back to article San Francisco's rogue BOFH is guilty

Terry Childs - the sysadmin who refused to hand back passwords to San Francisco's network - has been found guilty of computer tampering. Although guilty of a felony Childs could be released quite soon - he's been in custody for almost two years awaiting trial. One juror told the San Francisco Chronicle: "We had a lot of …

COMMENTS

This topic is closed for new posts.
  1. The Original Ash

    Slashdot

    There's a juror from the case (5 whole months of it!) on Slashdot, commenting on his thoughts and insight. Very interesting stuff.

    After hearing what he's had to say, I'm inclined to think that Mr Childs deserved this verdict.

    1. Anonymous Coward
      Anonymous Coward

      Hold on

      I thought jurors couldn't write about what goes on in court?

      1. Jad
        Thumb Down

        RE: Hold on

        American jurors can, and often do ... some juries make a lot of money for big trials from film right.

        It's only in England that anonymity is granted and almost forced upon jurors with everything said inside the jury room kept as a state secret :)

      2. Alan W. Rateliff, II
        Paris Hilton

        Jurors discussing cases

        Once the case is decided, as far as I know, unless there is an official order against it, jurors are free to discuss the case with anyone. Although this information comes from people directly involved with court proceedings, I welcome someone to correct me if I am misinformed.

        Paris, once done, she talks and talks and talks.

      3. Marcus Aurelius
        Boffin

        Talking to the press

        In the UK, you aren't allowed to whilst in the US things are different....

      4. Pablo

        It's unusual...

        But once the trial is over they are free to talk about it. In this case I'm a little surprised since the sentencing hasn't happened yet, but I would hope the juror in question had enough sense to check with a lawyer/judge first about exactly when their obligation to keep quite ended.

      5. I didn't do IT.
        Boffin

        Juror writing...

        Jurors cannot publish or disseminate any information about trial proceedings or jury deliberations while the trial is ongoing. Jurors are allowed to compile notes during the trial, but they are also supposed to make these notes in the binders or notebooks provided to them by the Court for that purpose. They are not allowed to take these notes from the deliberation room during or after the trial.

        However, there is nothing that prevents the jurors from talking about the proceedings or deliberations after the trial is concluded and the Judge has dismissed the jury unless the trial was for some reason Sealed (minor, national security, etc). It has also been known that jurors might write daily details and highlights during personal time if the jury is sequestered during the trial.

        There are many, many books out there from jurors regaling us with tales during high-profile trials (OJ, anyone?). Nothing against any red-blooded American making a buck off the misery of others, eh?

      6. davenewman
        Paris Hilton

        Only in the USA

        They can talk about their experiences in the USA - it is illegal in all parts of the UK.

      7. steward
        Boffin

        They can't post during the trial

        They can post -afterwards-, unless (as happens rarely) a gag order is issued.

  2. abigsmurf

    Creepy

    Why are jurors allowed to come out and talk about trials like that?

    Surely the prospect of jurors hoping for juicy interviews when a trial ends could interfere with justice.

    1. Chris007

      IANAL

      but I think that Jurors in the UK are covered by contempt of court if they talk about cases following it's conclusion

    2. Anonymous Coward
      Thumb Up

      Afterwards OK

      I don't think they are permitted to talk about a case during the trial.

      However, I don't know why they wouldn't be allowed to talk about it afterwards, unless there were some aspects of the case that are closed to the public such as if a minor's identity was protected by the court.

      >Surely the prospect of jurors hoping for juicy interviews when a trial ends could interfere with justice.

      What kind of interference did you have in mind?

      In some ways I think it is informative to get commentary after the fact from a juror particularly if it helps to explain why they came to the conclusion that they did. They don't usually get that opportunity in the court.

      1. Marcus Aurelius
        Stop

        The UK is very different...

        You aren't allowed to discuss jury proceedings - ever (the only exception is if you believe the jury has been unlawfully manipulated, and even then you are expected to report it to the authorities and not the press).

        The Ministry of Justice site is very clear on that point.

        With the US, freedom of speech overrides such restrictions.

