Judge drops 3 of 4 charges against accused city hacker

Reader Comments

Aug 22, 2009

Kamala Harris, true to her usual incompetence way overcharged this guy to begin with. The only reason that the bail is still as high as it is is because the original judge had no understanding of the technological issues she was ruling on. This guys only crimes are being over protective of his work and having dirt on Newsom and Ron Vinson and the rest of the incompetent staff at the Dept of Technology, formerly know as DTIS. This reminds me of Stalinist Soviet Union tactics.

Aug 23, 2009

wow, this guy has lost years of his life for doing his job too well. according to what's out there, as soon as he provided the passwords to the mayor the network experienced its only problems to date... sounds like he should be given a raise

Aug 23, 2009

First of all, prosecutors normally charge a person with as many counts as possible to ensure something sticks. That may sound unreasonable but given the stupidity of the people on juries these days it's a good strategy.

Second, there is no reason any network administrator should hide the passwords for the network from his peers - the other network administrators.

It should not take a visit from the mayor to one's jail cell to get passwords for a publicly-owned network.

So sfsoma481 and Ed I'm confused about your defense of Childs.

Aug 23, 2009

Really Dave? It sounds like you don't really understand the situation. You ever heard of passwords? Do you know what they are for? Not the type of thing you want to give out, otherwise people will do things with it and you'll get blamed.

Aug 23, 2009

Dave in PDX: you seem confused about things in general.

Aug 23, 2009

Every admin should have his own passwords to the system. There should be a hierarchy of passwords so deputy admins can't do things they are not qualified or expected to do. All activities of the admins should be logged so responsibility for screwing up the network can be assigned to the admin who did it, not for punishment but for remediation. If the network systems don't log this, it's time to talk to the vendor or get another vendor.

If an admin is "responsible for the configuration and performance" of the new network, it's perfectly understandable that he wouldn't want to release the passwords to untrained people. The engineer in charge is the engineer in charge and he should have been training and deputizing the other admins as needed according to a planned policy.

Aug 23, 2009

One thing everyone needs to understand is that this was not Mr. Child's personal network.

It is the responsibility of the employee to follow the rules of his/her superior; no matter how stupid the request. This isn't the military where people's lives were at stake by the request(s) made by Mr. Child's bosses.

At the end of the day Mr. Childs *was not* ultimately responsible for the health and welfare of the network.

He may have thought he was doing his job, but he should have followed orders OR found himself a new place to work. I know from experience that walking away from two (2) jobs prevented me from getting fired by arguing with my superiors.

Side note: Even people working a McDonalds are asked to do things that they do not agree with.

Aug 23, 2009

Jeff in IAH said >> "If an admin is "responsible for the configuration and performance" of the new network, it's perfectly understandable that he wouldn't want to release the passwords to untrained people"

100% correct!! If that network is *owned* by the system administrator.

Otherwise, just like any other job, the admin must follow the orders/rules of the boss. The admin has the right to object and suffer the consequences or find himself a new job.

If he leaves, the idiot boss will use the experience during the interview process when locating a new sys admin.

A sysadmin must ALWAYS understand that they do not own the networks/systems they manage.

Aug 23, 2009

To Dave in PDX- you said "It should not take a visit from the mayor to one's jail cell to get passwords for a publicly-owned network."

You're right, since its a publicly owned network he should have distributed the passwords to every tax payer in the city, right?

Aug 23, 2009

For pete's sake... requests to hand over _passwords_ would have violated the state's IT security policies (and virtually anyone else's as well). It doesn't matter *who* is asking or why--by now you should know, you *never* give your passwords to *anyone* because it breaks the chain of accountability. Without accountability, you don't have security anymore. DTIS screwed up, not Childs. You clueless paper pushers can talk about how you're supposed to follow your boss' orders all you like, but it doesn't change the fact that the pointy-haired bosses can NOT simply override organizational policy at their leisure. Turning over your password at their request would still be a violation of policy that you could be (and should be) terminated for.

Aug 23, 2009

...and yes Jeff, that's directed at you.

A sysadmin might not own the network, but neither does his boss. Any request which contravenes established security policy and procedure should always be rejected--it doesn't matter how "stupid" or smart such a request might be.

