Tuesday, July 15, 2008

Putting too much trust in one person

The San Francisco Chronicle has a story by Jaxon Van Derbeken about how a disgruntled programmer has managed to lock San Francisco officials out of major parts of the city's computer system. Apparently he was able to put a non-escrowed password, known only to himself, on the system--as job insurance.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.

Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said.

He was taken into custody Sunday. City officials said late Monday that they had made some headway into cracking his pass codes and regaining access to the system.
It's actually somewhat surprising that this sort of thing doesn't happen more often, given the level of trust that organizations place in sysadmins. A testament to the honesty of the vast majority, I guess.

Labels: , ,


Post a Comment