After verdict, debate rages in Terry Childs case
Some insist he was punished for doing his job, others disagree
Computerworld - The guilty verdict in the case of Terry Childs, a former San Francisco city government network administrator who was charged with locking up a key city network for days in 2008, is evoking mixed responses within the industry.
Many agree that the case provides a classic example of what can go wrong when one individual is allowed unfettered authority across an enterprise network and all of the systems within it. But opinion appears to be divided over whether Childs' actions represented intentional sabotage or a good faith -- but misguided -- attempt to do his job.
"I think that it is a sad outcome," said Matt Kesner, chief technology officer at Fenwick and West LLP, a San Francisco-based law firm. "I'm sorry to see that this ended in a criminal conviction. While he was likely misguided, he seems to have thought he was doing his best to protect the IT system," Kesner said.
Childs' conviction is also a cautionary tale, Kesner said: "As we all try to do more with less money and fewer resources, we need to maintain the checks and balances in our IT organizations."
A federal jury in San Francisco on Tuesday found Childs guilty of one felony count of network tampering resulting in damages of more than $200,000. He faces a maximum of five years in prison, though he could get out much sooner for time already served.
Childs, a network administrator in the San Francisco Department of Telecommunications and Information Services (DTIS), was arrested in July 2008 and charged with locking up access to the city's FiberWAN network by resetting administrative passwords to its switches and routers.
Terry Childs found GUILTY of FiberWAN lockout
Childs was also charged with three other felony counts relating to allegations that he had quietly placed three modems on a city network to give himself backdoor access to the network. But those charges were dismissed by a San Francisco magistrate judge last year.
The case attracted widespread attention because Childs initially refused to give city officials the changed network passwords and later gave them incorrect passwords. He finally disclosed the passwords to San Francisco Mayor Gavin Newsom, who made a dramatic jailhouse visit to meet Childs and retrieve the information from him.
Because of Childs' actions, San Francisco lost administrative control of its FiberWan network for more than 10 days and had to spend hundreds of thousands of dollars to fully recover from the disruption. There was also widespread concern among city IT officials about the potential for Childs to use his access to the network to destroy vital data. It was a concern that prompted prosecutors to ask for an unusually steep $5 million bond in a bid to keep him in jail until his trial.
Childs claimed that his actions stemmed from a desire to protect the city's networks. According to court documents, Childs repeatedly refused to hand over administrative passwords to his managers because he was concerned that the passwords would be indiscriminately shared with management and third-party contractors, thereby jeopardizing the security of the network.
Others saw Childs' behavior as nothing more than the actions of a disgruntled network administrator wielding his power to hold the entire city ransom. Much of that difference in opinion was reflected in blogs and analysts' comments in the wake of Tuesday's ruling.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts