Computer tech takes down San Francisco city government


A major security failure probably not unique to the public sector
I'd love to say that this would never happen in the private sector, but I would be lying.

After years of study and hard work, they say, he landed a job building a network that handled San Francisco's payroll documents, law enforcement records and other sensitive information. He spent his nights and weekends building a system that he wanted to protect, not tear down, his defenders say.

All well and good, prosecutors counter. But why won't he simply come clean about everything he has done? What about the menacing encounters with bosses at work?

They conclude that Childs went overboard, turning the city's computer system into his own "private network" after lying about his violent past to get his job. They point to his prison stint for aggravated robbery, another arrest for assault and what police recently found - ammunition in his Pittsburg home that he shouldn't have had.

Everyone who has had contact with Childs, however, agrees on two things: He was a master in his field, and he was entrusted, for good or ill, with near-total control of the city computer network.

Here's a lesson I learned long before companies and governments because so dependent on computers. You never rely on just one person for global access. You get at least two, give them slightly different objectives, and then let them watch each other. Whenever you can, break out physical access from system access so extra parts (like modems or hidden cameras) can't be installed by just one person. And never, ever, ever put payroll, email, operations, and legal research on the same servers.

Hat tip Gizmodo (wrapup).

— NeoWayland

Posted: Tue - July 29, 2008 at 12:25 PM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library


Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved