This was reported in PC World on Tuesday, July 15…
Report: IT Admin Locks up San Francisco’s Network (PC World)
A network administrator has locked up a multimillion dollar computer system for San Francisco that handles sensitive data and is refusing to give police the password, the San Francisco Chronicle reported Monday.
The employee, 43-year-old Terry Childs, was arrested Sunday. He gave some passwords to police, which did not work, and refused to reveal the real code, the paper reported.
The new FiberWAN (Wide Area Network) handles city payroll files, jail bookings, law enforcement documents and official e-mail for San Francisco. The network is functioning but administrators have little or no access.
Childs, who remains in custody, is accused of improperly tampering with computer systems and causing a denial of service, said Kamala Harris, San Francisco’s district attorney, on Monday afternoon.
“The bail has been set at $5 million, and the exposure in this case if he were convicted on all counts would be seven years in prison,” Harris said.
Harris said it’s unknown why Childs tampered with the system. The Chronicle, however, reported that Childs was disciplined recently for poor performance. Childs worked in the Department of Technology for San Francisco, making close to US$150,000 a year, the paper reported.
City officials told the paper that Childs may have caused millions in damage while also rigging the network so that other third parties could monitor traffic, posing a huge data security risk. He is also alleged to have installed a tracing system to monitor communications related to his personnel case.
(Robert McMillan in San Francisco contributed to this report.)
First of all, it’s amazing in this day and age of technology that an employee could lock down access to a computer system and there is no way for others to get in. Obviously it is possible, as evidenced by this article but what is particularly troubling is they stated that he may have done this due to being disciplined for poor performance. I think it highlights the fact that HR people and departments are shouldering a bigger burden than in the past when employees have such power that can so easily be abused, thus costing a company (or in this case a city and its taxpayers) huge sums of money and lost productivity.
Hopefully it will serve as a reminder, or a wake-up call that if an employee is going to be disciplined, all precautions need to be taken not only to ensure the safety of people but the integrity and accessibility of data. I assume it is just another part of the appraisal and/or reprimanding process that employers are going to have to take into consideration.
Solving a piece of the puzzle…
Matt Lafata, HRchitect
mattlafata
Tiffany Appleby