-know-what, a person who worked in an area of my former agency who dealt with some sensitive and mission-critical information. I began receiving reports from co-workers and customers within the Department that this guy was getting to be almost impossible to stand. He was also beginning to talk about how he could screw up the Department if he really wanted to. By his increasingly defiant and arrogant demeanor, we all began to suspect he intended to pull it off, if for no other reason than to show what a smart guy he was.
I immediately called in my cybersecurity team, along with my server chief and imaging bureau chief. The person in question was going to a conference in Denver, and was slated to leave Florida within days. The team turned the supervisory logs and tables inside-out, looking for any way he could back-door his way into systems that he may have had access to.
We put him on a plane and had someone shadow him at the airport to ensure he got on the plane and it had taken off. The team then executed the plan to completely deny him access to all our systems, all while he was in the air over the Heartland. By the time he landed in Denver, my people had already done their due diligence, checked all tables and logs to ensure all trap doors were shut tight, and then I fired him when he arrived back at work the following week.
Take no chances when confronted with this type of information. Pay attention to your people. Listen to your customers. And act decisively when presented with the possibility that one of your trusted employees is going haywire.