  3. Tom Kelsall
    Thumb Down

    See notes...

    A juror in any court case in the UK would be sent to jail for less than this; it is simply forbidden to discuss what you have heard of the case and what occurs during Jury deliberations from the moment it occurs until your death. The Jury's decision is necessarily secret simply because of the prejudice to the fairness of the outcome any release of information causes and the dangers to yourself of identifying yourself as a Juror.

    In many trials in the UK, once Jury deliberations begin, the jury are isolated from contact with the outside world to prevent any influences over their decision.

  4. The Vociferous Time Waster

    Oh well

    You can't embarrass that many city officials and not expect to be found guilty.

  5. Mike Bird 1
    FAIL

    Breakign the Law is still ..

    As an employee your duty is to follow the law and to do what you are told by your manager. If there is a conflict then advise HR or your COMPLIANCE person or seek guidance from the in house Lawyer (or if you're really worried from a personal lawyer).

    Your job is NOT to second guess your employer's technical ability about if they can be trusted with the systems.

    The "Oh I can't trust them not to muck it up" excuse doesn't wash with me.

    Childs should have turned over the passwords, written a formal resignation letter and/or send in an dated/witnessed letter to the Mayor if he was that concerned.

    1. Anonymous Coward
      FAIL

      Re: Breakign the Law is still

      "Your job is NOT to second guess your employer's technical ability about if they can be trusted with the systems."

      I agree entirely.

      You get fired? Tough doo doo. Hand over your passwords (along with any company property you may have) or face your jail time like a man. Those are the only 2 choices.

      That people here seem to seriously believe there is a third choice, "do whatever the hell you like", just goes to show why many companies no longer trust IT people or treat them right.

      And don't go on about "security", being able to hold people to ransom is the very opposite of a secure system.

  6. Efros

    It's America

    Following a trial Jurors can say what they like about the case.

  7. Don Casey
    Coat

    Been there, heard that

    Having spent a day on jury duty recently, I can confirm the rules are:

    1) No talking about a trial while it is going on

    2) After the verdict is delivered, fair game

    Fortunately as a consulant who doesn't get paid if I'm not working, I didn't get picked for an actual trial so I'll just take my coat and head back to work.

  8. Kwac

    Jury room

    IANAL, but I understand that its OK to discuss the trial when its over, but not what was said in the jury room, how decisions were reached,etc.

  9. Random_Walk

    Damn...

    I wonder what would have happened if he responded with: "sorry, I forgot what the password was {insert some BS excuse for forgetting it here}..." or similar. Or, he could have just said "Go away - I don't work for you anymore".

    If the entity asking were a private employer, the worst they can do is sue. Apparently, if it's a local government, they can jail your ass.

    I'm thinking that Childs probably pushed it a bit too far, though. You simply do not tease a government entity, especially a local one. They tend to get way too vindictive about things...

  10. Winters
    Grenade

    BOFH? Pshaw!

    I hardly think that an angry engineer who threw his bottle out of the pram and proceeded to change some passwords, is in any way deserving of the lofty title of BOFH. In fact, I am shocked that El Reg would even consider giving this MSCE-esq fellow such a title, let alone post it as front-page news!

    Furthermore, who at the Requarters(did you like that?) decides who is and who is not a BOFH? Are they qualified for such a role? I propose an investigation and publication of said individual(s) deeds and qualifications.

    Yours Sincerely,

    Disillusioned

    1. unitron

      Re: Requarters

      "Furthermore, who at the Requarters..."

      Shouldn't that be "RegQuarters?

      Or would that likely be mistaken to mean regimental headquarters?

  11. Marty McFly Silver badge

    Jurors...

    ...are free individuals. Unless a judge puts a gag order on the case, they are free to do whatever they want.

    Most jurors do not go public though. Once they choose that path, their personal anonymity is lost. A vengeful felon could decide to go after them.

    As for as the BOFH... I see his point. But he also failed at a fundamental security tenant as well. There should have been a trusted individual (read: supervisor) who also had the passwords. This protects the infrastructure from unplanned loss of the BOFH (think unexpected demise).

