Officials in San Francisco charge that one of their own employees gave himself exclusive access to key switches on the city’s computer network.
It sounds like a plot from Hollywood: A team of techies is busily trying to crack passwords to get access to parts of San Francisco’s computer network. They are doing so at the direction of city officials, who have discovered that they are locked out of parts of their new multimillion-dollar system.
But for the City by the Bay, it’s a story line they didn’t see coming.
Local officials charge that one of their own employees, a network administrator named Terry Childs, gave himself exclusive access to key switches on the network. After they discovered the problem, Mr. Childs was interrogated by the police, but unlike the disgruntled programmers in the movie “Office Space,” he apparently hasn’t been fazed by the threat of prison. Authorities say he first gave police bogus passwords and now sits in jail refusing to divulge his abracadabras.
Childs pleaded not guilty last Thursday to four felony counts of computer network tampering. His lawyer declared it all a big misunderstanding and called the $5 million bail inappropriate. But San Francisco officials aren’t sure what Childs has done behind password locks, and they worry he might have created back channels into city data.
So-called “malicious insiders” are surprisingly common, and they tend to be more harmful – and difficult to thwart – than outside hackers, say experts. Despite the threat, one recent study found that organizations are growing more lax in guarding against them.
“Most of the security solutions [deployed] are outward facing, focusing on the moat and the turrets, not determining if the threat can come from inside” the castle walls, says Tom Kellermann, a computer security expert formerly with the World Bank Treasury and now with Core Security Technologies in Boston.