Skip the navigation

After verdict, debate rages in Terry Childs case

April 28, 2010 11:09 AM ET

"I'm actually surprised he was found guilty," said John Pescatore an analyst at research firm Gartner Inc. "The law seemed so vague and full of loopholes that I sort of thought it would be hard to convince a jury he intentionally sabotaged the network versus causing a disruption in a good faith attempt to do his job."

"Maybe it will have some deterrence for any other disgruntled administrators that may want to hold networks or systems hostage," Pescatore added. "But I would have liked to see more attention to the failures in process that allowed one person to hold everything hostage."

Jim Kirby, director of engineering at Dataware Services, an IT services firm in Sioux Falls, S.D., called the verdict "lame" and expressed hope that it would be thrown out by the judge. Kirby said that, based on his understanding of the case, Childs' refusal to hand over the passwords was understandable. "If what I've read is correct, and he simply refused to give out the password over a conference bridge with unauthorized people listening in, then this entire case is a real shame," he said.

However, others -- including numerous posters on Slashdot -- had less sympathy for Childs. "There's no question that what he did was malicious and even criminal," said Richard Gorman, CEO of Vormetric, a vendor of data security products. Childs' refusal to hand over the passwords needlessly caused San Francisco a "tremendous amount" of disruption and expense, Gorman said.

"If your boss demands the password, give it to them," said a commenter identified as "nomadic" on Slashdot. "Send them a letter along with the passwords saying that you are doing it under protest if you want, warn them of the dangers, whatever, but don't be idiotic."

The episode highlights the dangers companies can face when they hand over the "keys to the kingdom" to a single individual as the city of San Francisco appears to have done, Gorman said. It is a situation that is common across the private and public sectors, though not all instances of such insider abuse receive as much publicity.

Dealing with the issue requires companies to ensure that there is a clear separation of duties when it comes to the role of network and systems administrators, he said. Care should always be taken to ensure that one person does not have full access to all network components or have the ability to override all other administrators on a system, Gorman said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan, or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!