  12. The First Dave
    Boffin

    untitled

    So, what exactly was he found guilty of tampering with?

  13. Anonymous Coward
    Boffin

    For anyone thinking Childs is/was a martyr ...

    ... here's an extract from the slashdot commentary of the CCIE juror involved with the case, talking about the extent to which Childs went, over a number of years, to lock the entire system down and ensure he was required to administer it (numerous comments somewhat aggregated here: http://bit.ly/9dMwD4):

    "The next problem was the core routers, which were 6500 series. The IOS running on these did not have the "no service password-recovery" feature, so what he did here was to erase the NVRAM and only keep the running configuration. Any attemt to do a password recovery would require a reboot, and the configuration would be gone. The core routers were not configured to load a new configuration from a remote server, but instead Terry Childs had modems connected to terminal servers so that in the event of any power outage he would be able to dial in and load the configurations back in.

    [snip description of the sole, uber-encrypted DVD with the config backups that he carried with him at all times]

    As for system logs, the city had no access to see what these might have said, as the routers were set up to log only to a server that Terry Childs controlled. He was the only one with passwords to that server. And not only that, he had placed that server inside a black metal cabinet with holes drilled in the side to allow cable runs, and the cabinet had two padlocks on it. Slight paranoia?"

    1. ElReg!comments!Pierre

      pretty basic security

      If any of this kit was in «public» space (i.e. anywhere the cleaning has access to, for example), what you describe is pretty basic security, by no means over the top. The password recovery systems are probably the single most idiotic feature for this kind of equipment. They should always be disabled by any mean necessary (the single password recovery system anyone could need is a note in a sealed envelope inside an airtight safe, preferably one that needs 2 keys, kept by two different persons).

      Protecting the security logs does make a lot of sense too. And loading configs from a remote server after power failure? Puh-leese.

      No, really, all that does make a lot of sense. Of course it makes it difficult for anyone but the admin to change anything in the configuration, but guess what? That's the bloody point (and that was his job). You don't want to leave admin rights to your whole network too near to the mexican temp who empties the paper bin after hours, or to the redneck with alcohol and gambling issues who checks on the parking lot at night.

      A big city's network should be locked down a tad more tightly than Aunt Mildred's PC, don't you think?

  14. Sweeping Brush

    Memory Wipe.

    Official : "Mr BOFH, you're fired, please hand over all passwords"

    Mr BOFH : "I'm not an employee of your company, therefore I have no reason to know any of your passwords and have wiped them from my mind, you will need to retrieve them from the secure location they are stored in"

    Official : "Thank you Mr BOFH, where is this secure location"

    Mr BOFH : "I'm not an employee of your company therefore have no reason to know where this location is and have wiped it from my mind" .....

    Problem solved.

  15. Maty

    The juror was right ...

    Any organization that puts all its eggs into one basket like that is indeed run by a bunch of incompetents. What if the guy had a heart attack or got run over by a bus?

    My last organization had an IT handover process (which we called a 'digital will') whereby you had to have a file (locked in a fireproof safe) detailing who was to do what if you should unexpectedly become unavailable, and how each person should obtain the necessary permissions.

    (And like a good sysadmin I also made sure I had my own backdoor installed, should I need to intervene directly after I left the organization ...)

  16. This post has been deleted by its author

    1. Rod Shoaf

      BOFH? → #

      David... sorry.. not to be mean.. but not you! hahaha

    2. Anonymous Coward
      Anonymous Coward

      Whats a BOFH

      Maybe you should JFGI it. :-)

  17. Riscyrich
    Thumb Up

    http://www.theregister.co.uk/odds/bofh/

    http://www.theregister.co.uk/odds/bofh/

  18. Anonymous Coward
    Anonymous Coward

    I still fail to see how this was a criminal issue

    This was an employee/employer issue in my point of view which makes it a matter for the civil courts. Forgive me if I'm wrong... I fail to see how its criminal. Did he break into any systems after he was fired? Did he access anything he should not have accessed? Or was this simply an issue of the City of San Francisco not having admin passwords in case something broke?

This topic is closed for new posts.