Technically DTIS could probably nail Childs for even turning login credentials over to the Mayor, but the Mayor would certainly put a stop to that which is probably the only reason they've not added it to the ludicrous list of complaints.

Aug 23, 2009

I'm not entirely sure why people are defending his decision to withhold passwords from other sysadmins. Administration over a large network should be a distributed and collaborative effort.

It's fine if only one person has direct access to root-level passwords, but there needs to be a process to obtain those passwords if that single person quits/dies/forgets them.

Aug 23, 2009

If an untrained, but higher-level person asks for a password I can understand saying no. But when that person, that person's boss, that person's person's boss, a lawyer, the police and probably more people are saying to give up the password, why continue to say no? Let's assume the untrained person then screws something up. Enough people have been involved that you are covered. At that point it doesn't make sense to continue to refuse to hand over the password and go to jail. Unless there's more to it than just "protecting the network" ...

Aug 23, 2009

Only in Frisco...

Aug 23, 2009

the reason he did not turn over the passwords was that he knew that (1) the people asking for them were unqualified to use them and (2) when they used them and they broke stuff, he would get the blame for their stupidity.

once he turned over those passwords, responsibility for any damage done by the stupid could be assigned to him, even though it would not have been his fault.

NOTHING ever failed, there was no crime. a little insubordination towards incompetent management, maybe. if they were competent, they would not have allowed the situation to occur whereby Childs had the level of inadequate supervision that he did. his pointy-headed bosses should have been jailed if anyone.

Aug 23, 2009

If you are asked by your boss to turn over the passwords, you should do it. Make sure your objection is noted in writing/email but turn them over. Anyone who thinks otherwise is an arrogant SOB that thinks they own the systems/networks in question. Should he go to jail? No Be fired? absoutly.

Aug 24, 2009

Poor guy was between a rock and a hard place. Give your boss the password against company rules? Or obey the rules and refuse your boss? You're in trouble either way.

Aug 24, 2009

I think the city and employers should take notice and quickly.

If you act like a fool to your IT department then beware. These guys know and read everything.

Honestly, Child s did nothing wrong, exercised judgment and now is being punished for not submitting. He was the most qualified for the job or else someone could have unlocked the password.

But 95% of people have no idea how networks and pc's function aside from work programs and facebook so that pretty much sums it up.

He should write a book of what he saw.

Aug 24, 2009

The rule throughout industry is to never divulge your password. Never USE a shared password. Record any primary root password and store it in a safe in a sealed envelope. It's what I've had to do in the past as a tech - and it's what I insist on now as an I.T. director. My job is to ensure that this policy is enforced by my staff.

Sounds to me like Chris' boss needs to be reprimanded. Still, it's apparent that Chris is pretty angry and witholding the password now is a bit of a tantrum. Not illegal - just childish.

Aug 24, 2009

To anyone commenting that he should have given up the password when asked. It's my understanding that he did not, as per the Standard Operating Procedures policy that was in place. The SOP stated specifically that he is only allowed to give the password to the Mayor (which he did, btw, as soon as he could get the mayor to listen to him)

Aug 24, 2009

This is like your boss telling you to stay out of the break room, but you enter it anyway and you are arrested for trespassing. Oh, and by the way, it is your job to clean the break room.

This should not be a criminal matter, it should be a civil matter.

Aug 24, 2009

Password policy is tricky.
Generally speaking, most passwords do not belong to the company, they belong to the person and are NEVER given to anybody, for any reason.
With some equipment like network routers, they might only support one login/password. In such a case, those who know the password should only give them up to someone SPECIFICALLY authorized. The cops, the judge, etc. are not specifically authorized, and he could potentially be charged for giving them out to someone HE did not know was authorized... read that carefully. It does NOT matter if the person asking IS authorized, it only matters if the person with the password KNOWS they are.
.

Aug 24, 2009

Govt should take strict action against those people are involved in criminal cases.

Resveratrol

Aug 25, 2009

Politics is a terrible game and the little guy always pays. Ask the right questions what evidence of network outage can his Directors & managers factually prove was caused by Terry Childs? Answer: none! Set him free now!

Nov 4, 2009

He should not be in jail, it is ridiculous you can get less jail time for killing someone, hoping for the best for him keep on smiling

Jan 14, 2010

nice topic, Thank you for posting it



blogdetik | Pena Kehidupan

Post a comment