December 3, 2008 By Hilton Collins
Nothing gets people talking like a good story and in July 2008, headlines and blogs were abuzz with the news that Terry Childs, a network engineer in San Francisco's city-county government, was arrested for seizing control of the fiber network, locking out co-workers and denying officials the passwords to get back in. Mayor Gavin Newsom had to visit the jailhouse to obtain the passwords from Childs in a secret meeting that even the district attorney knew nothing about.
The press reported the story with enough drama to pique readers' interest. In a July 14 article, the San Francisco Chronicle referred to Childs as a "disgruntled city computer engineer" who received a bad performance review. The Washington Post published on Aug. 11 said he "hijacked the system" under the user name "Maggot617" and that police found diagrams of San Francisco's network, $10,000 cash and bullets at Childs' home.
No conviction has been made, but Childs' motives are on many minds. Most can only speculate at this point, but IT managers might do well to ponder why an employee would do this. After all, it happened in one government agency, what's to stop it from happening elsewhere?
Some speculated that Childs became too possessive of his work, though that's not easy to prove or verify. In a July 18 InfoWorld article, Senior Contributing Writer Paul Venezia wrote that "Childs apparently trusted no one but himself with the details of the network" and that administrators who build and maintain large networks often "care for them like children." But if Childs felt that way, that reason would ultimately have been no excuse, said Ron Vinson, chief administrative officer and deputy director of San Francisco's Department of Technology.
"[That] network does not belong to Terry Childs. It belongs to the city and county of San Francisco, and that's the major point there," he said.
How It All Began
In July, Childs was charged with felony counts of computer tampering. The network he hijacked was San Francisco's FiberWAN (wide area network) that handles payroll, e-mail, and law enforcement and jail documentation. Childs was one of five people who worked on the network.
"On July 9, in a process to complete our change control and change management system, I requested of Mr. Childs the user [identifications] and passwords for several devices on the FiberWAN network," said Chief Operations Officer Richard Robinson. Childs refused to comply. The devices in question were different types of network routers and switches.
According to Vinson, the department had already been implementing network security protocols, and when other network employees observed actions that weren't best practices, it led to Childs' questioning. Vinson said San Francisco paid at least $182,000 to Cisco and other contractors to help remedy the problem.
Childs made unauthorized and undocumented changes to the network, Robinson said. "The rest of the network engineering staff would not have the ability to continue to do any change control, any change management or any continued rollout of the FiberWAN," he said. "That being the case, it became a criminal issue because he was denying us administrative access to equipment that the city owned."
Robinson contacted the police department, and the officers also asked Childs to provide the passwords, but he still refused. According to the Chronicle, he gave authorities bogus passwords at one point. He was arrested three days later on July 12, Robinson recalled. The Department of Technology started working with Cisco, its network vendor, to handle the network as well as possible in the meantime. Once Childs gave the mayor the codes on July 21, network engineers regained control. But even now, Robinson and his team are still trying to determine the extent of the changes Childs made.
"We have found that Mr. Childs had put other devices, unknown to management or other network engineers,
You may use or reference this story with attribution and a link to